feat(auth): fix ClientSideCredentialAccessBoundary race condition#12681
Open
vverman wants to merge 1 commit intogoogleapis:mainfrom
Open
feat(auth): fix ClientSideCredentialAccessBoundary race condition#12681vverman wants to merge 1 commit intogoogleapis:mainfrom
vverman wants to merge 1 commit intogoogleapis:mainfrom
Conversation
This change addresses a race condition in ClientSideCredentialAccessBoundaryFactory that occurred when multiple concurrent calls were made to generateToken. The fix involves: - Waiting on the RefreshTask itself rather than its internal task. - Using a single listener in RefreshTask to ensure finishRefreshTask completes before the outer future unblocks waiting threads. - Adding a regression test generateToken_freshInstance_concurrent_noNpe.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request refactors the RefreshTask in ClientSideCredentialAccessBoundaryFactory to use a single listener, ensuring internal state updates occur before the future completes. It also simplifies the refresh logic and adds a concurrent test case to address a race condition. Feedback was provided to enhance the robustness of error handling in the task listener, specifically by catching Throwable and handling null causes in ExecutionException to avoid potential hangs.
Comment on lines
505
to
509
| } catch (ExecutionException e) { | ||
| Throwable cause = e.getCause(); | ||
| RefreshTask.this.setException(cause); | ||
| } | ||
| }, | ||
| MoreExecutors.directExecutor()); | ||
|
|
||
| // Add callback to set the result or exception based on the outcome. | ||
| Futures.addCallback( | ||
| task, | ||
| new FutureCallback<IntermediateCredentials>() { | ||
| @Override | ||
| public void onSuccess(IntermediateCredentials result) { | ||
| RefreshTask.this.set(result); | ||
| } | ||
|
|
||
| @Override | ||
| public void onFailure(@Nullable Throwable t) { | ||
| RefreshTask.this.setException( | ||
| t != null ? t : new IOException("Refresh failed with null Throwable.")); | ||
| RefreshTask.this.setException(e.getCause()); | ||
| } catch (Exception e) { | ||
| RefreshTask.this.setException(e); | ||
| } |
Contributor
There was a problem hiding this comment.
The error handling in this listener is less robust than the previous implementation. Specifically:
- Catching
Exceptioninstead ofThrowable: IffinishRefreshTaskorFutures.getDonethrows anError(e.g.,OutOfMemoryErrororNoClassDefFoundError), it will not be caught. This would cause the listener to terminate abruptly without completing theRefreshTaskfuture, leading to all threads waiting oncurrentRefreshTask.get()hanging indefinitely. - Potential
NullPointerException:RefreshTask.this.setException(e.getCause())will throw aNullPointerExceptionife.getCause()is null (which is technically possible for anExecutionException, though rare fromFuture.get()). SinceAbstractFuture.setExceptiondoes not allow null arguments, this would also cause the listener to crash and the future to hang.
Using Throwable and adding a null check for the cause ensures the future is always completed even in extreme failure scenarios.
} catch (ExecutionException e) {
Throwable cause = e.getCause();
RefreshTask.this.setException(cause != null ? cause : e);
} catch (Throwable t) {
RefreshTask.this.setException(t);
}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change addresses a race condition in ClientSideCredentialAccessBoundaryFactory that occurred when multiple concurrent calls were made to generateToken.
The fix involves: