Commit 56cbea8
authored
fix(rab): run async background boundary refresh on detached session (#17441)
When AuthorizedSession.request() makes an API call, it runs inside a
temporary aiohttp ClientSession block. If our background Regional Access
Boundary (RAB) refresh worker naively shares this exact same session, a
fast primary call (like an instant 401/403 or a quick CRM check) will
exit its block and close the active socket mid-flight. This causes the
background worker to silently fail with "RuntimeError: Session is
closed" and forces the RAB manager into a 15-minute cooldown.
This commit resolves the race condition and ensures safe connection lifecycle
management:
- Shifted the cloning block to run synchronously inside start_refresh,
capturing a fresh, independent ClientSession before the foreground thread
can close the source transport.
- Added a _clone() method to async Request adapters (both modern and legacy)
to copy proxy settings and trace configurations while enforcing connector limits.
- Prevented resource leaks on task creation failures by capturing exceptions
in start_refresh and closing the cloned session synchronously.
- Refactored the close wrapper to inspect and await generic awaitables
(such as asyncio.Future) returned by custom or third-party transports.
- Aligned exception behaviors by raising a wrapped TransportError directly
when calling a closed instance of the legacy aiohttp_requests adapter.
- Ensured the cloned transport is cleanly closed in a finally block after the
background lookup settles.1 parent b50cf1a commit 56cbea8Copy full SHA for 56cbea8
9 files changed
+1,025-4Lines changed: 1025 additions & 4 deletions
File tree
Expand file treeCollapse file tree
Open diff view settings
Filter options
- packages/google-auth
- google/auth
- aio/transport
- transport
- tests_async
- transport
- tests
- transport/aio
Expand file treeCollapse file tree
Open diff view settings
Collapse file
packages/google-auth/google/auth/_regional_access_boundary_utils.py
Copy file name to clipboardExpand all lines: packages/google-auth/google/auth/_regional_access_boundary_utils.py+85-3Lines changed: 85 additions & 3 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
27 | 27 | |
28 | 28 | |
29 | 29 | |
30 | | - |
| 30 | + |
31 | 31 | |
32 | 32 | |
33 | 33 | |
| ||
455 | 455 | |
456 | 456 | |
457 | 457 | |
| 458 | + |
| 459 | + |
| 460 | + |
| 461 | + |
| 462 | + |
| 463 | + |
| 464 | + |
| 465 | + |
| 466 | + |
| 467 | + |
| 468 | + |
| 469 | + |
| 470 | + |
| 471 | + |
| 472 | + |
| 473 | + |
| 474 | + |
| 475 | + |
| 476 | + |
| 477 | + |
| 478 | + |
| 479 | + |
| 480 | + |
| 481 | + |
| 482 | + |
| 483 | + |
| 484 | + |
| 485 | + |
| 486 | + |
| 487 | + |
| 488 | + |
| 489 | + |
| 490 | + |
| 491 | + |
| 492 | + |
| 493 | + |
| 494 | + |
| 495 | + |
| 496 | + |
| 497 | + |
| 498 | + |
| 499 | + |
| 500 | + |
| 501 | + |
| 502 | + |
| 503 | + |
| 504 | + |
| 505 | + |
| 506 | + |
| 507 | + |
| 508 | + |
| 509 | + |
| 510 | + |
| 511 | + |
| 512 | + |
458 | 513 | |
459 | 514 | |
460 | 515 | |
| ||
491 | 546 | |
492 | 547 | |
493 | 548 | |
| 549 | + |
| 550 | + |
| 551 | + |
| 552 | + |
| 553 | + |
| 554 | + |
| 555 | + |
| 556 | + |
| 557 | + |
| 558 | + |
| 559 | + |
| 560 | + |
| 561 | + |
| 562 | + |
| 563 | + |
| 564 | + |
494 | 565 | |
495 | 566 | |
496 | | - |
497 | 567 | |
498 | | - |
| 568 | + |
| 569 | + |
| 570 | + |
499 | 571 | |
500 | 572 | |
501 | 573 | |
| ||
505 | 577 | |
506 | 578 | |
507 | 579 | |
| 580 | + |
| 581 | + |
508 | 582 | |
509 | 583 | |
510 | 584 | |
| ||
514 | 588 | |
515 | 589 | |
516 | 590 | |
| 591 | + |
517 | 592 | |
| 593 | + |
| 594 | + |
| 595 | + |
| 596 | + |
| 597 | + |
| 598 | + |
| 599 | + |
518 | 600 | |
519 | 601 | |
520 | 602 | |
|
Collapse file
packages/google-auth/google/auth/aio/transport/__init__.py
Copy file name to clipboardExpand all lines: packages/google-auth/google/auth/aio/transport/__init__.py+10Lines changed: 10 additions & 0 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
142 | 142 | |
143 | 143 | |
144 | 144 | |
| 145 | + |
| 146 | + |
| 147 | + |
| 148 | + |
| 149 | + |
| 150 | + |
| 151 | + |
| 152 | + |
| 153 | + |
| 154 | + |
Collapse file
packages/google-auth/google/auth/aio/transport/aiohttp.py
Copy file name to clipboardExpand all lines: packages/google-auth/google/auth/aio/transport/aiohttp.py+81-1Lines changed: 81 additions & 1 deletion
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
36 | 36 | |
37 | 37 | |
38 | 38 | |
39 | | - |
| 39 | + |
40 | 40 | |
41 | 41 | |
42 | 42 | |
| ||
203 | 203 | |
204 | 204 | |
205 | 205 | |
| 206 | + |
| 207 | + |
| 208 | + |
| 209 | + |
| 210 | + |
| 211 | + |
| 212 | + |
| 213 | + |
| 214 | + |
| 215 | + |
| 216 | + |
| 217 | + |
| 218 | + |
| 219 | + |
| 220 | + |
| 221 | + |
| 222 | + |
| 223 | + |
| 224 | + |
| 225 | + |
| 226 | + |
| 227 | + |
| 228 | + |
| 229 | + |
| 230 | + |
| 231 | + |
| 232 | + |
| 233 | + |
| 234 | + |
| 235 | + |
| 236 | + |
| 237 | + |
| 238 | + |
| 239 | + |
| 240 | + |
| 241 | + |
| 242 | + |
| 243 | + |
| 244 | + |
| 245 | + |
| 246 | + |
| 247 | + |
| 248 | + |
| 249 | + |
| 250 | + |
| 251 | + |
| 252 | + |
| 253 | + |
| 254 | + |
| 255 | + |
| 256 | + |
| 257 | + |
| 258 | + |
| 259 | + |
| 260 | + |
| 261 | + |
| 262 | + |
| 263 | + |
| 264 | + |
| 265 | + |
| 266 | + |
| 267 | + |
| 268 | + |
| 269 | + |
| 270 | + |
| 271 | + |
| 272 | + |
| 273 | + |
| 274 | + |
| 275 | + |
| 276 | + |
| 277 | + |
| 278 | + |
| 279 | + |
| 280 | + |
| 281 | + |
| 282 | + |
| 283 | + |
| 284 | + |
| 285 | + |
Collapse file
packages/google-auth/google/auth/transport/_aiohttp_requests.py
Copy file name to clipboardExpand all lines: packages/google-auth/google/auth/transport/_aiohttp_requests.py+90Lines changed: 90 additions & 0 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
148 | 148 | |
149 | 149 | |
150 | 150 | |
| 151 | + |
151 | 152 | |
152 | 153 | |
153 | 154 | |
| ||
183 | 184 | |
184 | 185 | |
185 | 186 | |
| 187 | + |
| 188 | + |
| 189 | + |
186 | 190 | |
187 | 191 | |
188 | 192 | |
| ||
202 | 206 | |
203 | 207 | |
204 | 208 | |
| 209 | + |
| 210 | + |
| 211 | + |
| 212 | + |
| 213 | + |
| 214 | + |
| 215 | + |
| 216 | + |
| 217 | + |
| 218 | + |
| 219 | + |
| 220 | + |
| 221 | + |
| 222 | + |
| 223 | + |
| 224 | + |
| 225 | + |
| 226 | + |
| 227 | + |
| 228 | + |
| 229 | + |
| 230 | + |
| 231 | + |
| 232 | + |
| 233 | + |
| 234 | + |
| 235 | + |
| 236 | + |
| 237 | + |
| 238 | + |
| 239 | + |
| 240 | + |
| 241 | + |
| 242 | + |
| 243 | + |
| 244 | + |
| 245 | + |
| 246 | + |
| 247 | + |
| 248 | + |
| 249 | + |
| 250 | + |
| 251 | + |
| 252 | + |
| 253 | + |
| 254 | + |
| 255 | + |
| 256 | + |
| 257 | + |
| 258 | + |
| 259 | + |
| 260 | + |
| 261 | + |
| 262 | + |
| 263 | + |
| 264 | + |
| 265 | + |
| 266 | + |
| 267 | + |
| 268 | + |
| 269 | + |
| 270 | + |
| 271 | + |
| 272 | + |
| 273 | + |
| 274 | + |
| 275 | + |
| 276 | + |
| 277 | + |
| 278 | + |
| 279 | + |
| 280 | + |
| 281 | + |
| 282 | + |
| 283 | + |
| 284 | + |
| 285 | + |
| 286 | + |
| 287 | + |
| 288 | + |
| 289 | + |
| 290 | + |
| 291 | + |
| 292 | + |
| 293 | + |
| 294 | + |
205 | 295 | |
206 | 296 | |
207 | 297 | |
|
0 commit comments