fix(registration): reuse stored credentials if already in keyring by andrewazores · Pull Request #861 · cryostatio/cryostat-agent

andrewazores · 2026-05-01T15:32:32Z

Based on #860
Depends on #860

Agent checks with Cryostat's credential keyring if the ID of the credential the Agent previously submitted (if any) is still present. If so, the Agent assumes this credential is still valid and does not submit a new one.
If the Agent is triggered to enter its registration flow rapidly and a credential generation request is already in-flight, then subsequent requests will reuse a coalesced response from the original in-flight request rather than possibly firing a second request while the first is still in-flight. This also prevents the Agent from rapidly regenerating and invalidating its own webserver credentials.
Fixes a byte buffer mutation mishandling where the temporary in-memory webserver password buffer might be zeroed out while the request submitting it to Cryostat's credential keyring is still underway.

…herd

…if too rapid

…l ping if too rapid

andrewazores added fix safe-to-test labels May 1, 2026

andrewazores requested a review from a team May 1, 2026 15:32

andrewazores force-pushed the credential-regeneration branch from b2af1f1 to 3f68790 Compare May 1, 2026 16:11

andrewazores marked this pull request as ready for review May 1, 2026 16:21

andrewazores added 9 commits May 1, 2026 14:04

fix(registration): add jitter to cooldown exit to prevent thundering …

53653bd

…herd

test

1818e23

fix(registration): refuse to attempt registration from external ping …

e8cf1e1

…if too rapid

fixup! fix(registration): refuse to attempt registration from externa…

9e7e329

…l ping if too rapid

ensure webserver credentials are not modified during in-flight request

82734db

coalesce concurrent credential submissions into single future

da3cab7

check for existing credentials in keyring before regenerating

a4964b9

jdk11

1c1c18c

HTTP 404 on credential cleanup deletion counts as a success

d86d3fa

andrewazores force-pushed the credential-regeneration branch from 2bee3bf to d86d3fa Compare May 1, 2026 18:19

andrewazores added 2 commits May 1, 2026 16:34

re-zero defensive copy after use

96402e1

test

04b1426

andrewazores force-pushed the credential-regeneration branch from 6c781f9 to 04b1426 Compare May 1, 2026 20:34

andrewazores added 2 commits May 1, 2026 16:36

spotless

97a9b76

fixup! test

fc8f69d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(registration): reuse stored credentials if already in keyring#861

fix(registration): reuse stored credentials if already in keyring#861
andrewazores wants to merge 13 commits intocryostatio:mainfrom
andrewazores:credential-regeneration

andrewazores commented May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

andrewazores commented May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant