-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support ttl=N from helpers #1662
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I support adding this feature.
@@ -232,9 +232,13 @@ Helper::Reply::parseResponseKeys() | |||
// TODO: Convert the above code to use Tokenizer and SBuf | |||
const SBuf parsedKey(key); | |||
const SBuf parsedValue(v); // allow empty values (!v or !*v) | |||
CheckReceivedKey(parsedKey, parsedValue); | |||
notes.add(parsedKey, parsedValue); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see no good reason to make this old code conditional on the annotation not being called "ttl". The official code already handles existing Squid-specific helper annotations like "group" and "tag". Why make the new ttl
special in that regard?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This key pertains to the re-use of the exact helper response that it is part of. Other annotations are relevant in higher levels of abstraction and make sense preserving across the potentially multiple helpers a transaction can use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This key pertains to the re-use of the exact helper response that it is part of. Other annotations are relevant in higher levels of abstraction and make sense preserving across the potentially multiple helpers a transaction can use.
A PR may propose a new from-helper annotation categorization scheme, of course, but this should be done explicitly (e.g., by adding a clear definition of categories using C++ comments), and the categorization should be applied to existing/old supported annotations. Just adding do not do this for annotations named foo
code is not good enough because it is not clear whether the new code should apply to some old annotations and whether some future bar
annotation would need to be added to that code or excluded from it. Addressing this change request requires PR code modifications.
This change request is about (and is attached to) two independent features, represented by two old code lines:
-
The alleged "ttl vs. other annotations" differences are not relevant to CheckReceivedKey() at all.
-
As for (not) adding the new annotation to
notes
, some of the existing/old annotations have the same "single helper response" scope AFAICT; once you define the new category, please double check whether any of the existing annotations belong to it. Also, if this PR starts excluding some annotation categories fromnotes
, then allnotes
uses must be checked to make sure the exclusion is valid/desirable. I would not be surprised if that audit results in preservation of the old code updatingnotes
for all annotation categories and/or code to preserve/replicate the oldnotes
functionality for the new category of annotations.
Co-authored-by: Alex Rousskov <[email protected]>
47d75af
to
4365dcd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is as far as I could get without an expires
data member description.
<p>Changed <em>basic</em> scheme <em>credentialsttl</em> option | ||
to prefer helper provided <em>ttl=N</em> value (if any). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not very clear what "prefer" is in this context. I suggest being more specific, but I do not insist on changing the current PR wording.
<p>Changed <em>basic</em> scheme <em>credentialsttl</em> option | |
to prefer helper provided <em>ttl=N</em> value (if any). | |
<p>Ignore <em>basic</em> scheme <em>credentialsttl</em> option | |
if helper has returned <em>ttl=N</em>. |
@@ -50,7 +50,7 @@ class User : public RefCountable | |||
Auth::SchemeConfig *config; | |||
dlink_list proxy_match_cache; | |||
size_t ipcount; | |||
long expiretime; | |||
time_t expires = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a description for the expires
field. AFAICT, this PR changes this field semantics. I may be missing something, but I cannot find the meaning of the new/changed field based on PR code alone because PR code seems to treat expiretme/expires replacement inconsistently. I hope the description will confirm that PR code is correct (or expose PR bugs).
@@ -256,7 +255,7 @@ Auth::User::CredentialsCacheStats(StoreEntry *output) | |||
Auth::Type_str[auth_user->auth_type], | |||
CredentialState_str[auth_user->credentials()], | |||
auth_user->ttl(), | |||
static_cast<int32_t>(auth_user->expiretime - squid_curtime + Auth::TheConfig.credentialsTtl), | |||
static_cast<int32_t>(auth_user->expires - current_time.tv_sec), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For consistency (all other ~4 similar expressions use squid_curtime) and simplicity sake:
static_cast<int32_t>(auth_user->expires - current_time.tv_sec), | |
static_cast<int32_t>(auth_user->expires - squid_curtime), |
@@ -56,17 +56,13 @@ Auth::Basic::UserRequest::authenticate(HttpRequest *, ConnStateData *, Http::Hdr | |||
return; | |||
|
|||
/* are we about to recheck the credentials externally? */ | |||
if ((user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::SchemeConfig::Find("basic"))->credentialsTTL) <= squid_curtime) { | |||
if (user()->expires <= current_time.tv_sec) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to the other change request (and please check for similar occurrences):
if (user()->expires <= current_time.tv_sec) { | |
if (user()->expires <= squid_curtime) { |
I have adjusted the following phrase in PR description because we still support credentialsttl configuration, even for Basic authentication, AFAICT: - replaces the auth_param credentialsttl configuration.
+ overwrites the auth_param credentialsttl configuration. |
Currently only used for the Basic authentication helpers where it
overwrites the auth_param credentialsttl configuration.