Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug: fix metadata-token-service.ts #135

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .eslintrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
"import/no-extraneous-dependencies": ["error", {
"devDependencies": true
}],
"import/no-cycle": "off"
"import/no-cycle": "off",
"linebreak-style": "off"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turn this back on, please. And fix linebreaks in the IDE settings.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since I'm developing on Windows, if I don't enable this option, I get an error on every line ) However, any windows git client converts crlf to lf during any git commit

Copy link
Contributor

@nikolaymatrosov nikolaymatrosov Aug 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I said, you should fix it in the IDE settings.
Screenshot 2023-08-01 at 11 48 55

Copy link
Author

@Zork33 Zork33 Oct 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

а кто нибуть на практике пробовал так работать? потому что для windows crlf возникает на всех шагах - когда файлы из git приходят, когда редактируешь любым не специально настроенным редактором, генераторы кода тоже с таким переносом пишут. так что просто настройки IDE задачу увы не решают

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Zork33 давай, пожалуйста, вернем это правило, с учетом того что Коля выше описал.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

это правило ломает разработку под windows - lint начинает выглядеть вот так,
image

если его возвращать, то хорошо бы придумать как это обойти под виндой. вариант чтобы под виндой были просто lf переносы не встречал. при этом, как я уже говорил, git под виндой сам нормализует crlf -> lf при комите. Есть ли реальная проблема?

}
}
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.idea
node_modules
dist
coverage
17 changes: 17 additions & 0 deletions config/jest.coverage.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import * as path from 'path';
import config from './jest';

/*
* For a detailed explanation regarding each configuration property and type check, visit:
* https://jestjs.io/docs/configuration
*/

export default {
...config,
collectCoverage: true,
collectCoverageFrom: [
'**/*.{js,ts}',
'!generated/**',
],
coverageDirectory: '../coverage',
};
28 changes: 28 additions & 0 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
"homepage": "https://github.com/yandex-cloud/nodejs-sdk#readme",
"dependencies": {
"@grpc/grpc-js": "^1.6.12",
"abort-controller-x": "^0.4.1",
"axios": "^0.24.0",
"jsonwebtoken": "^9.0.0",
"lodash": "^4.17.21",
Expand All @@ -31,7 +32,6 @@
"luxon": "^2.2.0",
"nice-grpc": "^1.0.6",
"nice-grpc-client-middleware-deadline": "^1.0.6",
"abort-controller-x": "^0.4.1",
"node-abort-controller": "^3.1.1",
"protobufjs": "^7.2.4",
"utility-types": "^3.10.0"
Expand All @@ -47,6 +47,7 @@
"@types/node": "^16.11.3",
"@typescript-eslint/eslint-plugin": "^5.7.0",
"@typescript-eslint/parser": "^5.7.0",
"cross-env": "^7.0.3",
"eslint": "^8.4.1",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-airbnb-typescript": "^16.1.0",
Expand All @@ -66,8 +67,9 @@
},
"scripts": {
"test": "jest -c config/jest.ts --passWithNoTests",
"coverage": "jest -c config/jest.coverage.ts --passWithNoTests",
Zork33 marked this conversation as resolved.
Show resolved Hide resolved
"lint": "eslint src config",
"build": "NODE_OPTIONS=\"--max-old-space-size=4096\" tsc -p .",
"build": "cross-env NODE_OPTIONS=\"--max-old-space-size=4096\" tsc -p .",
"generate-code": "ts-node scripts/generate-code.ts",
"prepare": "husky install",
"prepublishOnly": "npm run build"
Expand Down
30 changes: 30 additions & 0 deletions src/token-service/metadata-token-service.consts.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*

Issuance of tokens shall be in accordance with the following rules

When accessing APIs of other Cloud services (including the database), services should follow the standard rules of
working with tokens recommended by the documentation:

- a token is issued in the way most appropriate for this service: for example, it can be a metadata service for SVM, Token Agent
for iron hosts or JWT for services hosted outside the Cloud perimeter

- the application does not start (does not start accepting requests) until its system SA token has been successfully issued;
the application does not start if the token issued at the moment of start is valid for less than 15 minutes;

- the token issued at start time is used for a time equal to at least 10% of the difference between expires_at and the time the token was issued;

- a token that has been used within the time specified in the previous paragraph is subject to update: the application starts
a background process that reissues the token of its system SA, while all current requests continue to be made with the
cached token (thus, in case of any problems with token reissue, 90% of the token's lifetime will be left to notice and
correct the situation);

- it is recommended that applications have a system SA token usage time monitor, which should be lit if the token lifetime
approaches 20% of the difference between expires_at and the token's expiration time.

*/

export const MAX_ATTEMPTS_NUMBER_TO_GET_TOKEN_IN_INITIALIZE = 5;

export const TOKEN_MINIMUM_LIFETIME_MARGIN_MS = 15 * 60 * 1000;

export const TOKEN_LIFETIME_LEFT_TO_REFRESH_PCT = 90;
Loading