GoogleDrive authentication race condition
augustuswm opened this issue · 1 comments
augustuswm commented
Each time the GoogleDrive client is constructed it reads the GOOGLE_KEY_ENCODED env variable, creates a /tmp/google_key.json file (or truncates if it exists), and then writes the decoded key value to the file. There is a race condition where:
- Thread A creates the file
- Thread A writes to the file
- Thread B truncates the file
- Thread A reads out the value form the file
This can be seen in the applicants refresh job where multiple applicants are processed at the same time and the job fails during GoogleDrive authentication.
augustuswm commented
Updated Google clients to no longer write the key to the file system oxidecomputer/third-party-api-clients@807af0d and bumped the client versions that CIO uses.