adminHelper -> authHelper + some cache fixes

SingularityService/src/main/java/com/hubspot/singularity/auth/SingularityLDAPManager.java

@@ -47,6 +47,7 @@ public SingularityLDAPManager(@Named(SingularityMainModule.LDAP_REFRESH_THREADPO
     this.executorService = executorService;
 
     this.userGroupCache = CacheBuilder.newBuilder()
+            .recordStats()
             .refreshAfterWrite(configuration.getLdapConfiguration().getCacheExpirationMs(), TimeUnit.MILLISECONDS)
             .build(new LDAPGroupCacheLoader());
   }
@@ -59,6 +60,10 @@ public SingularityLDAPCacheStats getGroupCacheStats() {
     return SingularityLDAPCacheStats.fromGuavaCacheStats(userGroupCache.stats());
   }
 
+  public void clearGroupCache() {
+    userGroupCache.invalidateAll();
+  }
+
   public Set<String> getGroupsForUser(String user) {
     if (configuration.getLdapConfiguration().isStripUserEmailDomain()) {
       user = user.split("@")[0];
@@ -111,20 +116,20 @@ private Set<String> getGroupsForUserFromLDAP(String user) {
   private class LDAPGroupCacheLoader extends CacheLoader<String, Set<String>> {
     @Override
     public Set<String> load(String key) throws Exception {
-      LOG.debug("Hitting LDAP for {}'s groups", key);
+      LOG.trace("Hitting LDAP for {}'s groups", key);
       return getGroupsForUserFromLDAP(key);
     }
 
     @Override
     public ListenableFuture<Set<String>> reload(final String key, Set<String> oldValue) throws Exception {
-      LOG.debug("Reloading {}'s groups", key);
+      LOG.trace("Reloading {}'s groups", key);
 
       final long refreshStartTime = System.currentTimeMillis();
       final ListenableFutureTask<Set<String>> task = ListenableFutureTask.create(new Callable<Set<String>>() {
         @Override
         public Set<String> call() throws Exception {
           final Set<String> groups = getGroupsForUserFromLDAP(key);
-          LOG.debug("Refreshed {}'s groups in {} ms", key, System.currentTimeMillis() - refreshStartTime);
+          LOG.trace("Refreshed {}'s groups in {} ms", key, System.currentTimeMillis() - refreshStartTime);
           return groups;
         }
       });

SingularityService/src/main/java/com/hubspot/singularity/resources/AuthResource.java

@@ -1,6 +1,7 @@
 package com.hubspot.singularity.resources;
 
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
@@ -9,22 +10,36 @@
 import com.google.inject.Inject;
 import com.hubspot.singularity.SingularityService;
 import com.hubspot.singularity.SingularityUser;
+import com.hubspot.singularity.auth.SingularityLDAPManager;
+import com.hubspot.singularity.data.SingularityValidator;
 
 @Path(AuthResource.PATH)
 @Produces({ MediaType.APPLICATION_JSON })
 public class AuthResource {
   public static final String PATH = SingularityService.API_BASE_PATH + "/auth";
 
   private final Optional<SingularityUser> user;
+  private final SingularityValidator validator;
+  private final SingularityLDAPManager ldapManager;
 
   @Inject
-  public AuthResource(Optional<SingularityUser> user) {
+  public AuthResource(Optional<SingularityUser> user, SingularityValidator validator, SingularityLDAPManager ldapManager) {
     this.user = user;
+    this.validator = validator;
+    this.ldapManager = ldapManager;
   }
 
   @GET
   @Path("/user")
   public Optional<SingularityUser> getUser() {
     return user;
   }
+
+  @POST
+  @Path("/cache/clear")
+  public void clearAuthCache() {
+    validator.checkForAdminAuthorization(user);
+
+    ldapManager.clearGroupCache();
+  }
 }

SingularityService/src/main/java/com/hubspot/singularity/resources/DeployResource.java

@@ -54,22 +54,22 @@ public class DeployResource extends AbstractRequestResource {
   public static final String PATH = SingularityService.API_BASE_PATH + "/deploys";
 
   private final SingularityValidator validator;
-  private final SingularityAuthorizationHelper adminHelper;
+  private final SingularityAuthorizationHelper authHelper;
 
   @Inject
-  public DeployResource(RequestManager requestManager, DeployManager deployManager, SingularityValidator validator, SingularityAuthorizationHelper adminHelper, Optional<SingularityUser> user) {
+  public DeployResource(RequestManager requestManager, DeployManager deployManager, SingularityValidator validator, SingularityAuthorizationHelper authHelper, Optional<SingularityUser> user) {
     super(requestManager, deployManager, user);
 
     this.validator = validator;
-    this.adminHelper = adminHelper;
+    this.authHelper = authHelper;
   }
 
   @GET
   @PropertyFiltering
   @Path("/pending")
   @ApiOperation(response=SingularityPendingDeploy.class, responseContainer="List", value="Retrieve the list of current pending deploys")
   public List<SingularityPendingDeploy> getPendingDeploys() {
-    return adminHelper.filterByAuthorizedRequests(user, deployManager.getPendingDeploys(), SingularityTransformHelpers.PENDING_DEPLOY_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, deployManager.getPendingDeploys(), SingularityTransformHelpers.PENDING_DEPLOY_TO_REQUEST_ID);
   }
 
   @POST

SingularityService/src/main/java/com/hubspot/singularity/resources/HistoryResource.java

@@ -41,17 +41,17 @@ public class HistoryResource extends AbstractHistoryResource {
   private final DeployHistoryHelper deployHistoryHelper;
   private final TaskHistoryHelper taskHistoryHelper;
   private final RequestHistoryHelper requestHistoryHelper;
-  private final SingularityAuthorizationHelper adminHelper;
+  private final SingularityAuthorizationHelper authHelper;
 
   @Inject
   public HistoryResource(HistoryManager historyManager, TaskManager taskManager, DeployManager deployManager, DeployHistoryHelper deployHistoryHelper, TaskHistoryHelper taskHistoryHelper,
-      RequestHistoryHelper requestHistoryHelper, SingularityAuthorizationHelper adminHelper, SingularityValidator validator, Optional<SingularityUser> user) {
+      RequestHistoryHelper requestHistoryHelper, SingularityAuthorizationHelper authHelper, SingularityValidator validator, Optional<SingularityUser> user) {
     super(historyManager, taskManager, deployManager, validator, user);
 
     this.requestHistoryHelper = requestHistoryHelper;
     this.deployHistoryHelper = deployHistoryHelper;
     this.taskHistoryHelper = taskHistoryHelper;
-    this.adminHelper = adminHelper;
+    this.authHelper = authHelper;
   }
 
   @GET
@@ -162,7 +162,7 @@ public Iterable<String> getRequestHistoryForRequestLike(@ApiParam("Request ID pr
 
     List<String> requestIds = historyManager.getRequestHistoryLike(requestIdLike, limitStart, limitCount);
 
-    return adminHelper.filterAuthorizedRequestIds(user, requestIds);  // TODO: will this screw up pagination?
+    return authHelper.filterAuthorizedRequestIds(user, requestIds);  // TODO: will this screw up pagination?
   }
 
 }

SingularityService/src/main/java/com/hubspot/singularity/resources/RequestResource.java

@@ -64,19 +64,19 @@ public class RequestResource extends AbstractRequestResource {
   public static final String PATH = SingularityService.API_BASE_PATH + "/requests";
 
   private final SingularityValidator validator;
-  private final SingularityAuthorizationHelper adminHelper;
+  private final SingularityAuthorizationHelper authHelper;
 
   private final SingularityMailer mailer;
   private final TaskManager taskManager;
 
   @Inject
-  public RequestResource(SingularityValidator validator, DeployManager deployManager, TaskManager taskManager, RequestManager requestManager, SingularityMailer mailer, SingularityAuthorizationHelper adminHelper, Optional<SingularityUser> user) {
+  public RequestResource(SingularityValidator validator, DeployManager deployManager, TaskManager taskManager, RequestManager requestManager, SingularityMailer mailer, SingularityAuthorizationHelper authHelper, Optional<SingularityUser> user) {
     super(requestManager, deployManager, user);
 
     this.validator = validator;
     this.mailer = mailer;
     this.taskManager = taskManager;
-    this.adminHelper = adminHelper;
+    this.authHelper = authHelper;
   }
 
   private static class SingularityRequestDeployHolder {
@@ -375,15 +375,15 @@ public List<SingularityRequestParent> getRequests() {
   @Path("/queued/pending")
   @ApiOperation(value="Retrieve the list of pending requests", response=SingularityPendingRequest.class, responseContainer="List")
   public List<SingularityPendingRequest> getPendingRequests() {
-    return adminHelper.filterByAuthorizedRequests(user, requestManager.getPendingRequests(), SingularityTransformHelpers.PENDING_REQUEST_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, requestManager.getPendingRequests(), SingularityTransformHelpers.PENDING_REQUEST_TO_REQUEST_ID);
   }
 
   @GET
   @PropertyFiltering
   @Path("/queued/cleanup")
   @ApiOperation(value="Retrieve the list of requests being cleaned up", response=SingularityRequestCleanup.class, responseContainer="List")
   public Iterable<SingularityRequestCleanup> getCleanupRequests() {
-    return adminHelper.filterByAuthorizedRequests(user, requestManager.getCleanupRequests(), SingularityTransformHelpers.REQUEST_CLEANUP_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, requestManager.getCleanupRequests(), SingularityTransformHelpers.REQUEST_CLEANUP_TO_REQUEST_ID);
   }
 
   @GET

SingularityService/src/main/java/com/hubspot/singularity/resources/TaskResource.java

@@ -62,35 +62,35 @@ public class TaskResource {
   private final TaskRequestManager taskRequestManager;
   private final MesosClient mesosClient;
   private final SingularityValidator validator;
-  private final SingularityAuthorizationHelper adminHelper;
+  private final SingularityAuthorizationHelper authHelper;
   private final Optional<SingularityUser> user;
 
   @Inject
   public TaskResource(TaskRequestManager taskRequestManager, TaskManager taskManager, SlaveManager slaveManager, MesosClient mesosClient,
-                      SingularityValidator validator, SingularityAuthorizationHelper adminHelper, Optional<SingularityUser> user) {
+                      SingularityValidator validator, SingularityAuthorizationHelper authHelper, Optional<SingularityUser> user) {
     this.taskManager = taskManager;
     this.taskRequestManager = taskRequestManager;
     this.slaveManager = slaveManager;
     this.mesosClient = mesosClient;
     this.validator = validator;
-    this.adminHelper = adminHelper;
+    this.authHelper = authHelper;
     this.user = user;
   }
 
   @GET
   @PropertyFiltering
   @Path("/scheduled")
   @ApiOperation("Retrieve list of scheduled tasks.")
-  public Iterable<SingularityTaskRequest> getScheduledTasks() {
-    return taskRequestManager.getTaskRequests(adminHelper.filterByAuthorizedRequests(user, taskManager.getPendingTasks(), SingularityTransformHelpers.PENDING_TASK_TO_REQUEST_ID));
+  public List<SingularityTaskRequest> getScheduledTasks() {
+    return taskRequestManager.getTaskRequests(authHelper.filterByAuthorizedRequests(user, taskManager.getPendingTasks(), SingularityTransformHelpers.PENDING_TASK_TO_REQUEST_ID));
   }
 
   @GET
   @PropertyFiltering
   @Path("/scheduled/ids")
   @ApiOperation("Retrieve list of scheduled task IDs.")
   public List<SingularityPendingTaskId> getScheduledTaskIds() {
-    return adminHelper.filterByAuthorizedRequests(user, taskManager.getPendingTaskIds(), SingularityTransformHelpers.PENDING_TASK_ID_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, taskManager.getPendingTaskIds(), SingularityTransformHelpers.PENDING_TASK_ID_TO_REQUEST_ID);
   }
 
   private SingularityPendingTaskId getPendingTaskIdFromStr(String pendingTaskIdStr) {
@@ -147,31 +147,31 @@ public List<SingularityTask> getTasksForSlave(@PathParam("slaveId") String slave
 
     checkNotFound(maybeSlave.isPresent(), "Couldn't find a slave in any state with id %s", slaveId);
 
-    return adminHelper.filterByAuthorizedRequests(user, taskManager.getTasksOnSlave(taskManager.getActiveTaskIds(), maybeSlave.get()), SingularityTransformHelpers.TASK_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, taskManager.getTasksOnSlave(taskManager.getActiveTaskIds(), maybeSlave.get()), SingularityTransformHelpers.TASK_TO_REQUEST_ID);
   }
 
   @GET
   @PropertyFiltering
   @Path("/active")
   @ApiOperation("Retrieve the list of active tasks.")
   public List<SingularityTask> getActiveTasks() {
-    return adminHelper.filterByAuthorizedRequests(user, taskManager.getActiveTasks(), SingularityTransformHelpers.TASK_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, taskManager.getActiveTasks(), SingularityTransformHelpers.TASK_TO_REQUEST_ID);
   }
 
   @GET
   @PropertyFiltering
   @Path("/cleaning")
   @ApiOperation("Retrieve the list of cleaning tasks.")
   public List<SingularityTaskCleanup> getCleaningTasks() {
-    return adminHelper.filterByAuthorizedRequests(user, taskManager.getCleanupTasks(), SingularityTransformHelpers.TASK_CLEANUP_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, taskManager.getCleanupTasks(), SingularityTransformHelpers.TASK_CLEANUP_TO_REQUEST_ID);
   }
 
   @GET
   @PropertyFiltering
   @Path("/lbcleanup")
   @ApiOperation("Retrieve the list of tasks being cleaned from load balancers.")
   public List<SingularityTaskId> getLbCleanupTasks() {
-    return adminHelper.filterByAuthorizedRequests(user, taskManager.getLBCleanupTasks(), SingularityTransformHelpers.TASK_ID_TO_REQUEST_ID);
+    return authHelper.filterByAuthorizedRequests(user, taskManager.getLBCleanupTasks(), SingularityTransformHelpers.TASK_ID_TO_REQUEST_ID);
   }
 
   private SingularityTask checkActiveTask(String taskId) {