Skip to content

CDRIVER-4489 add mongoc_oidc_cache_t #2119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 23 commits into from
Oct 1, 2025
Merged

CDRIVER-4489 add mongoc_oidc_cache_t #2119

merged 23 commits into from
Oct 1, 2025

Conversation

kevinAlbs
Copy link
Collaborator

@kevinAlbs kevinAlbs commented Sep 19, 2025
edited
Loading

Patch: https://spruce.mongodb.com/version/68cd50d489be4200072d0dd3

Summary

Add internal OIDC cache: mongoc_oidc_cache_t

Background & Motivation

mongoc_oidc_cache_t is an internal component tested in isolation. Subsequent PRs will use mongoc_oidc_cache_t to resolve CDRIVER-4689.

mongoc_oidc_cache_t implements behaviors described in Credential Caching. mongoc_oidc_cache_t implements the "Client Cache" (not the "Connection Cache").

mongoc_oidc_cache_set_usleep_fn is added to permit a custom sleep function (related to CDRIVER-4736).

@kevinAlbs kevinAlbs marked this pull request as ready for review September 19, 2025 13:33
@kevinAlbs kevinAlbs requested a review from a team as a code owner September 19, 2025 13:33
eramongodb
eramongodb requested changes Sep 19, 2025
View reviewed changes
@kevinAlbs
remove unnecessary precondition
a6b14df
@kevinAlbs
use const in mongoc_oidc_cache_get_callback
c1b4da4
@kevinAlbs
rename is_cache => found_in_cache for clarity
4ee3ef0
@kevinAlbs
make mongoc_oidc_cache_get_cached_token logically const
05de8a1
@kevinAlbs
rename mongoc_oidc_cache_invalidate_cached_token to `mongoc_oidc_ca…
86bd7d0 
…che_invalidate_token`
@kevinAlbs
clarify mongoc_oidc_cache_invalidate_token may be called when a tok…
2c3c33e 
…en is not already cached

And test behavior
@kevinAlbs
use bson_shared_mutex_t
f50b55b
@kevinAlbs
add asserts in setters
535c5f2
@kevinAlbs
reduce redundant NULL checks
23ad9d2
@kevinAlbs
use mlib_now() for timeout arg
0dd4599
@kevinAlbs
assert time passed is less than 100ms before second call to callback
69e2492
@kevinAlbs
assert contents of tokens
28141c0
@kevinAlbs
define PLACEHOLDER_TOKEN macro
4ba7062
@kevinAlbs
move assert
1b889c1 
Intended to assert `mongoc_oidc_cache_get_cached_token` returns non-NULL token. Assert immediately after call to clarify.
@kevinAlbs
isolate test for delay between calls. Expect 90ms delay.
5f36c0a 
Actual delay is 100ms, but some Windows tasks observed a 99ms delay. 10ms may be too lenient.
kevinAlbs
kevinAlbs commented Sep 25, 2025
View reviewed changes
Copy link
Collaborator Author

@kevinAlbs kevinAlbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest changes tested with this patch: https://spruce.mongodb.com/version/68d5332f0f310c0007df4bf8

Filed CDRIVER-6101 to track assumed unrelated failure task: "Unexpected error running killAllSessions".

eramongodb
eramongodb requested changes Sep 25, 2025
View reviewed changes
src/libmongoc/src/mongoc/mongoc-oidc-cache-private.h Outdated
mongoc_oidc_cache_set_cached_token(mongoc_oidc_cache_t *cache, const char *token);

// mongoc_oidc_cache_invalidate_cached_token invalidates if the cached token matches `token`. Thread safe.
// mongoc_oidc_cache_invalidate_token invalidates if the cached token (if any) matches `token`. Thread safe.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// mongoc_oidc_cache_invalidate_token invalidates if the cached token (if any) matches `token`. Thread safe.
// mongoc_oidc_cache_invalidate_token invalidates the cached token if it matches `token`. Thread safe.

Wording tweak suggestion (a bit too many "if"s).

src/libmongoc/src/mongoc/mongoc-oidc-cache.c Outdated
Comment on lines 122 to 127
bson_shared_mutex_lock(&cache->lock);

bson_free(cache->token);
cache->token = NULL;
cache->token = bson_strdup(token);
bson_shared_mutex_unlock(&cache->lock);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
bson_shared_mutex_lock(&cache->lock);
bson_free(cache->token);
cache->token = NULL;
cache->token = bson_strdup(token);
bson_shared_mutex_unlock(&cache->lock);
bson_shared_mutex_lock(&cache->lock);
char *const old_token = cache->token;
cache->token = bson_strdup(token);
bson_shared_mutex_unlock(&cache->lock);
bson_free(old_token);

Minor optimization: move deallocation out of critical zone + remove redundant assignment.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated here and in mongoc_oidc_cache_invalidate_token.

src/libmongoc/src/mongoc/mongoc-oidc-cache.c Outdated
Comment on lines 163 to 169
mongoc_oidc_callback_params_t *params = mongoc_oidc_callback_params_new();
mongoc_oidc_callback_params_set_user_data(params, mongoc_oidc_callback_get_user_data(cache->callback));
// From spec: "If CSOT is not applied, then the driver MUST use 1 minute as the timeout."
// The timeout parameter (when set) is meant to be directly compared against bson_get_monotonic_time(). It is a
// time point, not a duration.
mongoc_oidc_callback_params_set_timeout(
params, mlib_microseconds_count(mlib_time_add(mlib_now(), mlib_duration(1, min)).time_since_monotonic_start));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor optimization: move callback param object initialization up and out of the critical section.

src/libmongoc/src/mongoc/mongoc-oidc-cache.c Outdated

cache->last_called = mlib_now();
cache->ever_called = true;
mongoc_oidc_callback_params_destroy(params);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor optimization: move callback param object deallocation down and out of the critical section.

src/libmongoc/src/mongoc/mongoc-oidc-cache.c Outdated
cache->token = bson_strdup(token); // Cache a copy.

unlock_and_return:
bson_shared_mutex_unlock(&cache->lock);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor suggestion: consider scoping critical sections with {}:

{
   // Obtain write-lock:
   bson_shared_mutex_lock(&cache->lock);

   ...

unlock_and_return:
   bson_shared_mutex_unlock(&cache->lock);
}

kevinAlbs
kevinAlbs commented Sep 26, 2025
View reviewed changes
Copy link
Collaborator Author

@kevinAlbs kevinAlbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest changes include 51adf05 to switch from (1, min) to (60, sec) to work around CDRIVER-6102.

src/libmongoc/src/mongoc/mongoc-oidc-cache.c Outdated
Comment on lines 122 to 127
bson_shared_mutex_lock(&cache->lock);

bson_free(cache->token);
cache->token = NULL;
cache->token = bson_strdup(token);
bson_shared_mutex_unlock(&cache->lock);
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated here and in mongoc_oidc_cache_invalidate_token.

@kevinAlbs kevinAlbs merged commit 016415b into mongodb:master Oct 1, 2025
43 of 46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eramongodb eramongodb eramongodb approved these changes

@mdb-ad mdb-ad mdb-ad approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kevinAlbs @eramongodb @mdb-ad