Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flow API: Custom resume endpoint, polished mirror status endpoint, auth to all endpoints #1711

Closed
wants to merge 33 commits into from
Closed

Flow API: Custom resume endpoint, polished mirror status endpoint, auth to all endpoints #1711

wants to merge 33 commits into from

Conversation

Amogh-Bharadwaj
Copy link
Contributor

@Amogh-Bharadwaj Amogh-Bharadwaj commented May 13, 2024
edited by iamKunalGupta
Loading

Endpoints:

Custom sync:

/v1/flows/cdc/sync

Status:

/v1/mirrors/{flow_job_name}?include_flow_info=true|false

Authentication

Flow API now has authentication on all routes (except for health). It uses Bearer Authentication with token being:
base64Encode(bcryptHash(PEERDB_PASSWORD))

It can be generated on Unix based systems via:
htpasswd -nbB -C 10 "" <PEERDB_PASSWORD_HERE> | tr -d ":" | base64

API Endpoint to Resume Mirror With Specified Syncs

This PR introduces an endpoint in our Flow API to resume mirrors with a request of custom number of syncs.

  • The number of syncs the client can request is, for now, a number between 1 and the MaxSyncsPerCDCFlow which is currently 32.
  • Syncs in this case refers to one sync flow - normalise flow pair.
  • This endpoint requires the mirror to be paused before hand.
  • Request validation checks the above along with whether the mirror name exists, etc.

Implementation:

Extends CDCFlowConfigUpdate to include number of syncs information.

message CDCFlowConfigUpdate {
  repeated TableMapping additional_tables = 1;
  uint32 batch_size = 2;
  uint64 idle_timeout = 3;
  int32 number_of_syncs = 4;
}
  • This is picked up in CDC flow after processing FlowConfigUpdate:
if state.FlowConfigUpdate != nil {
	err = processCDCFlowConfigUpdate(ctx, logger, cfg, state, mirrorNameSearch)
        if err != nil {
		return state, err
	}
	syncCountLimit = int(state.SyncFlowOptions.NumberOfSyncs)
  • Limit check is done when listening for normalise flow finishing:
normDoneChan.AddToSelector(mainLoopSelector, func(x struct{}, _ bool) {
	if syncCount == syncCountLimit {
		logger.Info("sync count limit reached, pausing",
		slog.Int("limit", syncCountLimit),
		slog.Int("count", syncCount))
		state.ActiveSignal = model.PauseSignal
	}

Functional testing:

  • Tested with a paused mirror with low sync interval via HTTP requests to this endpoint
  • Resume mirror via the normal UI button route will stick to existing behaviour of MaxSyncsPerCDCFlow=32 sync flows.
Screenshot 2024-05-10 at 5 25 18 PM Screenshot 2024-05-10 at 5 25 42 PM Screenshot 2024-05-10 at 5 27 36 PM

Mirror Status Endpoint

Existing mirror status endpoint now has a flag in the request to include flow information. The UI sets this flag. If not set, response only contains flow name and running status, along with clean error messages.

This endpoint is also gated by authorization

Functionally tested

@Amogh-Bharadwaj Amogh-Bharadwaj marked this pull request as ready for review May 13, 2024 08:04
@Amogh-Bharadwaj Amogh-Bharadwaj force-pushed the api/custom-resume-endpoint branch from 28edd92 to 3424dca Compare May 14, 2024 11:17
@CLAassistant
Copy link

CLAassistant commented May 21, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Amogh-Bharadwaj Amogh-Bharadwaj force-pushed the api/custom-resume-endpoint branch 2 times, most recently from dcc8e69 to 85da32c Compare May 27, 2024 14:04
serprex
serprex reviewed May 27, 2024
View reviewed changes
@Amogh-Bharadwaj Amogh-Bharadwaj changed the title Flow API: Custom resume endpoint Flow API: Custom resume endpoint and blackboxed cdc status endpoint May 27, 2024
@Amogh-Bharadwaj
Copy link
Contributor Author

Description updated with new status endpoint

heavycrystal
heavycrystal reviewed May 27, 2024
View reviewed changes
@Amogh-Bharadwaj Amogh-Bharadwaj force-pushed the api/custom-resume-endpoint branch from a205f79 to 67a3022 Compare May 28, 2024 19:41
@Amogh-Bharadwaj
Copy link
Contributor Author

Updated description and functionally tested post changes

iskakaushik
iskakaushik reviewed May 29, 2024
View reviewed changes
@iamKunalGupta iamKunalGupta changed the title Flow API: Custom resume endpoint and polished mirror status endpoint Flow API: Custom resume endpoin, polished mirror status endpoint, auth to all endpoints Jun 6, 2024
@serprex serprex changed the title Flow API: Custom resume endpoin, polished mirror status endpoint, auth to all endpoints Flow API: Custom resume endpoint, polished mirror status endpoint, auth to all endpoints Jun 6, 2024
serprex
serprex reviewed Jun 6, 2024
View reviewed changes
serprex
serprex reviewed Jun 6, 2024
View reviewed changes
serprex
serprex reviewed Jun 6, 2024
View reviewed changes
serprex
serprex reviewed Jun 6, 2024
View reviewed changes
@serprex serprex marked this pull request as ready for review June 6, 2024 20:54
@serprex
Copy link
Contributor

serprex commented Jun 7, 2024

testing on my cloud setup, drop mirror not working

iamKunalGupta
iamKunalGupta requested changes Jun 10, 2024
View reviewed changes
flow/middleware/interceptors.go Outdated
Comment on lines 33 to 45
// accommodate live password changes and reduce time hash is in memory
hashCache := expirable.NewLRU[string, []byte](1, nil, 10*time.Minute)
_, err := getCachedHash(hashCache)
if err != nil {
return nil, fmt.Errorf("error generating hash: %w", err)
}

return func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
if _, ok := unauthenticatedMethodsSet[info.FullMethod]; ok {
return handler(ctx, req)
}
ctx, err := Authorize(ctx, plaintext)
ctx, err := authorize(ctx, hashCache)
if err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to look at live password changes?
Why not send the hash directly?

iamKunalGupta
iamKunalGupta reviewed Jun 11, 2024
View reviewed changes
Copy link
Member

@iamKunalGupta iamKunalGupta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check dropmirror flow once @heavycrystal ? @serprex said that it was not working

flow/middleware/auth.go Outdated
}

if err := bcrypt.CompareHashAndPassword(hash, tokenBytes); err != nil {
logger.LoggerFromCtx(ctx).Warn("Error validating token", slog.String("token", string(tokenBytes)), slog.Any("error", err))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove token from logging now since it is plaintext now.

@Amogh-Bharadwaj
Copy link
Contributor Author

Closing, this is replaced by #1823

@serprex serprex deleted the api/custom-resume-endpoint branch June 26, 2024 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@serprex serprex serprex approved these changes

@iskakaushik iskakaushik iskakaushik left review comments

@iamKunalGupta iamKunalGupta iamKunalGupta requested changes

@heavycrystal heavycrystal heavycrystal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Amogh-Bharadwaj @CLAassistant @serprex @iskakaushik @iamKunalGupta @heavycrystal