Skip to content

fix(oauth2_http): Avoid retrying on 4xx errors during GCE metadata ping#13715

Open
macastelaz wants to merge 9 commits into
mainfrom
remove-gce-403-retry
Open

fix(oauth2_http): Avoid retrying on 4xx errors during GCE metadata ping#13715
macastelaz wants to merge 9 commits into
mainfrom
remove-gce-403-retry

Conversation

@macastelaz

@macastelaz macastelaz commented Jul 9, 2026

Copy link
Copy Markdown

Don't retry GCE Metadata 4xx errors which are generally non-retriable errors and only adds startup noise/latency by retrying 3 times.

Fixes #13649

@macastelaz macastelaz requested review from a team as code owners July 9, 2026 01:49

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates ComputeEngineCredentials to handle 403 Forbidden responses during the Compute Engine metadata server ping check by immediately returning false instead of logging an unexpected exception. It also introduces a new test case to verify this behavior and adds request counting to MockMetadataServerTransport to ensure no retries occur. There are no review comments, and I have no additional feedback to provide.

@macastelaz macastelaz changed the title fix(oauth2_http): Avoid retrying on 403 Forbidden during GCE metadata ping fix(oauth2_http): Avoid retrying on 4xx errors during GCE metadata ping Jul 10, 2026
Comment on lines +676 to +680
if (e instanceof HttpResponseException) {
int statusCode = ((HttpResponseException) e).getStatusCode();
if (statusCode >= 400 && statusCode < 500) {
return false;
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: this can also be done in a follow-up refactor PR if we agree on this.

Do you think we can use HttpRequest's setUnsuccessfulResponseHandler as well as the ExponentialBackoff + setNumberOfRetries to configure retries/ handle failure? Or do you know if there a reason ComputeEngineCredentials can't use that?

request.setUnsuccessfulResponseHandler(
new HttpBackOffUnsuccessfulResponseHandler(backoff)
.setBackOffRequired(
response -> {
int code = response.getStatusCode();
return OAuth2Utils.TOKEN_ENDPOINT_RETRYABLE_STATUS_CODES.contains(code);
}));

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, I wouldn't call myself an expert here but here's what Gemini had to say:

"Since pingComputeEngineMetadata is a lightweight detection mechanism that executes on startup for non-GCE environments to check if it's on GCE, we use a strict 500ms connection timeout and try to fail fast. If we were to use ExponentialBackOff , any timeout or retryable network failure would introduce sleep delays between retries, which would exponentially delay application startup on local environments. The manual loop ensures we do 3 rapid checks and fail out without hanging the thread."

Given the small number of retries, I would suspect any additional latency from retry delays would be minimal but in theory, the ideal of wanting to of avoid introducing any additional startup latency to backoff retries makes sense to me. Thoughts?

Comment thread java-showcase/.repo-metadata.json Outdated
@macastelaz macastelaz force-pushed the remove-gce-403-retry branch from 92bc27d to bf4d821 Compare July 13, 2026 18:50
@lqiu96 lqiu96 requested a review from whowes July 13, 2026 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

bug(auth): ComputeEngineCredentials.isOnGce retries on non-transient 403 Forbidden responses

3 participants