optimize only rebuild mapper when the actual backend modes change

kubernetes-sigs · Jul 25, 2023 · d7f4910 · d7f4910
1 parent 9df1d63
commit d7f4910
Show file tree

Hide file tree

Showing 8 changed files with 81 additions and 25 deletions.
diff --git a/Makefile b/Makefile
@@ -7,7 +7,6 @@ VERSION ?= $(shell $(shell pwd)/hack/get-version.sh)
 GOOS ?= $(shell go env GOOS)
 GOARCH ?= $(shell go env GOARCH)
 GOPROXY ?= $(shell go env GOPROXY)
-SOURCES := $(shell find . -name '*.go')
 GIT_COMMIT ?= $(shell git rev-parse HEAD)
 BUILD_DATE ?= $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
 BUILD_DATE_STRIPPED := $(subst -,,$(subst :,,$(BUILD_DATE)))
@@ -55,7 +54,7 @@ $(CHECKSUM_FILE): build-all-bins
 	@echo $(ALL_BIN_TARGETS)
 	$(foreach target,$(ALL_BIN_TARGETS),$(call checksum,$(target),$(CHECKSUM_FILE)))
 
-$(OUTPUT)/bin/%: $(SOURCES)
+$(OUTPUT)/bin/%:
 	GO111MODULE=on \
 		CGO_ENABLED=0 \
 		GOOS=$(GOOS) \

diff --git a/hack/e2e-dynamicfile.sh b/hack/e2e-dynamicfile.sh
@@ -58,7 +58,12 @@ function e2e_mountfile() {
 }
 
 function e2e_dynamicfile_username_prefix_enforce(){
-  echo -n "MountedFile,DynamicFile" > "${backend_mode_json}"
+cat << EOF > ${backend_mode_json}
+{
+  "backendMode": "MountedFile DynamicFile"
+}
+EOF
+
   sleep 20
   set +e
   RoleOutput=$(aws iam get-role --role-name ${USERNAME_TEST_ROLE} 2>/dev/null)
@@ -132,7 +137,11 @@ function e2e_dynamicfile_username_prefix_enforce(){
 }
 
 function e2e_dynamicfile(){
-  echo -n "MountedFile,DynamicFile" > "${backend_mode_json}"
+cat << EOF > "${backend_mode_json}"
+{
+  "backendMode": "MountedFile DynamicFile"
+}
+EOF
   sleep 20
   set +e
   RoleOutput=$(aws iam get-role --role-name authenticator-dev-cluster-testrole 2>/dev/null)
@@ -230,7 +239,11 @@ function e2e_dynamic_backend_mode(){
       -e "s|{{USER_ID}}|${USERID}|g" \
             "${access_entry_template}" > "${access_entry_tmp}"
   mv "${access_entry_tmp}"  "${access_entry_json}"
-  echo -n "MountedFile" > "${backend_mode_json}"
+cat << EOF > "${backend_mode_json}"
+{
+  "backendMode": "MountedFile"
+}
+EOF
   sleep 20
 
   set -e
@@ -258,7 +271,11 @@ function e2e_dynamic_backend_mode(){
   fi
 
   # set backend mode to MOUNTEDFILE,DYNAMICFILE
-  echo -n "MountedFile,DynamicFile" > "${backend_mode_json}"
+cat << EOF > "${backend_mode_json}"
+{
+  "backendMode": "MountedFile DynamicFile"
+}
+EOF
   sleep 20
 
   OUT=$(aws sts get-caller-identity)
@@ -289,9 +306,4 @@ e2e_dynamicfile
 echo "starting end to end testing for dynamic backend mode"
 e2e_dynamic_backend_mode
 echo "starting end to end testing for dynamicfile mode with username prefix"
-e2e_dynamicfile_username_prefix_enforce
-
-
-
-
-
+e2e_dynamicfile_username_prefix_enforce
diff --git a/hack/lib/dev-env.sh b/hack/lib/dev-env.sh
@@ -202,7 +202,6 @@ function start_authenticator_with_dynamicfile() {
         --publish ${authenticator_healthz_port}:${authenticator_healthz_port} \
         --publish ${AUTHENTICATOR_PORT}:${AUTHENTICATOR_PORT} \
         --env AWS_REGION="us-west-2" \
-        --rm \
         "${AUTHENTICATOR_IMAGE}" \
         server \
         --config "${authenticator_config_dest_dir}/authenticator_dynamicfile_mode.yaml"

diff --git a/pkg/fileutil/util.go b/pkg/fileutil/util.go
@@ -56,7 +56,6 @@ func StartLoadDynamicFile(filename string, callBack FileChangeCallBack, stopCh <
 		defer watcher.Close()
 		content, err := loadDynamicFile(filename, stopCh)
 		if err != nil {
-			logrus.Errorf("StartLoadDynamicFile: error in loadDynamicFile, %v", err)
 			return
 		}
 		err = watcher.Add(filename)

diff --git a/pkg/fileutil/util_test.go b/pkg/fileutil/util_test.go
@@ -63,6 +63,16 @@ func TestLoadDynamicFile(t *testing.T) {
 	defer close(stopCh)
 	time.Sleep(2 * time.Second)
 	os.WriteFile("/tmp/util_test.txt", []byte("test"), 0777)
+	for {
+		time.Sleep(1 * time.Second)
+		testA.mutex.Lock()
+		if testA.expectedContent == "test" {
+			t.Log("read to test")
+			testA.mutex.Unlock()
+			break
+		}
+		testA.mutex.Unlock()
+	}
 	for _, c := range cases {
 		updateFile(testA, c.input, t)
 		testA.mutex.Lock()
@@ -94,7 +104,16 @@ func TestDeleteDynamicFile(t *testing.T) {
 	defer close(stopCh)
 	time.Sleep(2 * time.Second)
 	os.WriteFile("/tmp/delete.txt", []byte("test"), 0777)
-	time.Sleep(2 * time.Second)
+	for {
+		time.Sleep(1 * time.Second)
+		testA.mutex.Lock()
+		if testA.expectedContent == "test" {
+			t.Log("read to test")
+			testA.mutex.Unlock()
+			break
+		}
+		testA.mutex.Unlock()
+	}
 	os.Remove("/tmp/delete.txt")
 	time.Sleep(2 * time.Second)
 	testA.mutex.Lock()

diff --git a/pkg/mapper/dynamicfile/dynamicfile.go b/pkg/mapper/dynamicfile/dynamicfile.go
@@ -133,11 +133,8 @@ func (ms *DynamicFileMapStore) CallBackForFileLoad(dynamicContent []byte) error
 	userMappings := make([]config.UserMapping, 0)
 	roleMappings := make([]config.RoleMapping, 0)
 	var dynamicFileData DynamicFileData
-	err := json.Unmarshal([]byte(dynamicContent), &dynamicFileData)
+	err := json.Unmarshal(dynamicContent, &dynamicFileData)
 	if err != nil {
-		//if len(dynamicContent) == 0 {
-		//	return userMappings, roleMappings, awsAccounts, nil
-		//}
 		logrus.Error("ParseMap: could not unmarshal dynamic file.")
 		return err
 	}

diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -262,6 +262,11 @@ func BuildMapperChain(cfg config.Config, modes []string) (BackendMapper, error)
 		if err := m.Start(backendMapper.mapperStopCh); err != nil {
 			logrus.Fatalf("start mapper %q failed", m.Name())
 		}
+		if backendMapper.currentModes != "" {
+			backendMapper.currentModes = backendMapper.currentModes + " " + m.Name()
+		} else {
+			backendMapper.currentModes = m.Name()
+		}
 	}
 	return backendMapper, nil
 }
@@ -473,18 +478,38 @@ func (h *handler) renderTemplate(template string, identity *token.Identity) (str
 }
 
 func (h *handler) CallBackForFileLoad(dynamicContent []byte) error {
-	newMapper, err := BuildMapperChain(h.cfg, strings.Split(string(dynamicContent), ","))
-	if err == nil && len(newMapper.mappers) > 0 {
-		// replace the mapper
-		close(h.backendMapper.mapperStopCh)
-		h.backendMapper = newMapper
+	var backendModes BackendModeConfig
+	logrus.Infof("BackendMode dynamic file got changed to %s", string(dynamicContent))
+	err := json.Unmarshal(dynamicContent, &backendModes)
+	if err != nil {
+		logrus.Infof("CallBackForFileLoad: could not unmarshal dynamic file.")
+		return err
+	}
+	if h.backendMapper.currentModes != backendModes.BackendMode {
+		logrus.Infof("BackendMode dynamic file got changed, %s different from current mode %s, rebuild mapper", backendModes.BackendMode, h.backendMapper.currentModes)
+		newMapper, err := BuildMapperChain(h.cfg, strings.Split(backendModes.BackendMode, " "))
+		if err == nil && len(newMapper.mappers) > 0 {
+			// replace the mapper
+			close(h.backendMapper.mapperStopCh)
+			h.backendMapper = newMapper
+		} else {
+			return err
+		}
 	} else {
-		logrus.Errorf("Error CallBackForFileLoad: failed when BuildMapperChain, %v", err)
+		logrus.Infof("BackendMode dynamic file got changed, but same with current mode, skip rebuild mapper")
 	}
 	return nil
 }
 
 func (h *handler) CallBackForFileDeletion() error {
 	logrus.Infof("BackendMode dynamic file got deleted")
+	backendMapper, err := BuildMapperChain(h.cfg, h.cfg.BackendMode)
+	if err == nil && len(backendMapper.mappers) > 0 {
+		// replace the mapper
+		close(h.backendMapper.mapperStopCh)
+		h.backendMapper = backendMapper
+	} else {
+		return err
+	}
 	return nil
 }
diff --git a/pkg/server/types.go b/pkg/server/types.go
@@ -36,4 +36,10 @@ type Server struct {
 type BackendMapper struct {
 	mappers      []mapper.Mapper
 	mapperStopCh chan struct{}
+	currentModes string
+}
+
+// AccessConfig represents the configuration format for cluster access config via backend mode.
+type BackendModeConfig struct {
+	BackendMode string `json:"backendMode"`
 }