Skip to content

Fix authentication mechanism #379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix authentication mechanism #379

wants to merge 1 commit into from

Conversation

@mdumandag
Copy link
Contributor

@mdumandag mdumandag commented Mar 10, 2021
edited
Loading

As of now, during the authentication process, we, more or less, do the
following:

  • Send an authentication request
  • Put a future that will be resolved after the authentication request completes
    to the pending connections that performs client-side authentication logic
    (ConnectionManager#on_auth)
  • Return the future

The problem is that, through unlucky timing, we might perform the
authentication logic before putting the future to the pending connections
map. Such as,

  • Clients initiates get_or_connect in the main thread during startup
  • We send the authentication request in the main thread
  • Before we return the invocation future, and add a callback to it,
    Python schedules the reactor thread, we write the request to wire,
    and get back the response.
  • Python schedules the main thread again, it is now trying to add
    a callback to a completed future. Since it is completed, it executes
    the authentication logic immediately. One of the steps of the client
    side authentication logic is to remove the connection from the pending
    connections map. Since the future is not put into the map yet, nothing
    is removed.
  • We then add this future to the pending connections map, but since
    it is already completed, no one is going to remove it from the
    pending connections map.
  • During the shutdown, we see an unexpected entry in the pending
    connections map and fail.

To solve this, we put a future directly into the pending connections
and perform the logic afterward.

Closes #378

@mdumandag mdumandag added this to the 4.1 milestone Mar 10, 2021
@mdumandag mdumandag self-assigned this Mar 10, 2021
@mdumandag
Fix authentication mechanism
177f2bb 
As of now, during the authentication process, we, more or less, do the
following:

- Send an authentication request
- Put a future that will be resolved after the authentication request completes
to the pending connections that performs client-side authentication logic
(ConnectionManager#on_auth)
- Return the future

The problem is that, through unlucky timing, we might perform the
authentication logic before putting the future to the pending connections
map. Such as,

- Clients initiates get_or_connect in the main thread during startup
- We send the authentication request in the main thread
- Before we return the invocation future, and add a callback to it,
Python schedules the reactor thread, we write the request to wire,
and get back the response.
- Python schedules the main thread again, it is now trying to add
a callback to a completed future. Since it is completed, it executes
the authentication logic immediately. One of the steps of the client
side authentication logic is to remove the connection from the pending
connections map. Since the future is not put into the map yet, nothing
is removed.
- We then add this future to the pending connections map, but since
it is already completed, no one is going to remove it from the
pending connections map.
- During the shutdown, we see an unexpected entry in the pending
connections map and fail.

To solve this, we put a future directly into the pending connections
and perform the logic afterward.
@srknzl srknzl self-requested a review March 25, 2021 07:05
@srknzl
Copy link
Contributor

srknzl commented Mar 26, 2021

Python schedules the reactor thread

What is a reactor thread

@srknzl
Copy link
Contributor

srknzl commented Mar 26, 2021

This is so interesting :)

@srknzl
Copy link
Contributor

srknzl commented Mar 26, 2021

To solve this, we put a future directly into the pending connections
and perform the logic afterward.

yeah this is what I thought as well immediately after reading the problem

srknzl
srknzl reviewed Mar 26, 2021
View reviewed changes
hazelcast/connection.py
else:
e = response.exception()
# This will set the exception for the pending connection future
connection.close("Failed to authenticate connection", err)
Copy link
Contributor

@srknzl srknzl Mar 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this close calls cause self._authenticate(connection) call to raise exception. Is this right?

@mdumandag
Copy link
Contributor Author

mdumandag commented Apr 2, 2021

Closing this in favor of #388

@mdumandag mdumandag closed this Apr 2, 2021
@mdumandag mdumandag deleted the auth-fix branch April 2, 2021 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@srknzl srknzl Awaiting requested review from srknzl

Assignees

@mdumandag mdumandag

Labels

Source: Internal Type: Defect

Projects

None yet

Milestone

4.1

Development

Successfully merging this pull request may close these issues.

tests.proxy.cp.fenced_lock_test.FencedLockTest.test_lock_after_client_shutdown

2 participants

@mdumandag @srknzl