Comments (9)
A possible solution to this problem is:
- Disable cache when
aws-ecr
is chosen as we know the ECR API will always return a 403 when to token has expired - Modify the ECR struct to keep track when the token expire and renew the auth token some minutes before
from flipt.
I could work on this if needed
from flipt.
In fact it doesn't reach the challange piece of code, oras has this check:
if resp.StatusCode != http.StatusUnauthorized {
return resp, nil
}
In this bug the response status is "Forbidden" which will make the if statement condition to pass
from flipt.
Hey @thepabloaguilar.
Thank you for the report.
I still need to read more AWS docs when http code 403 could be returned to finalize it. What do you think about #3044?
from flipt.
In fact it doesn't reach the challange piece of code, oras has this check:
if resp.StatusCode != http.StatusUnauthorized { return resp, nil }In this bug the response status is "Forbidden" which will make the if statement condition to pass
@thepabloaguilar thanks for reporting! would this be a bug in ORAS then that we could open/issue a patch for? or do you think its only related to how we are using the ORAS client?
from flipt.
That's a great question @markphelps, I think it's not ORAS issue since it's behaving as it should be as the challange is only returned by Forbidden status code. I do think it's an AWS Issue, at least for my understanding because I think if my token is expired I'm not forbbiden, I'm unauthorized, I no longer have a valid token so I don't have access to anything
from flipt.
Hey @thepabloaguilar.
Thank you for the report.
I still need to read more AWS docs when http code 403 could be returned to finalize it. What do you think about #3044?
I like @erka 's solution here! Just need to update to add the header like @thepabloaguilar mentioned
from flipt.
Me too @markphelps, that should be enough
from flipt.
Related Issues (20)
- [FLI-936] [Bug]: Export doesnt capture rollout rule order HOT 3
- [FLI-937] Ensure determinism in exporting and declarative formats
- [FLI-938] Allow passing a starting dir `flipt validate` HOT 4
- [FLI-939] Vercel feature flags adapter
- Allow OCI credentials expiration/refresh HOT 13
- [Bug]: kubernetes authentication method failing on AWS EKS HOT 4
- [FLI-941] Ability to define trusted service account + namespace when using Kubernetes Auth method HOT 6
- Accept a username in Redis configuration HOT 8
- [Feature Request] make `flag not found` a reason HOT 1
- [FLI-946] Don't require DB for auth if only using JWT and non-DB flag storage
- Gitops with multiple repositories HOT 1
- Improve OpenTelemetry (OTLP) instrumentation HOT 4
- [FLI-953] Add OpenFeature Remote Evaluation Protocol Support
- UI - Flags view - Indicate if a boolean flag has a rollout set HOT 3
- Connect to multiple PostgreSQL hosts HOT 1
- [FLI-954] JWT Auth: Support custom claim validation
- Allow multiple metrics exporter (Prometheus, OpenTelemetry) HOT 4
- Internal evaluation data API does not skip auth when evaluation is marked as excluded HOT 1
- [FLI-978] Issue with latest mysql 8 release
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flipt.