Move credentials settings merging out of RemoteClusterService#135491
Conversation
Addresses a second settings cleanup request comment from PR 133834, moving the settings merging and creation of a LinkedProjectConfig out of RemoteClusterService and into TransportReloadRemoteClusterCredentialsAction. This is one step closer to eliminating the Settings based code in RemoteClusterService so it operates on LinkedProjectConfig objects only. Resolves: ES-12864
| public synchronized void updateRemoteClusterCredentials(Supplier<Settings> settingsSupplier, ActionListener<Void> listener) { | ||
| /** | ||
| * Rebuilds linked project connections as needed for updated remote cluster credentials. | ||
| * @param settingsSupplier A {@link Supplier} for the updated credentials {@link Settings}. | ||
| * @param configFunction A function that builds a {@link LinkedProjectConfig} for an alias, static settings, and new settings. | ||
| * @param listener An {@link ActionListener} invoked once all connection modifications have been completed. | ||
| */ | ||
| public synchronized void updateRemoteClusterCredentials( | ||
| Supplier<Settings> settingsSupplier, | ||
| TriFunction<String, Settings, Settings, LinkedProjectConfig> configFunction, | ||
| ActionListener<Void> listener |
There was a problem hiding this comment.
I'm not fond of the way this PR turned out. I think I would prefer moving the code in updateRemoteClusterCredentials() into TransportReloadRemoteClusterCredentialsAction, and have TransportReloadRemoteClusterCredentialsAction call RemoteClusterService. maybeRebuildConnectionOnCredentialsChange() with a LinkedProjectConfig as needed. We could add a getter on RemoteClusterService for the RemoteClusterCredentialsManager.
Yang's comment discusses using ClusterSettingsLinkedProjectConfigService, but we aren't aware of or have access to one, or a LinkedProjectConfigService here. I may be misunderstanding what he is suggesting to do here.
There was a problem hiding this comment.
I haven't wrapped my head around this and what the cleanest approach here would be but in case this is useful:
We can easily expose LinkedProjectConfigService to TransportReloadRemoteClusterCredentialsAction by injecting it during node construction:
final var linkedProjectConfigService = pluginsService.loadSingletonServiceProvider(
LinkedProjectConfigService.class,
() -> new ClusterSettingsLinkedProjectConfigService(settings, clusterService.getClusterSettings(), projectResolver)
);
modules.bindToInstance(LinkedProjectConfigService.class, linkedProjectConfigService);exposes it to all TransportActions:
@Inject
public TransportReloadRemoteClusterCredentialsAction(
TransportService transportService,
ClusterService clusterService,
ActionFilters actionFilters,
LinkedProjectConfigService linkedProjectConfigService
)There was a problem hiding this comment.
@JeremyDahlgren
My previous comment was indeed a bit vague. It took me a while to remember what I was thinking. 🤦 Sorry for the confusion.
My main point is to remove "settings usage for remote cluster config" as much as possible from RemoteClusterService since we now have the unified LinkedProjectConfig object. Hence I mostly like to see us removing maybeRebuildConnectionOnCredentialsChange from RemoteClusterService or at least it should not take Settings but instead LinkedProjectConfig as input.
For concrete changes:
- I think "add a getter on RemoteClusterService for the RemoteClusterCredentialsManager" seems a reasonable near term option. I assume this means we call
RemoteClusterCredentialsManager#updateClusterCredentialswithin the transport action. Conceptually this makes sense since with the unified config object,RemoteClusterServiceshould remove itself from dealing with these lower level updates and in long term,RemoteClusterCredentialsManagermight need to be managed independently and injected to places. One thing to note is that this means the process of "updating credentials and rebuilding connection" will be performed in twosynchronizedblocks instead of one. It feels OK to me sinceclusterCredentialsis updated as a volatile field and should not have any visible intermediate state. - You are right that
LinkedProjectConfigServiceis not accessible inRemoteClusterService. If we go with your suggestion of moving the logic to the transport action, we should be able to keep the code mostly as is exception in a different class.
There was a problem hiding this comment.
Thanks Yang for the details here. I relocated the code as suggested, and also ended up moving both updateClusterCredentials() and maybeRebuildConnectionOnCredentialsChange() into the action class. To keep the same synchronization behavior I had a synchronized block on the RCS instance, but this may be different than what you were describing in item 1 of your comment. Please let me know what you think here.
|
Pinging @elastic/es-distributed-coordination (Team:Distributed Coordination) |
ywangd
left a comment
There was a problem hiding this comment.
LGTM
It would be nice to have a new test for TransportReloadRemoteClusterCredentialsAction#updateClusterCredentials to excercise the relocated logic in its entirety. I can also see this being a follow-up.
| private void updateClusterCredentials(Supplier<Settings> settingsSupplier, ActionListener<ActionResponse.Empty> listener) { | ||
| final var projectId = projectResolver.getProjectId(); | ||
| final var credentialsManager = remoteClusterService.getRemoteClusterCredentialsManager(); | ||
| final var staticSettings = credentialsManager.getSettings(); |
There was a problem hiding this comment.
The settings can already be retrieved with clusterService.getSettings() so that the change in RemoteClusterCredentialsManager is not necessary.
| // Synchronized on the RCS instance to match previous behavior where this functionality was in a synchronized RCS method. | ||
| synchronized (remoteClusterService) { | ||
| updateClusterCredentials(settingsSupplier, listener); | ||
| } |
I added a follow up ticket, ES-13161 |
Adds a new unit test class for TransportReloadRemoteClusterCredentialsAction. This is a follow up from elastic#135491, where a significant chunk of code was moved from RemoteClusterService into TransportReloadRemoteClusterCredentialsAction. This also verifies code touched recently in elastic#139012. Resolves: ES-13161
…39414) Adds a new unit test class for TransportReloadRemoteClusterCredentialsAction. This is a follow up from #135491, where a significant chunk of code was moved from RemoteClusterService into TransportReloadRemoteClusterCredentialsAction. This also verifies code touched recently in #139012. Resolves: ES-13161
…astic#139414) Adds a new unit test class for TransportReloadRemoteClusterCredentialsAction. This is a follow up from elastic#135491, where a significant chunk of code was moved from RemoteClusterService into TransportReloadRemoteClusterCredentialsAction. This also verifies code touched recently in elastic#139012. Resolves: ES-13161
Addresses a second settings cleanup request comment from #133834, moving the settings merging and creation of a
LinkedProjectConfigout ofRemoteClusterServiceand intoTransportReloadRemoteClusterCredentialsAction.This is one step closer to eliminating the
Settingsbased code inRemoteClusterServiceso it operates onLinkedProjectConfigobjects only.Resolves: ES-12864