Closed
Description
Hi Team,
I am working on gcsfuse. Recently, get introduced with a very rare issue in gcsfuse while reading some resource from Google Cloud Storage (GCS). The exact error, we get 401: Invalid Credentials.
Workflow in GCSFuse:
- GCSFuse creates TokenSource with ADC, this token source is used to fetch token while making any GCS call. 99.9% it works perfectly fine. But sometime/very rarely it gives error Invalid Credential.
- I tried some experiment to repro this issue, one of them was changing the expiryDelta time to -1 minute. After that we can reproduce this issue more frequently.
- I feel, either there would be some mismatch in clock using which we check either the token is expired or not on the server OR there would be delay in the request which cross the buffer time of 10 seconds (in expiryDelta).
We would like to know -
- Can we introduce any API for the client using that we can change the expiryDelta value?
- How to debug this issue more frequently to fix this? Is there any way to create a token with very less expiry time like (10secs or 20 secs)?
Please let me know, if you need more information related to the issue.
Regards,
Prince Kumar.
Metadata
Metadata
Assignees
Labels
No labels