Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Race condition in SmallRye Config property expansion for @RolesAllowed value? #30988

Closed
gsmet opened this issue Feb 8, 2023 · 7 comments · Fixed by #31141
Closed

Race condition in SmallRye Config property expansion for @RolesAllowed value? #30988

gsmet opened this issue Feb 8, 2023 · 7 comments · Fixed by #31141
Labels
area/security env/windows Impacts Windows machines
Milestone

Comments

@gsmet
Copy link
Member

gsmet commented Feb 8, 2023

We sometimes have LazyAuthRolesAllowedConfigExpTestCase failing on CI with the error above.
I saw it on Windows which is usually a bit slower than the Linux hosts so it could be a race condition somewhere.

2023-02-07T16:47:39.2239103Z [ERROR] io.quarkus.resteasy.reactive.server.test.security.LazyAuthRolesAllowedConfigExpTestCase  Time elapsed: 1.229 s  <<< ERROR!
2023-02-07T16:47:39.2240204Z java.lang.RuntimeException: java.lang.RuntimeException: Failed to start quarkus
2023-02-07T16:47:39.2241332Z 	at io.quarkus.test.QuarkusUnitTest.beforeAll(QuarkusUnitTest.java:689)
2023-02-07T16:47:39.2242144Z 	at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$invokeBeforeAllCallbacks$12(ClassBasedTestDescriptor.java:395)
2023-02-07T16:47:39.2243041Z 	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
2023-02-07T16:47:39.2243964Z 	at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.invokeBeforeAllCallbacks(ClassBasedTestDescriptor.java:395)
2023-02-07T16:47:39.2244876Z 	at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.before(ClassBasedTestDescriptor.java:211)
2023-02-07T16:47:39.2245670Z 	at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.before(ClassBasedTestDescriptor.java:84)
2023-02-07T16:47:39.2246476Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:148)
2023-02-07T16:47:39.2247297Z 	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
2023-02-07T16:47:39.2248130Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
2023-02-07T16:47:39.2248832Z 	at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
2023-02-07T16:47:39.2249559Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
2023-02-07T16:47:39.2250371Z 	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
2023-02-07T16:47:39.2251227Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
2023-02-07T16:47:39.2252249Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
2023-02-07T16:47:39.2252872Z 	at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
2023-02-07T16:47:39.2253772Z 	at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
2023-02-07T16:47:39.2255230Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
2023-02-07T16:47:39.2256141Z 	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
2023-02-07T16:47:39.2256993Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
2023-02-07T16:47:39.2257724Z 	at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
2023-02-07T16:47:39.2258448Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
2023-02-07T16:47:39.2259250Z 	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
2023-02-07T16:47:39.2260108Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
2023-02-07T16:47:39.2260920Z 	at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
2023-02-07T16:47:39.2262051Z 	at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:35)
2023-02-07T16:47:39.2263172Z 	at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
2023-02-07T16:47:39.2264096Z 	at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:54)
2023-02-07T16:47:39.2264979Z 	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:147)
2023-02-07T16:47:39.2265807Z 	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:127)
2023-02-07T16:47:39.2266657Z 	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:90)
2023-02-07T16:47:39.2267520Z 	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:55)
2023-02-07T16:47:39.2268531Z 	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:102)
2023-02-07T16:47:39.2269456Z 	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:54)
2023-02-07T16:47:39.2270180Z 	at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:114)
2023-02-07T16:47:39.2270826Z 	at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:86)
2023-02-07T16:47:39.2271554Z 	at org.junit.platform.launcher.core.DefaultLauncherSession$DelegatingLauncher.execute(DefaultLauncherSession.java:86)
2023-02-07T16:47:39.2272297Z 	at org.apache.maven.surefire.junitplatform.LazyLauncher.execute(LazyLauncher.java:55)
2023-02-07T16:47:39.2273054Z 	at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.execute(JUnitPlatformProvider.java:223)
2023-02-07T16:47:39.2273930Z 	at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invokeAllTests(JUnitPlatformProvider.java:175)
2023-02-07T16:47:39.2274788Z 	at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invoke(JUnitPlatformProvider.java:139)
2023-02-07T16:47:39.2275526Z 	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:456)
2023-02-07T16:47:39.2276189Z 	at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:169)
2023-02-07T16:47:39.2276776Z 	at org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:595)
2023-02-07T16:47:39.2277356Z 	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:581)
2023-02-07T16:47:39.2277842Z Caused by: java.lang.RuntimeException: Failed to start quarkus
2023-02-07T16:47:39.2278296Z 	at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source)
2023-02-07T16:47:39.2278774Z 	at io.quarkus.runtime.Application.start(Application.java:101)
2023-02-07T16:47:39.2279307Z 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2023-02-07T16:47:39.2280073Z 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
2023-02-07T16:47:39.2280831Z 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2023-02-07T16:47:39.2281453Z 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
2023-02-07T16:47:39.2281962Z 	at io.quarkus.runner.bootstrap.StartupActionImpl.run(StartupActionImpl.java:253)
2023-02-07T16:47:39.2282529Z 	at io.quarkus.test.QuarkusUnitTest.beforeAll(QuarkusUnitTest.java:642)
2023-02-07T16:47:39.2282905Z 	... 43 more
2023-02-07T16:47:39.2283938Z Caused by: java.util.NoSuchElementException: SRCFG00014: The config property QuarkusSecurityRolesAllowedConfigSource.property-0 is required but it could not be found in any config source
2023-02-07T16:47:39.2284684Z 	at io.smallrye.config.SmallRyeConfig.convertValue(SmallRyeConfig.java:298)
2023-02-07T16:47:39.2285230Z 	at io.smallrye.config.SmallRyeConfig.getValue(SmallRyeConfig.java:242)
2023-02-07T16:47:39.2285849Z 	at io.smallrye.config.SmallRyeConfig.getValue(SmallRyeConfig.java:168)
2023-02-07T16:47:39.2286414Z 	at io.quarkus.security.runtime.SecurityCheckRecorder$1.get(SecurityCheckRecorder.java:75)
2023-02-07T16:47:39.2287047Z 	at io.quarkus.security.runtime.SecurityCheckRecorder$1.get(SecurityCheckRecorder.java:66)
2023-02-07T16:47:39.2287907Z 	at io.quarkus.security.runtime.interceptor.check.SupplierRolesAllowedCheck.resolveAllowedRoles(SupplierRolesAllowedCheck.java:43)
2023-02-07T16:47:39.2288933Z 	at io.quarkus.security.runtime.SecurityCheckRecorder.resolveRolesAllowedConfigExpRoles(SecurityCheckRecorder.java:105)
2023-02-07T16:47:39.2289775Z 	at io.quarkus.deployment.steps.SecurityProcessor$resolveConfigExpressionRoles1389290116.deploy_0(Unknown Source)
2023-02-07T16:47:39.2290511Z 	at io.quarkus.deployment.steps.SecurityProcessor$resolveConfigExpressionRoles1389290116.deploy(Unknown Source)
2023-02-07T16:47:39.2290982Z 	... 51 more
@quarkus-bot quarkus-bot bot added area/security env/windows Impacts Windows machines labels Feb 8, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Feb 8, 2023

/cc @sberyozkin (security)

@gsmet
Copy link
Member Author

gsmet commented Feb 8, 2023

@michalvavrik it's probably related to #29935

/cc @radcortez as there might be some config knowledge required.

@gsmet gsmet changed the title Race condition in security expression support? Race condition in SmallRye Config property expansion for @RolesAllowed value? Feb 8, 2023
@michalvavrik
Copy link
Member

I'll look at it.

@michalvavrik
Copy link
Member

Way I see it, I need to run build step that validates/uses runtime configuration (it's runtime init) property after RunTimeConfigBuilder has added configuration properties. RunTimeConfigurationGenerator generator is not small, @radcortez I'll keep looking, but if you could give me a hint, I'd be grateful. Do you have mechanism that you usually use to ensure this order?

@radcortez
Copy link
Member

Maybe ConfigurationBuildItem helps. It contains all the config information used to generate the Config object.

Could the annotations be inspected and recorded during the build phase instead of static init? This would allow generating the source directly and not require mutating it later.

michalvavrik added a commit to michalvavrik/quarkus that referenced this issue Feb 14, 2023
@michalvavrik
Copy link
Member

I see what you mean, but it also has to work with runtime properties. I didn't know about that build item, thanks. Anyway, I took leverage of RuntimeConfigSetupCompleteBuildItem.

@radcortez
Copy link
Member

Sure.

@quarkus-bot quarkus-bot bot added this to the 3.0 - main milestone Feb 14, 2023
iocanel pushed a commit to iocanel/quarkus that referenced this issue Feb 14, 2023
@gsmet gsmet modified the milestones: 3.0 - main, 2.16.3.Final Feb 15, 2023
gsmet pushed a commit to gsmet/quarkus that referenced this issue Feb 15, 2023
benkard added a commit to benkard/mulkcms2 that referenced this issue Apr 2, 2023
This MR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [flow-bin](https://github.com/flowtype/flow-bin) ([changelog](https://github.com/facebook/flow/blob/master/Changelog.md)) | devDependencies | minor | [`^0.199.0` -> `^0.200.0`](https://renovatebot.com/diffs/npm/flow-bin/0.199.0/0.200.0) |
| [com.rometools:rome](http://rometools.com) ([source](https://github.com/rometools/rome)) | compile | minor | `1.18.0` -> `1.19.0` |
| [org.postgresql:postgresql](https://jdbc.postgresql.org) ([source](https://github.com/pgjdbc/pgjdbc)) | build | patch | `42.5.3` -> `42.5.4` |
| [org.jsoup:jsoup](https://jsoup.org/) ([source](https://github.com/jhy/jsoup)) | compile | patch | `1.15.3` -> `1.15.4` |
| [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | patch | `2.16.2.Final` -> `2.16.3.Final` |
| [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | patch | `2.16.2.Final` -> `2.16.3.Final` |

---

### Release Notes

<details>
<summary>flowtype/flow-bin</summary>

### [`v0.200.0`](flow/flow-bin@9618443...b6c1eb0)

[Compare Source](flow/flow-bin@9618443...b6c1eb0)

### [`v0.199.1`](flow/flow-bin@05bb4e3...9618443)

[Compare Source](flow/flow-bin@05bb4e3...9618443)

</details>

<details>
<summary>rometools/rome</summary>

### [`v1.19.0`](https://github.com/rometools/rome/releases/tag/1.19.0)

[Compare Source](rometools/rome@1.18.0...1.19.0)

<!-- Release notes generated using configuration in .github/release.yml at 1.19.0 -->

#### What's Changed

##### 🔨 Dependency Upgrades

-   Bump flatten-maven-plugin from 1.2.7 to 1.3.0 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#565
-   Bump maven-bundle-plugin from 5.1.5 to 5.1.8 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#563
-   Bump maven-dependency-plugin from 3.3.0 to 3.5.0 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#602
-   Bump maven-deploy-plugin from 2.8.2 to 3.1.0 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#607
-   Bump maven-jar-plugin from 3.2.2 to 3.3.0 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#574
-   Bump maven-javadoc-plugin from 3.3.1 to 3.5.0 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#609
-   Bump maven-scm-plugin from 1.12.2 to 1.13.0 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#554
-   Bump assertj-core from 3.22.0 to 3.24.2 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#603
-   Bump slf4j-api from 1.7.36 to 2.0.6 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#596

##### Other Changes

-   Bump actions/setup-java from 3.3.0 to 3.10.0 by [@&#8203;dependabot](https://github.com/dependabot) in rometools/rome#606
-   Bump logback-classic from 1.2.10 to 1.3.5 by [@&#8203;PatrickGotthard](https://github.com/PatrickGotthard) in rometools/rome#611

**Full Changelog**: rometools/rome@1.18.0...1.19.0

</details>

<details>
<summary>pgjdbc/pgjdbc</summary>

### [`v42.5.4`](https://github.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#&#8203;4254-2023-02-15-102104--0500)

##### Fixed

fix: fix testGetSQLTypeQueryCache by searching for xid type. We used to search for box type but it is now cached. xid is not cached, this nuance is required for the test.
fix OidValueCorrectnessTest BOX_ARRAY OID, by adding BOX_ARRAY to the oidTypeName map \[MR [#&#8203;2810](https://github.com/pgjdbc/pgjdbc/issues/2810)]\((https://github.com/pgjdbc/pgjdbc/pull/2810).
fixes [Issue #&#8203;2804](pgjdbc/pgjdbc#2804).
fix: Make sure that github CI runs tests on all [MRs #&#8203;2809](\(https://github.com/pgjdbc/pgjdbc/pull/2809\)).

</details>

<details>
<summary>quarkusio/quarkus</summary>

### [`v2.16.3.Final`](https://github.com/quarkusio/quarkus/releases/tag/2.16.3.Final)

[Compare Source](quarkusio/quarkus@2.16.2.Final...2.16.3.Final)

##### Major changes

-   [#&#8203;29756](quarkusio/quarkus#29756) - Support custom Flyway credentials/URL

##### Complete changelog

-   [#&#8203;31141](quarkusio/quarkus#31141) - Resolve roles allowed configuration expression after config setup is completed
-   [#&#8203;31129](quarkusio/quarkus#31129) - Fix stuck HTTP2 request when sent challenge has resumed request
-   [#&#8203;31125](quarkusio/quarkus#31125) - Add "keep-alive-enabled" parameter to REST client reactive
-   [#&#8203;31112](quarkusio/quarkus#31112) - Qute - fix assignability check when validating expressions
-   [#&#8203;31099](quarkusio/quarkus#31099) - Use the effective Maven project build config when initializing sources and classes paths for dev mode
-   [#&#8203;31092](quarkusio/quarkus#31092) - Make sure quarkus:go-offline properly supports test scoped dependencies
-   [#&#8203;31077](quarkusio/quarkus#31077) - Qute: regression in template extension method with byte array
-   [#&#8203;31076](quarkusio/quarkus#31076) - Quarkiverse: Install instead of verify
-   [#&#8203;31074](quarkusio/quarkus#31074) - Added quarkus-jms-spi to quarkus bom
-   [#&#8203;31059](quarkusio/quarkus#31059) - Path lookup must also consider interfaces
-   [#&#8203;31046](quarkusio/quarkus#31046) - Simplify Quarkiverse release.yml workflow
-   [#&#8203;31038](quarkusio/quarkus#31038) - Update Instrumentation Processor check logic to match comment
-   [#&#8203;31036](quarkusio/quarkus#31036) - Use CDI when accessing UserTransaction/TransactionManager in QuarkusTransaction
-   [#&#8203;31028](quarkusio/quarkus#31028) - Fix typo in snapstart enable config
-   [#&#8203;31016](quarkusio/quarkus#31016) - Re-initialize platform dependent netty classes/values at runtime
-   [#&#8203;30988](quarkusio/quarkus#30988) - Race condition in SmallRye Config property expansion for [@&#8203;RolesAllowed](https://github.com/RolesAllowed) value?
-   [#&#8203;30964](quarkusio/quarkus#30964) - Add ConfigMappings from a builder class to support full hot reload
-   [#&#8203;30961](quarkusio/quarkus#30961) - Error of quarkus:dev when the project.build.directory is overridden by a profile
-   [#&#8203;30960](quarkusio/quarkus#30960) - Register CDI Bean when ConfigMapping is marked as Unremovable
-   [#&#8203;30922](quarkusio/quarkus#30922) - Fix dependency parsing in JBangBuilderImpl
-   [#&#8203;30885](quarkusio/quarkus#30885) - Add concurrency configuration to the GitHub Action workflows
-   [#&#8203;30843](quarkusio/quarkus#30843) - Micrometer-Extension writes wrong URI-Tag when Path-Variables defined at Interface-Level
-   [#&#8203;30672](quarkusio/quarkus#30672) - Avoid creating CSRF cookie if no CSRF token was created
-   [#&#8203;30648](quarkusio/quarkus#30648) - Support passing filename to multipart form data output
-   [#&#8203;30594](quarkusio/quarkus#30594) - CSRF: exception thrown when authentication falied
-   [#&#8203;30570](quarkusio/quarkus#30570) - Set filename for PartItems in MultipartFormDataOutput
-   [#&#8203;30455](quarkusio/quarkus#30455) - Introduce `quarkus.datasource.devservices.init-script-path`
-   [#&#8203;29756](quarkusio/quarkus#29756) - Support custom Flyway credentials/URL
-   [#&#8203;29631](quarkusio/quarkus#29631) - [@&#8203;Unremovable](https://github.com/Unremovable) ConfigMapping is still removed
-   [#&#8203;29630](quarkusio/quarkus#29630) - Changes to configmappings not being applied during hot reload
-   [#&#8203;28709](quarkusio/quarkus#28709) - QuarkusTransaction does not fire [@&#8203;Initialized](https://github.com/Initialized)(TransactionScoped.class)
-   [#&#8203;24639](quarkusio/quarkus#24639) - configure dedicated db user for database migrations: DML-only user for datasource, but DDL user for migration
-   [#&#8203;23360](quarkusio/quarkus#23360) - "Request has already been read" using vertx + auth
-   [#&#8203;17839](quarkusio/quarkus#17839) - Invalid memory configuration for netty maxDirectMemory in native image

</details>

<details>
<summary>quarkusio/quarkus-platform</summary>

### [`v2.16.3.Final`](quarkusio/quarkus-platform@2.16.2.Final...2.16.3.Final)

[Compare Source](quarkusio/quarkus-platform@2.16.2.Final...2.16.3.Final)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/security env/windows Impacts Windows machines
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants