feat: Distributed authentication load balancing (#1602)

* parametrize debug header filter size

Signed-off-by: jandadav <janda.david@gmail.com>

* scan factory only once

Signed-off-by: jandadav <janda.david@gmail.com>

* Caching service client skeleton

Signed-off-by: jandadav <janda.david@gmail.com>

* fix incorrect test

Signed-off-by: jandadav <janda.david@gmail.com>

* parametrize client

Signed-off-by: jandadav <janda.david@gmail.com>

* enhance LoadBalancerCache with remote cache

Signed-off-by: jandadav <janda.david@gmail.com>

* fix load balancer cache storage

Signed-off-by: jandadav <janda.david@gmail.com>

* Call against local gw

Signed-off-by: jandadav <janda.david@gmail.com>

* prefix lb keys

Signed-off-by: jandadav <janda.david@gmail.com>

* debug logging

Signed-off-by: jandadav <janda.david@gmail.com>

* doc

Signed-off-by: jandadav <janda.david@gmail.com>

* javadoc

Signed-off-by: jandadav <janda.david@gmail.com>

* Sonar and cleanup

Signed-off-by: jandadav <janda.david@gmail.com>

* Conditional remote cache

Signed-off-by: jandadav <janda.david@gmail.com>

* Attempt to fix flaky test

Signed-off-by: jandadav <janda.david@gmail.com>

Author: jandadav

apiml-common/src/main/java/org/zowe/apiml/product/gateway/GatewayConfigProperties.java

@@ -20,6 +20,10 @@
 public class GatewayConfigProperties {
 
     private String scheme;
+
+    /**
+     * Format: hostname:port
+     */
     private String hostname;
 
 }

gateway-service/src/main/java/org/zowe/apiml/gateway/cache/CachingServiceClient.java

@@ -0,0 +1,138 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+package org.zowe.apiml.gateway.cache;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import lombok.Data;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.*;
+import org.springframework.web.client.RestClientException;
+import org.springframework.web.client.RestTemplate;
+
+
+/**
+ * Client for interaction with Caching Service
+ * Supports basic CRUD operations
+ * Assumes calling caching service through Gateway. Uses rest template with client certificate
+ * as Gateway will forward the certificates in headers to caching service, which in turn uses this
+ * as a distinguishing factor to store the keys.
+ *
+ */
+@SuppressWarnings({"squid:S1192"}) // literals are repeating in debug logs only
+public class CachingServiceClient {
+
+    private final RestTemplate restTemplate;
+    private final String gatewayProtocolHostPort;
+    @Value("${apiml.cachingServiceClient.apiPath}")
+    private static final String CACHING_API_PATH = "/cachingservice/api/v1/cache"; //NOSONAR parametrization provided by @Value annotation
+
+    public CachingServiceClient(RestTemplate restTemplate, String gatewayProtocolHostPort) {
+        if (gatewayProtocolHostPort == null || gatewayProtocolHostPort.isEmpty()) {
+            throw new IllegalStateException("gatewayProtocolHostPort has to have value in format <protocol>://<host>:<port> and not be null");
+        }
+        if (restTemplate == null) {
+            throw new IllegalStateException("RestTemplate instance cannot be null");
+        }
+        this.restTemplate = restTemplate;
+        this.gatewayProtocolHostPort = gatewayProtocolHostPort;
+
+    }
+
+    /**
+     * Creates {@link KeyValue} in Caching Service.
+     * @param kv {@link KeyValue} to store
+     * @throws CachingServiceClientException when http response from caching is not 2xx, such as connect exception or cache conflict
+     */
+
+    public void create(KeyValue kv) throws CachingServiceClientException {
+        try {
+            restTemplate.exchange(gatewayProtocolHostPort + CACHING_API_PATH, HttpMethod.POST, new HttpEntity<KeyValue>(kv, new HttpHeaders()), String.class);
+        } catch (RestClientException e) {
+            throw new CachingServiceClientException("Unable to create keyValue: " + kv.toString() + ", caused by: " + e.getMessage(), e);
+        }
+    }
+
+
+    /**
+     * Reads {@link KeyValue} from Caching Service
+     * @param key Key to read
+     * @return {@link KeyValue}
+     * @throws CachingServiceClientException when http response from caching is not 2xx, such as connect exception or 404 key not found in cache
+     */
+    public KeyValue read(String key) throws CachingServiceClientException {
+        try {
+            ResponseEntity<KeyValue> response = restTemplate.exchange(gatewayProtocolHostPort + CACHING_API_PATH + "/" + key, HttpMethod.GET, new HttpEntity<KeyValue>(null, new HttpHeaders()), KeyValue.class);
+            if (response != null && response.hasBody()) { //NOSONAR tests return null
+                return response.getBody();
+            } else {
+                throw new CachingServiceClientException("Unable to read key: " + key + ", caused by response from caching service is null or has no body");
+            }
+        } catch (RestClientException e) {
+            throw new CachingServiceClientException("Unable to read key: " + key + ", caused by: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Updates {@link KeyValue} in Caching Service
+     * @param kv {@link KeyValue} to update
+     * @throws CachingServiceClientException when http response from caching is not 2xx, such as connect exception or 404 key not found in cache
+     */
+    public void update(KeyValue kv) throws CachingServiceClientException {
+        try {
+            restTemplate.exchange(gatewayProtocolHostPort + CACHING_API_PATH, HttpMethod.PUT, new HttpEntity<KeyValue>(kv, new HttpHeaders()), String.class);
+        } catch (RestClientException e) {
+            throw new CachingServiceClientException("Unable to update keyValue: " + kv.toString() + ", caused by: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Deletes {@link KeyValue} from Caching Service
+     * @param key Key to delete
+     * @throws CachingServiceClientException when http response from caching is not 2xx, such as connect exception or 404 key not found in cache
+     */
+    public void delete(String key) throws CachingServiceClientException {
+        try {
+            restTemplate.exchange(gatewayProtocolHostPort + CACHING_API_PATH + "/" + key, HttpMethod.DELETE, new HttpEntity<KeyValue>(null, new HttpHeaders()), String.class);
+        } catch (RestClientException e) {
+            throw new CachingServiceClientException("Unable to delete key: " + key + ", caused by: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Data POJO that represents entry in caching service
+     */
+    @RequiredArgsConstructor
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    @Data
+    static class KeyValue {
+        private final String key;
+        private final String value;
+
+        @JsonCreator
+        public KeyValue() {
+            key = "";
+            value = "";
+        }
+    }
+
+    public class CachingServiceClientException extends Exception {
+
+        public CachingServiceClientException(String message, Throwable cause) {
+            super(message, cause);
+        }
+
+        public CachingServiceClientException(String message) {
+            super(message);
+        }
+    }
+}

gateway-service/src/main/java/org/zowe/apiml/gateway/cache/LoadBalancerCache.java

@@ -9,7 +9,11 @@
  */
 package org.zowe.apiml.gateway.cache;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
 import org.zowe.apiml.gateway.ribbon.loadbalancer.model.LoadBalancerCacheRecord;
 
 import java.util.Map;
@@ -18,13 +22,23 @@
 /**
  * Cache for storing Load Balancer related information. The initial goal was to support user based instance load
  * balancing
+ *
+ * Supports optional CachingServiceClient inject through constructor, which gives acts as remote cache. Remote cache
+ * entries have preference to local ones.
  */
 @Getter
+@Slf4j
 public class LoadBalancerCache {
-    private final Map<String, LoadBalancerCacheRecord> cache;
+    private final Map<String, LoadBalancerCacheRecord> localCache;
+    private final CachingServiceClient remoteCache;
+    private final ObjectMapper mapper = new ObjectMapper();
+
+    public static final String LOAD_BALANCER_KEY_PREFIX = "lb.";
 
-    public LoadBalancerCache() {
-        cache = new ConcurrentHashMap<>();
+    public LoadBalancerCache(CachingServiceClient cachingServiceClient) {
+        this.remoteCache = cachingServiceClient;
+        localCache = new ConcurrentHashMap<>();
+        mapper.registerModule(new JavaTimeModule());
     }
 
     /**
@@ -35,13 +49,20 @@ public LoadBalancerCache() {
      * @param loadBalancerCacheRecord  Object containing the selected instance and its creation time
      * @return True if storing succeeded, otherwise false
      */
-    public synchronized boolean store(String user, String service, LoadBalancerCacheRecord loadBalancerCacheRecord) {
-        try {
-            cache.put(getKey(user, service), loadBalancerCacheRecord);
-            return true;
-        } catch (UnsupportedOperationException | ClassCastException | IllegalArgumentException e) {
-            return false;
+    public boolean store(String user, String service, LoadBalancerCacheRecord loadBalancerCacheRecord) {
+        if (remoteCache != null) {
+            try {
+                remoteCache.create(new CachingServiceClient.KeyValue(getKey(user, service), mapper.writeValueAsString(loadBalancerCacheRecord)));
+                log.debug("Stored record to remote cache for user: {}, service: {}, record: {}", user, service, loadBalancerCacheRecord);
+            } catch (CachingServiceClient.CachingServiceClientException e) {
+                log.debug("Failed to store record for user: {}, service: {}, record {}, with exception: {}", user, service, loadBalancerCacheRecord, e);
+            } catch (JsonProcessingException e) {
+                log.debug("Failed to serialize record for user: {}, service: {}, record {},  with exception: {}", user, service, loadBalancerCacheRecord, e);
+            }
         }
+        localCache.put(getKey(user, service), loadBalancerCacheRecord);
+        log.debug("Stored record to local cache for user: {}, service: {}, record: {}", user, service, loadBalancerCacheRecord);
+        return true;
     }
 
     /**
@@ -51,8 +72,24 @@ public synchronized boolean store(String user, String service, LoadBalancerCache
      * @param service Service towards which is the user routed
      * @return Retrieved record containing the instance to use for this user and its creation time.
      */
-    public synchronized LoadBalancerCacheRecord retrieve(String user, String service) {
-        return cache.get(getKey(user, service));
+    public LoadBalancerCacheRecord retrieve(String user, String service) {
+        if (remoteCache != null) {
+            try {
+                CachingServiceClient.KeyValue kv = remoteCache.read(getKey(user, service));
+                if (kv != null) {
+                    LoadBalancerCacheRecord loadBalancerCacheRecord = mapper.readValue(kv.getValue(), LoadBalancerCacheRecord.class);
+                    log.debug("Retrieved record from remote cache for user: {}, service: {}, record: {}", user, service, loadBalancerCacheRecord);
+                    return loadBalancerCacheRecord;
+                }
+            } catch (CachingServiceClient.CachingServiceClientException e) {
+                log.debug("Failed to retrieve record for user: {}, service: {}, with exception: {}", user, service, e);
+            } catch (JsonProcessingException e) {
+                log.debug("Failed to deserialize record for user: {}, service: {}, with exception: {}", user, service, e);
+            }
+        }
+        LoadBalancerCacheRecord loadBalancerCacheRecord = localCache.get(getKey(user, service));
+        log.debug("Retrieved record from local cache for user: {}, service: {}, record: {}", user, service, loadBalancerCacheRecord);
+        return loadBalancerCacheRecord;
     }
 
     /**
@@ -61,11 +98,20 @@ public synchronized LoadBalancerCacheRecord retrieve(String user, String service
      * @param user    User being routed towards southbound service
      * @param service Service towards which is the user routed
      */
-    public synchronized void delete(String user, String service) {
-        cache.remove(getKey(user, service));
+    public void delete(String user, String service) {
+        if (remoteCache != null) {
+            try {
+                remoteCache.delete(getKey(user, service));
+                log.debug("Deleted record from remote cache for user: {}, service: {}", user, service);
+            } catch (CachingServiceClient.CachingServiceClientException e) {
+                log.debug("Failed to deleted record from remote cache for user: {}, service: {}, with exception: {}", user, service, e);
+            }
+        }
+        localCache.remove(getKey(user, service));
+        log.debug("Deleted record from local cache for user: {}, service: {}", user, service);
     }
 
     private String getKey(String user, String service) {
-        return user + ":" + service;
+        return LOAD_BALANCER_KEY_PREFIX + user + ":" + service;
     }
 }

gateway-service/src/main/java/org/zowe/apiml/gateway/cache/LoadBalancerCacheBeansConfig.java

@@ -0,0 +1,48 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+package org.zowe.apiml.gateway.cache;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+import org.zowe.apiml.product.gateway.GatewayConfigProperties;
+
+/**
+ * Setup for caching service backed load balancing cache.
+ */
+@Configuration
+@RequiredArgsConstructor
+public class LoadBalancerCacheBeansConfig {
+
+    private final GatewayConfigProperties gatewayConfigProperties;
+
+    @Bean
+    @ConditionalOnProperty(name = "apiml.loadBalancer.distribute", havingValue = "true")
+    public CachingServiceClient cachingServiceClient(@Qualifier("restTemplateWithKeystore") RestTemplate restTemplate) {
+        String gatewayUri = String.format("%s://%s", gatewayConfigProperties.getScheme(), gatewayConfigProperties.getHostname());
+        return new CachingServiceClient(restTemplate, gatewayUri);
+    }
+
+    @Bean
+    @ConditionalOnProperty(name = "apiml.loadBalancer.distribute", havingValue = "true")
+    public LoadBalancerCache loadBalancerCacheWithRemoteCache(CachingServiceClient cachingServiceClient) {
+        return new LoadBalancerCache(cachingServiceClient);
+    }
+
+    @Bean
+    @ConditionalOnProperty(name = "apiml.loadBalancer.distribute", havingValue = "false", matchIfMissing = true)
+    public LoadBalancerCache loadBalancerCacheOnlyLocalCache() {
+        return new LoadBalancerCache(null);
+    }
+}

gateway-service/src/main/java/org/zowe/apiml/gateway/config/CacheConfig.java

@@ -19,7 +19,6 @@
 import org.springframework.core.io.ClassPathResource;
 import org.zowe.apiml.cache.CompositeKeyGenerator;
 import org.zowe.apiml.cache.CompositeKeyGeneratorWithoutLast;
-import org.zowe.apiml.gateway.cache.LoadBalancerCache;
 import org.zowe.apiml.util.CacheUtils;
 
 import javax.annotation.PostConstruct;
@@ -77,8 +76,4 @@ public CacheUtils cacheUtils() {
         return new CacheUtils();
     }
 
-    @Bean
-    public LoadBalancerCache loadBalancerCache() {
-        return new LoadBalancerCache();
-    }
 }

gateway-service/src/main/java/org/zowe/apiml/gateway/context/NamedContextConfiguration.java

@@ -0,0 +1,36 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+package org.zowe.apiml.gateway.context;
+
+import org.springframework.cloud.context.named.NamedContextFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.zowe.apiml.gateway.ribbon.loadbalancer.LoadBalancerConstants;
+import org.zowe.apiml.gateway.ribbon.loadbalancer.LoadBalancingPredicatesRibbonConfig;
+
+@Configuration
+public class NamedContextConfiguration {
+
+    /**
+     * Factory for load balancer predicates
+     *
+     * Takes in {@link LoadBalancingPredicatesRibbonConfig} which specifies the composition of load
+     * balancer predicates.
+     *
+     * This is static now, but in the future can be wired in as a bean to allow broader extensibility
+     * There should be only one instance of this factory in main application context
+     */
+    @Bean
+    public ConfigurableNamedContextFactory<NamedContextFactory.Specification> predicateFactory() {
+        return new ConfigurableNamedContextFactory<>(LoadBalancingPredicatesRibbonConfig.class, "contextConfiguration",
+            LoadBalancerConstants.INSTANCE_KEY + LoadBalancerConstants.SERVICEID_KEY);
+    }
+}

gateway-service/src/main/java/org/zowe/apiml/gateway/filters/post/DebugHeaderFilter.java

@@ -13,6 +13,7 @@
 import com.netflix.zuul.context.Debug;
 import com.netflix.zuul.context.RequestContext;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.zowe.apiml.gateway.ribbon.RequestContextUtils;
 
@@ -31,6 +32,9 @@
 @Slf4j
 public class DebugHeaderFilter extends ZuulFilter {
 
+    @Value("${zuul.debug.request.debugHeaderLimit:4096}")
+    private int debugHeaderLimit;
+
     @Override
     public String filterType() {
         return POST_TYPE;
@@ -48,7 +52,6 @@ public boolean shouldFilter() {
 
     @Override
     public Object run() {
-        int debugHeaderLimit = 4096;
 
         String debug = convertToPrettyPrintString(Debug.getRoutingDebug());
         String reqInfo = RequestContext.getCurrentContext().getFilterExecutionSummary().toString();