Storage API: Inappropriate caching and re-use of differently-authenticated filesystem providers #698
Labels
api: storage
Issues related to the googleapis/java-storage-nio API.
priority: p1
Important issue which blocks shipping the next release. Will be fixed prior to next release.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
We recently updated to the latest version of the
java-storage-nio
library but almost immediately ran into issues with threads handling requests from different users having their filesystem providers and authentication mixed up. This resulted - luckily - in only “access denied” exceptions before we noticed and reverted the update but might have been much worse.The problem seems to be coming from the changes made in #168 whereby the CloudStorageFileSystem is now caching providers in its
CONFIG_TO_PROVIDERS_MAP
(see: get, put) but not recognizing that differently authenticated providers might nevertheless be sharing a single value ofconfig
.We believe that this would not be the case if the
CONFIG_TO_PROVIDERS_MAP
were to be keyed on the combination ofconfig
(which might be a single global value, as in our case) ANDstorageOptions
(which contains the authentication information).Side note: As Brian also mentioned in #691, the
HashSets
in that file seem to be storing objects whose hashes can mutate (and indeed, would be expected to mutate when their auth state is changed), which might also be causing unexpected behavior on lookup (which might actually have saved us from even more unexpected filesystem provider re-use).The text was updated successfully, but these errors were encountered: