You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@beam.apache.org by "Luke Cwik (JIRA)" <ji...@apache.org> on 2017/07/19 20:12:01 UTC

[jira] [Resolved] (BEAM-2642) Upgrade to Google Auth 0.7.1

     [ https://issues.apache.org/jira/browse/BEAM-2642?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Luke Cwik resolved BEAM-2642.
-----------------------------
       Resolution: Fixed
    Fix Version/s: 2.2.0

> Upgrade to Google Auth 0.7.1
> ----------------------------
>
>                 Key: BEAM-2642
>                 URL: https://issues.apache.org/jira/browse/BEAM-2642
>             Project: Beam
>          Issue Type: Bug
>          Components: sdk-java-gcp
>    Affects Versions: 2.0.0, 2.1.0
>            Reporter: Luke Cwik
>            Assignee: Luke Cwik
>             Fix For: 2.2.0
>
>
> Looking up application default credentials on a GCE VM can fail due to VM metadata server being unavailable during VM launch. This is a rare event but Google Cloud Dataflow customers hit this rare case one or two times a month due to the sheer number of VMs. GCE attempted to mitigate VM metadata server unavailability but were only able to reduce it be an order of magnitude thus we need support from the client to retry. Additionally, when contacting the GCE VM metadata server, we should be using the fixed IP address avoiding the nameserver lookup (another potential point of failure).
> Problem area in the code:
> https://github.com/google/google-auth-library-java/blob/b94f8e4d02bf6917af2e2f7ef8d7114a51dbcfa8/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L261
> Note that the code in this library and the Apiary auth support code are very similar. The fix was done within the Apiary auth code (note the use of the static IP address and also the presence of a fixed number of retries):
> https://github.com/google/google-api-java-client/blob/4fc8c099d9db5646770868cc1bc9a33c9225b3c7/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/OAuth2Utils.java#L74
> It turned out that the fixes resulted in zero future customer contacts about this issue.
> Google Auth 0.7.1 was released containing these fixes mentioned in https://github.com/google/google-auth-library-java/issues/109



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)