Skip to content

Commit

Permalink
bug: fix metadata-token-service.ts
Browse files Browse the repository at this point in the history
fix: fix

fix: fix

fix: fix

fix: fix

fix: fix

fix: begining of workm on V2

fix: fix

fix: fix

fix: fix
  • Loading branch information
Alexey Zorkaltsev authored and Alexey Zorkaltsev committed Aug 1, 2023
1 parent 7ac6ff1 commit 7256bcf
Show file tree
Hide file tree
Showing 7 changed files with 451 additions and 28 deletions.
3 changes: 2 additions & 1 deletion .eslintrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
"import/no-extraneous-dependencies": ["error", {
"devDependencies": true
}],
"import/no-cycle": "off"
"import/no-cycle": "off",
"linebreak-style": "off"
}
}
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.idea
node_modules
dist
coverage
17 changes: 17 additions & 0 deletions config/jest.coverage.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import * as path from 'path';
import config from './jest';

/*
* For a detailed explanation regarding each configuration property and type check, visit:
* https://jestjs.io/docs/configuration
*/

export default {
...config,
collectCoverage: true,
collectCoverageFrom: [
'**/*.{js,ts}',
'!generated/**',
],
coverageDirectory: '../coverage',
};
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@
},
"scripts": {
"test": "jest -c config/jest.ts --passWithNoTests",
"coverage": "jest -c config/jest.coverage.ts --passWithNoTests",
"lint": "eslint src config",
"build": "NODE_OPTIONS=\"--max-old-space-size=4096\" tsc -p .",
"generate-code": "ts-node scripts/generate-code.ts",
Expand Down
30 changes: 30 additions & 0 deletions src/token-service/metadata-token-service.consts.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
Issuance of tokens shall be in accordance with the following rules
When accessing APIs of other Cloud services (including the database), services should follow the standard rules of
working with tokens recommended by the documentation:
- a token is issued in the way most appropriate for this service: for example, it can be a metadata service for SVM, Token Agent
for iron hosts or JWT for services hosted outside the Cloud perimeter
- the application does not start (does not start accepting requests) until its system SA token has been successfully issued;
the application does not start if the token issued at the moment of start is valid for less than 15 minutes;
- the token issued at start time is used for a time equal to at least 10% of the difference between expires_at and the time the token was issued;
- a token that has been used within the time specified in the previous paragraph is subject to update: the application starts
a background process that reissues the token of its system SA, while all current requests continue to be made with the
cached token (thus, in case of any problems with token reissue, 90% of the token's lifetime will be left to notice and
correct the situation);
- it is recommended that applications have a system SA token usage time monitor, which should be lit if the token lifetime
approaches 20% of the difference between expires_at and the token's expiration time.
*/

export const MAX_ATTEMPTS_NUMBER_TO_GET_TOKEN_IN_INITIALIZE = 5;

export const TOKEN_MINIMUM_LIFETIME_MARGIN_MS = 15 * 60 * 1000;

export const TOKEN_LIFETIME_LEFT_TO_REFRESH_PCT = 90;
Loading

0 comments on commit 7256bcf

Please sign in to comment.