Skip to content

Commit

Permalink
move session-creds
Browse files Browse the repository at this point in the history
  • Loading branch information
@snazy
snazy committed Jun 26, 2024
1 parent 28d0056 commit 44c0546
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 13 deletions.
8 changes: 5 additions & 3 deletions helm/nessie/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,11 @@ Apply S3 catalog options.
{{- if .transport.expectContinueEnabled -}}{{- $_ := set $map ( print $prefix "http.expect-continue-enabled" ) .transport.expectContinueEnabled -}}{{- end -}}
{{- if .transport.retryAfter -}}{{- $_ := set $map ( print $prefix "throttled-retry-after" ) .transport.retryAfter -}}{{- end -}}
{{- end -}}
{{- if .sessionCredentials }}
{{- if .sessionCredentials.sessionCredentialRefreshGracePeriod -}}{{- $_ := set $map ( print $prefix "sts.session-grace-period" ) .sessionCredentials.sessionCredentialRefreshGracePeriod -}}{{- end -}}
{{- if .sessionCredentials.sessionCredentialCacheMaxEntries -}}{{- $_ := set $map ( print $prefix "sts.session-cache-max-size" ) .sessionCredentials.sessionCredentialCacheMaxEntries -}}{{- end -}}
{{- if .sessionCredentials.stsClientsCacheMaxEntries -}}{{- $_ := set $map ( print $prefix "sts.clients-cache-max-size" ) .sessionCredentials.stsClientsCacheMaxEntries -}}{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

Expand All @@ -161,9 +166,6 @@ Apply S3 catalog options.
{{- if .assumeRole.roleSessionName -}}{{- $_ := set $map ( print $prefix "role-session-name" ) .assumeRole.roleSessionName -}}{{- end -}}
{{- if .assumeRole.externalId -}}{{- $_ := set $map ( print $prefix "external-id" ) .assumeRole.externalId -}}{{- end -}}
{{- if .assumeRole.clientSessionDuration -}}{{- $_ := set $map ( print $prefix "client-session-duration" ) .assumeRole.clientSessionDuration -}}{{- end -}}
{{- if .assumeRole.sessionCredentialRefreshGracePeriod -}}{{- $_ := set $map ( print $prefix "sts.session-grace-period" ) .assumeRole.sessionCredentialRefreshGracePeriod -}}{{- end -}}
{{- if .assumeRole.sessionCredentialCacheMaxEntries -}}{{- $_ := set $map ( print $prefix "sts.session-cache-max-size" ) .assumeRole.sessionCredentialCacheMaxEntries -}}{{- end -}}
{{- if .assumeRole.stsClientsCacheMaxEntries -}}{{- $_ := set $map ( print $prefix "sts.clients-cache-max-size" ) .assumeRole.stsClientsCacheMaxEntries -}}{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
Expand Down
22 changes: 12 additions & 10 deletions helm/nessie/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,16 +223,6 @@ catalog:
# the client side. This value is used for validating expiration times of credentials
# associated with the warehouse. If unset, a default of one hour is assumed.
clientSessionDuration: ~
# -- The time period to subtract from the S3 session credentials (assumed role credentials)
# expiry time to define the time when those credentials become eligible for refreshing.
# Not overridable on a per-bucket basis. The default is PT5M (5 minutes).
sessionCredentialRefreshGracePeriod: ~ # PT5M
# -- Maximum number of entries to keep in the session credentials cache (assumed role
# credentials). Not overridable on a per-bucket basis. The default is 1000.
sessionCredentialCacheMaxEntries: ~ # 1000
# -- Maximum number of entries to keep in the STS clients cache. Not overridable on a
# per-bucket basis. The default is 50.
stsClientsCacheMaxEntries: ~ # 50

# -- AWS credentials. For STS, this defines the Access Key ID and Secret Key ID to be used as
# a basic credential for obtaining temporary session credentials.
Expand Down Expand Up @@ -276,6 +266,18 @@ catalog:
# response. Must be a valid ISO duration.
retryAfter: ~

sessionCredentials:
# -- The time period to subtract from the S3 session credentials (assumed role credentials)
# expiry time to define the time when those credentials become eligible for refreshing.
# Not overridable on a per-bucket basis. The default is PT5M (5 minutes).
sessionCredentialRefreshGracePeriod: ~ # PT5M
# -- Maximum number of entries to keep in the session credentials cache (assumed role
# credentials). Not overridable on a per-bucket basis. The default is 1000.
sessionCredentialCacheMaxEntries: ~ # 1000
# -- Maximum number of entries to keep in the STS clients cache. Not overridable on a
# per-bucket basis. The default is 50.
stsClientsCacheMaxEntries: ~ # 50

gcs:

# Global GCS settings. Can be overridden on a per-bucket basis below.
Expand Down

0 comments on commit 44c0546

Please sign in to comment.