From 93f95750843f7f300da165dcc1a6842bab75c149 Mon Sep 17 00:00:00 2001 From: minefuto Date: Sat, 30 Mar 2024 01:47:53 +0900 Subject: [PATCH 1/3] Add check maximumLifetimeSeconds of token --- aci-connection.go | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/aci-connection.go b/aci-connection.go index 0105a06..b33d6d7 100644 --- a/aci-connection.go +++ b/aci-connection.go @@ -54,9 +54,10 @@ var refreshFailedMetric = promauto.NewCounterVec(prometheus.CounterOpts{ ) type AciToken struct { - token string - ttl int64 - expire int64 + token string + ttl int64 + expire int64 + lifetime int64 } // AciConnection is the connection object @@ -160,7 +161,14 @@ func (c *AciConnection) tokenProcessing() (error, bool) { if c.token != nil { c.tokenMutex.Lock() defer c.tokenMutex.Unlock() - if c.token.expire < time.Now().Unix() { + if c.token.lifetime < time.Now().Unix() { + log.WithFields(log.Fields{ + "requestid": c.ctx.Value("requestid"), + "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric")), + "token": fmt.Sprintf("lifetime"), + }).Info("token reached lifetime seconds") + return nil, false + } else if c.token.expire < time.Now().Unix() { response, status, err := c.get("refresh", fmt.Sprintf("%s%s", c.fabricConfig.Apic[*c.activeController], c.URLMap["refresh"])) if err != nil || status != 200 { //errRe = fmt.Errorf("failed to refresh token %s", c.fabricConfig.Apic[*c.activeController]) @@ -173,7 +181,7 @@ func (c *AciConnection) tokenProcessing() (error, bool) { "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric"))}).Inc() return err, false } else { - c.newToken(response) + c.refreshToken(response) log.WithFields(log.Fields{ "requestid": c.ctx.Value("requestid"), "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric")), @@ -199,11 +207,25 @@ func (c *AciConnection) tokenProcessing() (error, bool) { func (c *AciConnection) newToken(response []byte) { token := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.token").String() ttl := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.refreshTimeoutSeconds").Int() + lifetimeSeconds := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.maximumLifetimeSeconds").Int() + + c.token = &AciToken{ + token: token, + ttl: ttl, + expire: time.Now().Unix() + ttl - 60, + lifetime: time.Now().Unix() + lifetimeSeconds - 60, + } +} + +func (c *AciConnection) refreshToken(response []byte) { + token := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.token").String() + ttl := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.refreshTimeoutSeconds").Int() c.token = &AciToken{ - token: token, - ttl: ttl, - expire: time.Now().Unix() + ttl - 60, + token: token, + ttl: ttl, + expire: time.Now().Unix() + ttl - 60, + lifetime: c.token.lifetime, } } From 1b8a88c45632ae381bf2766601ea6258bb510b71 Mon Sep 17 00:00:00 2001 From: andersh Date: Sat, 11 May 2024 13:34:49 +0200 Subject: [PATCH 2/3] fix: change the ttl offset from 60 to 120 sec, spell checks, additional logging to show token valid time --- aci-connection.go | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/aci-connection.go b/aci-connection.go index b33d6d7..1cc77d0 100644 --- a/aci-connection.go +++ b/aci-connection.go @@ -31,6 +31,8 @@ import ( "github.com/spf13/viper" ) +const TTLOffset = 120 + var responseTimeMetric = promauto.NewHistogramVec(prometheus.HistogramOpts{ Name: MetricsPrefix + "response_time_from_apic", Help: "Histogram of the time (in seconds) each request took to complete.", @@ -175,7 +177,7 @@ func (c *AciConnection) tokenProcessing() (error, bool) { log.WithFields(log.Fields{ "requestid": c.ctx.Value("requestid"), "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric")), - "token": fmt.Sprintf("refersh"), + "token": fmt.Sprintf("refresh"), }).Warning(err) refreshFailedMetric.With(prometheus.Labels{ "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric"))}).Inc() @@ -185,7 +187,7 @@ func (c *AciConnection) tokenProcessing() (error, bool) { log.WithFields(log.Fields{ "requestid": c.ctx.Value("requestid"), "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric")), - "token": fmt.Sprintf("refersh"), + "token": fmt.Sprintf("refresh"), }).Info("refresh token") refreshMetric.With(prometheus.Labels{ "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric"))}).Inc() @@ -193,9 +195,10 @@ func (c *AciConnection) tokenProcessing() (error, bool) { } } else { log.WithFields(log.Fields{ - "requestid": c.ctx.Value("requestid"), - "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric")), - "token": fmt.Sprintf("valid"), + "requestid": c.ctx.Value("requestid"), + "fabric": fmt.Sprintf("%v", c.ctx.Value("fabric")), + "token": fmt.Sprintf("valid"), + "valid_time_seconds": c.token.expire - time.Now().Unix(), }).Info("token still valid") return nil, true } @@ -208,12 +211,12 @@ func (c *AciConnection) newToken(response []byte) { token := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.token").String() ttl := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.refreshTimeoutSeconds").Int() lifetimeSeconds := gjson.Get(string(response), "imdata.0.aaaLogin.attributes.maximumLifetimeSeconds").Int() - + now := time.Now().Unix() c.token = &AciToken{ token: token, ttl: ttl, - expire: time.Now().Unix() + ttl - 60, - lifetime: time.Now().Unix() + lifetimeSeconds - 60, + expire: now + ttl - TTLOffset, + lifetime: now + lifetimeSeconds - TTLOffset, } } @@ -224,7 +227,7 @@ func (c *AciConnection) refreshToken(response []byte) { c.token = &AciToken{ token: token, ttl: ttl, - expire: time.Now().Unix() + ttl - 60, + expire: time.Now().Unix() + ttl - TTLOffset, lifetime: c.token.lifetime, } } From 41a34b446e7f756226a4932bba4d4c845c073547 Mon Sep 17 00:00:00 2001 From: andersh Date: Sat, 11 May 2024 13:37:36 +0200 Subject: [PATCH 3/3] fix: execute on master --- .github/workflows/go.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 2084584..589eb3f 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -4,7 +4,7 @@ on: push: branches: - '**' - - '!master' + - 'master' pull_request: branches: [ master ]