Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Large number of AssumeRoleWithWebIdentity events when using aws-s3-storage plugin #691

Open
1 task done
millerick opened this issue Nov 6, 2023 · 2 comments
Open
1 task done

Large number of AssumeRoleWithWebIdentity events when using aws-s3-storage plugin #691

millerick opened this issue Nov 6, 2023 · 2 comments

Comments

@millerick
Copy link

millerick commented Nov 6, 2023
edited

Your Environment

  • verdaccio version: 5.24
  • node version [12.x.x, 14.x.x]: 18.18.2
  • package manager: [email protected]
  • os: [mac, windows@10, linux] : alpine linux
  • platform: [npm, docker, helm, other]: docker running on EKS

Describe the bug

I'm using verdaccio 5.24 as a pull through cache with the aws-s3-storage plugin for storage. I've noticed that in our CloudTrail events, that this service is responsible for substantially all AssumeRoleWithWebIdentity events reported by CloudTrail. I don't believe Verdaccio needs to be assuming a role this many times in order to make its requests to S3. It should be able to assume a session once and make use of the session for multiple requests until the session expires.

As an example, when I use npm i lodash --save --save-exact to install lodash into an empty package.json, I see 3 AssumeRoleWithWebIdentity events. npm i mocha --save --save-exact to install mocha into an empty package.json results in 124 AssumeRoleWithWebIdentity events.

To Reproduce

Run verdaccio as a pull through cache against the public NPM registry and run an NPM install against it. Use an S3 bucket for the underlying storage. Use Cloudtrail for the account the S3 bucket is in to see the large number of AssumeRoleWithWebIdentity requests made against it.

Expected behavior

Screenshots, server logs, package manager log

Configuration File (cat ~/.config/verdaccio/config.yaml)

---
web:
  title: redacted

server:
  keepAliveTimeout: 60

middlewares:
  audit:
    enabled: true

logs:
  - {type: stdout, format: pretty, level: info}

store:
  aws-s3-storage:
    bucket: redacted
    keyPrefix: public

packages:
  '**':
    access: $all
    publish: none
    proxy: npmjs

uplinks:
  npmjs:
    url: https://registry.npmjs.org/
    cache: true

Environment information

  System:
    OS: Linux 5.4 Alpine Linux
    CPU: (16) x64 Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz
  Binaries:
    npm: 9.8.1 - /usr/local/bin/npm

Debugging output

  • $ NODE_DEBUG=request verdaccio display request calls (verdaccio <--> uplinks)
  • $ DEBUG=verdaccio* verdaccio enable extreme verdaccio debug mode (verdaccio api)
  • $ npm -ddd prints:
  • $ npm config get registry prints:

Contribute to Verdaccio

  • I'm willing to fix this bug 🥇
@juanpicado juanpicado transferred this issue from verdaccio/verdaccio Nov 8, 2023
@millerick
Copy link
Author

@juanpicado , any commentary from you on this? If you can point me to where the core verdaccio service invokes/instantiates/calls the configured storage plugin, then I would be happy to begin debugging and figuring out how to solve this.

@juanpicado
Copy link
Member

@juanpicado , any commentary from you on this? If you can point me to where the core verdaccio service invokes/instantiates/calls the configured storage plugin, then I would be happy to begin debugging and figuring out how to solve this.

No yet because I haven't had time to read it carefully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@juanpicado @millerick