Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap: add timeout mechanism and optimize lock for LDAP dial and requests #51912

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

ldap: add timeout mechanism and optimize lock for LDAP dial and requests #51912

wants to merge 2 commits into from
+282 −270

Conversation

YangKeao
Copy link
Member

What problem does this PR solve?

Issue Number: close #51883

Problem Summary:

There are two problems:

  1. A pending LDAP authentication process will block rebuildSysVarCache.
  2. If the LDAP connection lost after the first handshake, the LDAP goroutine and function call will hang forever.

What changed and how does it work?

I have done two modification to fix this problem:

  1. Refactor the original ldapAuthImpl to ldapAuthImplBuilder, which will copy the configurations (and take a reference to the connection pool, which include a closure with a copy of connection configurations). Therefore, during the scope of any lock, there didn't exist any IO operation, so that the rebuildSysVarCache will not be blocked by a network connection.
  2. Add timeout to the LDAP requests.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No need to test
    • I checked and no code files have been changed.

I used the yangkeao/ldap-sasl-example container to run the manual test, steps:

TODO

Release note

None

@ti-chi-bot ti-chi-bot bot added the release-note-none Denotes a PR that doesn't merit a release note. label Mar 19, 2024
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Mar 19, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from yangkeao, ensuring that each of them provides their approval before proceeding. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Mar 19, 2024
@YangKeao YangKeao added affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. release-note-none Denotes a PR that doesn't merit a release note. labels Mar 19, 2024
@codecov Codecov
Copy link

codecov bot commented Mar 19, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 62.78027% with 83 lines in your changes missing coverage. Please review.

Project coverage is 75.0818%. Comparing base (7a20e43) to head (ffa01ca).
Report is 1658 commits behind head on master.

Additional details and impacted files 
@@               Coverage Diff                @@
##             master     #51912        +/-   ##
================================================
+ Coverage   72.1416%   75.0818%   +2.9402%     
================================================
  Files          1467       1489        +22     
  Lines        426665     435562      +8897     
================================================
+ Hits         307803     327028     +19225     
+ Misses        99697      87623     -12074     
- Partials      19165      20911      +1746
Flag Coverage Δ
integration 51.6517% <41.2556%> (?)
unit 70.9592% <62.7802%> (-0.0691%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
dumpling 53.9957% <ø> (ø)
parser ∅ <ø> (∅)
br 60.9407% <ø> (+20.3765%) ⬆️

@YangKeao YangKeao force-pushed the fix-ldap-fault-tolerence branch from fbe1b04 to af28965 Compare March 19, 2024 16:23
@ti-chi-bot ti-chi-bot bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Mar 19, 2024
@YangKeao
Copy link
Member Author

/retest

@YangKeao YangKeao marked this pull request as draft March 20, 2024 02:56
@ti-chi-bot ti-chi-bot bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 20, 2024
@YangKeao YangKeao mentioned this pull request Mar 20, 2024
Merged
5 tasks
This was referenced Mar 20, 2024
Merged
Merged
@ti-chi-bot ti-chi-bot bot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Mar 29, 2024
@YangKeao YangKeao force-pushed the fix-ldap-fault-tolerence branch from 7c76868 to ffa01ca Compare April 2, 2024 11:25
@YangKeao YangKeao marked this pull request as ready for review April 2, 2024 11:25
@ti-chi-bot ti-chi-bot bot removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Apr 2, 2024
@YangKeao YangKeao requested review from bb7133 and CbcWestwolf April 2, 2024 14:01
@YangKeao
Copy link
Member Author

YangKeao commented Apr 2, 2024

Now, I think this PR is ready to merge. cc @bb7133 and @CbcWestwolf

@YangKeao
Copy link
Member Author

YangKeao commented Apr 2, 2024

/hold

I found a bug. If ldapConnectionPool is re-initialized, and an already built ldapAuthImpl is getting a connection from the pool, there'll be a data race 🤦 . Let me fix it.

@ti-chi-bot ti-chi-bot bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 2, 2024
@ti-chi-bot ti-chi-bot added the needs-cherry-pick-release-7.1 Should cherry pick this PR to release-7.1 branch. label Apr 11, 2024
@ti-chi-bot ti-chi-bot mentioned this pull request Apr 12, 2024
Merged
5 tasks
@ti-chi-bot ti-chi-bot added the needs-cherry-pick-release-7.5 Should cherry pick this PR to release-7.5 branch. label Jul 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bb7133 bb7133 Awaiting requested review from bb7133

@CbcWestwolf CbcWestwolf Awaiting requested review from CbcWestwolf

Assignees
No one assigned
Labels
affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. needs-cherry-pick-release-7.1 Should cherry pick this PR to release-7.1 branch. needs-cherry-pick-release-7.5 Should cherry pick this PR to release-7.5 branch. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

A dead LDAP upstream can block the authentication and show global variables.
3 participants
@YangKeao @bb7133 @ti-chi-bot