jacek-lewandowski commented on code in PR #1587: URL: https://github.com/apache/cassandra/pull/1587#discussion_r1058798367
########## src/java/org/apache/cassandra/locator/Ec2SnitchIMDSv2.java: ########## @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.locator; +import java.io.DataInputStream; +import java.io.FilterInputStream; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.nio.charset.StandardCharsets; + +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.io.util.FileUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * An implementation of the Ec2Snitch which uses Instance Meta Data Service v2 (IMDSv2) which requires you + * to get a session token first before calling the metaData service + */ +public class Ec2SnitchIMDSv2 extends Ec2Snitch +{ + protected static final Logger logger = LoggerFactory.getLogger(Ec2SnitchIMDSv2.class); + private static final long REFRESH_TOKEN_TIME = 21600; Review Comment: The documentation says that it is the maximum TTL for the token - would be good to let the user configure that time using snitch properties (please remember to include the unit suffix in property name) ########## src/java/org/apache/cassandra/locator/Ec2SnitchIMDSv2.java: ########## @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.locator; +import java.io.DataInputStream; +import java.io.FilterInputStream; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.nio.charset.StandardCharsets; + +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.io.util.FileUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * An implementation of the Ec2Snitch which uses Instance Meta Data Service v2 (IMDSv2) which requires you + * to get a session token first before calling the metaData service + */ +public class Ec2SnitchIMDSv2 extends Ec2Snitch +{ + protected static final Logger logger = LoggerFactory.getLogger(Ec2SnitchIMDSv2.class); + private static final long REFRESH_TOKEN_TIME = 21600; + private static final String AWS_EC2_METADATA_HEADER_TTL = "X-aws-ec2-metadata-token-ttl-seconds"; + private static final String TOKEN_TTL_SECONDS = String.valueOf(REFRESH_TOKEN_TIME); + private static final String AWS_EC2_METADATA_HEADER = "X-aws-ec2-metadata-token"; + private static final String TOKEN_ENDPOINT = "http://169.254.169.254/latest/api/token";; + + private String myToken; + private Long myLastTokenTime; + + + public Ec2SnitchIMDSv2() throws IOException, ConfigurationException Review Comment: This constructor alone is redundant. You should add a constructor which takes `SnitchProperties` so that both are justified ########## src/java/org/apache/cassandra/locator/Ec2MultiRegionSnitchIMDSv2.java: ########## @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.locator; + +import java.io.IOException; +import java.net.InetAddress; + + +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.gms.ApplicationState; +import org.apache.cassandra.gms.Gossiper; +import org.apache.cassandra.service.StorageService; + +/** + * Is exactly the same as the Ec2MultiRegionSnitch except it uses the Instance MetaData Service v2 (IMDSv2) which + * requires you to get a session token first. + */ +public class Ec2MultiRegionSnitchIMDSv2 extends Ec2SnitchIMDSv2 +{ + + private static final String PUBLIC_IP_QUERY_URL = "http://169.254.169.254/latest/meta-data/public-ipv4";; + private static final String PRIVATE_IP_QUERY_URL = "http://169.254.169.254/latest/meta-data/local-ipv4";; + private final String localPrivateAddress; + + public Ec2MultiRegionSnitchIMDSv2() throws IOException, ConfigurationException Review Comment: Similar to `Ec2SnitchIMDSv2` - please add a constructor accepting `SnitchProperties` ########## src/java/org/apache/cassandra/locator/Ec2SnitchIMDSv2.java: ########## @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.locator; +import java.io.DataInputStream; +import java.io.FilterInputStream; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.nio.charset.StandardCharsets; + +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.io.util.FileUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * An implementation of the Ec2Snitch which uses Instance Meta Data Service v2 (IMDSv2) which requires you + * to get a session token first before calling the metaData service + */ +public class Ec2SnitchIMDSv2 extends Ec2Snitch +{ + protected static final Logger logger = LoggerFactory.getLogger(Ec2SnitchIMDSv2.class); + private static final long REFRESH_TOKEN_TIME = 21600; + private static final String AWS_EC2_METADATA_HEADER_TTL = "X-aws-ec2-metadata-token-ttl-seconds"; + private static final String TOKEN_TTL_SECONDS = String.valueOf(REFRESH_TOKEN_TIME); + private static final String AWS_EC2_METADATA_HEADER = "X-aws-ec2-metadata-token"; + private static final String TOKEN_ENDPOINT = "http://169.254.169.254/latest/api/token";; Review Comment: The endpoint IP is common for all of the addressed used here and in other EC2 classes. Would be good to extract it into a single field in `Ec2Snitch` class. If it was additionally configurable via `SnitchProperties` those classes would be more testable as we could simulate the EC2 endpoint (applies only for PR against trunk) ########## src/java/org/apache/cassandra/locator/Ec2SnitchIMDSv2.java: ########## @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.locator; +import java.io.DataInputStream; +import java.io.FilterInputStream; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.nio.charset.StandardCharsets; + +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.io.util.FileUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * An implementation of the Ec2Snitch which uses Instance Meta Data Service v2 (IMDSv2) which requires you + * to get a session token first before calling the metaData service + */ +public class Ec2SnitchIMDSv2 extends Ec2Snitch +{ + protected static final Logger logger = LoggerFactory.getLogger(Ec2SnitchIMDSv2.class); + private static final long REFRESH_TOKEN_TIME = 21600; + private static final String AWS_EC2_METADATA_HEADER_TTL = "X-aws-ec2-metadata-token-ttl-seconds"; + private static final String TOKEN_TTL_SECONDS = String.valueOf(REFRESH_TOKEN_TIME); + private static final String AWS_EC2_METADATA_HEADER = "X-aws-ec2-metadata-token"; + private static final String TOKEN_ENDPOINT = "http://169.254.169.254/latest/api/token";; + + private String myToken; + private Long myLastTokenTime; + + + public Ec2SnitchIMDSv2() throws IOException, ConfigurationException + { + super(); + } + + @Override + String awsApiCall(final String url) throws IOException, ConfigurationException + { + // Populate the region and zone by introspection, fail if 404 on metadata + if (myToken == null || myLastTokenTime == null + || System.currentTimeMillis() - myLastTokenTime > (REFRESH_TOKEN_TIME - 100)) + { + getAndSetNewToken(); + } + final HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection(); + conn.setRequestProperty(AWS_EC2_METADATA_HEADER, myToken); + return getContent(conn); + } + + /** + * Get a session token to enable requests to the meta data service. + * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html + * + * @throws IOException + */ + private void getAndSetNewToken() throws IOException + { + final URL url = new URL(TOKEN_ENDPOINT); + final HttpURLConnection http = (HttpURLConnection) url.openConnection(); + http.setRequestProperty(AWS_EC2_METADATA_HEADER_TTL, TOKEN_TTL_SECONDS); + http.setRequestMethod("PUT"); + + myToken = getContent(http); + myLastTokenTime = System.currentTimeMillis(); + } + + private String getContent(final HttpURLConnection conn) throws IOException + { + DataInputStream d = null; + try + { + if (conn.getResponseCode() != 200) + { + throw new ConfigurationException( + "Ec2SnitchIMDSv2 was unable to execute the API call. Not an ec2 node?"); + } + // Read the information. I wish I could say (String) conn.getContent() here... + final int cl = conn.getContentLength(); Review Comment: Could you extract this content reading code into some method maybe in `EC2Snitch` or somewhere else and then, use there and in the legacy EC2 snitch impl? (only for trunk) Also, would be good to cover the case where content length is returned -1, and read the whole input stream then (or read the whole input stream always, for example using `ByteStreams.toByteArray`) ########## src/java/org/apache/cassandra/locator/Ec2SnitchIMDSv2.java: ########## @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.locator; +import java.io.DataInputStream; +import java.io.FilterInputStream; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.nio.charset.StandardCharsets; + +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.io.util.FileUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * An implementation of the Ec2Snitch which uses Instance Meta Data Service v2 (IMDSv2) which requires you + * to get a session token first before calling the metaData service + */ +public class Ec2SnitchIMDSv2 extends Ec2Snitch +{ + protected static final Logger logger = LoggerFactory.getLogger(Ec2SnitchIMDSv2.class); + private static final long REFRESH_TOKEN_TIME = 21600; + private static final String AWS_EC2_METADATA_HEADER_TTL = "X-aws-ec2-metadata-token-ttl-seconds"; + private static final String TOKEN_TTL_SECONDS = String.valueOf(REFRESH_TOKEN_TIME); + private static final String AWS_EC2_METADATA_HEADER = "X-aws-ec2-metadata-token"; + private static final String TOKEN_ENDPOINT = "http://169.254.169.254/latest/api/token";; + + private String myToken; + private Long myLastTokenTime; + + + public Ec2SnitchIMDSv2() throws IOException, ConfigurationException + { + super(); + } + + @Override + String awsApiCall(final String url) throws IOException, ConfigurationException + { + // Populate the region and zone by introspection, fail if 404 on metadata + if (myToken == null || myLastTokenTime == null Review Comment: nit: perhaps you can use `Suppliers.memoizeWithExpiration` to automatically control token lifetime ########## src/java/org/apache/cassandra/locator/Ec2MultiRegionSnitchIMDSv2.java: ########## @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.locator; + +import java.io.IOException; +import java.net.InetAddress; + + +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.gms.ApplicationState; +import org.apache.cassandra.gms.Gossiper; +import org.apache.cassandra.service.StorageService; + +/** + * Is exactly the same as the Ec2MultiRegionSnitch except it uses the Instance MetaData Service v2 (IMDSv2) which + * requires you to get a session token first. + */ +public class Ec2MultiRegionSnitchIMDSv2 extends Ec2SnitchIMDSv2 +{ + + private static final String PUBLIC_IP_QUERY_URL = "http://169.254.169.254/latest/meta-data/public-ipv4";; + private static final String PRIVATE_IP_QUERY_URL = "http://169.254.169.254/latest/meta-data/local-ipv4";; + private final String localPrivateAddress; + + public Ec2MultiRegionSnitchIMDSv2() throws IOException, ConfigurationException + { + super(); Review Comment: nit: redundant -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
