fix(drivers/115_open): refresh OSS STS token during multipart upload#2575
fix(drivers/115_open): refresh OSS STS token during multipart upload#2575CloudCauldron wants to merge 1 commit into
Conversation
The OSS STS token returned by UploadGetToken expires in about 1 hour. multpartUpload created the OSS client once and never refreshed it, so a slow or large upload running past the token lifetime failed with SecurityTokenExpired and then InvalidAccessKeyId, aborting the transfer. Refresh the token after 45 minutes and rebuild the OSS client with the new credentials, reusing the same multipart upload session (imur) to continue uploading the remaining parts. Co-Authored-By: Claude <noreply@anthropic.com>
There was a problem hiding this comment.
When uploading multiple files at the same time, is locking required to prevent race condition?
There was a problem hiding this comment.
I don't think an extra lock is needed.
The mutable state changed by the refresh logic (bucket, tokenObtained, and the refreshOSSToken closure) is local to one multpartUpload call. Each concurrent file upload enters Put separately, gets its own UploadInit response, OSS token, OSS client/bucket, multipart upload session (imur), and parts slice.
Within a single multipart upload, parts are uploaded sequentially in the loop; retry.Do is synchronous and no goroutine shares bucket while it can be replaced. So refreshing the token only affects the current upload's local bucket handle.
Summary / 摘要
The 115 Open driver's
multpartUploadobtained the Aliyun OSS STS token once and created the OSS client a single time, never refreshing it during the upload. The STS token expires in ~1 hour, so any single-file upload whose upload phase runs past that window (large files and/or a throttled source) failed withoss: SecurityTokenExpiredand thenInvalidAccessKeyId, aborting the transfer.This refreshes the token after 45 minutes (safe margin under the ~1h lifetime): it calls
UploadGetTokenagain and rebuilds the OSS client/bucket with the new credentials, reusing the same multipart upload session (imur) to continue uploading the remaining parts. The multipart session is identified by bucket + object + uploadId and is not bound to the credentials, so switching credentials mid-upload is valid.Related repository PRs / 关联仓库 PR:
Related Issues / 关联 Issue
N/A — direct fix, no separate tracking issue.
Testing / 测试
go test ./...(未运行完整测试套件)go build ./drivers/115_open/andgo vet ./drivers/115_open/passSecurityTokenExpired→InvalidAccessKeyId; after it, the token is refreshed at 45 minutes and the transfers complete successfully.Checklist / 检查清单
gofmt.AI Disclosure / AI 使用声明
Tools used / 使用工具:
Usage scope / 使用范围:
Code generation / 代码生成
Review assistance / 审查辅助
I have reviewed and validated all AI-assisted content included in this PR.
I have ensured that all AI-assisted commits include
Co-Authored-Byattribution.I can reproduce all AI-assisted content included in this PR without any AI tools.