Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DynamoDB events by session ID #13284

Merged
merged 8 commits into from
Jul 4, 2022
Merged

DynamoDB events by session ID #13284

merged 8 commits into from
Jul 4, 2022

Conversation

smallinsky
Copy link
Contributor

@smallinsky smallinsky commented Jun 8, 2022
edited
Loading

Issue:

#12498

Description:

The pull/10570/files#diff changed the:

sessionEvents, err := a.alog.GetSessionEvents(namespace, sid, 0, false)

call to

sessionEvents, _, err := a.alog.SearchSessionEvents(time.Time{}, a.authServer.clock.Now().UTC()

The SearchSessionEvents is called with time.Time{} argument (Right now the /webapi/sites/main/sessions/84079b13-29fc-4adf-9563-d3c654d32c5d/events call doesn't provide information about fromTime) that result in hundreds of dynamoDB API call - searchEventsWithFilter will call API for each date within time.Time{} - time.Now() range.

Fix

In case of /webapi/sites/main/sessions/84079b13-29fc-4adf-9563-d3c654d32c5d/events serach session events based on primary sessionID index instead of secondary timesearchV2 global index.

Alternative approaches:

  • Provide fromTime argument from FE (Cons: fromTime can different from timeNow by 1 year in that case the dynamoDB API will base called 365 times)
  • Iterate in descending order with an additional stop function that will break the date loop when a session.end or desktop.session.end event was found.

@smallinsky smallinsky force-pushed the smallinsky/search_session_events branch from e0e8bb6 to 26b2714 Compare June 8, 2022 16:34
@smallinsky smallinsky requested review from zmb3 and xacrimon June 8, 2022 16:48
@smallinsky smallinsky marked this pull request as ready for review June 9, 2022 12:27
@smallinsky smallinsky requested a review from rosstimothy June 9, 2022 12:27
@github-actions github-actions bot requested a review from Joerger June 9, 2022 12:27
@github-actions github-actions bot added the audit-log Issues related to Teleports Audit Log label Jun 9, 2022
@smallinsky smallinsky removed the request for review from Joerger June 9, 2022 12:57
@webvictim webvictim linked an issue Jun 9, 2022 that may be closed by this pull request
Replaying Session results in network timeout error #11673
Closed
rosstimothy
rosstimothy reviewed Jun 9, 2022
View reviewed changes
Copy link
Contributor

@rosstimothy rosstimothy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems reasonable to me. My two concerns are:

  1. Why is the sessionID not being propagated in some places?
  2. Is this truly a Dynamo only issue? Does Firestore experience the same sluggishness?

lib/events/multilog.go Outdated Show resolved Hide resolved
lib/events/firestoreevents/firestoreevents.go Outdated Show resolved Hide resolved
lib/events/firestoreevents/firestoreevents.go
@@ -548,7 +549,7 @@ func (l *Log) searchEventsOnce(fromUTC, toUTC time.Time, namespace string, limit

// SearchSessionEvents returns session related events only. This is used to
// find completed sessions.
func (l *Log) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr) ([]apievents.AuditEvent, string, error) {
func (l *Log) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr, sessionID string) ([]apievents.AuditEvent, string, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we know if Firestore has the same performance issues as Dynamo? Should the sessionID be used here at all if provided?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Firestore does only one call though the sessionID index is not leverage during query. I have extended the query call in case if sessionID is present.

lib/events/filelog.go
@@ -362,7 +362,7 @@ func getCheckpointFromEvent(event apievents.AuditEvent) (string, error) {
return event.GetID(), nil
}

func (l *FileLog) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr) ([]apievents.AuditEvent, string, error) {
func (l *FileLog) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr, sessionID string) ([]apievents.AuditEvent, string, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this benefit at all from using the sessionID?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, The sesisonID was only added here to fulfil common interfaces

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's necessary for this PR, but from looking at findInFile I think it could potentially benefit from using the sessionID if one was provided.

lib/auth/clt.go
@@ -1161,7 +1161,7 @@ func (c *Client) SearchEvents(fromUTC, toUTC time.Time, namespace string, eventT
}

// SearchSessionEvents returns session related events to find completed sessions.
func (c *Client) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr) ([]apievents.AuditEvent, string, error) {
func (c *Client) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr, sessionID string) ([]apievents.AuditEvent, string, error) {
events, lastKey, err := c.APIClient.SearchSessionEvents(context.TODO(), fromUTC, toUTC, limit, order, startKey)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't the APIClient be updated to take the sessionID?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only place right now where the ClientI.SearchSessionEvents is called is

teleport/lib/web/apiserver.go

Line 2206 in 9cc58cc

return clt.SearchSessionEvents(from, to, limit, order, startKey, nil) 

func (h *Handler) clusterSearchSessionEvents(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *SessionContext, site reversetunnel.RemoteSite) (interface{}, error) {
	searchSessionEvents := func(clt auth.ClientI, from, to time.Time, limit int, order types.EventOrder, startKey string) ([]apievents.AuditEvent, string, error) {
		return clt.SearchSessionEvents(from, to, limit, order, startKey, nil, "")
	}
	return clusterEventsList(ctx, site, r.URL.Query(), searchSessionEvents)
}

Where both types.WhereExpr and sesionID are ignored.
The usage of cond *types.WhereExpr and sessionID string is only scoped to internal teleport flow when "where" role filtering param was set.

lib/auth/auth_with_roles.go Outdated Show resolved Hide resolved
lib/events/dynamoevents/dynamoevents_test.go
c.Assert(err, check.NotNil)
}

func (s *DynamoeventsSuite) TestSearchSessionEvensBySessionID(c *check.C) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's too bad CI doesn't run the DynamoeventsSuite tests 😞

@kylern kylern added the c-fi Internal Customer Reference label Jun 9, 2022
@smallinsky smallinsky force-pushed the smallinsky/search_session_events branch from 40737e0 to aa4cc95 Compare June 10, 2022 12:11
rosstimothy
rosstimothy approved these changes Jun 10, 2022
View reviewed changes
lib/events/filelog.go
@@ -362,7 +362,7 @@ func getCheckpointFromEvent(event apievents.AuditEvent) (string, error) {
return event.GetID(), nil
}

func (l *FileLog) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr) ([]apievents.AuditEvent, string, error) {
func (l *FileLog) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr, sessionID string) ([]apievents.AuditEvent, string, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's necessary for this PR, but from looking at findInFile I think it could potentially benefit from using the sessionID if one was provided.

@smallinsky
Copy link
Contributor Author

@xacrimon Could you take a look ?

@smallinsky smallinsky force-pushed the smallinsky/search_session_events branch from e4585db to f734952 Compare June 10, 2022 15:50
@r0mant r0mant requested a review from fspmarshall June 13, 2022 15:52
@smallinsky smallinsky merged commit eb2401d into master Jul 4, 2022
@github-actions
Copy link

github-actions bot commented Jul 4, 2022

@smallinsky See the table below for backport results.

Branch Result
branch/v10 Create PR
branch/v8 Failed
branch/v9 Failed

@smallinsky smallinsky mentioned this pull request Jul 4, 2022
Merged
@webvictim webvictim mentioned this pull request Jul 5, 2022
Closed
@webvictim webvictim linked an issue Jul 6, 2022 that may be closed by this pull request
Session playback for a user with where condition set fails #13478
Closed
@smallinsky smallinsky mentioned this pull request Jul 14, 2022
Merged
@zmb3 zmb3 deleted the smallinsky/search_session_events branch July 14, 2022 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy approved these changes

@zmb3 zmb3 Awaiting requested review from zmb3

@xacrimon xacrimon Awaiting requested review from xacrimon

@fspmarshall fspmarshall Awaiting requested review from fspmarshall

Assignees
No one assigned
Labels
audit-log Issues related to Teleports Audit Log c-fi Internal Customer Reference
Projects
None yet
Milestone
No milestone
5 participants
@smallinsky @xacrimon @rosstimothy @zmb3 @kylern