Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 1.3] Reverse order of setUserInfoInThreadContext and addSecurityRoles to resolve ConcurrentModificationException on bulk request (#3094) #3193

Merged
merged 2 commits into from
Aug 16, 2023

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Aug 16, 2023

Backport #3094 to 1.3

…esolve ConcurrentModificationException on bulk request (opensearch-project#3094)

This PR changes the order of `setUserInfoInThreadContext` and
`addSecurityRoles` to ensure that `addSecurityRoles` is called before
`setUserInfoInThreadContext`. The ConcurrentModificationException would
arise in scenarios where the first thread was done with
`setUserInfoInThreadContext` and had moved onto `addSecurityRoles` to
add the mapped roles into the user's set of security roles. On the first
call to `addSecurityRoles` it may be populating the set with data, any
subsequent call would be a noop in other threads.

If simultaneously there is another thread executing
`setUserInfoInThreadContext` while the first thread is in
`addSecurityRoles` then a ConcurrentModificationException is thrown
inside the `Sets.union(...)` call.

By calling `addSecurityRoles` before `setUserInfoInThreadContext`, it
can be guaranteed that no ConcurrentModificationException could be
thrown because the user's security roles will already be set and any
thread that attempts another call will be a noop.

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)

Bug fix

opensearch-project#2263

Tested by running a python script to bulk insert 100k documents and
using tmux to run the script in multiple shells at once. Before the
change the bug is reproducible regularly, but after the change the bug
cannot be reproduced.

- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
(cherry picked from commit cd699bb)
Signed-off-by: Craig Perkins <[email protected]>
@willyborankin willyborankin merged commit 2d4a2ad into opensearch-project:1.3 Aug 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants