feat: normalize failed authorization future status#12899
Conversation
AgraVator
left a comment
There was a problem hiding this comment.
Nice work addressing #12873!
A couple of minor suggestions for completeness:
-
Test Naming Clarification:
InRobolectricBinderSecurityTest.java,testAsyncServerSecurityPolicy_failedFuture_cachedFailureIsOpaqueimplies the failure was stored in cache. BecauseTransportAuthorizationStateevicts failed futures ononFailureto allow retries, consider renaming totestAsyncServerSecurityPolicy_failedFuture_subsequentCallHasOpaqueFailure. -
Defensive Sync Exception Guard:
InBinderTransportSecurity.ServerAuthInterceptor.interceptCall, wrappingtransportAuthState.checkAuthorization(...)in atry-catch (Throwable t)block ensures any synchronous exceptions thrown by custom checkers close the call safely. -
Cancellation Test Coverage:
Consider adding a test for cancelled authorization futures (CancellationException).
Thank you very much, I will make corrections |
Regarding the defensive sync exception guard: I'd prefer to keep this as-is. The Adding a |
Background
fixed #12873
This PR makes binder server authorization failures report a uniform opaque status to peers.
Previously,
BinderTransportSecurity.ServerAuthInterceptorhandled failed authorization futures differently depending on whether the future was already completed. The pending path returned an opaqueINTERNALfailure, but theFutures.getDone()path reused the underlying exception message as the status description. That allowed later calls to expose messages like"ouch".Changes
Statusmapping inBinderTransportSecurityFutures.getDone()path return the same opaqueINTERNALstatus with description"Authorization future failed"RobolectricBinderSecurityTestValidation
./gradlew :grpc-binder:testDebugUnitTest --tests io.grpc.binder.RobolectricBinderSecurityTest