Google Git
Sign in
gerrit / plugins / replication / eac5d4e844c6103b37e8d35ee1ef3eb5ddf117ea^! / .
commiteac5d4e844c6103b37e8d35ee1ef3eb5ddf117ea[log] [tgz]
authorLuca Milanesio <luca.milanesio@gmail.com>Sat Jul 06 00:57:20 2024 +0100
committerLuca Milanesio <luca.milanesio@gmail.com>Tue Jul 09 19:51:55 2024 +0000
treeaea0930aa001d0b1cfe12fcc52901f8fef688b26
parent69c66c8919533635bb7ef36cdd660f48f6647c09 [diff]
Delay the fetching of credentials until push time

The replication plugin can be configured to reload dynamically
the credentials when changed on the filesystem or in the SecureStore
backend.

The overall reloading mechanism worked as long as a new PushOne
object was created per replication task; however, when a push was
failing because of credentials issues, the PushOne object was
requeued without being recreated, causing a chicken & egg situation

Until the PushOne was retried, the old credentials were stored
in the instance and therefore any retry would have failed.
Even though the replication.config was configured for reloading
dynamically the credentials, any task stuck in retry would have
not been able to pass the correct credentials.

Delay the creation of the credentials provider until push
time, so that even in case of retrying replication tasks
the credentials can be dynamically reloaded when changed
on the filesystem.

Change-Id: I2f069a8433651a0db2681b6675f392ff894f27fc

diff --git a/src/main/java/com/googlesource/gerrit/plugins/replication/PushOne.java b/src/main/java/com/googlesource/gerrit/plugins/replication/PushOne.java
index 9d152f6..a4ce5fc 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/replication/PushOne.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/replication/PushOne.java

@@ -79,7 +79,6 @@
 import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
-import org.eclipse.jgit.transport.CredentialsProvider;
 import org.eclipse.jgit.transport.FetchConnection;
 import org.eclipse.jgit.transport.PushResult;
 import org.eclipse.jgit.transport.RefSpec;
@@ -119,7 +118,7 @@
   private final Destination pool;
   private final RemoteConfig config;
   private final ReplicationConfig replConfig;
-  private final CredentialsProvider credentialsProvider;
+  private final CredentialsFactory credentialsFactory;
   private final PerThreadRequestScope.Scoper threadScoper;
 
   private final Project.NameKey projectName;
@@ -166,7 +165,7 @@
     pool = p;
     config = c;
     replConfig = rc;
-    credentialsProvider = cpFactory.create(c.getName());
+    credentialsFactory = cpFactory;
     threadScoper = ts;
     projectName = d;
     uri = u;
@@ -561,7 +560,7 @@
 
   private PushResult pushVia(Transport tn) throws IOException, PermissionBackendException {
     tn.applyConfig(config);
-    tn.setCredentialsProvider(credentialsProvider);
+    tn.setCredentialsProvider(credentialsFactory.create(config.getName()));
 
     List<RemoteRefUpdate> todo = generateUpdates(tn);
     if (todo.isEmpty()) {