Allow usage of stale-but-valid ingestion auth tokens#334
Conversation
There was a problem hiding this comment.
Pull request overview
This PR improves ingestion resiliency by allowing the ingestion client to continue using a previously minted (still valid) Kusto ingestion authorization context when token refresh via Kusto management commands fails, and by throttling repeated refresh attempts to avoid hammering an unhealthy control plane.
Changes:
- Add stale-but-valid auth token reuse and refresh attempt throttling to
resources.Manager.AuthContext. - Track auth token refresh/validity/throttle timestamps in
Manager, with injectable time source for deterministic testing. - Add hermetic tests covering stale-token reuse, throttling behavior, expiry behavior, and concurrent callers.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
azkustoingest/internal/resources/resources.go |
Implements cached-token reuse + throttled refresh attempts, adds time injection for testing. |
azkustoingest/internal/resources/resources_test.go |
Adds a deterministic Mgmt stub and new tests for refresh failure, throttling, expiry, and concurrency. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I have this in draft status right now to exercise these changes with our own service code first. |
The Kusto ingestion client periodically (every 1h) attempts to call a management command on the destination Kusto cluster to refresh a token used to authenticate to Kusto-cluster owned storage. On occasion, we experience issues where our Kusto cluster's control plane has brief unavailability for several minutes at a time - this can completely block ingestion from clients for long periods of time, despite the tokens themselves having much longer lifetimes and the destination storage remaining available. Instead of failing fast when new tokens cannot be minted, this PR adds a mechanism to reuse old-but-valid tokens when new tokens can't be created. This should allow these clients to continue uploading to storage while the Kusto cluster is temporarily unavailable. This also adds a throttling mechanism where we do not continually hammer the destination Kusto cluster during token expirations, creating more of a thundering herd when the Kusto control plane is already having issues.
|
I think this one is ready for review now. Apologies it sat in draft form for so long - took me some time to get back to this. |
The Kusto ingestion client periodically (every 1h) attempts to call a management command on the destination Kusto cluster to refresh a token used to authenticate to Kusto-cluster owned storage. On occasion, we experience issues where our Kusto cluster's control plane has brief unavailability for several minutes at a time - this can completely block ingestion from clients for long periods of time, despite the tokens themselves having much longer lifetimes and the destination storage remaining available.
Instead of failing fast when new tokens cannot be minted, this PR adds a mechanism to reuse old-but-valid tokens when new tokens can't be created. This should allow these clients to continue uploading to storage while the Kusto cluster is temporarily unavailable.
This also adds a throttling mechanism where we do not continually hammer the destination Kusto cluster during token expirations, creating more of a thundering herd when the Kusto control plane is already having issues.