[ https://issues.apache.org/jira/browse/BEAM-2642?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luke Cwik updated BEAM-2642: ---------------------------- Fix Version/s: (was: 2.2.0) > Upgrade to Google Auth 0.7.1 > ---------------------------- > > Key: BEAM-2642 > URL: https://issues.apache.org/jira/browse/BEAM-2642 > Project: Beam > Issue Type: Bug > Components: sdk-java-gcp > Affects Versions: 2.0.0 > Reporter: Luke Cwik > Assignee: Luke Cwik > Fix For: 2.1.0 > > > Looking up application default credentials on a GCE VM can fail due to VM > metadata server being unavailable during VM launch. This is a rare event but > Google Cloud Dataflow customers hit this rare case one or two times a month > due to the sheer number of VMs. GCE attempted to mitigate VM metadata server > unavailability but were only able to reduce it be an order of magnitude thus > we need support from the client to retry. Additionally, when contacting the > GCE VM metadata server, we should be using the fixed IP address avoiding the > nameserver lookup (another potential point of failure). > Problem area in the code: > https://github.com/google/google-auth-library-java/blob/b94f8e4d02bf6917af2e2f7ef8d7114a51dbcfa8/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L261 > Note that the code in this library and the Apiary auth support code are very > similar. The fix was done within the Apiary auth code (note the use of the > static IP address and also the presence of a fixed number of retries): > https://github.com/google/google-api-java-client/blob/4fc8c099d9db5646770868cc1bc9a33c9225b3c7/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/OAuth2Utils.java#L74 > It turned out that the fixes resulted in zero future customer contacts about > this issue. > Google Auth 0.7.1 was released containing these fixes mentioned in > https://github.com/google/google-auth-library-java/issues/109 -- This message was sent by Atlassian JIRA (v6.4.14#64029)