search

googleapis / google-cloud-go

Google Cloud Client Libraries for Go.
https://cloud.google.com/go/docs/reference
Apache License 2.0
3.72k stars 1.27k forks source link

spanner: allow custom setting to bypass clock difference #4631

Closed boolafish closed 3 years ago

boolafish commented 3 years ago

Is your feature request related to a problem? Please describe.

Our team was trying to manipulate the time in our service to test system reliability without our microservices. We used chaos mesh to manipulate the time of the k8s pod/container.

However, we encountered the following error Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. which blocks us from further testing after running a while. From some research, this would happen whenever there is a clock difference from the client to gcp server.

Describe the solution you'd like

I would like to find a solution to continue to use spanner despite local clock differences.

Describe alternatives you've considered N/A

Additional context N/A

hengfengli commented 3 years ago

@boolafish This is not a Cloud Spanner issue but an authentication problem. I don't think we can do anything with it. If your clock has a lag, you should sync with NTP to correct it:

@olavloite Any thoughts about this?

boolafish commented 3 years ago

This is not a Cloud Spanner issue but an authentication problem.

ah true. hmm, I will find a more proper repo to post the issue later. Feel free to close the issue. But would like to consult if there is any possible way to bypass this.

If your clock has a lag, you should sync with NTP to correct it

ah, we create the lag on purpose to do chaos testing. Just currently we found out the chaos test would not last long because of the auth jtw token timing issue.

hengfengli commented 3 years ago

Since you created the lag, the auth works as expected. As a Cloud Spanner client, we rely on the auth underlying to talk to a prod server. Unless you don't use the auth to talk to gcp server, it is impossible to do that and I would not think there is a way to bypass it. You may be able to talk with the Cloud Spanner emulator: https://github.com/GoogleCloudPlatform/cloud-spanner-emulator.

As this issue is not related to Cloud Spanner, I will close this issue.