chore: refresh creds in some long running e2e tests #3291
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| throw new Error('Credentials rotator supports only tests running in parent account at this time'); | ||
| } | ||
| if (process.env.USE_PARENT_ACCOUNT) { | ||
| // Attempts to refresh credentials in background every 15 minutes. |
There was a problem hiding this comment.
Suggestion.
I'd reduce interval to something smaller (5 minutes)?
The reason is - test framework spawns subprocess that inherit env vars. So their credential validity period is how_much_time_since_last_rotation + subprocess_lifespan. Some of these processes take long time.
There was a problem hiding this comment.
Wouldn't this rotator be started again for the subprocess, specifically for the test that invokes it?
There was a problem hiding this comment.
test subprocesses yes they are covered.
what I have in mind is nspawn(gen1CLI); - this may take long time.
There was a problem hiding this comment.
I see, if a specific CLI command (on any spawned process from a test) takes a long time (>45 minutes) we could have a problem. I'll update it to 10 minutes (don't want to be too aggressive until we know it to be a problem)
There was a problem hiding this comment.
In searchable tests (in cli repo) this refresh was (is?) too sparse sometimes. (we haven't adjusted this on CLI side though).
svidgen
left a comment
svidgen
left a comment
There was a problem hiding this comment.
Lobbed some questions your way offline just for my own edification.
3 participants
Description of changes
Some long running e2e tests can have their creds expire after an hour. Based on recent failures, add credentials refresher to those e2e tests.
Extend credentials rotator to refresh child AWS accounts as well.
Issue #, if available
Description of how you validated changes
Checklist
yarn testpassesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.