From 4afed7358786876cbdc4e27240f7dabd273166f0 Mon Sep 17 00:00:00 2001 From: "Ian (Hee) Cha" Date: Wed, 31 May 2023 11:26:35 -0700 Subject: [PATCH] [credentialhelper] Ignore all errors when writing stdin (#18540) It's totally fine for helpers to not care about the request on stdin and close stdin early. ``` ERROR: java.io.IOException: Broken pipe at java.base/java.io.FileOutputStream.writeBytes(Native Method) at java.base/java.io.FileOutputStream.write(Unknown Source) at java.base/java.io.BufferedOutputStream.flushBuffer(Unknown Source) at java.base/java.io.BufferedOutputStream.flush(Unknown Source) at java.base/java.io.FilterOutputStream.close(Unknown Source) at java.base/sun.nio.cs.StreamEncoder.implClose(Unknown Source) at java.base/sun.nio.cs.StreamEncoder.close(Unknown Source) at java.base/java.io.OutputStreamWriter.close(Unknown Source) at com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelper.getCredentials(CredentialHelper.java:83) at com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperCredentials.getCredentialsFromHelper(CredentialHelperCredentials.java:108) at com.github.benmanes.caffeine.cache.BoundedLocalCache.lambda$doComputeIfAbsent$13(BoundedLocalCache.java:2451) at java.base/java.util.concurrent.ConcurrentHashMap.compute(Unknown Source) at com.github.benmanes.caffeine.cache.BoundedLocalCache.doComputeIfAbsent(BoundedLocalCache.java:2449) at com.github.benmanes.caffeine.cache.BoundedLocalCache.computeIfAbsent(BoundedLocalCache.java:2432) at com.github.benmanes.caffeine.cache.LocalCache.computeIfAbsent(LocalCache.java:107) at com.github.benmanes.caffeine.cache.LocalManualCache.get(LocalManualCache.java:62) at com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperCredentials.getRequestMetadata(CredentialHelperCredentials.java:80) at com.google.auth.Credentials.blockingGetToCallback(Credentials.java:112) at com.google.auth.Credentials$1.run(Credentials.java:98) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) ``` Follow-up on https://github.com/bazelbuild/bazel/commit/7c235ff15190b1eefdbd34696a55272bbb221435 Closes #18501. PiperOrigin-RevId: 536403312 Change-Id: I837bae70978e29f748c0fcc398c8f64de2b7b7c6 Co-authored-by: Yannic --- .../lib/authandtls/credentialhelper/CredentialHelper.java | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java b/src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java index cf15e0f917c35a..d493dac75a1e31 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java +++ b/src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java @@ -82,12 +82,8 @@ public GetCredentialsResponse getCredentials(CredentialHelperEnvironment environ GSON.toJson(GetCredentialsRequest.newBuilder().setUri(uri).build(), stdin); } catch (IOException e) { // This can happen if the helper prints a static set of credentials without reading from - // stdin (e.g., with a simple shell script running `echo "{...}"`). If the process is - // already finished even though we failed to write to its stdin, ignore the error and - // assume the process did not need the request payload. - if (!process.finished()) { - throw e; - } + // stdin (e.g., with a simple shell script running `echo "{...}"`). This is fine to + // ignore. } try {