Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data race in k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc with go1.5.1 #5025

Closed
soltysh opened this issue Oct 9, 2015 · 6 comments
Closed

Data race in k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc with go1.5.1 #5025

soltysh opened this issue Oct 9, 2015 · 6 comments
Assignees
@liggitt
Labels
area/tests kind/test-flake Categorizes issue or PR as related to test flakes. priority/P3

Comments

@soltysh
Copy link
Contributor

soltysh commented Oct 9, 2015 

ok      github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509  1.132s  coverage: 96.4% of statements

I1009 06:08:25.262383   24532 oidc.go:66] No x509 certificates provided, will use host's root CA set

E1009 06:08:25.280072   24532 oidc.go:98] Failed to fetch provider config, trying again in 1s: Get https://foo/bar/.well-known/openid-configuration: dial tcp: lookup foo on 10.1.0.2:53: no such host

E1009 06:08:26.282877   24532 oidc.go:98] Failed to fetch provider config, trying again in 1s: Get https://foo/bar/.well-known/openid-configuration: dial tcp: lookup foo on 10.1.0.2:53: no such host

E1009 06:08:27.285855   24532 oidc.go:98] Failed to fetch provider config, trying again in 1s: Get https://foo/bar/.well-known/openid-configuration: dial tcp: lookup foo on 10.1.0.2:53: no such host

I1009 06:08:37.527930   24532 oidc.go:103] Fetched provider config from https://127.0.0.1:55799: oidc.ProviderConfig{Issuer:"https://127.0.0.1:55799", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

E1009 06:08:47.988432   24532 oidc.go:98] Failed to fetch provider config, trying again in 1s: Get https://127.0.0.1:59502/.well-known/openid-configuration: x509: certificate signed by unknown authority

2015-10-09 06:08:48.082877 I | http: TLS handshake error from 127.0.0.1:43017: remote error: bad certificate

E1009 06:08:48.992376   24532 oidc.go:98] Failed to fetch provider config, trying again in 1s: Get https://127.0.0.1:59502/.well-known/openid-configuration: x509: certificate signed by unknown authority

2015-10-09 06:08:49.039955 I | http: TLS handshake error from 127.0.0.1:43018: remote error: bad certificate

E1009 06:08:49.996607   24532 oidc.go:98] Failed to fetch provider config, trying again in 1s: Get https://127.0.0.1:59502/.well-known/openid-configuration: x509: certificate signed by unknown authority

2015-10-09 06:08:50.073570 I | http: TLS handshake error from 127.0.0.1:43019: remote error: bad certificate

I1009 06:08:53.300409   24532 oidc.go:103] Fetched provider config from https://127.0.0.1:49240: oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

2015-10-09 06:08:53.302811 I | http: Updating provider config: config=oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

I1009 06:08:53.418893   24532 oidc.go:103] Fetched provider config from https://127.0.0.1:49240: oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

2015-10-09 06:08:53.443224 I | http: Updating provider config: config=oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

I1009 06:08:53.531023   24532 oidc.go:103] Fetched provider config from https://127.0.0.1:49240: oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

2015-10-09 06:08:53.533353 I | http: Updating provider config: config=oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

I1009 06:08:53.638054   24532 oidc.go:103] Fetched provider config from https://127.0.0.1:49240: oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

2015-10-09 06:08:53.640042 I | http: Updating provider config: config=oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

==================

WARNING: DATA RACE

Read by goroutine 53:

  github.com/coreos/go-oidc/oidc.(*Client).VerifyJWT()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:285 +0x261

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.(*OIDCAuthenticator).AuthenticateToken()

      github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/_test/_obj_test/oidc.go:140 +0x1bb

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.TestOIDCAuthentication()

      /home/travis/gopath/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/oidc_test.go:378 +0x1654

  testing.tRunner()

      /tmp/workdir/go/src/testing/testing.go:456 +0xdc

Previous write by goroutine 90:

  github.com/coreos/go-oidc/oidc.(*providerConfigRepo).Set()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:194 +0x86

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).sync()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:111 +0x15a

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).(github.com/coreos/go-oidc/oidc.sync)-fm()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:95 +0x3b

  github.com/coreos/go-oidc/oidc.(*pcsStepNext).step()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:136 +0x7c

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).Run.func1()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:95 +0x1c9

Goroutine 53 (running) created at:

  testing.RunTests()

      /tmp/workdir/go/src/testing/testing.go:561 +0xaa3

  testing.(*M).Run()

      /tmp/workdir/go/src/testing/testing.go:494 +0xe4

  main.main()

      github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/_test/_testmain.go:106 +0x384

Goroutine 90 (running) created at:

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).Run()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:100 +0x122

  github.com/coreos/go-oidc/oidc.(*Client).SyncProviderConfig()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:158 +0x391

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.New()

      github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/_test/_obj_test/oidc.go:124 +0xfbc

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.TestOIDCAuthentication()

      /home/travis/gopath/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/oidc_test.go:373 +0x14f6

  testing.tRunner()

      /tmp/workdir/go/src/testing/testing.go:456 +0xdc

==================

==================

WARNING: DATA RACE

Read by goroutine 53:

  github.com/coreos/go-oidc/oidc.(*Client).maybeSyncKeys()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:181 +0x18c

  github.com/coreos/go-oidc/oidc.(*Client).(github.com/coreos/go-oidc/oidc.maybeSyncKeys)-fm()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:285 +0x3b

  github.com/coreos/go-oidc/oidc.(*JWTVerifier).Verify()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/verification.go:150 +0x439

  github.com/coreos/go-oidc/oidc.(*Client).VerifyJWT()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:287 +0x4c4

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.(*OIDCAuthenticator).AuthenticateToken()

      github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/_test/_obj_test/oidc.go:140 +0x1bb

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.TestOIDCAuthentication()

      /home/travis/gopath/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/oidc_test.go:378 +0x1654

  testing.tRunner()

      /tmp/workdir/go/src/testing/testing.go:456 +0xdc

Previous write by goroutine 90:

  github.com/coreos/go-oidc/oidc.(*providerConfigRepo).Set()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:194 +0x86

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).sync()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:111 +0x15a

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).(github.com/coreos/go-oidc/oidc.sync)-fm()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:95 +0x3b

  github.com/coreos/go-oidc/oidc.(*pcsStepNext).step()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:136 +0x7c

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).Run.func1()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:95 +0x1c9

Goroutine 53 (running) created at:

  testing.RunTests()

      /tmp/workdir/go/src/testing/testing.go:561 +0xaa3

  testing.(*M).Run()

      /tmp/workdir/go/src/testing/testing.go:494 +0xe4

  main.main()

      github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/_test/_testmain.go:106 +0x384

Goroutine 90 (running) created at:

  github.com/coreos/go-oidc/oidc.(*ProviderConfigSyncer).Run()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go:100 +0x122

  github.com/coreos/go-oidc/oidc.(*Client).SyncProviderConfig()

      /home/travis/gopath/src/github.com/openshift/origin/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go:158 +0x391

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.New()

      github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/_test/_obj_test/oidc.go:124 +0xfbc

  github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc.TestOIDCAuthentication()

      /home/travis/gopath/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/oidc_test.go:373 +0x14f6

  testing.tRunner()

      /tmp/workdir/go/src/testing/testing.go:456 +0xdc

==================

I1009 06:08:53.750717   24532 oidc.go:103] Fetched provider config from https://127.0.0.1:49240: oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

2015-10-09 06:08:53.771413 I | http: Updating provider config: config=oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

I1009 06:08:53.888396   24532 oidc.go:103] Fetched provider config from https://127.0.0.1:49240: oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

2015-10-09 06:08:53.890310 I | http: Updating provider config: config=oidc.ProviderConfig{Issuer:"https://127.0.0.1:49240", AuthEndpoint:"", TokenEndpoint:"", KeysEndpoint:"https://127.0.0.1:49240/keys", ResponseTypesSupported:[]string(nil), GrantTypesSupported:[]string(nil), SubjectTypesSupported:[]string(nil), IDTokenAlgValuesSupported:[]string(nil), TokenEndpointAuthMethodsSupported:[]string(nil), ExpiresAt:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}

PASS

coverage: 88.5% of statements

Found 2 data race(s)

FAIL    github.com/openshift/origin/Godeps/_workspace/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc    29.665s

Full build log https://travis-ci.org/openshift/origin/jobs/84443384

Maybe it'll be picked up upon next rebase... maybe. I'll keep an eye on that.
@soltysh soltysh mentioned this issue Oct 9, 2015
Merged
@mfojtik
Copy link
Contributor

mfojtik commented Oct 9, 2015

@soltysh this must happen recently as I'm pretty sure I got clean test run for go 1.5.1

@mfojtik
Copy link
Contributor

mfojtik commented Oct 9, 2015

@liggitt FYI

This was referenced Oct 9, 2015
Closed
Merged
@liggitt liggitt added area/tests kind/test-flake Categorizes issue or PR as related to test flakes. labels Oct 10, 2015
@liggitt liggitt mentioned this issue Oct 11, 2015
Merged
2 tasks
@liggitt
Copy link
Contributor

liggitt commented Oct 11, 2015

https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/5636/

This was referenced Oct 12, 2015
Merged
Merged
@0xmichalis 0xmichalis mentioned this issue Oct 12, 2015
Merged
@0xmichalis
Copy link
Contributor

@soltysh isn't this fixed now upstream?

@soltysh
Copy link
Contributor Author

soltysh commented Mar 2, 2016

Yup. It's a go1.5 problem. All test server close methods were commented out
to prevent it.
On Mar 2, 2016 4:42 PM, "Michail Kargakis" [email protected] wrote:

@soltysh https://github.com/soltysh isn't this fixed now upstream?


Reply to this email directly or view it on GitHub
#5025 (comment).

@soltysh
Copy link
Contributor Author

soltysh commented Mar 3, 2016

Fixed in kubernetes/kubernetes#21071.

@soltysh soltysh closed this as completed Mar 3, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liggitt liggitt

Labels
area/tests kind/test-flake Categorizes issue or PR as related to test flakes. priority/P3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mfojtik @danmcp @soltysh @liggitt @0xmichalis