19 Mar
2024
19 Mar
'24
12:42 p.m.
Dear Team,
I have a query regarding STS token refresh. In the case of CEPH, when a token expires and
we attempt any operation, we receive an "access denied" error. However, with
other S3 providers like Amazon, we receive the correct error code
"ExpiredToken." Is this discrepancy a known issue with CEPH , and if so, do we
have plans to address it? Having "access denied" as the error code in the event
of token expiry seems incorrect.
Given the above scenario, please let us know how token refresh can be handled with CEPH ?
Ajinkya Deshpande
Sr Software Engineer
NetBackup Engineering
Veritas Technologies LLC
Mobile: (7776835515)
Ajinkya.Deshpande(a)veritas.com
26 Mar
26 Mar
8:09 a.m.
Hi Ajinkya,
The error code returned in case of an expired token indeed is "Access
Denied" and needs to be corrected.
A new session token can be retrieved by making another AssumeRole* call
with "*DurationSeconds" *parameter set to the duration for which the token
is needed
*.*
Thanks,
Pritha
On Tue, Mar 26, 2024 at 7:45 AM Ajinkya Deshpande <
Ajinkya.Deshpande(a)veritas.com> wrote:
Dear Team,
I have a query regarding STS token refresh. In the case of CEPH, when a
token expires and we attempt any operation, we receive an "*access denied*"
error. However, with other S3 providers like Amazon, we receive the correct
error code "*ExpiredToken.*" Is this discrepancy a known issue with CEPH
, and if so, do we have plans to address it? Having "access denied" as the
error code in the event of token expiry seems incorrect.
Given the above scenario, please let us know how token refresh can be
handled with CEPH ?
*Ajinkya Deshpande*
Sr Software Engineer
NetBackup Engineering
Veritas Technologies LLC
Mobile: (7776835515)
Ajinkya.Deshpande(a)veritas.com
_______________________________________________
Dev mailing list -- dev(a)ceph.io
To unsubscribe send an email to dev-leave(a)ceph.io
34
days inactive
41
days old
1 comments
2 participants
participants (2)
-
Ajinkya Deshpande -
Pritha Srivastava