Add timeouts to keyring operations #7580
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
samcoe
commented
Jun 14, 2023
internal/keyring/keyring.go
Outdated
|
|
||
| // Set secret in keyring for user. | ||
| func Set(service, user, secret string) error { | ||
| duration := time.Second |
There was a problem hiding this comment.
Open to other times, 1 second seemed reasonable though.
| } | ||
|
|
||
| // Get secret from keyring given service and user name. | ||
| func Get(service, user string) (string, error) { |
There was a problem hiding this comment.
I'm trying to figure out if this function is racy or not. See this playground: https://go.dev/play/p/hCpEywlYjiR which you can run a few times to see different results).
I think it is racy, like the example in the playground, but I can't quite convince myself that time.Sleep doesn't have some impact on goroutine scheduling. Either way, unless you're sure this code isn't racy then I think we should change it. At the heart of the issue is that select can choose any channel branch that succeeds, and putting a value on one channel can race with closing the other, e.g. errCh <- err racing with close(resCh).
There are a few possible (I think) fixes for this:
- Using unbuffered channels will block the write until someone reads, preventing the
closeuntil a branch has already been picked - Move the
closesuntil after a decision has been made - Use a result struct
type result struct { secret string, error string }or anonymous structc := make(chan struct { string; error })and only have a single channel
I would favour 3, as any use of multiple channels has the propensity to introduce these kinds of hard to reason about issues and there's probably a reason I've seen it used so many times.
On the other hand, if you know a reason this isn't racy then please hit me with that knowledge!
There was a problem hiding this comment.
Great catch here, I do think there is a race condition! I had not thought about how select would work with defer close. I was thinking about using option 3 originally, seems like the best solution, I will make the change.
| } | ||
|
|
||
| // Set secret in keyring for user. | ||
| func Set(service, user, secret string) error { |
There was a problem hiding this comment.
Another option here that might be a minor improvement would be to remove the context in favour of a time.After i.e.
func Set(service, user, secret string) error {
ch := make(chan error, 1)
go func() {
defer close(ch)
ch <- keyring.Set(service, user, secret)
}()
select {
case err := <- ch:
return err
case <- time.After(time.Second)
return &TimeoutError{"timeout while trying to set secret in keyring"}
}The reason I say minor improvement is that I think it's a touch more explicit. When I see a context I generally expect it to have come from somewhere and to be going somewhere. It also doesn't come with a footgun of not calling cancel.
There was a problem hiding this comment.
TIL time.After. Great suggestion. Implemented.
williammartin
approved these changes
Jun 20, 2023
There was a problem hiding this comment.
Thanks for making the changes. I think maybe a little longer delay would be good in case there are legitimately slow systems but it's a total finger in the air.
I left one more totally non-blocking comment which you are free to ignore.
It's a shame that all the go-keyring stuff is managed by init and with private variables and types, so we can't inject any timeout behaviour into the mock.
renovate bot
referenced
this pull request
in scottames/dots
Jun 23, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [aquaproj/aqua-registry](https://togithub.com/aquaproj/aqua-registry) | minor | `v4.20.0` -> `v4.21.1` | | [cli/cli](https://togithub.com/cli/cli) | minor | `v2.30.0` -> `v2.31.0` | | [weaveworks/eksctl](https://togithub.com/weaveworks/eksctl) | minor | `v0.145.0` -> `v0.146.0` | | [zellij-org/zellij](https://togithub.com/zellij-org/zellij) | patch | `v0.37.1` -> `v0.37.2` | --- ### Release Notes <details> <summary>aquaproj/aqua-registry</summary> ### [`v4.21.1`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.21.1) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.21.0...v4.21.1) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.21.1) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.21.1) | aquaproj/aqua-registry@v4.21.0...v4.21.1 #### Fixes [#​13199](https://togithub.com/aquaproj/aqua-registry/issues/13199) kubernetes-sigs/kustomize: Follow up changes of kustomize v5.1.0 - [https://github.com/kubernetes-sigs/kustomize/issues/5220](https://togithub.com/kubernetes-sigs/kustomize/issues/5220) ### [`v4.21.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.21.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.20.0...v4.21.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.21.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.21.0) | aquaproj/aqua-registry@v4.20.0...v4.21.0 #### 🎉 New Packages [#​13173](https://togithub.com/aquaproj/aqua-registry/issues/13173) [assetnote/surf](https://togithub.com/assetnote/surf): Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates [#​13174](https://togithub.com/aquaproj/aqua-registry/issues/13174) [iyear/tdl](https://togithub.com/iyear/tdl): A Telegram downloader written in Golang [#​13172](https://togithub.com/aquaproj/aqua-registry/issues/13172) [nikolaydubina/go-cover-treemap](https://togithub.com/nikolaydubina/go-cover-treemap): Go code coverage to SVG treemap [@​iwata](https://togithub.com/iwata) </details> <details> <summary>cli/cli</summary> ### [`v2.31.0`](https://togithub.com/cli/cli/releases/tag/v2.31.0): GitHub CLI 2.31.0 [Compare Source](https://togithub.com/cli/cli/compare/v2.30.0...v2.31.0) #### What's New - New suite of `project` commands for interacting with and manipulating projects. Huge shoutout 🥳 for the time and effort put into this work by [@​mntlty](https://togithub.com/mntlty) in [https://github.com/cli/cli/pull/7375](https://togithub.com/cli/cli/pull/7375) [https://github.com/cli/cli/pull/7578](https://togithub.com/cli/cli/pull/7578) - New `search code` command by [@​joshkraft](https://togithub.com/joshkraft) in [https://github.com/cli/cli/pull/7376](https://togithub.com/cli/cli/pull/7376) - New `cs view` command by [@​dmgardiner25](https://togithub.com/dmgardiner25) in [https://github.com/cli/cli/pull/7496](https://togithub.com/cli/cli/pull/7496) [https://github.com/cli/cli/pull/7539](https://togithub.com/cli/cli/pull/7539) #### What's Changed - `api`: output a single JSON array in REST pagination mode by [@​mislav](https://togithub.com/mislav) in [https://github.com/cli/cli/pull/7190](https://togithub.com/cli/cli/pull/7190) - `api`: support array params in GET queries by [@​mislav](https://togithub.com/mislav) in [https://github.com/cli/cli/pull/7513](https://togithub.com/cli/cli/pull/7513) - `api`: force method to uppercase by [@​ffalor](https://togithub.com/ffalor) in [https://github.com/cli/cli/pull/7514](https://togithub.com/cli/cli/pull/7514) - `alias`: Allow aliases to recognize extended commands by [@​srz-zumix](https://togithub.com/srz-zumix) in [https://github.com/cli/cli/pull/7523](https://togithub.com/cli/cli/pull/7523) - `alias import`: Fix `--clobber` flag by [@​samcoe](https://togithub.com/samcoe) in [https://github.com/cli/cli/pull/7569](https://togithub.com/cli/cli/pull/7569) - `run rerun`: Improve docs around `--job` flag by [@​williammartin](https://togithub.com/williammartin) in [https://github.com/cli/cli/pull/7527](https://togithub.com/cli/cli/pull/7527) - `run view`: Support viewing logs for jobs with composite actions by [@​williammartin](https://togithub.com/williammartin) in [https://github.com/cli/cli/pull/7526](https://togithub.com/cli/cli/pull/7526) - `gist edit`: Add selector option to `gist edit` command by [@​kousikmitra](https://togithub.com/kousikmitra) in [https://github.com/cli/cli/pull/7537](https://togithub.com/cli/cli/pull/7537) - `repo clone`: Set upstream remote to track all branches after initial fetch by [@​samcoe](https://togithub.com/samcoe) in [https://github.com/cli/cli/pull/7542](https://togithub.com/cli/cli/pull/7542) - `extension`: Speed up listing extensions by lazy-loading extension information when needed by [@​mislav](https://togithub.com/mislav) in [https://github.com/cli/cli/pull/7493](https://togithub.com/cli/cli/pull/7493) - `auth`: Add timeouts to keyring operations by [@​samcoe](https://togithub.com/samcoe) in [https://github.com/cli/cli/pull/7580](https://togithub.com/cli/cli/pull/7580) - `auth status`: write to stdout on success by [@​rajhawaldar](https://togithub.com/rajhawaldar) in [https://github.com/cli/cli/pull/7540](https://togithub.com/cli/cli/pull/7540) - `completion`: Fix bash completions for extensions and aliases by [@​mislav](https://togithub.com/mislav) in [https://github.com/cli/cli/pull/7525](https://togithub.com/cli/cli/pull/7525) - `issue/pr view`: alphabetically sort labels for `gh pr/issue view` by [@​ffalor](https://togithub.com/ffalor) in [https://github.com/cli/cli/pull/7587](https://togithub.com/cli/cli/pull/7587) - Fix error handling for extension and shell alias commands by [@​samcoe](https://togithub.com/samcoe) in [https://github.com/cli/cli/pull/7567](https://togithub.com/cli/cli/pull/7567) - Fix pkg imported more than once by [@​testwill](https://togithub.com/testwill) in [https://github.com/cli/cli/pull/7591](https://togithub.com/cli/cli/pull/7591) - Refactor a nested if statement by [@​yanskun](https://togithub.com/yanskun) in [https://github.com/cli/cli/pull/7596](https://togithub.com/cli/cli/pull/7596) - Fix a typo by [@​lerocknrolla](https://togithub.com/lerocknrolla) in [https://github.com/cli/cli/pull/7557](https://togithub.com/cli/cli/pull/7557) - Fix flaky test by [@​samcoe](https://togithub.com/samcoe) in [https://github.com/cli/cli/pull/7515](https://togithub.com/cli/cli/pull/7515) - Credential rotations, renames and decouplings from Mislav by [@​williammartin](https://togithub.com/williammartin) in [https://github.com/cli/cli/pull/7544](https://togithub.com/cli/cli/pull/7544) - build(deps): bump github.com/cli/go-gh/v2 from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/cli/cli/pull/7546](https://togithub.com/cli/cli/pull/7546) - build(deps): bump github.com/AlecAivazis/survey/v2 from 2.3.6 to 2.3.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/cli/cli/pull/7576](https://togithub.com/cli/cli/pull/7576) #### New Contributors - [@​srz-zumix](https://togithub.com/srz-zumix) made their first contribution in [https://github.com/cli/cli/pull/7523](https://togithub.com/cli/cli/pull/7523) - [@​lerocknrolla](https://togithub.com/lerocknrolla) made their first contribution in [https://github.com/cli/cli/pull/7557](https://togithub.com/cli/cli/pull/7557) - [@​testwill](https://togithub.com/testwill) made their first contribution in [https://github.com/cli/cli/pull/7591](https://togithub.com/cli/cli/pull/7591) - [@​rajhawaldar](https://togithub.com/rajhawaldar) made their first contribution in [https://github.com/cli/cli/pull/7540](https://togithub.com/cli/cli/pull/7540) **Full Changelog**: cli/cli@v2.30.0...v2.31.0 </details> <details> <summary>weaveworks/eksctl</summary> ### [`v0.146.0`](https://togithub.com/weaveworks/eksctl/releases/tag/v0.146.0): eksctl 0.146.0 (permalink) [Compare Source](https://togithub.com/weaveworks/eksctl/compare/0.145.0...0.146.0) ### Release v0.146.0 #### 🎯 Improvements - Update vpc-cni to 1.12.6 ([#​6692](https://togithub.com/weaveworks/eksctl/issues/6692)) #### 🧰 Maintenance - Bump dependencies ([#​6690](https://togithub.com/weaveworks/eksctl/issues/6690)) #### 📝 Documentation - New eksctl channel ([#​6697](https://togithub.com/weaveworks/eksctl/issues/6697)) #### Acknowledgments Weaveworks would like to sincerely thank: [@​wind0r](https://togithub.com/wind0r) </details> <details> <summary>zellij-org/zellij</summary> ### [`v0.37.2`](https://togithub.com/zellij-org/zellij/releases/tag/v0.37.2) [Compare Source](https://togithub.com/zellij-org/zellij/compare/v0.37.1...v0.37.2) This is a patch release to fix some minor issues in the previous release. #### What's Changed - hotfix: include theme files into binary by [@​jaeheonji](https://togithub.com/jaeheonji) in [https://github.com/zellij-org/zellij/pull/2566](https://togithub.com/zellij-org/zellij/pull/2566) - fix(plugins): make hide_self api idempotent by [@​imsnif](https://togithub.com/imsnif) in [https://github.com/zellij-org/zellij/pull/2568](https://togithub.com/zellij-org/zellij/pull/2568) **Full Changelog**: zellij-org/zellij@v0.37.1...v0.37.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/scottames/dots). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMzEuMCIsInVwZGF0ZWRJblZlciI6IjM1LjEzMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This comment was marked as spam.
This comment was marked as spam.
1 task
Sign up for free
to join this conversa
7054
tion on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds some timeouts to keyring operations that have been reported as hanging in some WSL and Windows machines. The underlying issue stems from the
go-keyringpackage that we use so until the bugs get fixed there we should properly handle the cases where it hangs.Fixes #7208