Move task protection handler to ecs-agent module #3779
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
danehlim
reviewed
Jul 5, 2023
|
Excellent PR description write up - it helped inform the reviewing process a lot! |
danehlim
approved these changes
Jul 5, 2023
Realmonia
approved these changes
Jul 5, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adding task protection endpoint handlers to ecs-agent module and consuming them in agent module. The new handlers mostly reuse the existing handlers' code except for some changes noted below.
Implementation details
TaskResponsemodel (aka task metadata in v4 format) to include a newCredentialsIDfield for task role credentials. Task role credentials are required by task protection handlers for ECS client initialization for fulfilling task protection requests. The new field is marked withjson:"-"so it won't be included in v4 task metadata response.TaskProtectionPaththat returns a standard URI path for task protection endpoints.GetTaskProtectionHandlerthat returns an HTTP handler for GetTaskProtection request.UpdateTaskProtectionHandlerthat returns an HTTP handler for UpdateTaskProtection request.AgentStateinterface used by v4 task and container metadata handlers for getting task information from Agent.agent/handlers/task_server_setup.goto consume the new handlers.Testing
Test-driven development was followed. TMDS-level tests were added to agent module for task protection endpoints in #3739 and #3740 to capture the current high-level behavior of the endpoints. The same tests are passing for this PR, so there is no regression.
Manual regression, stress, and performance tests were also performed. For manual testing, agent was build from source of this PR and deployed to an EC2 instance. Another EC2 instance was provisioned with released Agent version v1.71.2.
For manual regression testing, GetTaskProtection, UpdateTaskProtection, and v4 Task Metadata endpoints were called on both the instances and the results were compared using
diff. No regression was detected.For manual stress testing, GetTaskProtection and UpdateTaskProtection endpoints were called at a rate of 80 rps for 60 seconds (steady case) and 200 rps for 1 second (burst case). 100% of requests were successful. The request rates match the ECS rate limits for these APIs.
For manual performance testing, agent was profiled for heap and CPU usage while stress tests were being performed as explained above. Similar heap and CPU usage was seen for both the Agents.
New tests cover the changes: yes
Description for the changelog
Move task protection handlers to ecs-agent module
Licensing
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.