Prevent context canceled errors from being permanent in authorizer

Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com> Check if context is canceled before returning cached token or err. Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com> Fix possible race conditions Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com> Fix block Signed-off-by: Vlad A. Ionescu <vladaionescu@users.noreply.github.com>
2020-10-08 15:54:18 -07:00 · 2020-10-08 15:54:18 -07:00 · d127edf990
parent 2b6cccb9b3
commit d127edf990
1 changed files with 20 additions and 2 deletions
--- a/util/resolver/authorizer.go
+++ b/util/resolver/authorizer.go
@ -269,13 +269,31 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro
 	scoped := strings.Join(to.Scopes, " ")

 	ah.Lock()
-	if r, exist := ah.scopedTokens[scoped]; exist {
+	for {
+		r, exist := ah.scopedTokens[scoped]
+		if !exist {
+			// no entry cached
+			break
+		}
 		ah.Unlock()
 		r.Wait()
-		if r.expires.IsZero() || r.expires.After(time.Now()) {
+		if r.err != nil {
+			select {
+			case <-ctx.Done():
+				return "", r.err
+			default:
+			}
+		}
+		if !errors.Is(r.err, context.Canceled) &&
+			(r.expires.IsZero() || r.expires.After(time.Now())) {
 			return r.token, r.err
 		}
+		// r.err is canceled or token expired. Get rid of it and try again
 		ah.Lock()
+		r2, exist := ah.scopedTokens[scoped]
+		if exist && r == r2 {
+			delete(ah.scopedTokens, scoped)
+		}
 	}

 	// only one fetch token job