Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the clock skew calculation in auth tokens for IAM-based authentication with AWS RDS #5119

Merged
merged 3 commits into from
May 7, 2024
Merged

Fix the clock skew calculation in auth tokens for IAM-based authentication with AWS RDS #5119

merged 3 commits into from
May 7, 2024

Conversation

amartinezfayo
Copy link
Member

The function isExpired() is used to know if the current cached token used in IAM-based authentication with AWS RDS backed databases is expired or not.
It's currently subtracting a clock skew to the current time, while it should be adding it so the comparison with the expiration time returns >= 0 to indicate that is expired within the skew.
This is done so it's considered expired some time before it really expires, to avoid using a cached token when it's very close to expiration.

I also took the opportunity to remove the tokenGetter interface that was not being used.

@amartinezfayo
Fix the clock skew calculation in auth tokens for AWS RDS
3f17bfa 
Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>
@amartinezfayo amartinezfayo added this to the 1.9.5 milestone May 1, 2024
@amartinezfayo
- Rename isExpired() function to shouldRotate() and add a comment
6846bdf 
- Use the newly added clockSkew constant

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>
@azdagron azdagron merged commit 00f2ca5 into spiffe:main May 7, 2024
32 checks passed
@amartinezfayo amartinezfayo modified the milestones: 1.9.5, 1.9.6 May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azdagron azdagron azdagron approved these changes

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.9.6
Development

Successfully merging this pull request may close these issues.
2 participants
@amartinezfayo @azdagron