Large number of AssumeRoleWithWebIdentity
events when using aws-s3-storage
plugin
#691
Open
1 task done
Your Environment
Describe the bug
I'm using verdaccio 5.24 as a pull through cache with the
aws-s3-storage
plugin for storage. I've noticed that in our CloudTrail events, that this service is responsible for substantially allAssumeRoleWithWebIdentity
events reported by CloudTrail. I don't believe Verdaccio needs to be assuming a role this many times in order to make its requests to S3. It should be able to assume a session once and make use of the session for multiple requests until the session expires.As an example, when I use
npm i lodash --save --save-exact
to install lodash into an empty package.json, I see 3AssumeRoleWithWebIdentity
events.npm i mocha --save --save-exact
to install mocha into an empty package.json results in 124AssumeRoleWithWebIdentity
events.To Reproduce
Run verdaccio as a pull through cache against the public NPM registry and run an NPM install against it. Use an S3 bucket for the underlying storage. Use Cloudtrail for the account the S3 bucket is in to see the large number of
AssumeRoleWithWebIdentity
requests made against it.Expected behavior
Screenshots, server logs, package manager log
Configuration File (cat ~/.config/verdaccio/config.yaml)
Environment information
Debugging output
$ NODE_DEBUG=request verdaccio
display request calls (verdaccio <--> uplinks)$ DEBUG=verdaccio* verdaccio
enable extreme verdaccio debug mode (verdaccio api)$ npm -ddd
prints:$ npm config get registry
prints:Contribute to Verdaccio
The text was updated successfully, but these errors were encountered: