APIGOV-31191 validate cache#1015
Conversation
alrosca
requested review from
dfeldick,
dgghinea,
jcollins-axway,
sbolosan and
vivekschauhan
as code owners
jcollins-axway
left a comment
jcollins-axway
left a comment
There was a problem hiding this comment.
Looks good from a high level, needs pounded testing wise
|
copilots review Code Review: APIGOV-31191 vs mainSummary
Findings
Positives
Recommendations
|
|
Not a bad review at all |
|
caching changes require an extra amount of testing as its usually to blame for our duplicate service issues |
|
Give me time to look at this closer |
There was a problem hiding this comment.
Dang! @vivekschauhan @jcollins-axway I put this note in a very long time ago ;).
I was looking at another race condition down stream, but decided to see who called RebuildCache().
So RebuildCache is reachable by WithOnClientStop (poller) and With EventSyncError (stream) while the event listener go routine is alive, well technically alive.
In those paths the race is meh, maybe not a big deal because event flow has stopped like a harvester error or when the stream is not yet producing. But PublishingLock still doesn't coordinate with the listener. Maybe we should take a look at this again?
There was a problem hiding this comment.
lets put something on the backlog to take a look @sbolosan
There was a problem hiding this comment.
should we eat the error?
At least log the error/warn and then if requirement is to rebuild, then rebuild?
There was a problem hiding this comment.
maybe something like
timeToRebuild, err := a.shouldRebuildCache()
if err != nil {
a.logger.WithError(err).Warn("unable to determine cache rebuild state, triggering rebuild")
timeToRebuild = true
}
if timeToRebuild && a.rebuildCache != nil {
a.rebuildCache.RebuildCache()
}
There was a problem hiding this comment.
I think we can skip the error logging outside shouldRebuildCache since we already log it inside the method. Returning true on error inside the method would not require checking the return error and explicitly putting timeToRebuild on true
There was a problem hiding this comment.
I know this is old and not part of your changes, but can we do a safe guard here
strVal, ok := value.(string)
if !ok {
logger.Warn("cacheUpdateTime is not a string, triggering rebuild")
return true, nil
}
There was a problem hiding this comment.
Do we need this defensive code since in pkg/agent/evensync.go, line 162 that value is put in agent details and will always be a string? I don't think there are permissions to alter the agent details subresource from cli and I don't think anyone would do that, right?
There was a problem hiding this comment.
Technically you're right. But one extra ok check costs nothing and eliminates an entire class of runtime panic, no? I'm just saying x-agent-details is a map deserialized from JSON and JSON deseralization into interface{} has no type gurantees. It'll panic if future code changes forgets to stringify it. Up to you.
| kinds[management.ManagedApplicationGVK().Kind] = struct{}{} | ||
| kinds[management.AccessRequestGVK().Kind] = struct{}{} | ||
| case config.ComplianceAgent: | ||
| kinds[management.ComplianceRuntimeResultGVK().Kind] = struct{}{} |
There was a problem hiding this comment.
any way to use the watch topic that we create to determine these types?
There was a problem hiding this comment.
the watch topic includes kinds that are not persisted in cache (subscribed for event processing only), so deriving the validated set purely from the watch topic would cause false-positive validation failures for those kinds. The per-agent-type whitelist is intentional.
There was a problem hiding this comment.
The agent creates the watch topic on start, the logic that creates that has all the kinds, that is what I refer to. Not necessarily pulling the watch topic itself.
* APIGOV-32372 rebuild only failed kinds * APIGOV-32372 fix for listener/cache rebuild race condition * APIGOV-32372 merge main * APIGOV-32372 remove else statement Co-authored-by: Copilot <copilot@github.com> * APIGOV-32327 wait for clients to be ready * APIGOV-32372 improvements * APIGOV-32372 fix for unlock on unlocked mutex error * APIGOV-32372 guard against listener potential data race --------- Co-authored-by: Copilot <copilot@github.com>
* APIGOV-31191 - remove API calls for metadata check for cache validation * APIGOV-31191 - Refactoring and cleanup - Remove entire cache flush. Flush only the kind getting processed and after the API call is successful to avoid cache inconsistency - Cleanup instance count map that should speed up building APIservice cache items - Fixes * APIGOV-31191 - check publishing lock and acquire lock while publishing * APIGOV-31191 - fixes - Fix for endless waitForCacheRebuild - Fix to keep original APIService resource instance in cache when duplicates are added to the cache - Fix to hook cache rebuild on stream client reconnection instead of harvester error and to address job pool status * APIGOV-31191 - updates - remove waitForCacheRebuild and use the error returned from harvester to trigger the job restart * APIGOV-31191 - fallback to count checks if harvester is not reachable * APIGOV-31191 - review comments + lock on harvester event sync * APIGOV-31191 - lock on harvester event sync * APIGOV-31191 - use APIServiceInstance counts to rebuild APIService cache * APIGOV-31191 - use CreateOrUpdateResource for processing APIService * APIGOV-31191 - fix to not make multiple x-agent-details update for APIService * APIGOV-31191 - clean up event listener pauser
5 participants
Cache validation on start up and reconnect