fix: refresh Keycloak token during long --waitFor polling loop#362
Open
Aman-Cool wants to merge 1 commit into
Open
fix: refresh Keycloak token during long --waitFor polling loop#362Aman-Cool wants to merge 1 commit into
Aman-Cool wants to merge 1 commit into
Conversation
Bearer token was acquired once and never refreshed, causing 401s after token TTL expired mid-poll. GetTestResult now checks HTTP status before unmarshalling so expired-token responses surface as clear errors instead of silently zeroing the TestResultSummary and breaking the loop early. Signed-off-by: Aman-Cool <aman017102007@gmail.com>
Aman-Cool
force-pushed
the
fix/token-expiry-polling-loop
branch
from
64525c6 to
d943b52
Compare
Author
|
@Harsh4902, would love a review on this when you get a chance. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ran into something subtle while testing an
ASYNC_API_SCHEMAconformance run with a 10-minute--waitFor.The pipeline went red. The CLI printed
success: false, inProgress: falseand exited 1 ; looked exactly like a test failure. Spent a while staring at the API implementation before realising the test on the Microcks server had actually passed. The CLI had just… stopped reading it.The culprit: in the headless path (
--microcksURL+--clientId+--clientSecret), we callConnectAndGetTokenonce at startup, hand the token toSetOAuthToken, and never touch it again. Five minutes in, Keycloak's default access token TTL kicks in. The Microcks API starts returning 401s.Here's the quiet part;
GetTestResultnever checkedresp.StatusCode. It just read the body and calledjson.Unmarshalon it. If Spring Security returned an empty 401 body, you'd get"failed to parse test result response: unexpected end of JSON input"(confusing, but at least loud). If it returned a JSON error object, the unmarshal succeeded into a zeroedTestResultSummary;Success: false, InProgress: false; and the loop broke clean, printing what looked like a completed result. No mention of auth anywhere.The fix is in three places:
GetTestResultnow checks the status code first. A 401 returns a named error that says"bearer token has expired"so the next person doesn't chase the wrong thing.ConnectAndGetTokennow returnsexpires_inalongside the token (and actually checks the HTTP status before asserting onaccess_token, which was a panic waiting to happen on a bad client secret).In
test.go,kcandtokenExpiresAtare kept in scope across the polling loop. At the top of each iteration, if we're within 30 seconds of expiry, we re-run the client credentials grant and callSetOAuthTokenwith the fresh token. For a 30-minute async test against a 5-minute realm, this fires roughly every 5 minutes ; transparent, no user action needed.importandimport-urljust get a_for the new return value; they don't have long-running loops so the TTL doesn't matter to them.