Skip to content

Large number of AssumeRoleWithWebIdentity events when using aws-s3-storage plugin #691

Open
@millerick

Description

@millerick

Your Environment

  • verdaccio version: 5.24
  • node version [12.x.x, 14.x.x]: 18.18.2
  • package manager: [email protected]
  • os: [mac, windows@10, linux] : alpine linux
  • platform: [npm, docker, helm, other]: docker running on EKS

Describe the bug

I'm using verdaccio 5.24 as a pull through cache with the aws-s3-storage plugin for storage. I've noticed that in our CloudTrail events, that this service is responsible for substantially all AssumeRoleWithWebIdentity events reported by CloudTrail. I don't believe Verdaccio needs to be assuming a role this many times in order to make its requests to S3. It should be able to assume a session once and make use of the session for multiple requests until the session expires.

As an example, when I use npm i lodash --save --save-exact to install lodash into an empty package.json, I see 3 AssumeRoleWithWebIdentity events. npm i mocha --save --save-exact to install mocha into an empty package.json results in 124 AssumeRoleWithWebIdentity events.

To Reproduce

Run verdaccio as a pull through cache against the public NPM registry and run an NPM install against it. Use an S3 bucket for the underlying storage. Use Cloudtrail for the account the S3 bucket is in to see the large number of AssumeRoleWithWebIdentity requests made against it.

Expected behavior

Screenshots, server logs, package manager log

Configuration File (cat ~/.config/verdaccio/config.yaml)

---
web:
  title: redacted

server:
  keepAliveTimeout: 60

middlewares:
  audit:
    enabled: true

logs:
  - {type: stdout, format: pretty, level: info}

store:
  aws-s3-storage:
    bucket: redacted
    keyPrefix: public

packages:
  '**':
    access: $all
    publish: none
    proxy: npmjs

uplinks:
  npmjs:
    url: https://registry.npmjs.org/
    cache: true

Environment information

  System:
    OS: Linux 5.4 Alpine Linux
    CPU: (16) x64 Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz
  Binaries:
    npm: 9.8.1 - /usr/local/bin/npm

Debugging output

  • $ NODE_DEBUG=request verdaccio display request calls (verdaccio <--> uplinks)
  • $ DEBUG=verdaccio* verdaccio enable extreme verdaccio debug mode (verdaccio api)
  • $ npm -ddd prints:
  • $ npm config get registry prints:

Contribute to Verdaccio

  • I'm willing to fix this bug 🥇

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions