This repository was archived by the owner on Mar 11, 2022. It is now read-only.
Conversation
Move more functionality in the CookieBaseInterceptor. Throw more explicit exceptions for auth problems. Do not disable auth methods after exceptions. Prevent multiple simultaneous session renewal attempts.
Added a test for multiple threads expriencing session expiry and trying to renew, asserting that only one renewal attempt is made. Added IAM token 429 retry tests for success and failure cases.
smithsz
approved these changes
Sep 27, 2019
bessbd
approved these changes
Sep 27, 2019
This was referenced May 26, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist
CHANGES.md|CHANGELOG.md) or test/build only changesDescription
Improvements to session renewal logic.
1. Steps to reproduce and the simplest code sample possible to demonstrate the issue
Allow an IAM session to expire while running multiple client threads.
2. What you expected to happen
Session renewal to succeed.
3. What actually happened
Session renewal fails because the IAM service is rate limited and the multiple renewal attempts cause 429 responses that disable subsequent IAM auth.
Approach
The existing interceptor model was based on multiple auth renewal requests not causing a problem. Clearly that is not the case for IAM. Additionally during session renewal failures errors were logged and the auth disabled to allow requests to proceed through to the service and get a
401response. This is the same as what would happen when the response proceeded with invalid creds, but it was confusing for support operatives to see requests without credentials.To resolve these problems the exceptions will be thrown directly from the interceptors when there are problems re-authenticating, rather than delegating the unauth response to the server and locking will be introduced around the session renewal attempts to prevent multiple simultaneous attempts to renew the same session.
Refactored session renewal interceptors
Upgraded okhttp dependency to 3.12.5
Updated CHANGES
Schema & API Changes
CouchDbException.Security and Privacy
Testing
oraclejdk8toopenjdk8because the default image has changedMonitoring and Logging
Removed logging where exceptions are thrown instead.