Refresh blob client whenever credentials needs to be refreshed
Previously even though the Azure token signer were updated, the Azure client and blob client did not see those updates. Refresh the client whenever the signer changes.
To test this:
- Set up an Azure VM with managed identities (see !54 (merged)).
- Check out this branch.
- Apply this patch to shorten the timeouts of the token:
diff --git a/lib/fog/azurerm/identity/base_client.rb b/lib/fog/azurerm/identity/base_client.rb
index a1204a19..22bb1dee 100644
--- a/lib/fog/azurerm/identity/base_client.rb
+++ b/lib/fog/azurerm/identity/base_client.rb
@@ -46,6 +46,7 @@ module Fog
expires_at = ::Time.now
expires_on = body['expires_on']
expires_at = ::Time.at(expires_on.to_i) if expires_on
+ expires_at = ::Time.now + (30 * 60)
Credentials.new(access_token, expires_at)
rescue ::JSON::ParserError # rubocop:disable Lint/SuppressedException
diff --git a/lib/fog/azurerm/storage.rb b/lib/fog/azurerm/storage.rb
index 2020f4b3..16928574 100644
--- a/lib/fog/azurerm/storage.rb
+++ b/lib/fog/azurerm/storage.rb
@@ -165,6 +165,8 @@ module Fog
@credentials = new_credentials
@azure_storage_token_signer = token_signer
+ STDERR.puts "=== refreshing blob client with #{@credentials}, expires on #{@credentials.expires_at}" if changed
+
refresh_blob_client if changed
end- Run this script that tries to generate a URL every 10 seconds
ruby -Ilib test.rb:
require 'fog/azurerm'
connection = Fog::Storage.new(
{
provider: 'AzureRM',
azure_storage_account_name: 'YOUR-ACCOUNT-NAME',
})
dir = connection.directories.new(key: 'test1')
f = dir.files
f = dir.files.create(key: 'test.txt', body: 'test')
loop do
puts f.url(Time.now + 10)
sleep 10
endThis should print out URLS and refresh the blob client every 20 minutes or so.
Relates to #9 (closed)
Edited by Stan Hu