Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runner OIDC credential management #391

Open
3 tasks
dacbd opened this issue Apr 24, 2022 · 1 comment
Open
3 tasks

runner OIDC credential management #391

dacbd opened this issue Apr 24, 2022 · 1 comment
Labels
discussion documentation Markdown files

Comments

@dacbd
Copy link
Contributor

dacbd commented Apr 24, 2022

  • Document warning about using "short-term" credentials
  • Document/Show possible ways to extend credential life?
  • Document/provide examples for "refreshing" credentials used by the cml runner created instance.

Why? By default, these OIDC credentials expire after 1hr which is likely to be surpassed by ML workflows. After which time cml will fail to self-delete.

Other notes:

on AWS code wise the credential format is the exact same and essentially no changes are required
on GCP credentials format was different requiring custom parsing to determine the ProjectID see: iterative/terraform-provider-iterative#506
on az/azure 🙈 I have done zero testing

/CC #208
Follow up of iterative/cml#862
@dacbd dacbd self-assigned this Apr 24, 2022
@dacbd dacbd mentioned this issue Apr 24, 2022
Closed
@dacbd dacbd removed their assignment Apr 24, 2022
@dacbd
Copy link
Contributor Author

dacbd commented Aug 22, 2022

For aws-actions/configure-aws-credentials:
https://github.com/aws-actions/configure-aws-credentials/blob/67fbcbb121271f7775d2e7715933280b06314838/index.js#L10
https://github.com/aws-actions/configure-aws-credentials/blob/67fbcbb121271f7775d2e7715933280b06314838/index.js#L315

the default session time is 1hr

@casperdcl casperdcl transferred this issue from iterative/cml Nov 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion documentation Markdown files
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dacbd