Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle slow security policies without blocking gRPC threads. #10633

Merged
merged 11 commits into from
Dec 6, 2023
Merged

Handle slow security policies without blocking gRPC threads. #10633

merged 11 commits into from
Dec 6, 2023

Conversation

mateusazis
Copy link
Contributor

  • Introduce PendingAuthListener to handle a ListenableFuture, progressing the gRPC through each stage in sequence once the future completes and is OK.
  • Move unit tests away from checkAuthorizationForService and into checkAuthorizationForServiceAsync since that should be the only method called in production now.
  • Some tests in ServerSecurityPolicyTest had their expectations updated; they previously called synchornous APIs that transformed failed ListenableFuture<Status> into one or another status. Now, we call the sync API, so those transformations do not happen anymore, thus the test needs to deal with failed futures directly.
  • I couldn't figure out if this PR needs extra tests. AFAICT BinderSecurityTest should already cover the new codepaths, but please let me know otherwise.

This should be the last PR to address #10566.

@mateusazis
Handle slow security policies without blocking gRPC threads.
d805bd6 
- Introduce PendingAuthListener to handle a ListenableFuture<Status>, progressing the gRPC through each stage in sequence once the future completes and is OK.
- Move unit tests away from `checkAuthorizationForService` and into `checkAuthorizationForServiceAsync` since that should be the only method called in production now.
- Some tests in `ServerSecurityPolicyTest` had their expectations updated; they previously called synchornous APIs that transformed failed `ListenableFuture<Status>` into one or another status. Now, we call the sync API, so those transformations do not happen anymore, thus the test needs to deal with failed futures directly.
- I couldn't figure out if this PR needs extra tests. AFAICT `BinderSecurityTest` should already cover the new codepaths, but please let me know otherwise.

This should be the last PR to address grpc#10566.
@mateusazis
- Short-circuit immediately resolved auth futures.
54cb525 
- Drop sequential executor from PendingAuthListener.
@mateusazis
fix indentation
26b8cc2
jdcormie
jdcormie reviewed Nov 7, 2023
View reviewed changes
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/PendingAuthListener.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/PendingAuthListener.java Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/PendingAuthListener.java Outdated Show resolved Hide resolved
@mateusazis mateusazis requested a review from jdcormie November 7, 2023 18:46
@mateusazis
- Fix indentation
438734a 
- Factory method for PendingAuthListener.
- Fix leak of executor when PendingAuthListener encountered an exception while starting the call.
- Catching RuntimeException.
@mateusazis mateusazis requested a review from jdcormie November 14, 2023 22:08
@mateusazis mateusazis mentioned this pull request Nov 15, 2023
Open
@mateusazis
- Refactor test helpers.
8cf4885 
- Comment + TODO for multiple concurrent auth checks.
@mateusazis mateusazis mentioned this pull request Nov 15, 2023
Closed
jdcormie
jdcormie reviewed Nov 15, 2023
View reviewed changes
Copy link
Member

@jdcormie jdcormie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mateusazis mateusazis requested a review from markb74 November 16, 2023 18:52
markb74
markb74 requested changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@markb74 markb74 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Getting really close.

I'm happy with this overall, but I'd like some changes to make this easier to review more completely.

I.e. Undo changes to the struture of interceptCall per my comment there, and undo all unrelated reformatting.

binder/src/main/java/io/grpc/binder/BinderServerBuilder.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderServer.java Outdated Show resolved Hide resolved
binder/src/test/java/io/grpc/binder/ServerSecurityPolicyTest.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderServer.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Show resolved Hide resolved
@mateusazis
- revert formatting changes in ServerSecurityPolicyTest
5559320 
- define BinderTransportSecurity.ShutdownListener interface
- take a non-close executor closeable in BinderServer's constructor
@mateusazis mateusazis requested a review from markb74 November 29, 2023 23:41
markb74
markb74 approved these changes Nov 30, 2023
View reviewed changes
Copy link
Contributor

@markb74 markb74 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for your patience!

Just a couple of minor nits now, then we can go ahead and submit.

There's a couple more things we'll want to do in a follow up to handle nuance around policy decision caching, and server vs. transport shutdown, but this is in a good state.

binder/src/main/java/io/grpc/binder/internal/BinderServer.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderServer.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Outdated Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Show resolved Hide resolved
binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java Outdated
* resources to be potentially cleaned up.
*/
public interface ShutdownListener {
void onShutdown();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Server shutdown is actually kind of complex, so if we're going to use the prefix "on" (which I agree makes sense in a listener), we probably want to clarify that this is the server shutdown, and rename this to onServerShutdown().

FWIW, there's actually a bit more nuance here we'll need to handle, but let's leave that for a follow up CL.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed.

By "nuance", do you mean code style-wise or are we actually missing something from the implementation? Because if it's the later, I'm not aware of what that is.

@markb74 markb74 added the kokoro:run Add this label to a PR to tell Kokoro the code is safe and tests can be run label Dec 4, 2023
@grpc-kokoro grpc-kokoro removed the kokoro:run Add this label to a PR to tell Kokoro the code is safe and tests can be run label Dec 4, 2023
@markb74 markb74 added the kokoro:force-run Add this label to a PR to tell Kokoro to re-run all tests. Not generally necessary label Dec 5, 2023
@grpc-kokoro grpc-kokoro removed the kokoro:force-run Add this label to a PR to tell Kokoro to re-run all tests. Not generally necessary label Dec 5, 2023
@markb74 markb74 merged commit a053889 into grpc:master Dec 6, 2023
6 checks passed
@mateusazis mateusazis mentioned this pull request Feb 6, 2024
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@markb74 markb74 markb74 approved these changes

@jdcormie jdcormie jdcormie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mateusazis @jdcormie @markb74 @grpc-kokoro