Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KNOX-3058: Avoid 404 When Topology Is Being Redeployed #929

Merged
merged 1 commit into from
Aug 21, 2024
Merged

KNOX-3058: Avoid 404 When Topology Is Being Redeployed #929

merged 1 commit into from
Aug 21, 2024

Conversation

pzampino
Copy link
Contributor

@pzampino pzampino commented Aug 20, 2024
edited
Loading

What changes were proposed in this pull request?

Modified error handling when a topology is being redeployed, such that the response is not HTTP 404 'Not Found', but rather HTTP 503 'Service Unavailable'. The 503 response is much more likely to be retried by clients than is a 404 response.

Added a Jetty ErrorHandler that checks whether or not the topology being requested is in a Set marked as inactive. Topology names are add to this inactive set when the associated topology is deactivated, and removed from this set when the topology is reactivated. In the case of topology deletion, the topology is marked as inactive, but then removed from the inactive set because we know it's being deleted.

How was this patch tested?

I deployed a test topology with a demo LDAP provider and the Knox Token service.

I then ran the following script with 'https://localhost:8443/gateway/demo/knoxtoken/api/v2/token' and one of the demo LDAP username/pwd combinations, and piped the output to a file. This script outputs only the HTTP response status code for each invocation.

#!/bin/sh
#
#

ENDPOINT=$1
echo "Endpoint: $ENDPOINT"

if [ ! -z "$2" ] ; then
  USER=$2
fi

if [ ! -z "$3" ] ; then
  PWD=$3
fi

for i in {1..100000}
do
  curl -o /dev/null -s -w "%{http_code}\n" -ku ${USER}:${PWD} ${ENDPOINT}
done

Example:
~/bin/resp-test.sh 'https://localhost:8443/gateway/demo/knoxtoken/api/v2/token' sam sam-password > ~/response-code-test.txt &
While this script is running, I copied the test topology to the conf/topologies directory, then subsequently "touched" the test topology to trigger redeployment many times over several minutes. Finally, I deleted the test topology.

Following this, I reviewed the output to verify that there were initially 404 responses, followed by some 503 responses while the topology was being activated. Then, I verified that there were no additional 404 responses until that time at which I deleted the topology. I also verified the periodic 503 responses which are expected, and the normal 200 responses in between.

lmccay
lmccay reviewed Aug 20, 2024
View reviewed changes
Copy link
Contributor

@lmccay lmccay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we able to add a test for this?
See my other comments as well.

gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java Show resolved Hide resolved
moresandeep
moresandeep approved these changes Aug 21, 2024
View reviewed changes
gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java Outdated
String topologyName = pathInfo.substring(gatewayPrefixLength, pathInfo.indexOf('/', gatewayPrefixLength));
if (isInactiveTopology(topologyName) && (response.getStatus() == HttpServletResponse.SC_NOT_FOUND)) {
request.setAttribute("javax.servlet.error.message", "Service Unavailable"); // The default ErrorHandler references this attribute
response.setStatus(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a thought, can we specify in the error message that the topology is inactive? This will be helpful in cases where we are debugging and knox the request failed because topology was inactive and not due to 500 error.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could certainly log that fact, but I think the error messages (e.g., Service Unavailable) are pretty standard. Given the separation between status code and error message though, I could be persuaded otherwise.

lmccay
lmccay approved these changes Aug 21, 2024
View reviewed changes
Copy link
Contributor

@lmccay lmccay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
+1

@pzampino pzampino merged commit d484689 into apache:master Aug 21, 2024
2 checks passed
pzampino added a commit to pzampino/knox that referenced this pull request Aug 21, 2024
@pzampino
KNOX-3058: Avoid 404 When Topology Is Being Redeployed (apache#929)
3617071
pzampino added a commit to pzampino/knox that referenced this pull request Aug 21, 2024
@pzampino
KNOX-3058: Avoid 404 When Topology Is Being Redeployed (apache#929)
b3c4d94
pzampino added a commit to pzampino/knox that referenced this pull request Aug 21, 2024
@pzampino
KNOX-3058: Avoid 404 When Topology Is Being Redeployed (apache#929)
ddcebf7
pzampino added a commit that referenced this pull request Aug 21, 2024
@pzampino
KNOX-3058: Avoid 404 When Topology Is Being Redeployed (#929)
0358054
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lmccay lmccay lmccay approved these changes

@moresandeep moresandeep moresandeep approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pzampino @moresandeep @lmccay