From ecfcc5027c13befb10fa13a682d810261a56d3e0 Mon Sep 17 00:00:00 2001
From: Harsh Chouraria <hchouraria@gitlab.com>
Date: Wed, 1 Jun 2022 03:58:13 +0000
Subject: [PATCH] Upgrade fog-aws to v3.14.0

This upgrade adds an option to control IAM credential
refresh intervals
that is useful in situations
described on issue
https://gitlab.com/gitlab-org/gitlab/-/issues/350118

- Diff: https://github.com/fog/fog-aws/compare/v3.12.0..v3.14.0
- Gem diff: https://my.diffend.io/gems/fog-aws/3.12.0/3.14.0

Changelog: fixed
---
 Gemfile                              |  2 +-
 Gemfile.lock                         |  4 ++--
 doc/administration/object_storage.md | 25 +++++++++++++------------
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/Gemfile b/Gemfile
index 08bcb0aca0389..cc0277a547d4d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -121,7 +121,7 @@ gem 'carrierwave', '~> 1.3'
 gem 'mini_magick', '~> 4.10.1'
 
 # for backups
-gem 'fog-aws', '~> 3.12'
+gem 'fog-aws', '~> 3.14'
 # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
 # Also see config/initializers/fog_core_patch.rb.
 gem 'fog-core', '= 2.1.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index d457aafc2ede4..14af0910b5d6d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -409,7 +409,7 @@ GEM
       fog-json
       ipaddress (~> 0.8)
       xml-simple (~> 1.1)
-    fog-aws (3.12.0)
+    fog-aws (3.14.0)
       fog-core (~> 2.1)
       fog-json (~> 1.1)
       fog-xml (~> 0.1)
@@ -1488,7 +1488,7 @@ DEPENDENCIES
   flipper-active_support_cache_store (~> 0.21.0)
   flowdock (~> 0.7)
   fog-aliyun (~> 0.3)
-  fog-aws (~> 3.12)
+  fog-aws (~> 3.14)
   fog-core (= 2.1.0)
   fog-google (~> 1.15)
   fog-local (~> 0.6)
diff --git a/doc/administration/object_storage.md b/doc/administration/object_storage.md
index 2ba191743005f..0be090073cbde 100644
--- a/doc/administration/object_storage.md
+++ b/doc/administration/object_storage.md
@@ -239,18 +239,19 @@ in the `connection` setting.
 
 The connection settings match those provided by [fog-aws](https://github.com/fog/fog-aws):
 
-| Setting                         | Description                        | Default |
-|---------------------------------|------------------------------------|---------|
-| `provider`                      | Always `AWS` for compatible hosts. | `AWS` |
-| `aws_access_key_id`             | AWS credentials, or compatible.    | |
-| `aws_secret_access_key`         | AWS credentials, or compatible.    | |
-| `aws_signature_version`         | AWS signature version to use. `2` or `4` are valid options. Digital Ocean Spaces and other providers may need `2`. | `4` |
-| `enable_signature_v4_streaming` | Set to `true` to enable HTTP chunked transfers with [AWS v4 signatures](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html). Oracle Cloud S3 needs this to be `false`.       | `true` |
-| `region`                        | AWS region.                        | |
-| `host`                          | S3 compatible host for when not using AWS. For example, `localhost` or `storage.example.com`. HTTPS and port 443 is assumed. | `s3.amazonaws.com` |
-| `endpoint`                      | Can be used when configuring an S3 compatible service such as [MinIO](https://min.io), by entering a URL such as `http://127.0.0.1:9000`. This takes precedence over `host`. | (optional) |
-| `path_style`                    | Set to `true` to use `host/bucket_name/object` style paths instead of `bucket_name.host/object`. Leave as `false` for AWS S3. | `false`. |
-| `use_iam_profile`               | Set to `true` to use IAM profile instead of access keys. | `false` |
+| Setting                                     | Description                        | Default |
+|---------------------------------------------|------------------------------------|---------|
+| `provider`                                  | Always `AWS` for compatible hosts. | `AWS` |
+| `aws_access_key_id`                         | AWS credentials, or compatible.    | |
+| `aws_secret_access_key`                     | AWS credentials, or compatible.    | |
+| `aws_signature_version`                     | AWS signature version to use. `2` or `4` are valid options. Digital Ocean Spaces and other providers may need `2`. | `4` |
+| `enable_signature_v4_streaming`             | Set to `true` to enable HTTP chunked transfers with [AWS v4 signatures](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html). Oracle Cloud S3 needs this to be `false`.       | `true` |
+| `region`                                    | AWS region.                        | |
+| `host`                                      | S3 compatible host for when not using AWS. For example, `localhost` or `storage.example.com`. HTTPS and port 443 is assumed. | `s3.amazonaws.com` |
+| `endpoint`                                  | Can be used when configuring an S3 compatible service such as [MinIO](https://min.io), by entering a URL such as `http://127.0.0.1:9000`. This takes precedence over `host`. | (optional) |
+| `path_style`                                | Set to `true` to use `host/bucket_name/object` style paths instead of `bucket_name.host/object`. Leave as `false` for AWS S3. | `false`. |
+| `use_iam_profile`                           | Set to `true` to use IAM profile instead of access keys. | `false` |
+| `aws_credentials_refresh_threshold_seconds` | Sets the [automatic refresh threshold](https://github.com/fog/fog-aws#controlling-credential-refresh-time-with-iam-authentication) when using temporary credentials in IAM. | `15` |
 
 #### Oracle Cloud S3 connection settings
 
-- 
GitLab