You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A warning explain than Expiration value is missing or not an integer.
I think it's a misunderstood about Expiration field, we can see an example on API documentation.
Timestamps are formatted according to the ISO 8601 standard.
You can find the impacted code here, and could be patched quickly with the same logic we can found here
Patch
diff --git a/source/extensions/common/aws/credentials_provider_impl.cc b/source/extensions/common/aws/credentials_provider_impl.cc
index 139d53f177..6cec8e96cd 100644
--- a/source/extensions/common/aws/credentials_provider_impl.cc
+++ b/source/extensions/common/aws/credentials_provider_impl.cc
@@ -688,12 +688,15 @@ void WebIdentityCredentialsProvider::extractCredentials(
setCredentialsToAllThreads(
std::make_unique<Credentials>(access_key_id, secret_access_key, session_token));
- const auto expiration = Utility::getIntegerFromJsonOrDefault(credentials.value(), EXPIRATION, 0);
+ const auto expiration =
+ Utility::getStringFromJsonOrDefault(credentials.value(), EXPIRATION, "");
- if (expiration != 0) {
- expiration_time_ =
- std::chrono::time_point<std::chrono::system_clock>(std::chrono::seconds(expiration));
- ENVOY_LOG(debug, "AWS STS credentials expiration time (unix timestamp): {}", expiration);
+ if (!expiration.empty()) {
+ absl::Time expiration_time;
+ if (absl::ParseTime(EXPIRATION_FORMAT, expiration, &expiration_time, nullptr)) {
+ ENVOY_LOG(debug, "Container role AWS credentials expiration time: {}", expiration);
+ expiration_time_ = absl::ToChronoTime(expiration_time);
+ }
} else {
expiration_time_ = api_.timeSource().systemTime() + REFRESH_INTERVAL;
ENVOY_LOG(warn, "Could not get Expiration value of AWS credentials document from STS, so "
@MalibuKoKo We retrieve this from STS using json format which does in fact use the unix timestamp. However STS is returning a scientific notation version in the json payload. I'm investigating with the STS team as to whether this is accurate and then can propose a fix.
A warning explain than Expiration value is missing or not an integer.
I think it's a misunderstood about Expiration field, we can see an example on API documentation.
Timestamps are formatted according to the ISO 8601 standard.
You can find the impacted code here, and could be patched quickly with the same logic we can found here
Patch
Repro steps:
Manifest
Logs:
The text was updated successfully, but these errors were encountered: