Support ttl=N from helpers #1662
Conversation
| @@ -232,9 +232,13 @@ Helper::Reply::parseResponseKeys() | |||
| // TODO: Convert the above code to use Tokenizer and SBuf | |||
| const SBuf parsedKey(key); | |||
| const SBuf parsedValue(v); // allow empty values (!v or !*v) | |||
| CheckReceivedKey(parsedKey, parsedValue); | |||
| notes.add(parsedKey, parsedValue); | |||
There was a problem hiding this comment.
I see no good reason to make this old code conditional on the annotation not being called "ttl". The official code already handles existing Squid-specific helper annotations like "group" and "tag". Why make the new ttl special in that regard?
There was a problem hiding this comment.
This key pertains to the re-use of the exact helper response that it is part of. Other annotations are relevant in higher levels of abstraction and make sense preserving across the potentially multiple helpers a transaction can use.
There was a problem hiding this comment.
This key pertains to the re-use of the exact helper response that it is part of. Other annotations are relevant in higher levels of abstraction and make sense preserving across the potentially multiple helpers a transaction can use.
A PR may propose a new from-helper annotation categorization scheme, of course, but this should be done explicitly (e.g., by adding a clear definition of categories using C++ comments), and the categorization should be applied to existing/old supported annotations. Just adding do not do this for annotations named foo code is not good enough because it is not clear whether the new code should apply to some old annotations and whether some future bar annotation would need to be added to that code or excluded from it. Addressing this change request requires PR code modifications.
This change request is about (and is attached to) two independent features, represented by two old code lines:
-
The alleged "ttl vs. other annotations" differences are not relevant to CheckReceivedKey() at all.
-
As for (not) adding the new annotation to
notes, some of the existing/old annotations have the same "single helper response" scope AFAICT; once you define the new category, please double check whether any of the existing annotations belong to it. Also, if this PR starts excluding some annotation categories fromnotes, then allnotesuses must be checked to make sure the exclusion is valid/desirable. I would not be surprised if that audit results in preservation of the old code updatingnotesfor all annotation categories and/or code to preserve/replicate the oldnotesfunctionality for the new category of annotations.
rousskov
added
the
S-waiting-for-author
Co-authored-by: Alex Rousskov <[email protected]>
yadij
force-pushed
the
arc-helper-ttl
branch
from
47d75af
to
4365dcd
Compare
yadij
added
S-waiting-for-reviewer
| <p>Changed <em>basic</em> scheme <em>credentialsttl</em> option | ||
| to prefer helper provided <em>ttl=N</em> value (if any). |
There was a problem hiding this comment.
It is not very clear what "prefer" is in this context. I suggest being more specific, but I do not insist on changing the current PR wording.
| <p>Changed <em>basic</em> scheme <em>credentialsttl</em> option | |
| to prefer helper provided <em>ttl=N</em> value (if any). | |
| <p>Ignore <em>basic</em> scheme <em>credentialsttl</em> option | |
| if helper has returned <em>ttl=N</em>. |
| @@ -50,7 +50,7 @@ class User : public RefCountable | |||
| Auth::SchemeConfig *config; | |||
| dlink_list proxy_match_cache; | |||
| size_t ipcount; | |||
| long expiretime; | |||
| time_t expires = 0; | |||
There was a problem hiding this comment.
Please add a description for the expires field. AFAICT, this PR changes this field semantics. I may be missing something, but I cannot find the meaning of the new/changed field based on PR code alone because PR code seems to treat expiretme/expires replacement inconsistently. I hope the description will confirm that PR code is correct (or expose PR bugs).
| @@ -256,7 +255,7 @@ Auth::User::CredentialsCacheStats(StoreEntry *output) | |||
| Auth::Type_str[auth_user->auth_type], | |||
| CredentialState_str[auth_user->credentials()], | |||
| auth_user->ttl(), | |||
| static_cast<int32_t>(auth_user->expiretime - squid_curtime + Auth::TheConfig.credentialsTtl), | |||
| static_cast<int32_t>(auth_user->expires - current_time.tv_sec), | |||
There was a problem hiding this comment.
For consistency (all other ~4 similar expressions use squid_curtime) and simplicity sake:
| static_cast<int32_t>(auth_user->expires - current_time.tv_sec), | |
| static_cast<int32_t>(auth_user->expires - squid_curtime), |
| @@ -56,17 +56,13 @@ Auth::Basic::UserRequest::authenticate(HttpRequest *, ConnStateData *, Http::Hdr | |||
| return; | |||
|
|
|||
| /* are we about to recheck the credentials externally? */ | |||
| if ((user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::SchemeConfig::Find("basic"))->credentialsTTL) <= squid_curtime) { | |||
| if (user()->expires <= current_time.tv_sec) { | |||
There was a problem hiding this comment.
Similar to the other change request (and please check for similar occurrences):
| if (user()->expires <= current_time.tv_sec) { | |
| if (user()->expires <= squid_curtime) { |
rousskov
added
S-waiting-for-author
|
I have adjusted the following phrase in PR description because we still support credentialsttl configuration, even for Basic authentication, AFAICT: - replaces the auth_param credentialsttl configuration.
+ overwrites the auth_param credentialsttl configuration. |
Currently only used for the Basic authentication helpers where it
overwrites the auth_param credentialsttl configuration.