Hot Reload for creds #101
Open
Hot Reload for creds #101
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
msberyanov
force-pushed
the
feature/etcd-creds_hot-reload
branch
2 times, most recently
from
7accf4a
to
60817db
Compare
msberyanov
commented
Jul 1, 2024
| @@ -580,7 +585,7 @@ public boolean isClosed() { | |||
| // ------ authentication logic | |||
|
|
|||
| private static final Set<Code> OTHER_AUTH_FAILURE_CODES = ImmutableSet.of( | |||
| Code.INVALID_ARGUMENT, Code.FAILED_PRECONDITION, Code.PERMISSION_DENIED, Code.UNKNOWN); | |||
| Code.INVALID_ARGUMENT, Code.FAILED_PRECONDITION, Code.PERMISSION_DENIED, Code.INTERNAL, Code.UNKNOWN); | |||
There was a problem hiding this comment.
There was a problem with incorrect auth case identification. Had to add Code.INTERNAL to OTHER_AUTH_FAILURE_CODES among existing.
msberyanov
commented
Jul 1, 2024
| } else { | ||
| failStatus = Status.fromThrowable(failure); | ||
| // If this was a real auth failure, postpone further attempts a bit longer | ||
| authFailRetryTime = System.currentTimeMillis() + 15_000L; | ||
| authFailRetryTime = System.currentTimeMillis() + AUTH_RETRY_TIMEOUT_MS; |
There was a problem hiding this comment.
Waiting for 15s every time I hot reload is bad. Most likely it is good to turn the delay off (or make it a parameter).
msberyanov
commented
Jul 1, 2024
| @@ -697,6 +701,8 @@ private static Metadata tokenHeader(AuthenticateResponse authResponse) { | |||
| } | |||
|
|
|||
| private ListenableFuture<AuthenticateResponse> authenticate() { | |||
| logger.error("Auth token seems to be incorrect or uninitialized yet. Getting new token with current etcd creds..."); | |||
There was a problem hiding this comment.
Just to show in console some things happen..
msberyanov
commented
Jul 1, 2024
| @@ -264,16 +264,8 @@ private <ReqT,R> ListenableFuture<R> call(MethodDescriptor<ReqT,R> method, | |||
| // multiple retries disabled or deadline expired | |||
| return Futures.immediateFailedFuture(t); | |||
| } | |||
| boolean reauth = false; | |||
| if (authProvider.requiresReauth(t)) { | |||
| if (afterReauth) { | |||
There was a problem hiding this comment.
Do not understand why to have such condition...
msberyanov
commented
Jul 1, 2024
| @@ -646,10 +635,9 @@ public void onError(Throwable t) { | |||
| if (finished) { | |||
| finalError = true; | |||
| } else { | |||
| reauthed = !lastAuthFailed && reauthIfRequired(t, sentCallOptions); | |||
msberyanov
force-pushed
the
feature/etcd-creds_hot-reload
branch
from
60817db
to
e9f0674
Compare
Signed-off-by: Maxim Beryanov <msberyanov@gmail.com>
msberyanov
force-pushed
the
feature/etcd-creds_hot-reload
branch
from
e9f0674
to
6ef25d3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.