Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update long running to handle recommend watch mechanism #21497

Merged
merged 1 commit into from
Feb 27, 2016
Merged

update long running to handle recommend watch mechanism #21497

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
26 changes: 24 additions & 2 deletions pkg/apiserver/handlers.go
View file
Open in desktop
Expand Up @@ -72,13 +72,35 @@ func ReadOnly(handler http.Handler) http.Handler {
})
}

type LongRunningRequestCheck func(r *http.Request) bool

// BasicLongRunningRequestCheck pathRegex operates against the url path, the queryParams match is case insensitive.
// Any one match flags the request.
// TODO tighten this check to eliminate the abuse potential by malicious clients that start setting queryParameters
// to bypass the rate limitter. This could be done using a full parse and special casing the bits we need.
func BasicLongRunningRequestCheck(pathRegex *regexp.Regexp, queryParams map[string]string) LongRunningRequestCheck {
return func(r *http.Request) bool {
if pathRegex.MatchString(r.URL.Path) {
return true
}

for key, expectedValue := range queryParams {
if strings.ToLower(expectedValue) == strings.ToLower(r.URL.Query().Get(key)) {
return true
}
}

return false
}
}

// MaxInFlight limits the number of in-flight requests to buffer size of the passed in channel.
func MaxInFlightLimit(c chan bool, longRunningRequestRE *regexp.Regexp, handler http.Handler) http.Handler {
func MaxInFlightLimit(c chan bool, longRunningRequestCheck LongRunningRequestCheck, handler http.Handler) http.Handler {
if c == nil {
return handler
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if longRunningRequestRE.MatchString(r.URL.Path) {
if longRunningRequestCheck(r) {
// Skip tracking long running events.
handler.ServeHTTP(w, r)
return
Expand Down
9 changes: 5 additions & 4 deletions pkg/apiserver/handlers_test.go
View file
Open in desktop
Expand Up @@ -77,6 +77,7 @@ func TestMaxInFlight(t *testing.T) {
// notAccountedPathsRegexp specifies paths requests to which we don't account into
// requests in flight.
notAccountedPathsRegexp := regexp.MustCompile(".*\\/watch")
longRunningRequestCheck := BasicLongRunningRequestCheck(notAccountedPathsRegexp, map[string]string{"watch": "true"})

// Calls is used to wait until all server calls are received. We are sending
// AllowedInflightRequestsNo of 'long' not-accounted requests and the same number of
Expand All @@ -98,7 +99,7 @@ func TestMaxInFlight(t *testing.T) {
server := httptest.NewServer(
MaxInFlightLimit(
inflightRequestsChannel,
notAccountedPathsRegexp,
longRunningRequestCheck,
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// A short, accounted request that does not wait for block WaitGroup.
if strings.Contains(r.URL.Path, "dontwait") {
Expand All @@ -114,11 +115,11 @@ func TestMaxInFlight(t *testing.T) {
// TODO: Uncomment when fix #19254
// defer server.Close()

// These should hang, but not affect accounting.
// These should hang, but not affect accounting. use a query param match
for i := 0; i < AllowedInflightRequestsNo; i++ {
// These should hang waiting on block...
go func() {
if err := expectHTTP(server.URL+"/foo/bar/watch", http.StatusOK); err != nil {
if err := expectHTTP(server.URL+"/foo/bar?watch=true", http.StatusOK); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth testing both query param and path regex here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth testing both query param and path regex here?

It's tested below, right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only asked b/c it looked like you were changing the test conditions, and I was wondering if we needed to test both cases here as well as below.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only asked b/c it looked like you were changing the test conditions, and I was wondering if we needed to test both cases here as well as below.

Oh, its a single test. In each case it confirms that it was properly identified as a long running request, so as long as each one tests one of the paths, we're good.

t.Error(err)
}
responses.Done()
Expand Down Expand Up @@ -150,7 +151,7 @@ func TestMaxInFlight(t *testing.T) {
t.Error(err)
}
}
// Validate that non-accounted URLs still work
// Validate that non-accounted URLs still work. use a path regex match
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth testing both query param and path regex here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth testing both query param and path regex here?

It's tested above, right?

if err := expectHTTP(server.URL+"/dontwait/watch", http.StatusOK); err != nil {
t.Error(err)
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/genericapiserver/genericapiserver.go
View file
Open in desktop
Expand Up @@ -650,9 +650,10 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
}

longRunningRE := regexp.MustCompile(options.LongRunningRequestRE)
longRunningRequestCheck := apiserver.BasicLongRunningRequestCheck(longRunningRE, map[string]string{"watch": "true"})
longRunningTimeout := func(req *http.Request) (<-chan time.Time, string) {
// TODO unify this with apiserver.MaxInFlightLimit
if longRunningRE.MatchString(req.URL.Path) || req.URL.Query().Get("watch") == "true" {
if longRunningRequestCheck(req) {
return nil, ""
}
return time.After(time.Minute), ""
Expand All @@ -662,7 +663,7 @@ func (s *GenericAPIServer) Run(options *ServerRunOptions) {
handler := apiserver.TimeoutHandler(s.Handler, longRunningTimeout)
secureServer := &http.Server{
Addr: secureLocation,
Handler: apiserver.MaxInFlightLimit(sem, longRunningRE, apiserver.RecoverPanics(handler)),
Handler: apiserver.MaxInFlightLimit(sem, longRunningRequestCheck, apiserver.RecoverPanics(handler)),
MaxHeaderBytes: 1 << 20,
TLSConfig: &tls.Config{
// Change default from SSLv3 to TLSv1.0 (because of POODLE vulnerability)
Expand Down