feat: improve reliability of refresh operations (#1147)

Update refresh calculation algorithm to support 24-hour ephemeral certs

Author: shubha-rajan

core/pom.xml

@@ -124,6 +124,12 @@
  </dependencyManagement>
 
  <dependencies>
+ <dependency>
+ <groupId>dev.failsafe</groupId>
+ <artifactId>failsafe</artifactId>
+ <version>3.3.0</version>
+ </dependency>
+
  <dependency>
  <groupId>junit</groupId>
  <artifactId>junit</artifactId>

core/src/main/java/com/google/cloud/sql/core/CloudSqlInstance.java

@@ -38,10 +38,10 @@
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.ListeningScheduledExecutorService;
-import com.google.common.util.concurrent.RateLimiter;
 import com.google.common.util.concurrent.SettableFuture;
 import com.google.common.util.concurrent.Uninterruptibles;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
+import dev.failsafe.RateLimiter;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -95,12 +95,7 @@ class CloudSqlInstance {
  // defaultRefreshBuffer is the minimum amount of time for which a
  // certificate must be valid to ensure the next refresh attempt has adequate
  // time to complete.
- private static final Duration DEFAULT_REFRESH_BUFFER = Duration.ofMinutes(5);
- // iamAuthRefreshBuffer is the minimum amount of time for which a
- // certificate holding an Access Token must be valid. Because some token
- // sources are refreshed with only ~60 seconds before expiration, this value
- // must be smaller than the defaultRefreshBuffer.
- private static final Duration IAM_AUTH_REFRESH_BUFFER = Duration.ofSeconds(55);
+ private static final Duration DEFAULT_REFRESH_BUFFER = Duration.ofMinutes(4);
  private final ListeningScheduledExecutorService executor;
  private final SQLAdmin apiClient;
  private final boolean enableIamAuth;
@@ -113,7 +108,8 @@ class CloudSqlInstance {
  private final ListenableFuture<KeyPair> keyPair;
  private final Object instanceDataGuard = new Object();
  // Limit forced refreshes to 1 every minute.
- private final RateLimiter forcedRenewRateLimiter = RateLimiter.create(1.0 / 60.0);
+ private final RateLimiter<Object> forcedRenewRateLimiter = RateLimiter.burstyBuilder(2,
+ Duration.ofSeconds(30)).build();
  @GuardedBy("instanceDataGuard")
  private ListenableFuture<InstanceData> currentInstanceData;
  @GuardedBy("instanceDataGuard")
@@ -134,7 +130,7 @@ class CloudSqlInstance {
  boolean enableIamAuth,
  CredentialFactory tokenSourceFactory,
  ListeningScheduledExecutorService executor,
- ListenableFuture<KeyPair> keyPair) throws IOException {
+ ListenableFuture<KeyPair> keyPair) throws IOException, InterruptedException {
 
  Matcher matcher = CONNECTION_NAME.matcher(connectionName);
  checkArgument(
@@ -272,6 +268,22 @@ static GoogleCredentials getDownscopedCredentials(OAuth2Credentials credentials)
  return downscoped;
  }
 
+ static long secondsUntilRefresh(Date expiration) {
+ Duration timeUntilExp = Duration.between(Instant.now(), expiration.toInstant());
+
+ if (timeUntilExp.compareTo(Duration.ofHours(1)) < 0) {
+ if (timeUntilExp.compareTo(DEFAULT_REFRESH_BUFFER) < 0) {
+ // If the time until the certificate expires is less the refresh buffer, schedule the
+ // refresh immediately
+ return 0;
+ }
+ // Otherwise schedule a refresh in (timeUntilExp - buffer) seconds
+ return timeUntilExp.minus(DEFAULT_REFRESH_BUFFER).getSeconds();
+ }
+ // If the time until the certificate expires is longer than an hour, return timeUntilExp//2
+ return timeUntilExp.dividedBy(2).getSeconds();
+ }
+
  private OAuth2Credentials parseCredentials(HttpRequestInitializer source) {
  if (source instanceof HttpCredentialsAdapter) {
  HttpCredentialsAdapter adapter = (HttpCredentialsAdapter) source;
@@ -361,7 +373,7 @@ String getPreferredIp(List<String> preferredTypes) {
  *
  * @return {@code true} if successfully scheduled, or {@code false} otherwise.
  */
- boolean forceRefresh() {
+ boolean forceRefresh() throws InterruptedException {
  synchronized (instanceDataGuard) {
  // If a scheduled refresh hasn't started, perform one immediately
  if (nextInstanceData.cancel(false)) {
@@ -380,9 +392,9 @@ boolean forceRefresh() {
  * value of currentInstanceData and schedules the next refresh shortly before the information
  * would expire.
  */
- private ListenableFuture<InstanceData> performRefresh() {
+ private ListenableFuture<InstanceData> performRefresh() throws InterruptedException {
  // To avoid unreasonable SQL Admin API usage, use a rate limit to throttle our usage.
- forcedRenewRateLimiter.acquire(1);
+ forcedRenewRateLimiter.acquirePermit();
  // Use the Cloud SQL Admin API to return the Metadata and Certificate
  ListenableFuture<Metadata> metadataFuture = executor.submit(this::fetchMetadata);
  ListenableFuture<Certificate> ephemeralCertificateFuture =
@@ -432,7 +444,7 @@ public void onSuccess(InstanceData instanceData) {
  // schedule a replacement before the SSLContext expires;
  nextInstanceData = executor
  .schedule(() -> performRefresh(),
- secondsUntilRefresh(),
+ secondsUntilRefresh(getInstanceData().getExpiration()),
  TimeUnit.SECONDS);
  }
  }
@@ -452,7 +464,11 @@ public void onFailure(Throwable t) {
  // replace current if it is expired or invalid
  currentInstanceData = refreshFuture;
  }
- nextInstanceData = Futures.immediateFuture(performRefresh());
+ try {
+ nextInstanceData = Futures.immediateFuture(performRefresh());
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ }
  }
  }
  }, executor);
@@ -632,23 +648,6 @@ private Optional<Date> getTokenExpirationTime(Credential credentials) {
  .map(expirationTime -> new Date(expirationTime));
  }
 
- private long secondsUntilRefresh() {
- Duration refreshBuffer = enableIamAuth ? IAM_AUTH_REFRESH_BUFFER : DEFAULT_REFRESH_BUFFER;
-
- Date expiration = getInstanceData().getExpiration();
-
- Duration timeUntilRefresh = Duration.between(Instant.now(), expiration.toInstant())
- .minus(refreshBuffer);
-
- if (timeUntilRefresh.isNegative()) {
- // If the time until the certificate expires is less than the buffer, schedule the refresh
- // closer to the expiration time
- timeUntilRefresh = Duration.between(Instant.now(), expiration.toInstant())
- .minus(Duration.ofSeconds(5));
- }
- return timeUntilRefresh.getSeconds();
- }
-
  /**
  * Checks for common errors that can occur when interacting with the Cloud SQL Admin API, and adds
  * additional context to help the user troubleshoot them.

core/src/main/java/com/google/cloud/sql/core/CoreSocketFactory.java

@@ -164,7 +164,7 @@ private CloudSqlInstance getCloudSqlInstance(String instanceName, boolean enable
  try {
  return new CloudSqlInstance(k, adminApi, enableIamAuth, credentialFactory, executor,
  localKeyPair);
- } catch (IOException e) {
+ } catch (IOException | InterruptedException e) {
  throw new RuntimeException(e);
  }
  });
@@ -211,7 +211,7 @@ private static String getUnixSocketArg(Properties props) {
  /**
  * Creates a socket representing a connection to a Cloud SQL instance.
  */
- public static Socket connect(Properties props) throws IOException {
+ public static Socket connect(Properties props) throws IOException, InterruptedException {
  return connect(props, null);
  }
 
@@ -225,7 +225,8 @@ public static Socket connect(Properties props) throws IOException {
  * @return the newly created Socket.
  * @throws IOException if error occurs during socket creation.
  */
- public static Socket connect(Properties props, String unixPathSuffix) throws IOException {
+ public static Socket connect(Properties props, String unixPathSuffix)
+ throws IOException, InterruptedException {
  // Gather parameters
  final String csqlInstanceName = props.getProperty(CLOUD_SQL_INSTANCE_PROPERTY);
  final boolean enableIamAuth = Boolean.parseBoolean(props.getProperty("enableIamAuth"));
@@ -303,7 +304,7 @@ private String getHostIp(String instanceName, List<String> ipTypes) {
  // TODO(berezv): separate creating socket and performing connection to make it easier to test
  @VisibleForTesting
  Socket createSslSocket(String instanceName, List<String> ipTypes, boolean enableIamAuth)
- throws IOException {
+ throws IOException, InterruptedException {
  CloudSqlInstance instance = getCloudSqlInstance(instanceName, enableIamAuth);
 
  try {
@@ -327,7 +328,8 @@ Socket createSslSocket(String instanceName, List<String> ipTypes, boolean enable
  }
  }
 
- Socket createSslSocket(String instanceName, List<String> ipTypes) throws IOException {
+ Socket createSslSocket(String instanceName, List<String> ipTypes)
+ throws IOException, InterruptedException {
  return createSslSocket(instanceName, ipTypes, false);
  }
 

core/src/test/java/com/google/cloud/sql/core/CloudSqlInstanceTest.java

@@ -24,6 +24,10 @@
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.auth.oauth2.OAuth2Credentials;
 import java.io.IOException;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -88,4 +92,23 @@ public void throwsErrorIamAuthNotSupported() {
  }
  }
 
+ @Test
+ public void timeUntilRefreshImmediate() {
+ Date expiration = Date.from(Instant.now().plus(Duration.ofMinutes(3)));
+ assertThat(CloudSqlInstance.secondsUntilRefresh(expiration)).isEqualTo(0L);
+ }
+
+ @Test
+ public void timeUntilRefresh1Hr() {
+ Date expiration = Date.from(Instant.now().plus(Duration.ofMinutes(59)));
+ Long expected = Duration.ofMinutes(59).minus(Duration.ofMinutes(4)).getSeconds();
+ Assert.assertEquals(CloudSqlInstance.secondsUntilRefresh(expiration), expected, 1);
+ }
+
+ @Test
+ public void timeUntilRefresh24Hr() {
+ Date expiration = Date.from(Instant.now().plus(Duration.ofHours(23)));
+ Long expected = Duration.ofHours(23).dividedBy(2).getSeconds();
+ Assert.assertEquals(CloudSqlInstance.secondsUntilRefresh(expiration), expected, 1);
+ }
 }

core/src/test/java/com/google/cloud/sql/core/CoreSocketFactoryTest.java

@@ -201,7 +201,7 @@ public void create_throwsErrorForInvalidInstanceName() throws IOException {
  try {
  coreSocketFactory.createSslSocket("myProject", Arrays.asList("PRIMARY"));
  fail();
- } catch (IllegalArgumentException e) {
+ } catch (IllegalArgumentException | InterruptedException e) {
  assertThat(e).hasMessageThat().contains("Cloud SQL connection name is invalid");
  }
 
@@ -210,6 +210,8 @@ public void create_throwsErrorForInvalidInstanceName() throws IOException {
  fail();
  } catch (IllegalArgumentException e) {
  assertThat(e).hasMessageThat().contains("Cloud SQL connection name is invalid");
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
  }
  }
 
@@ -225,6 +227,8 @@ public void create_throwsErrorForInvalidInstanceRegion() throws IOException {
  assertThat(e)
  .hasMessageThat()
  .contains("The region specified for the Cloud SQL instance is incorrect");
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
  }
  }
 
@@ -350,7 +354,7 @@ public void create_adminApiNotEnabled() throws IOException {
  coreSocketFactory.createSslSocket(
  "NotMyProject:myRegion:myInstance", Arrays.asList("PRIMARY"));
  fail("Expected RuntimeException");
- } catch (RuntimeException e) {
+ } catch (RuntimeException | InterruptedException e) {
  // TODO(berezv): should we throw something more specific than RuntimeException?
  assertThat(e)
  .hasMessageThat()
@@ -377,6 +381,8 @@ public void create_notAuthorized() throws IOException {
  String.format(
  "[%s] The Cloud SQL Instance does not exist or your account is not authorized",
  "myProject:myRegion:NotMyInstance"));
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
  }
  }
 

jdbc/mysql-j-5/src/main/java/com/google/cloud/sql/mysql/SocketFactory.java

@@ -38,7 +38,11 @@ public class SocketFactory implements com.mysql.jdbc.SocketFactory {
 
  @Override
  public Socket connect(String hostname, int portNumber, Properties props) throws IOException {
- socket = CoreSocketFactory.connect(props);
+ try {
+ socket = CoreSocketFactory.connect(props);
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ }
  return socket;
  }
 

jdbc/mysql-j-8/src/main/java/com/google/cloud/sql/mysql/SocketFactory.java

@@ -39,15 +39,20 @@ public class SocketFactory implements com.mysql.cj.protocol.SocketFactory {
  @Override
  public <T extends Closeable> T connect(
  String host, int portNumber, PropertySet props, int loginTimeout) throws IOException {
- return connect(host, portNumber, props.exposeAsProperties(), loginTimeout);
+ try {
+ return connect(host, portNumber, props.exposeAsProperties(), loginTimeout);
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ }
  }
 
  /**
  * Implements the interface for com.mysql.cj.protocol.SocketFactory for mysql-connector-java prior
  * to version 8.0.13. This change is required for backwards compatibility.
  */
  public <T extends Closeable> T connect(
- String host, int portNumber, Properties props, int loginTimeout) throws IOException {
+ String host, int portNumber, Properties props, int loginTimeout)
+ throws IOException, InterruptedException {
  @SuppressWarnings("unchecked")
  T socket = (T) CoreSocketFactory.connect(props);
  return socket;

jdbc/postgres/src/main/java/com/google/cloud/sql/postgres/SocketFactory.java

@@ -73,7 +73,11 @@ private static Properties createDefaultProperties(String instanceName) {
 
  @Override
  public Socket createSocket() throws IOException {
- return CoreSocketFactory.connect(props, POSTGRES_SUFFIX);
+ try {
+ return CoreSocketFactory.connect(props, POSTGRES_SUFFIX);
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ }
  }
 
  @Override

jdbc/sqlserver/src/main/java/com/google/cloud/sql/sqlserver/SocketFactory.java

@@ -71,7 +71,11 @@ public SocketFactory(String socketFactoryConstructorArg)
 
  @Override
  public Socket createSocket() throws IOException {
- return CoreSocketFactory.connect(props);
+ try {
+ return CoreSocketFactory.connect(props);
+ } catch (InterruptedException e) {
+ throw new RuntimeException(e);
+ }
  }
 
  @Override