Provide a way to trigger Git mirroring manually #1041
Conversation
374385177-3dc05873-2e74-4bcf-b90d-d023acd196bc.mp4 |
| @@ -61,16 +62,18 @@ public abstract class AbstractMirror implements Mirror { | |||
| private final String remoteBranch; | |||
| @Nullable | |||
| private final String gitignore; | |||
| @Nullable | |||
There was a problem hiding this comment.
Note: with this change, I feel like the enabled flag doesn't have much value.
e.g. If enabled = false but a manual trigger is done, will the mirror execute?
There was a problem hiding this comment.
If enabled = false, the run button is disabled in the UI. However, I didn't reject the execution on the server side. Let me add the validation.
There was a problem hiding this comment.
I feel like it still run even when enabled is false because the user might want to verify whether the mirror setting is correct.
There was a problem hiding this comment.
Does that mean we check mirroring settings but do not push the mirrored data to the local repository when enabled = false?
I thought users could test a new mirror with enabled = true & scheduled = disabled settings.
| @@ -133,6 +134,7 @@ public final class ArmeriaCentralDogma extends AbstractCentralDogma { | |||
| .put(RepositoryExistsException.class.getName(), RepositoryExistsException::new) | |||
| .put(InvalidPushException.class.getName(), InvalidPushException::new) | |||
| .put(ReadOnlyException.class.getName(), ReadOnlyException::new) | |||
| .put(MirrorException.class.getName(), MirrorException::new) | |||
There was a problem hiding this comment.
Note: I understood this will actually never be called since CentralDogma client doesn't have any mirror related APIs
There was a problem hiding this comment.
I added it mechanically. We may add mirror API in CentralDogma client later.
...or-git/src/main/java/com/linecorp/centraldogma/server/internal/mirror/AbstractGitMirror.java
Outdated
Show resolved
Hide resolved
...or-git/src/main/java/com/linecorp/centraldogma/server/internal/mirror/AbstractGitMirror.java
Outdated
Show resolved
Hide resolved
...main/java/com/linecorp/centraldogma/server/internal/api/auth/ApplicationTokenAuthorizer.java
Outdated
Show resolved
Hide resolved
| "mirrorApiWorker"); | ||
| } | ||
|
|
||
| public CompletableFuture<MirrorResult> run(String projectName, String mirrorId) { |
There was a problem hiding this comment.
Optional) For better UX, if a mirrorRunId and the triggeredTime is returned I think it may be more clear to users whether the mirror result is from an in-flight mirror or a new attempt.
There was a problem hiding this comment.
It is difficult to create a unique/incremental ID without an external system. However, triggeredTime can be easily added.
There was a problem hiding this comment.
I was imagining a simple UUID inside MirrorKey, but I guess just returning triggeredTime is fine too
server/src/main/java/com/linecorp/centraldogma/server/internal/api/MirroringServiceV1.java
Show resolved
Hide resolved
| @@ -262,6 +263,11 @@ Core properties | |||
|
|
|||
| - the path of the management service. If not specified, the management service is mounted at ``/internal/management``. | |||
|
|
|||
| - ``verboseResponses`` (boolean) | |||
There was a problem hiding this comment.
Question) I'm not confident exceptions don't contain sensitive information (e.g. like credentials). If we do add this property, are you planning on enabling it in our in-house clusters by default?
There was a problem hiding this comment.
Right. I intended to add this feature for use in our in-house systems.
- The sensitive information of credentials is marked when it is serialized.
- The permission manager will check if the caller is granted to access the information.
Even though sensitive information is exposed in error stack traces and delivered to the caller, I think, the caller will be a user who already has the appropriate permissions.
There was a problem hiding this comment.
I see, if you are confident then would it make more sense to just enable by default instead of adding a flag?
There was a problem hiding this comment.
I feel it's too verbose if we return the stack trace for all HTTP APIs.
What do you think about only returning the stack trace for specific APIs (e.g. mirroring) when accessed by non-admin users?
There was a problem hiding this comment.
Later, the exception could be used to generate the client-side stack trace as we did in Armeria gRPC implementation.
https://github.com/line/armeria/blob/main/grpc/src/main/java/com/linecorp/armeria/internal/server/grpc/AbstractServerCall.java#L571-L575
Fine-tuning is a good idea, but for now I think this option is enough for our use case.
package-lock.json
Outdated
| @@ -0,0 +1,21 @@ | |||
| { | |||
There was a problem hiding this comment.
Do these files have to be at the root-level?
| @@ -125,11 +133,27 @@ private CompletableFuture<PushResultDto> createOrUpdate(String projectName, | |||
| }); | |||
| } | |||
|
|
|||
| /** | |||
| * POST /projects/{projectName}/mirrors/{mirrorId}/run | |||
There was a problem hiding this comment.
I'm not sure if it works or not but how about using a custom verb?
POST /projects/{projectName}/mirrors/{mirrorId}:run
https://cloud.google.com/apis/design/custom_methods
There was a problem hiding this comment.
Unfortunately, we can't use a path pattern for a custom verb but should use regular expressions. I didn't want to use regex for this sample path pattern.
There was a problem hiding this comment.
Then, it's fine as is. I might give it a try to get it working one day.
| @@ -61,16 +62,18 @@ public abstract class AbstractMirror implements Mirror { | |||
| private final String remoteBranch; | |||
| @Nullable | |||
| private final String gitignore; | |||
| @Nullable | |||
There was a problem hiding this comment.
I feel like it still run even when enabled is false because the user might want to verify whether the mirror setting is correct.
| mirrorConfig.maxNumBytesPerMirror()); | ||
| }, worker); | ||
| // Remove the inflight request when the mirror task is done. | ||
| future.handleAsync((unused0, unused1) -> inflightRequests.remove(mirrorKey)); |
There was a problem hiding this comment.
nit: How about using handle or handleAsync with the worker instead of using common pool?
There was a problem hiding this comment.
I didn't use handle intentionally because inflightRequests.remove could be called recursively inside inflightRequests.computeIfAbsent(). I wasn't confident that all supported JDK versions were safe for the operation.
Let me specify worker for the job.
| @@ -262,6 +263,11 @@ Core properties | |||
|
|
|||
| - the path of the management service. If not specified, the management service is mounted at ``/internal/management``. | |||
|
|
|||
| - ``verboseResponses`` (boolean) | |||
There was a problem hiding this comment.
I feel it's too verbose if we return the stack trace for all HTTP APIs.
What do you think about only returning the stack trace for specific APIs (e.g. mirroring) when accessed by non-admin users?
Motivation:
Modifications:
POST /projects/{projectName}/mirrors/{mirrorId}/runREST API toMirroringServiceV1so as to trigger a mirroring task.verboseResponsestoCentralDogmaConfigso as to contain full stack traces in error responses.verboseResponsesis enabled.AbstractMirrorto returnMirrorResultwhich is used to notify the result in the UI.MirrorDto.schedulenullable.scheduleit is null.MirrorExceptiontocommonand expose it in the error responses.cronstruedependency topackage.jsonto display a human readable description on the mirror form UI.maxWidthofNotificationWrapperto render stack traces well.Result: