Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] MINOR: Use named class for ExpiringCredential to improve principalLogText() output #12587

Draft
wants to merge 3 commits into
base: trunk
Choose a base branch
from
Draft

[WIP] MINOR: Use named class for ExpiringCredential to improve principalLogText() output #12587

wants to merge 3 commits into from

Conversation

ijuma
Copy link
Contributor

@ijuma ijuma commented Sep 2, 2022
edited

ExpiringCredentialRefreshingLogin.principalLogText() outputs the expiring credential
simple class name, which is empty for anonymous classes.

I also took the change to remove effectively dead code given that some of
the checks would always have the same result.

Committer Checklist (excluded from commit message)

  • Verify design and implementation
  • Verify test coverage and CI build status
  • Verify documentation (including upgrade notes)

ijuma
ijuma commented Sep 2, 2022
View reviewed changes
.../kafka/common/security/oauthbearer/internals/expiring/ExpiringCredentialRefreshingLogin.java
if (log.isDebugEnabled())
log.debug("[Principal={}]: It is an expiring credential after re-login as expected",
principalLogText());
}
}
}

private String principalLogText() {
return expiringCredential == null ? principalName
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rondagostino Do you recall why we had this code? I don't understand how we'd have no expiring credential and a non-null principal name. It seems like the latter would always be set from the expiring credential? Or am I missing something?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are correct, given the way the code is written it is not possible to have both expiringCredential == null and principalName != null. I can't remember specifically why the code was written this way, but it was probably just being defensive in case the above constraint is ever violated. But the constraint is an intuitive one and the code will almost certainly not evolve in such a way as to violate it, so I think it may just cause the question to be raised and add to confusion.

@ijuma ijuma marked this pull request as draft September 2, 2022 22:07
@ijuma ijuma changed the title MINOR: Use named class for ExpiringCredential to improve principalLogText() output [WIP] MINOR: Use named class for ExpiringCredential to improve principalLogText() output Sep 2, 2022
@ijuma
MINOR: Use named class for ExpiringCredential to improve `principalLo…
b5d15ed 
…gText()` output

`principalLogText()` outputs the expiring credential simple class name
and it's empty for anonymous classes.
@ijuma
Simplify
785f79b
@ijuma
CLean-ups
e4064bd
@rondagostino
Copy link
Contributor

rondagostino commented Jan 13, 2023
edited

Ok, I looked at this again, and I think there was a mistake combined with a poorly named variable that was causing confusion.

The private String principalName = null; variable that you want to remove should have originally been named private String lastKnownPrincipalName = null;

The reason this variable exists is because of the potential for this case to occur when trying to invoke reLogin():

            if (!hasExpiringCredential) {
                /*
                 * Re-login has failed because our login() invocation has not generated a
                 * credential but has also not generated an exception. We won't exit here;
                 * instead we will allow login retries in case we can somehow fix the issue (it
                 * seems likely to be a bug, but it doesn't hurt to keep trying to refresh).
                 */
                log.error("No Expiring Credential after a supposedly-successful re-login");
                principalName = null;

The bug is the line principalName = null; -- that line should not exist. If we had named the variable correctly we would have seen that we are blanking out the last-known principal name, which we should not do. This case should result in the expiring credential being null but the last known principal reflecting the principal that we last had, but with this line it doesn't happen -- we get a null credential and a null last-known name, which is pointless (and therefore I see why with the bad name you wanted to remove it). But keeping this last-known principal name around is why the logging-related method exists as follows (with the rename from principalName to lastKnownPrincipalName included):

    private String principalLogText() {
        return expiringCredential == null ? lastKnownPrincipalName
                : expiringCredential.getClass().getSimpleName() + ":" + lastKnownPrincipalName;
    }

Apologies for this morass -- two mistakes compounded into something quite confusing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rondagostino rondagostino rondagostino left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@ijuma @rondagostino