Merge pull request #13 from zeroae/i/throttle

sodre · web-flow · commit 738475270ca8 · 2022-08-11T14:19:41.000-04:00
Invalidate the group cache before add/delete access policies
diff --git a/nifi-cognito-authorizer/src/main/java/co/zeroae/nifi/authorization/cognito/AbstractCognitoProvider.java b/nifi-cognito-authorizer/src/main/java/co/zeroae/nifi/authorization/cognito/AbstractCognitoProvider.java
@@ -17,14 +17,18 @@
 import software.amazon.awssdk.core.retry.RetryPolicy;
 import software.amazon.awssdk.core.retry.backoff.BackoffStrategy;
 import software.amazon.awssdk.core.retry.backoff.FullJitterBackoffStrategy;
+import software.amazon.awssdk.core.retry.conditions.OrRetryCondition;
+import software.amazon.awssdk.core.retry.conditions.RetryCondition;
+import software.amazon.awssdk.core.retry.conditions.RetryOnExceptionsCondition;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
-import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClientBuilder;
+import software.amazon.awssdk.services.cognitoidentityprovider.model.TooManyRequestsException;
 
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Paths;
+import java.time.Duration;
 import java.util.Properties;
 import java.util.concurrent.TimeUnit;
 
@@ -33,7 +37,7 @@ public abstract class AbstractCognitoProvider {
     static final String ACCESS_KEY_PROPS_NAME = "aws.access.key.id";
     static final String SECRET_KEY_PROPS_NAME = "aws.secret.access.key";
 
-    public static final int MAX_ATTEMPTS = 10;
+    public static final int MAX_ATTEMPTS = BackoffStrategy.RETRIES_ATTEMPTED_CEILING;
     public static final int MAX_PAGE_SIZE = 60;
     public static final String PROP_USER_POOL_ID = "User Pool";
     public static final String PROP_TENANT_ID = "Tenant Id";
@@ -97,14 +101,27 @@ CognitoIdentityProviderClient configureClient(final String awsCredentialsFilenam
             credentialsProvider = DefaultCredentialsProvider.create();
         }
         final Region region = Region.of(userPoolId.substring(0, userPoolId.indexOf('_')));
-        final ClientOverrideConfiguration overrideConfiguration = ClientOverrideConfiguration.builder()
-                .retryPolicy(RetryPolicy.builder(RetryMode.ADAPTIVE)
-                        .additionalRetryConditionsAllowed(true)
-                        .fastFailRateLimiting(false)
-                        .numRetries(MAX_ATTEMPTS)
-                        .build()
+        final RetryPolicy retryPolicy = RetryPolicy.builder(RetryMode.ADAPTIVE)
+                .additionalRetryConditionsAllowed(true)
+                .fastFailRateLimiting(false)
+                .numRetries(Math.min(MAX_ATTEMPTS, BackoffStrategy.RETRIES_ATTEMPTED_CEILING))
+                .retryCondition(OrRetryCondition.create(
+                        RetryOnExceptionsCondition.create(TooManyRequestsException.class),
+                        RetryCondition.defaultRetryCondition()
+                ))
+                .backoffStrategy(FullJitterBackoffStrategy.builder()
+                        .maxBackoffTime(Duration.ofSeconds(30))
+                        .baseDelay(Duration.ofMillis(500))
+                        .build())
+                .throttlingBackoffStrategy(FullJitterBackoffStrategy.builder()
+                                .maxBackoffTime(Duration.ofSeconds(30))
+                                .baseDelay(Duration.ofMillis(500))
+                                .build()
                 )
                 .build();
+        final ClientOverrideConfiguration overrideConfiguration = ClientOverrideConfiguration.builder()
+                .retryPolicy(retryPolicy)
+                .build();
 
         return CognitoIdentityProviderClient.builder()
                 .region(region)
diff --git a/nifi-cognito-authorizer/src/main/java/co/zeroae/nifi/authorization/cognito/CognitoAccessPolicyProvider.java b/nifi-cognito-authorizer/src/main/java/co/zeroae/nifi/authorization/cognito/CognitoAccessPolicyProvider.java
@@ -90,15 +90,20 @@ public AccessPolicy getAccessPolicy(String identifier) throws AuthorizationAcces
 
     @Override
     public AccessPolicy getAccessPolicy(String resource, RequestAction action) throws AuthorizationAccessException {
-        return Objects.requireNonNull(policyByGroupName.get(getGroupName(resource, action))).orElse(null);
+        final Set<AccessPolicy> allPolicies = getAccessPolicies();
+        if (allPolicies == null)
+            return null;
+        return allPolicies.stream()
+                .filter(policy -> policy.getResource().equals(resource) && policy.getAction().equals(action))
+                .findFirst()
+                .orElse(null);
     }
 
     @Override
     public AccessPolicy addAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
         try {
-            AccessPolicy rv = super.addAccessPolicy(accessPolicy);
             groupTypeCache.invalidateAll();
-            return rv;
+            return super.addAccessPolicy(accessPolicy);
         } finally {
             invalidate(accessPolicy);
         }
@@ -113,6 +118,7 @@ public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws Authori
     @Override
     public AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
         try {
+            groupTypeCache.invalidateAll();
             return super.deleteAccessPolicy(accessPolicy);
         } finally {
             invalidate(accessPolicy);
diff --git a/nifi-registry-cognito-extensions/src/main/java/co/zeroae/nifi/registry/authorization/cognito/AbstractCognitoProvider.java b/nifi-registry-cognito-extensions/src/main/java/co/zeroae/nifi/registry/authorization/cognito/AbstractCognitoProvider.java
@@ -14,14 +14,21 @@
 import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
 import software.amazon.awssdk.core.retry.RetryMode;
 import software.amazon.awssdk.core.retry.RetryPolicy;
+import software.amazon.awssdk.core.retry.backoff.BackoffStrategy;
+import software.amazon.awssdk.core.retry.backoff.FullJitterBackoffStrategy;
+import software.amazon.awssdk.core.retry.conditions.OrRetryCondition;
+import software.amazon.awssdk.core.retry.conditions.RetryCondition;
+import software.amazon.awssdk.core.retry.conditions.RetryOnExceptionsCondition;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
+import software.amazon.awssdk.services.cognitoidentityprovider.model.TooManyRequestsException;
 import software.amazon.awssdk.utils.StringUtils;
 
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Paths;
+import java.time.Duration;
 import java.util.Properties;
 import java.util.concurrent.TimeUnit;
 
@@ -30,7 +37,7 @@ public abstract class AbstractCognitoProvider {
     static final String ACCESS_KEY_PROPS_NAME = "aws.access.key.id";
     static final String SECRET_KEY_PROPS_NAME = "aws.secret.access.key";
 
-    public static final int MAX_ATTEMPTS = 10;
+    public static final int MAX_ATTEMPTS = BackoffStrategy.RETRIES_ATTEMPTED_CEILING;
     public static final int MAX_PAGE_SIZE = 60;
     public static final String PROP_USER_POOL_ID = "User Pool";
     public static final String PROP_TENANT_ID = "Tenant Id";
@@ -94,14 +101,27 @@ CognitoIdentityProviderClient configureClient(final String awsCredentialsFilenam
             credentialsProvider = DefaultCredentialsProvider.create();
         }
         final Region region = Region.of(userPoolId.substring(0, userPoolId.indexOf('_')));
-        final ClientOverrideConfiguration overrideConfiguration = ClientOverrideConfiguration.builder()
-                .retryPolicy(RetryPolicy.builder(RetryMode.ADAPTIVE)
-                        .additionalRetryConditionsAllowed(true)
-                        .fastFailRateLimiting(false)
-                        .numRetries(MAX_ATTEMPTS)
-                        .build()
+        final RetryPolicy retryPolicy = RetryPolicy.builder(RetryMode.ADAPTIVE)
+                .additionalRetryConditionsAllowed(true)
+                .fastFailRateLimiting(false)
+                .numRetries(Math.min(MAX_ATTEMPTS, BackoffStrategy.RETRIES_ATTEMPTED_CEILING))
+                .retryCondition(OrRetryCondition.create(
+                        RetryOnExceptionsCondition.create(TooManyRequestsException.class),
+                        RetryCondition.defaultRetryCondition()
+                ))
+                .backoffStrategy(FullJitterBackoffStrategy.builder()
+                        .maxBackoffTime(Duration.ofSeconds(30))
+                        .baseDelay(Duration.ofMillis(500))
+                        .build())
+                .throttlingBackoffStrategy(FullJitterBackoffStrategy.builder()
+                                .maxBackoffTime(Duration.ofSeconds(30))
+                                .baseDelay(Duration.ofMillis(500))
+                                .build()
                 )
                 .build();
+        final ClientOverrideConfiguration overrideConfiguration = ClientOverrideConfiguration.builder()
+                .retryPolicy(retryPolicy)
+                .build();
 
         return CognitoIdentityProviderClient.builder()
                 .region(region)
diff --git a/nifi-registry-cognito-extensions/src/main/java/co/zeroae/nifi/registry/authorization/cognito/CognitoAccessPolicyProvider.java b/nifi-registry-cognito-extensions/src/main/java/co/zeroae/nifi/registry/authorization/cognito/CognitoAccessPolicyProvider.java
@@ -93,15 +93,20 @@ public AccessPolicy getAccessPolicy(String identifier) throws AuthorizationAcces
 
     @Override
     public AccessPolicy getAccessPolicy(String resource, RequestAction action) throws AuthorizationAccessException {
-        return Objects.requireNonNull(policyByGroupName.get(getGroupName(resource, action))).orElse(null);
+        final Set<AccessPolicy> allPolicies = getAccessPolicies();
+        if (allPolicies == null)
+            return null;
+        return allPolicies.stream()
+                .filter(policy -> policy.getResource().equals(resource) && policy.getAction().equals(action))
+                .findFirst()
+                .orElse(null);
     }
 
     @Override
     public AccessPolicy addAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
         try {
-            AccessPolicy rv = super.addAccessPolicy(accessPolicy);
             groupTypeCache.invalidateAll();
-            return rv;
+            return super.addAccessPolicy(accessPolicy);
         } finally {
             invalidate(accessPolicy);
         }
@@ -116,6 +121,7 @@ public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws Authori
     @Override
     public AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
         try {
+            groupTypeCache.invalidateAll();
             return super.deleteAccessPolicy(accessPolicy);
         } finally {
             invalidate(accessPolicy);
