From 099fb9c5f71590b57176c5667ca215ec80226020 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Thu, 1 Feb 2024 14:49:59 -0500 Subject: [PATCH 01/13] Add the caching to tokenprovider --- .../kafka/broker/core/oidc/TokenProvider.java | 54 ++++++++++--------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java index d9f5c35daa..6f014d9687 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java @@ -1,44 +1,50 @@ -/* - * Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ package dev.knative.eventing.kafka.broker.core.oidc; +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; import dev.knative.eventing.kafka.broker.core.NamespacedName; import io.fabric8.kubernetes.api.model.authentication.TokenRequest; import io.fabric8.kubernetes.api.model.authentication.TokenRequestBuilder; -import io.fabric8.kubernetes.client.Config; -import io.fabric8.kubernetes.client.ConfigBuilder; import io.fabric8.kubernetes.client.KubernetesClient; -import io.fabric8.kubernetes.client.KubernetesClientBuilder; + +import java.util.concurrent.TimeUnit; public class TokenProvider { private final KubernetesClient kubernetesClient; + private final Cache tokenCache; + + public TokenProvider(KubernetesClient kubernetesClient) { + this.kubernetesClient = kubernetesClient; + + this.tokenCache = CacheBuilder.newBuilder() + .expireAfterWrite(1, TimeUnit.HOURS) // 1 hour expiration after write + .maximumSize(1000) + .build(); + } + + public String getToken(NamespacedName serviceAccount, String audience) { + String cacheKey = serviceAccount.namespace() + "/" + serviceAccount.name() + "/" + audience; + String token = tokenCache.getIfPresent(cacheKey); - public TokenProvider() { - Config clientConfig = new ConfigBuilder().build(); + if (token == null) { + // If the token is not in the cache, request a new one + token = requestToken(serviceAccount, audience); + + // If token is successfully retrieved, cache it + if (token != null) { + tokenCache.put(cacheKey, token); + } + } - kubernetesClient = - new KubernetesClientBuilder().withConfig(clientConfig).build(); + return token; } - public String requestToken(NamespacedName serviceAccount, String audience) { + private String requestToken(NamespacedName serviceAccount, String audience) { TokenRequest tokenRequest = new TokenRequestBuilder() .withNewSpec() .withAudiences(audience) - .withExpirationSeconds(3600L) + .withExpirationSeconds(3600L) // 1 hour .endSpec() .build(); From 873f2d7625a83f8e49dcb885545c7791f32e0e44 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Thu, 1 Feb 2024 14:55:03 -0500 Subject: [PATCH 02/13] Add the boiler --- .../kafka/broker/core/oidc/TokenProvider.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java index 6f014d9687..510f8ce28c 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java @@ -1,3 +1,18 @@ +/* + * Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package dev.knative.eventing.kafka.broker.core.oidc; import com.google.common.cache.Cache; From 83362292ba41db64903585c5250f3e72b5468ee1 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 2 Feb 2024 08:42:14 -0500 Subject: [PATCH 03/13] Running the codegen --- control-plane/pkg/contract/contract.pb.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control-plane/pkg/contract/contract.pb.go b/control-plane/pkg/contract/contract.pb.go index 373fc069ce..1e7e492448 100644 --- a/control-plane/pkg/contract/contract.pb.go +++ b/control-plane/pkg/contract/contract.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.17.3 +// protoc v3.15.8 // source: contract.proto package contract From 0ccf69c48e1592e88febdadd5d9451803adf64ce Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 2 Feb 2024 08:42:14 -0500 Subject: [PATCH 04/13] Running the codegen --- control-plane/pkg/contract/contract.pb.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control-plane/pkg/contract/contract.pb.go b/control-plane/pkg/contract/contract.pb.go index 373fc069ce..1e7e492448 100644 --- a/control-plane/pkg/contract/contract.pb.go +++ b/control-plane/pkg/contract/contract.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.17.3 +// protoc v3.15.8 // source: contract.proto package contract From 647acaeb64155f2735ec9114d1e86653328d886d Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 2 Feb 2024 09:28:05 -0500 Subject: [PATCH 05/13] Revert "Running the codegen" This reverts commit 0ccf69c48e1592e88febdadd5d9451803adf64ce. --- control-plane/pkg/contract/contract.pb.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control-plane/pkg/contract/contract.pb.go b/control-plane/pkg/contract/contract.pb.go index 1e7e492448..373fc069ce 100644 --- a/control-plane/pkg/contract/contract.pb.go +++ b/control-plane/pkg/contract/contract.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.15.8 +// protoc v3.17.3 // source: contract.proto package contract From bfcda151cb617535b459651a645dfbeba6adb860 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 2 Feb 2024 09:44:49 -0500 Subject: [PATCH 06/13] Use constant, set buffer before token expire, remove unnecessary change --- .../kafka/broker/core/oidc/TokenProvider.java | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java index 510f8ce28c..457671f3fd 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java @@ -20,33 +20,40 @@ import dev.knative.eventing.kafka.broker.core.NamespacedName; import io.fabric8.kubernetes.api.model.authentication.TokenRequest; import io.fabric8.kubernetes.api.model.authentication.TokenRequestBuilder; +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.ConfigBuilder; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import java.util.concurrent.TimeUnit; public class TokenProvider { + private static final long TOKEN_EXPIRATION_SECONDS = 3600L; // 1 hour + private static final long EXPIRATION_BUFFER_TIME_SECONDS = 300L; // 5 minutes + private static final long CACHE_EXPIRATION_TIME = + TOKEN_EXPIRATION_SECONDS - EXPIRATION_BUFFER_TIME_SECONDS; // Cache tokens for 55 minutes + private final KubernetesClient kubernetesClient; private final Cache tokenCache; - public TokenProvider(KubernetesClient kubernetesClient) { - this.kubernetesClient = kubernetesClient; + public TokenProvider() { + Config clientConfig = new ConfigBuilder().build(); + kubernetesClient = + new KubernetesClientBuilder().withConfig(clientConfig).build(); this.tokenCache = CacheBuilder.newBuilder() - .expireAfterWrite(1, TimeUnit.HOURS) // 1 hour expiration after write + .expireAfterWrite(CACHE_EXPIRATION_TIME, TimeUnit.SECONDS) .maximumSize(1000) .build(); } public String getToken(NamespacedName serviceAccount, String audience) { - String cacheKey = serviceAccount.namespace() + "/" + serviceAccount.name() + "/" + audience; + String cacheKey = generateCacheKey(serviceAccount, audience); String token = tokenCache.getIfPresent(cacheKey); if (token == null) { - // If the token is not in the cache, request a new one token = requestToken(serviceAccount, audience); - - // If token is successfully retrieved, cache it if (token != null) { tokenCache.put(cacheKey, token); } @@ -59,7 +66,7 @@ private String requestToken(NamespacedName serviceAccount, String audience) { TokenRequest tokenRequest = new TokenRequestBuilder() .withNewSpec() .withAudiences(audience) - .withExpirationSeconds(3600L) // 1 hour + .withExpirationSeconds(TOKEN_EXPIRATION_SECONDS) .endSpec() .build(); @@ -75,4 +82,8 @@ private String requestToken(NamespacedName serviceAccount, String audience) { return null; } } + + private String generateCacheKey(NamespacedName serviceAccount, String audience) { + return serviceAccount.namespace() + "/" + serviceAccount.name() + "/" + audience; + } } From 49315fbbf2c08a4cfb0a585193cfbd1765eaf31a Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 2 Feb 2024 14:32:52 -0500 Subject: [PATCH 07/13] Codegen changes --- vendor/k8s.io/code-generator/generate-groups.sh | 0 vendor/k8s.io/code-generator/generate-internal-groups.sh | 0 vendor/knative.dev/pkg/hack/generate-knative.sh | 0 3 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 vendor/k8s.io/code-generator/generate-groups.sh mode change 100644 => 100755 vendor/k8s.io/code-generator/generate-internal-groups.sh mode change 100644 => 100755 vendor/knative.dev/pkg/hack/generate-knative.sh diff --git a/vendor/k8s.io/code-generator/generate-groups.sh b/vendor/k8s.io/code-generator/generate-groups.sh old mode 100644 new mode 100755 diff --git a/vendor/k8s.io/code-generator/generate-internal-groups.sh b/vendor/k8s.io/code-generator/generate-internal-groups.sh old mode 100644 new mode 100755 diff --git a/vendor/knative.dev/pkg/hack/generate-knative.sh b/vendor/knative.dev/pkg/hack/generate-knative.sh old mode 100644 new mode 100755 From 2e58953b72a4fd4e754f52f1750e64fc5a8f9837 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Fri, 2 Feb 2024 15:53:42 -0500 Subject: [PATCH 08/13] Codegen changes --- vendor/k8s.io/code-generator/generate-groups.sh | 0 vendor/k8s.io/code-generator/generate-internal-groups.sh | 0 vendor/knative.dev/pkg/hack/generate-knative.sh | 0 3 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 vendor/k8s.io/code-generator/generate-groups.sh mode change 100755 => 100644 vendor/k8s.io/code-generator/generate-internal-groups.sh mode change 100755 => 100644 vendor/knative.dev/pkg/hack/generate-knative.sh diff --git a/vendor/k8s.io/code-generator/generate-groups.sh b/vendor/k8s.io/code-generator/generate-groups.sh old mode 100755 new mode 100644 diff --git a/vendor/k8s.io/code-generator/generate-internal-groups.sh b/vendor/k8s.io/code-generator/generate-internal-groups.sh old mode 100755 new mode 100644 diff --git a/vendor/knative.dev/pkg/hack/generate-knative.sh b/vendor/knative.dev/pkg/hack/generate-knative.sh old mode 100755 new mode 100644 From 002b4af7a1711f879aabc62e9dbf1091166a8ad0 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Mon, 5 Feb 2024 08:36:25 -0500 Subject: [PATCH 09/13] Update data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Christoph Stäbler --- .../knative/eventing/kafka/broker/core/oidc/TokenProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java index 457671f3fd..731af954d1 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java @@ -31,7 +31,7 @@ public class TokenProvider { private static final long TOKEN_EXPIRATION_SECONDS = 3600L; // 1 hour private static final long EXPIRATION_BUFFER_TIME_SECONDS = 300L; // 5 minutes - private static final long CACHE_EXPIRATION_TIME = + private static final long CACHE_EXPIRATION_TIME_SECONDS = TOKEN_EXPIRATION_SECONDS - EXPIRATION_BUFFER_TIME_SECONDS; // Cache tokens for 55 minutes private final KubernetesClient kubernetesClient; From 0f871a1db96d38ae92188be3b906a25e342b1ed2 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Mon, 5 Feb 2024 08:37:51 -0500 Subject: [PATCH 10/13] Fix the review comments --- .../eventing/kafka/broker/core/oidc/TokenProvider.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java index 731af954d1..66635f5166 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java @@ -31,6 +31,8 @@ public class TokenProvider { private static final long TOKEN_EXPIRATION_SECONDS = 3600L; // 1 hour private static final long EXPIRATION_BUFFER_TIME_SECONDS = 300L; // 5 minutes + + private static final long CACHE_MAXIMUM_SIZE = 1000L; // Cache up to 1000 tokens private static final long CACHE_EXPIRATION_TIME_SECONDS = TOKEN_EXPIRATION_SECONDS - EXPIRATION_BUFFER_TIME_SECONDS; // Cache tokens for 55 minutes @@ -43,8 +45,8 @@ public TokenProvider() { new KubernetesClientBuilder().withConfig(clientConfig).build(); this.tokenCache = CacheBuilder.newBuilder() - .expireAfterWrite(CACHE_EXPIRATION_TIME, TimeUnit.SECONDS) - .maximumSize(1000) + .expireAfterWrite(CACHE_EXPIRATION_TIME_SECONDS, TimeUnit.SECONDS) + .maximumSize(CACHE_MAXIMUM_SIZE) .build(); } From 39fe3241ad2e9b6a9f6efed504ca4a73f02c5ea9 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Mon, 5 Feb 2024 10:11:20 -0500 Subject: [PATCH 11/13] Run codegen --- vendor/k8s.io/code-generator/generate-groups.sh | 0 vendor/k8s.io/code-generator/generate-internal-groups.sh | 0 vendor/knative.dev/pkg/hack/generate-knative.sh | 0 3 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 vendor/k8s.io/code-generator/generate-groups.sh mode change 100644 => 100755 vendor/k8s.io/code-generator/generate-internal-groups.sh mode change 100644 => 100755 vendor/knative.dev/pkg/hack/generate-knative.sh diff --git a/vendor/k8s.io/code-generator/generate-groups.sh b/vendor/k8s.io/code-generator/generate-groups.sh old mode 100644 new mode 100755 diff --git a/vendor/k8s.io/code-generator/generate-internal-groups.sh b/vendor/k8s.io/code-generator/generate-internal-groups.sh old mode 100644 new mode 100755 diff --git a/vendor/knative.dev/pkg/hack/generate-knative.sh b/vendor/knative.dev/pkg/hack/generate-knative.sh old mode 100644 new mode 100755 From 7fd6d450e5662d9f1e4a12a46400d4622006c809 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Mon, 5 Feb 2024 16:29:25 -0500 Subject: [PATCH 12/13] Codegen changes --- vendor/k8s.io/code-generator/generate-groups.sh | 0 vendor/k8s.io/code-generator/generate-internal-groups.sh | 0 vendor/knative.dev/pkg/hack/generate-knative.sh | 0 3 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 vendor/k8s.io/code-generator/generate-groups.sh mode change 100755 => 100644 vendor/k8s.io/code-generator/generate-internal-groups.sh mode change 100755 => 100644 vendor/knative.dev/pkg/hack/generate-knative.sh diff --git a/vendor/k8s.io/code-generator/generate-groups.sh b/vendor/k8s.io/code-generator/generate-groups.sh old mode 100755 new mode 100644 diff --git a/vendor/k8s.io/code-generator/generate-internal-groups.sh b/vendor/k8s.io/code-generator/generate-internal-groups.sh old mode 100755 new mode 100644 diff --git a/vendor/knative.dev/pkg/hack/generate-knative.sh b/vendor/knative.dev/pkg/hack/generate-knative.sh old mode 100755 new mode 100644 From 8606b6ec90e7fff89afe229dcd3eb3f1c9d2d3e3 Mon Sep 17 00:00:00 2001 From: Leo Li Date: Tue, 6 Feb 2024 09:49:28 -0500 Subject: [PATCH 13/13] Code gen again --- .../knative/eventing/kafka/broker/core/oidc/TokenProvider.java | 1 - 1 file changed, 1 deletion(-) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java index 66635f5166..06825d4f12 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java @@ -24,7 +24,6 @@ import io.fabric8.kubernetes.client.ConfigBuilder; import io.fabric8.kubernetes.client.KubernetesClient; import io.fabric8.kubernetes.client.KubernetesClientBuilder; - import java.util.concurrent.TimeUnit; public class TokenProvider {