Skip to content

Fix race condition in bearertokenauth extension, the dobule removal of watcher#44104

Merged
songy23 merged 3 commits into
open-telemetry:mainfrom
pavolloffay:bearertoken-fix-race-condition
Nov 10, 2025
Merged

Fix race condition in bearertokenauth extension, the dobule removal of watcher#44104
songy23 merged 3 commits into
open-telemetry:mainfrom
pavolloffay:bearertoken-fix-race-condition

Conversation

@pavolloffay

@pavolloffay pavolloffay commented Nov 7, 2025
edited
Loading

Copy link
Copy Markdown
Member

Description

2025-10-02T02:30:59.851Z	error	bearertokenauthextension@v0.135.0/bearertokenauth.go:131	fsnotify: can't remove non-existent watch: /var/run/secrets/kubernetes.io/serviceaccount/token	{"resource": {"service.instance.id": "db1e09f0-e9b5-421e-b9f2-539af8965363", "service.name": "otelcol", "service.version": "0.135.0"}, "otelcol.component.id": "bearertokenauth", "otelcol.component.kind": "extension"}
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension.(*bearerTokenAuth).startWatcher
	github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension@v0.135.0/bearertokenauth.go:131

The error means the code called watcher.Remove(path) on a file that the fsnotify watcher was already no longer watching.
In the specific case of the Kubernetes service account token, this happens because Kubernetes rotates the token by deleting and replacing the file (it's an atomic update).

Link to tracking issue

Fixes

Testing

make otelcontribcol
make docker-otelcontribcol
docker tag localhost/otelcontribcol:latest pavolloffay/otelcolcontrib-bearertokenfix:1 
docker push pavolloffay/otelcolcontrib-bearertokenfix:1

docker run pavolloffay/otelcolcontrib-bearertokenfix:1

Documentation

@pavolloffay
Fix race condition in bearertokenauth extension, the dobule removal o…
0eb796c 
…f watcher

Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
@pavolloffay pavolloffay requested a review from a team as a code owner November 7, 2025 17:02
@github-actions github-actions Bot requested a review from frzifus November 7, 2025 17:02
@pavolloffay
Fix race condition in bearertokenauth extension, the dobule removal o…
4e12203 
…f watcher

Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
atoulme
atoulme reviewed Nov 7, 2025
View reviewed changes
Comment thread .chloggen/bearertoken-fix-race-condition.yaml Outdated
component: extension/bearertokenauth

# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: Remove error messages `fsnotify: can't remove non-existent watch` when watching kubernetes SA tokens.

@atoulme atoulme Nov 7, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
note: Remove error messages `fsnotify: can't remove non-existent watch` when watching kubernetes SA tokens.
note: "Remove error messages `fsnotify: can't remove non-existent watch` when watching kubernetes SA tokens."

atoulme
atoulme approved these changes Nov 7, 2025
View reviewed changes

@atoulme atoulme left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pavolloffay
Fix changelog
7eedca5 
Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
@songy23 songy23 merged commit 90bb3d6 into open-telemetry:main Nov 10, 2025
189 checks passed
@github-actions github-actions Bot added this to the next release milestone Nov 10, 2025
@grelland grelland mentioned this pull request Feb 9, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@atoulme atoulme atoulme approved these changes

@TylerHelmuth TylerHelmuth Awaiting requested review from TylerHelmuth TylerHelmuth is a code owner automatically assigned from open-telemetry/collector-contrib-approvers

+1 more reviewer

@frzifus frzifus frzifus approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@TylerHelmuth TylerHelmuth

Labels

extension/bearertokenauth

Projects

None yet

Milestone

v0.140.1

Development

Successfully merging this pull request may close these issues.

5 participants

@pavolloffay @atoulme @frzifus @songy23 @TylerHelmuth