Skip to content
This repository has been archived by the owner on Aug 27, 2023. It is now read-only.

DynamoCache.clear_all() breaks SSE and billing configuration #249

Open
chludwig-haufe opened this issue Jun 5, 2020 · 3 comments
Open

DynamoCache.clear_all() breaks SSE and billing configuration #249

chludwig-haufe opened this issue Jun 5, 2020 · 3 comments

Comments

@chludwig-haufe
Copy link

Hi,

we are running pypicloud on AWS with S3 storage backend, DynamoDB cache backend, and Secrets Manager auth backend. Due to a mandatory company policy, the data written by pypicloud into any of these services must be encrypted at rest on the server-side using a customer-managed CMK.

We created and configured the resources needed by pypicloud upfront and run pypicloud with an IAM role that has the necessary privileges; this works fine except when we reload the cache. With the default db.graceful_reload = false, this request calls DynamoCache.clear_all(). In this method, the DynamoDB tables are deleted and re-created. However, the re-created tables lack the SSE configuration required by our company policy.

Similarly, we want to use the on-demand billing mode for the DynamoDB tables (at least until we know the capacity required by our use of pypicloud). However, DynamoCache.clear_all() re-creates the tables in provisioned billing mode.

As a workaround, we can run pypicloud with db.graceful_reload = true; I don't expect the longer time needed to re-build the cache to be an issue in our case. But this won't work if an upgrade requires the re-build of the cache DB because of, say, schema changes.

Do you see any solution short of overriding the clear_all()method in a custom ICache implementation based on DynamoCache? AFAICT, the flywheel engine used by DynamoCache does not expose the necessary config options whence this might require some "hacks".

Regards,
Christoph
@stevearc
Copy link
Owner

stevearc commented Jun 6, 2020

In practice, I think that db.graceful_reload = true will do everything you want. If you're worried about future upgrade potentially requiring table changes, I can say that that's very unlikely to happen any time soon. If you check the release history, there are 3 times when an upgrade has required a cache rebuild:

0.2.0 in 2014
0.5.0 in 2017
1.0.0 in 2017

At this point, the structure is pretty stable and unlikely to change. If I do ever release a future version that requires a DB rebuild, feel free to ping me again on this issue and I'll see if we can find a better solution for you. Does that adequately address your concern?

@chludwig-haufe
Copy link
Author

Thanks. If you deem a schema change unlikely, then I am not going to argue. :-)

I realized the issue only when DynamoCache.clear_all() raised an error and left a broken cache because it cannot re-create a table in on-demand billing mode. (It sees a provisioned capacity of 0 and the attempt to create a provisioned table with capacity 0 fails.) Maybe you can mention in the docs that users who, for whatever reason, need to provision the AWS infrastructure themselves should avoid db.graceful_reload = false?

stevearc added a commit that referenced this issue Jun 14, 2020
@stevearc
Address #249: add documentation about DynamoDB cache refresh behavior
44da3f0
@leorochael
Copy link

I think this issue can be closed...

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@leorochael @stevearc @chludwig-haufe