oauth/api: drain timer channel on each iteration #5376
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dvdksn
reviewed
Aug 28, 2024
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #5376 +/- ##
==========================================
+ Coverage 60.93% 60.97% +0.03%
==========================================
Files 304 304
Lines 21348 21358 +10
==========================================
+ Hits 13009 13022 +13
+ Misses 7409 7407 -2
+ Partials 930 929 -1 |
laurazard
force-pushed
the
fix-oauth-login-timer
branch
4 times, most recently
from
a29bec2 to
63ef63d
Compare
vvoland
approved these changes
Aug 30, 2024
thaJeztah
reviewed
Aug 30, 2024
laurazard
force-pushed
the
fix-oauth-login-timer
branch
from
63ef63d to
290cf9e
Compare
|
@thaJeztah @vvoland PTAL |
laurazard
force-pushed
the
fix-oauth-login-timer
branch
from
290cf9e to
f2a3abe
Compare
thaJeztah
reviewed
Sep 2, 2024
laurazard
force-pushed
the
fix-oauth-login-timer
branch
2 times, most recently
from
614fb9c to
ad483cf
Compare
thaJeztah
reviewed
Sep 3, 2024
| res, err := a.getDeviceToken(ctx, state) | ||
| if err != nil { | ||
| if errors.Is(err, context.Canceled) { |
There was a problem hiding this comment.
Do we need to handle context.DeadlineExceeded here? We could even use the errdefs helper, but not sure if we want to import it here;
cli/vendor/github.com/docker/docker/errdefs/is.go
Lines 120 to 123 in 092b5f0
There was a problem hiding this comment.
Hmm, the purpose of that:
// if the caller canceled the context, continue
// and let the select hit the ctx.Done() branchis just to make sure we hit the user canceled login error if the user cancels execution while API.getDeviceToken is going rather than the context canceled error from there, so I don't think we need it. This is also all inside /internal, so we don't expect others to import this, so I think it's fine. If the user does get a timeout while trying to connect to the tenant, I think we should error out and let them know.
There was a problem hiding this comment.
Ah, right; yeah, was curious if we wanted to retry if the connection timed out. I guess that would be a bit of an exceptional case, so returning early in that case makes sense as well.
Thanks!
Previously, if while polling for oauth device-code login results a user suspended the process (such as with CTRL-Z) and then restored it with `fg`, an error might occur in the form of: ``` failed waiting for authentication: You are polling faster than the specified interval of 5 seconds. ``` This is due to our use of a `time.Ticker` here - if no receiver drains the ticker channel (and timers/tickers use a buffered channel behind the scenes), more than one tick will pile up, causing the program to "tick" twice, in fast succession, after it is resumed. The new implementation replaces the `time.Ticker` with a `time.Timer` (`time.Ticker` is just a nice wrapper) and introduces a helper function `resetTimer` to ensure that before every `select`, the timer is stopped and it's channel is drained. Signed-off-by: Laura Brehm <[email protected]>
laurazard
force-pushed
the
fix-oauth-login-timer
branch
from
ad483cf to
60d0450
Compare
vvoland
added
process/cherry-picked
and removed
process/cherry-pick
process/cherry-pick/27.x
labels
renovate bot
added a commit
to earthly/dind
that referenced
this pull request
Sep 9, 2024
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker/docker](https://redirect.github.com/docker/docker) | patch | `27.2.0` -> `27.2.1` | --- ### Release Notes <details> <summary>docker/docker (docker/docker)</summary> ### [`v27.2.1`](https://redirect.github.com/moby/moby/releases/tag/v27.2.1) [Compare Source](https://redirect.github.com/docker/docker/compare/v27.2.0-rc.1...v27.2.1) #### 27.2.1 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 27.2.1 milestone](https://redirect.github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.2.1) - [moby/moby, 27.2.1 milestone](https://redirect.github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.2.1) ##### Bug fixes and enhancements - containerd image store: Fix non-container images being hidden in the `docker images` output. [moby/moby#48402](https://redirect.github.com/moby/moby/pull/48402) - containerd image store: Improve `docker pull` error message when the image platform doesn't match. [moby/moby#48415](https://redirect.github.com/moby/moby/pull/48415) - CLI: Fix issue causing login to not remove repository names from passed in registry addresses, resulting in credentials being stored under the wrong key. [docker/cli#5385](https://redirect.github.com/docker/cli/pull/5385) - CLI: Fix issue that will sometimes cause the browser-login flow to fail if the CLI process is suspended and then resumed while waiting for the user to authenticate. [docker/cli#5376](https://redirect.github.com/docker/cli/pull/5376) - CLI: `docker login` now returns an error instead of hanging if called non-interactively with `--password` or `--password-stdin` but without `--user`. [docker/cli#5402](https://redirect.github.com/docker/cli/pull/5402) ##### Packaging updates - Update `runc` to [v1.1.14](https://redirect.github.com/opencontainers/runc/releases/tag/v1.1.14), which contains a fix for [CVE-2024-45310](https://redirect.github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv). [moby/moby#48426](https://redirect.github.com/moby/moby/pull/48426) - Update Go runtime to 1.22.7. [moby/moby#48433](https://redirect.github.com/moby/moby/pull/48433), [docker/cli#5411](https://redirect.github.com/docker/cli/pull/5411), [docker/docker-ce-packaging#1068](https://redirect.github.com/docker/docker-ce-packaging/pull/1068) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6am on monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/earthly/dind). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot
added a commit
to earthly/dind
that referenced
this pull request
Sep 9, 2024
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker/docker](https://redirect.github.com/docker/docker) | patch | `27.2.0` -> `27.2.1` | --- ### Release Notes <details> <summary>docker/docker (docker/docker)</summary> ### [`v27.2.1`](https://redirect.github.com/moby/moby/releases/tag/v27.2.1) [Compare Source](https://redirect.github.com/docker/docker/compare/v27.2.0-rc.1...v27.2.1) #### 27.2.1 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 27.2.1 milestone](https://redirect.github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.2.1) - [moby/moby, 27.2.1 milestone](https://redirect.github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.2.1) ##### Bug fixes and enhancements - containerd image store: Fix non-container images being hidden in the `docker image ls` output. [moby/moby#48402](https://redirect.github.com/moby/moby/pull/48402) - containerd image store: Improve `docker pull` error message when the image platform doesn't match. [moby/moby#48415](https://redirect.github.com/moby/moby/pull/48415) - CLI: Fix issue causing `docker login` to not remove repository names from passed in registry addresses, resulting in credentials being stored under the wrong key. [docker/cli#5385](https://redirect.github.com/docker/cli/pull/5385) - CLI: Fix issue that will sometimes cause the browser-login flow to fail if the CLI process is suspended and then resumed while waiting for the user to authenticate. [docker/cli#5376](https://redirect.github.com/docker/cli/pull/5376) - CLI: `docker login` now returns an error instead of hanging if called non-interactively with `--password` or `--password-stdin` but without `--user`. [docker/cli#5402](https://redirect.github.com/docker/cli/pull/5402) ##### Packaging updates - Update `runc` to [v1.1.14](https://redirect.github.com/opencontainers/runc/releases/tag/v1.1.14), which contains a fix for [CVE-2024-45310](https://redirect.github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv). [moby/moby#48426](https://redirect.github.com/moby/moby/pull/48426) - Update Go runtime to 1.22.7. [moby/moby#48433](https://redirect.github.com/moby/moby/pull/48433), [docker/cli#5411](https://redirect.github.com/docker/cli/pull/5411), [docker/docker-ce-packaging#1068](https://redirect.github.com/docker/docker-ce-packaging/pull/1068) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6am on monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/earthly/dind). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #5375
- What I did
Previously, if while polling for oauth device-code login results a user suspended the process (such as with CTRL-Z) and then restored it with
fg, an error might occur in the form of:This is due to our use of a
time.Tickerhere - if no receiver drains the ticker channel (and timers/tickers use a buffered channel behind the scenes), more than one tick will pile up, causing the program to "tick" twice, in fast succession, after it is resumed.- How I did it
The new implementation replaces the
time.Tickerwith atime.Timer(time.Tickeris just a nice wrapper) and introduces a helper functionresetTimerto ensure that before everyselect, the timer is stopped and it's channel is drained.- How to verify it
Reproduce as described in #5375
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)