OSIS-165: cap getCredentials access-denied recovery to a single retry#162
Closed
anurag4DSB wants to merge 1 commit into
Closed
Conversation
|
LGTM — the unbounded recursion is correctly replaced with a one-shot retry: recover once, retry once, rethrow on persistent failure. The two-arg setupAssumeRole is synchronous (only the OsisTenant overload is @async), so the retry correctly waits for role recreation to finish. Test coverage for the persistent-failure path is solid. |
Contributor
Author
|
Superseded by #168, which re-points the same single-retry cap at the original getCredentials on main (the recursion bug exists in production code, so the refactor is not needed to fix it). Closing this one. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Intent: why does this change exist?
A persistent Vault ACCESS_DENIED on assume-role made
ScalityTenantSession.getCredentialsrecreate the role and then call itself again, with no bound, so a Vault misconfiguration could recurse forever and risk a StackOverflowError. OSIS-162 preserved this behavior as-is; OSIS-165 caps it.System impact: what's affected, including downstream?
Only the assume-role credential path used by
getIamClient/getS3ClientinScalityTenantSession. Callers that previously could hang/overflow on a misconfigured role now get a fast, clearVaultServiceExceptioncarrying the original AccessDenied error code.Preserved behavior: what explicitly stays the same?
The happy path is unchanged: a first-time AccessDenied still triggers
setupAssumeRole(resolving the account name viagetAccount) followed by a successful retry. Non-AccessDenied Vault errors are still rethrown immediately without any recovery.Intended change: what's different after this PR?
The unbounded self-recursion is replaced by a one-shot retry: recover once, retry once, and if AccessDenied persists rethrow the existing
VaultServiceExceptioninstead of recursing again. The retry/recovery routine (setupAssumeRole) now runs at most once.Verification: how do we know this worked, or how would we know if it didn't?
Added
stopsRetryingWhenAccessDeniedPersistsAfterRecreatingRolewhich feeds a persistent AccessDenied and asserts a thrownVaultServiceException,setupAssumeRoleinvoked exactly once, and exactly two assume-role attempts (no infinite loop). Ran:osis-core:test(all 12 ScalityTenantSessionTest cases pass) andjacocoTestCoverageVerification(passes, stays >=75%).