Skip to content

Fix expiration logic for ldap internal credential cache#11395

Merged
suneet-s merged 4 commits intoapache:masterfrom
loquisgon:fix_ldap_cache_duration
Jul 1, 2021
Merged

Fix expiration logic for ldap internal credential cache#11395
suneet-s merged 4 commits intoapache:masterfrom
loquisgon:fix_ldap_cache_duration

Conversation

@loquisgon
Copy link
Copy Markdown

@loquisgon loquisgon commented Jun 29, 2021

Fixes a bug with the expiration logic for LdapUserPrincipal. The entry should unconditionally expire when maxDuration is up among other conditions. It was not expiring in that case.

This PR has:

  • [ X] been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • [X ] added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@loquisgon loquisgon force-pushed the fix_ldap_cache_duration branch from 0382af2 to dc66caa Compare June 29, 2021 23:44
jon-wei
jon-wei reviewed Jun 30, 2021
View reviewed changes
Comment thread ...rity/src/test/java/org/apache/druid/security/basic/authentication/LdapUserPrincipalTest.java Outdated

public void testIsExpiredWhenMaxDurationIsSmall() throws InterruptedException
{
Thread.sleep(1000);
Copy link
Copy Markdown
Contributor

@jon-wei jon-wei Jun 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe you could avoid the sleeps by changing isExpired to accept "now" as a parameter, and passing in an explicit "created at" time when creating the principal

Copy link
Copy Markdown
Author

@loquisgon loquisgon Jun 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about exposing the private constructor (for testing) and adding the now parameter as you indicate? however passing now to isExpired feels like an error prone decision (callers may make mistakes violating the contract of the expiration logic --- violation of encapsulation)

Copy link
Copy Markdown
Author

@loquisgon loquisgon Jun 30, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. I left the original isExpired method and added a new isExpired, visible for testing, with the new parameters.

nishantmonu51
nishantmonu51 approved these changes Jun 30, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@nishantmonu51 nishantmonu51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 , LGTM

zachjsh
zachjsh approved these changes Jun 30, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@zachjsh zachjsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

zachjsh
zachjsh reviewed Jun 30, 2021
View reviewed changes
Comment thread ...rity/src/test/java/org/apache/druid/security/basic/authentication/LdapUserPrincipalTest.java Outdated
Assert.assertTrue(PRINCIPAL.isExpired(100, 1000));
}

public void testIsExpiredWhenMaxDurationIsSmall() throws InterruptedException
Copy link
Copy Markdown
Contributor

@zachjsh zachjsh Jun 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exception is never thrown. Same for other tests below. Failing intelliJ inspection because of this.

Copy link
Copy Markdown
Author

@loquisgon loquisgon Jun 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@suneet-s suneet-s merged commit a9c4b47 into apache:master Jul 1, 2021
jihoonson pushed a commit to jihoonson/druid that referenced this pull request Jul 12, 2021
@jihoonson
Fix expiration logic for ldap internal credential cache (apache#11395)
d8d2ede 
* Fix expiration logic for ldap internal credential cache

* Removed sleeps from tests

* Make method package scoped so it can be used in unit tests

* Removed unused thrown exceptions
@clintropolis clintropolis added this to the 0.22.0 milestone Aug 12, 2021
@clintropolis clintropolis mentioned this pull request Sep 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zachjsh zachjsh zachjsh approved these changes

@nishantmonu51 nishantmonu51 nishantmonu51 approved these changes

@jon-wei jon-wei jon-wei approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.22.0

Development

Successfully merging this pull request may close these issues.

6 participants

@loquisgon @nishantmonu51 @zachjsh @jon-wei @clintropolis @suneet-s