-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid extending IMDS credentials expiry unconditionally #2694
Merged
ysaito1001
merged 6 commits into
main
from
ysaito/avoid-extending-imds-credentials-expiry-unconditionally
May 11, 2023
Merged
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
924ad34
Avoid extending IMDS credentials expiry unconditionally
ysaito1001 7a42480
Update CHANGELOG.next.toml
ysaito1001 5bd1e32
Define a test constant for warning string
ysaito1001 fe25e3d
Make test verification in line with what's intended
ysaito1001 c265e86
Explain why `refresh_offset` is less than 15 mins
ysaito1001 dc88d4e
Move the whole warning string to a constant
ysaito1001 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the reason for changing the expiration interval and rng range?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per our spec, 15-minute is the minimum amount of time credentials are valid for. Setting
refresh_offset
to something longer than that may have the risk of the credentials expiring before the next refresh (especially when the credentials expiry is set to the very minimum of 15 minutes from now).Now that we've added the early return, however, it may not matter much because valid credentials will be used as they are without the extension. But just wanted to make this inline with the spec.
Added comment in c265e86.