Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perf: Implement compiler sharding #202

Merged
merged 75 commits into from
Mar 15, 2022
Merged

perf: Implement compiler sharding #202

merged 75 commits into from
Mar 15, 2022

Conversation

willbeason
Copy link
Member

@willbeason willbeason commented Mar 2, 2022
edited
Loading

This is a massive PR - you may need more than one sitting to consume it.

You may find it helpful to skim https://docs.google.com/document/d/1ibCxaI-7HyWyDjQNL4iDRMHnrauufIMJ1D6LwIKdlsI/edit?usp=sharing again - the high-level design presented in the doc is largely unchanged.

Notable design changes:

  • Queries are run per-Review per-Template. Before only a single query was run to review an object or run audit from cache.
  • Audit from cache is removed. It isn't efficient to unmarshal everything from data.inventory to run Go matching logic, and in-rego matching logic costs too much time to run per-Template queries. Consumers of frameworks (e.g. Gatekeeper) will need to implement their own audit-from-cache. There are options for maintaining audit-from-cache in frameworks while keeping these performance gains, but they aren't pretty.
  • Most built-in Rego code is removed - much of this orchestration has been moved to Go for performance reasons. The last bit is a requirement to keep users from needing to add it as boilerplate to their ConstraintTemplates.

Refactoring changes (non-behavioral)

  • AllowedDataFields is moved to Driver as Client doesn't do anything with this data.
  • Operations on Client are handled per-Template, per-Constraint, per-Target. In the future we could leverage this to allow for more highly-parallel mutations of the set of Constraints and Templates at once, but for now we're able to make updates to Client so quickly that this isn't an issue (discussion incoming with benchmarks). Mechanically, this is why we now have "client.go", "template_client.go", and "constraint_client.go" - each has concerns applicable to that level, and this allows separating out logic and reduces mixing layers of abstraction.

I've refrained from allowing much more parallelization in AddConstraint/AddTemplate operations (as in - adding Constraints and Templates simultaneously, or adding Constraints for different Templates simultaneously). While AddConstraint can be made more parallel, it comes at the cost of a lot of complexity and the absolute gains are not meaningful for known use cases (~5,000 Constraints added per second vs. ~20,000 Constraints added per second).

Update: Benchmark data is available here: https://docs.google.com/spreadsheets/d/1WYLMDdr9w9QwF9NGYvF1bzrYrKwF52Efj4bl7jaGMqA/edit?usp=sharing

AddTemplate

Ignore multithreaded stats (crossed out). We aren't going to do this in this PR as it would hold this up. In the future, we can get an additional ~5x speedup in template compilation on top of what is shown here (e.g. 20x to 100x faster).

Compiling individual ConstraintTemplates is 2x-3x faster than before, from 4-5ms to 1.5-2ms.

Compiling 200 ConstraintTemplates is 10x-20x faster than before, from 3.4s-11s to 0.3s-0.5s.

There is improvement for all tested cases. Tests were run with both simple and complex rego code in Templates, so it is reasonable to assume all cases are improved.

AddConstraint

AddConstraint is ~2x faster than before, so it is theoretically possible to add ~30,000 Constraints to a Gatekeeper installation per second. This is unlikely to be a bottleneck in any use case, so further improvements aren't necessary.

Review

Review is complex.

TLDR: For most use cases, there are significant query improvements. The CPU cost of filtering out objects (and so not running Constraints) is dropped by 20x or more, so users should expect improvements in nearly all cases.

Note that for the data in the review benchmarks, I ran queries where every Constraint returned the same result. So "10 Templates & 100 Constraints / Success" means that all 100 Constraints are run against every object, and every Constraint resulted in no violation. These individual cases do not match reality where most objects are not matched by most Constraints. However, by testing these extreme cases individually, you can construct the expected improvement for various distributions of successes/failures/filters/autorjections.

I've taken data when running queries serially (in 1 thread) and in parallel (in 12 threads). The data for runtime in each page on the linked benchmark data is of throughput, not spent CPU time. In single-threaded mode these are equivalent, but this is not the case for multithreaded. For example, autorejecting a query for 1 Template/10 Constraints in one thread takes 18us, but only 4.3us with 12 threads. Effectively, this means that running in 12 threads means queries can be rejected at a rate of (1/4.3us) = 233,000/second, whereas running in a single thread the throughput is (1/18us) = 55,000/second.

Note that the throughput improvements are universally greater than the CPU improvements. This is largely due to less read locking within Driver - all state is stored in the Rego storage (which has its own locking), so no synchronization is required directly by Driver.

For Constraints which are filtered out against a Review, or which autoreject a Review, speed is universally increased 10x-100x. Since this logic entirely happens in Go instead of Rego, we see a huge performance increase.

Otherwise, there is generally a 2x-3x speedup in Reviews where all Constraints are run for every object. The exception is the case where:

  • there are many Templates
  • there is exactly one Constraint per Template
  • every Constraint matches every object on the cluster

This case is pathological - there shouldn't need to be so many Templates with a single Constraint, each matching every object in a Cluster. At these scales query time is still very reasonable - for example 18ms for 100 Constraints/100 Templates. We wouldn't expect there to be noticeable problems/degradation until a user had ~1,000 Constraints/1,000 Templates, when queries start to take longer than 200ms.

Will Beason added 26 commits March 2, 2022 14:01
Use constant target name in Driver
6bfbf8c 
Signed-off-by: Will Beason <willbeason@google.com>
Move externs to Driver
a7cf67b 
Externs should be an argument passed to Driver on initialization.

Signed-off-by: Will Beason <willbeason@google.com>
Use matcherKey type
3d25a5c 
Signed-off-by: Will Beason <willbeason@google.com>
Refactor constraint matcher
0b05bcb 
Signed-off-by: Will Beason <willbeason@google.com>
Move autoreject logic to Go
35c7c44 
Signed-off-by: Will Beason <willbeason@google.com>
Add reminders for autorejection responses
c9e12ae 
Hopefully two reminders makes it so if I forget, it'll be obvious to
code reviewers that I made a mistake.

Signed-off-by: Will Beason <willbeason@google.com>
Add constraints to constraintMatcher
f3060d7 
Signed-off-by: Will Beason <willbeason@google.com>
Move audit to constraint-per-query
c77331e 
Signed-off-by: Will Beason <willbeason@google.com>
Move to one query-per-constraint for Review
a79e8d7 
Also one query per object/constraint for Audit.

Signed-off-by: Will Beason <willbeason@google.com>
Switch Query functions out
75ca02f 
Signed-off-by: Will Beason <willbeason@google.com>
Remove Constraints from Driver
bf7b250 
Now Driver only maintains state for Templates and cached objects for
referential constraints.

Signed-off-by: Will Beason <willbeason@google.com>
Remove need for inits
6626728 
Client and Driver are fully usable after calling New()

Signed-off-by: Will Beason <willbeason@google.com>
Remove target-specific pathing from Driver
7b8a0bd 
Signed-off-by: Will Beason <willbeason@google.com>
Add per-template per-target compilers
81e8ec4 
Signed-off-by: Will Beason <willbeason@google.com>
Wire up sharded compilers
aee67be 
Signed-off-by: Will Beason <willbeason@google.com>
Shard the compiler
460fe47 
Signed-off-by: Will Beason <willbeason@google.com>
Start fixing local tests
420db85 
Signed-off-by: Will Beason <willbeason@google.com>
Make path driver-independent
3b57ee8 
Just pass path elements instead - this eliminates a lot of complexity
around both writing paths from slices of strings and back to slices of
strings.

Signed-off-by: Will Beason <willbeason@google.com>
Make keys for storage
9788f28 
Signed-off-by: Will Beason <willbeason@google.com>
Remove Audit
562e808 
Signed-off-by: Will Beason <willbeason@google.com>
Remove object cache from Client
7cc2f72 
Signed-off-by: Will Beason <willbeason@google.com>
Re-add AddConstraint/RemoveConstraint
a696001 
Signed-off-by: Will Beason <willbeason@google.com>
Write Constraints to Driver
80a8399 
Signed-off-by: Will Beason <willbeason@google.com>
Reference Constraint by Key
dddca68 
Signed-off-by: Will Beason <willbeason@google.com>
Switch query
8e59274 
Signed-off-by: Will Beason <willbeason@google.com>
Fill in review outside of Rego
2ce4f66 
This is much more efficient than constantly marhsalling/unmarshalling
the objects.

Also remove "Resource" since it is redundant

Signed-off-by: Will Beason <willbeason@google.com>
Will Beason added 4 commits March 9, 2022 14:40
Use mutexes to guard storage maps
83152af 
Signed-off-by: Will Beason <willbeason@google.com>
Add docs
e7ccd2f 
Signed-off-by: Will Beason <willbeason@google.com>
Don't check for directory in storage
e9f68f1 
It can't exist since it's a new storage.

Signed-off-by: Will Beason <willbeason@google.com>
Fix locking in Driver
3eea979 
Prevent more inconsistent states

Signed-off-by: Will Beason <willbeason@google.com>
sozercan
sozercan approved these changes Mar 11, 2022
View reviewed changes
Copy link
Member

@sozercan sozercan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!! LGTM

constraint/pkg/apis/constraints/apis.go Outdated Show resolved Hide resolved
@sozercan
Copy link
Member

sozercan commented Mar 11, 2022
edited
Loading

@willbeason looks like unit tests were timing out, re-ran it (edit: timed out again). do we need to increase the timeout value or is it a problem with code/tests?

here's the full output

go test ./pkg/... -coverprofile cover.out
?       github.com/open-policy-agent/frameworks/constraint/pkg/apis     [no test files]
?       github.com/open-policy-agent/frameworks/constraint/pkg/apis/constraints [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1alpha1       6.551s  coverage: 2.8% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates   [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1        6.532s  coverage: 45.9% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1alpha1  6.438s  coverage: 45.9% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1   6.498s  coverage: 45.9% of statements
coverage: 33.2% of statements
panic: test timed out after 10m0s

goroutine 107 [running]:
testing.(*M).startAlarm.func1()
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1788 +0x8e
created by time.goFunc
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/time/sleep.go:180 +0x31

goroutine 1 [chan receive, 10 minutes]:
testing.(*T).Run(0xc0005824e0, {0x14ada09, 0x46f053}, 0x152bf18)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
testing.runTests.func1(0xc0005824e0)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1598 +0x6e
testing.tRunner(0xc0005824e0, 0xc00073fce0)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
testing.runTests(0xc000050200, {0x219f220, 0x18, 0x18}, {0x48daed, 0x14a2da8, 0x21b7ec0})
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1596 +0x43f
testing.(*M).Run(0xc000050200)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1504 +0x51d
main.main()
        _testmain.go:161 +0x1f5

goroutine 19 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:1283 +0x6a
created by k8s.io/klog/v2.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:420 +0xfb

goroutine 12 [chan receive]:
github.com/golang/glog.(*loggingT).flushDaemon(0xc00018d740)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:882 +0x6a
created by github.com/golang/glog.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:410 +0x1c5

goroutine 103 [chan receive, 10 minutes]:
testing.(*T).Run(0xc000603380, {0x14a0a6c, 0x149ef92}, 0xc0002cac80)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
github.com/open-policy-agent/frameworks/constraint/pkg/client_test.TestClient_AddTemplate(0xc000603380)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/client_test.go:376 +0x189c
testing.tRunner(0xc000603380, 0x152bf18)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a

goroutine 104 [semacquire, 10 minutes]:
sync.runtime_SemacquireMutex(0xc000296400, 0x60, 0xc0001c1660)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/runtime/sema.go:71 +0x25
sync.(*RWMutex).RLock(...)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/sync/rwmutex.go:63
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).getStorage(0xc000225200, {0x16a5060, 0xc0001aa000}, {0x149ef92, 0xb})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:526 +0x97
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).removeData(0x12ddba0, {0x16a5060, 0xc0001aa000}, {0x149ef92, 0xc0001c1680}, {0xc000358360, 0x2, 0x2})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:494 +0x5b
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).RemoveTemplate(0xc000225200, {0x16a5060, 0xc0001aa000}, 0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:105 +0x1d7
github.com/open-policy-agent/frameworks/constraint/pkg/client.(*Client).RemoveTemplate(0xc00013fb00, {0x16a5060, 0xc0001aa000}, 0xc000156180)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/client.go:184 +0x155
github.com/open-policy-agent/frameworks/constraint/pkg/client_test.TestClient_AddTemplate.func1(0xc000603520)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/client_test.go:438 +0x737
testing.tRunner(0xc000603520, 0xc0002cac80)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a
FAIL    github.com/open-policy-agent/frameworks/constraint/pkg/client   600.016s
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/clienttest        [no test files]
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/clienttest/cts    [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/client/crds      0.020s  coverage: 89.6% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers   [no test files]
coverage: 49.1% of statements
panic: test timed out after 10m0s

goroutine 83 [running]:
testing.(*M).startAlarm.func1()
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1788 +0x8e
created by time.goFunc
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/time/sleep.go:180 +0x31

goroutine 1 [chan receive, 9 minutes]:
testing.(*T).Run(0xc0000c4680, {0x130c5e3, 0x46f053}, 0x1380fb8)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
testing.runTests.func1(0xc0000c4680)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1598 +0x6e
testing.tRunner(0xc0000c4680, 0xc00073fce0)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
testing.runTests(0xc000416080, {0x1e80000, 0x9, 0x9}, {0x48daed, 0x12fdb33, 0x1e99860})
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1596 +0x43f
testing.(*M).Run(0xc000416080)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1504 +0x51d
main.main()
        _testmain.go:117 +0x1f5

goroutine 19 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:1283 +0x6a
created by k8s.io/klog/v2.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:420 +0xfb

goroutine 20 [chan receive]:
github.com/golang/glog.(*loggingT).flushDaemon(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:882 +0x6a
created by github.com/golang/glog.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:410 +0x1c5

goroutine 16 [chan receive, 9 minutes]:
testing.(*T).Run(0xc0006031e0, {0x12fdc4b, 0xc0001404a0}, 0xc0002a5680)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.TestDriver_RemoveTemplates(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver_unit_test.go:158 +0x1dd
testing.tRunner(0xc0006031e0, 0x1380fb8)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a

goroutine 82 [semacquire, 9 minutes]:
sync.runtime_SemacquireMutex(0x12, 0x0, 0x8)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/runtime/sema.go:71 +0x25
sync.(*RWMutex).RLock(...)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/sync/rwmutex.go:63
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).getStorage(0xc0001b6cf0, {0x14cd8e0, 0xc000140000}, {0x12f0a22, 0x3})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:526 +0xa5
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).removeData(0x1162260, {0x14cd8e0, 0xc000140000}, {0x12f0a22, 0xc0001b6cf0}, {0xc00052db20, 0x2, 0x2})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:494 +0x65
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).RemoveTemplate(0xc0001b6cf0, {0x14cd8e0, 0xc000140000}, 0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:105 +0x1ea
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.TestDriver_RemoveTemplates.func1(0xc000603380)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver_unit_test.go:176 +0x378
testing.tRunner(0xc000603380, 0xc0002a5680)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a
FAIL    github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local     600.019s
ok      github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/remote    0.010s  coverage: 19.3% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/errors    [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/core/constraints 0.044s  coverage: 100.0% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/core/templates   [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/externaldata     0.025s  coverage: 61.4% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/handler  [no test files]
?       github.com/open-policy-agent/frameworks/constraint/pkg/handler/handlertest      [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/regorewriter     0.055s  coverage: 71.8% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/schema   0.024s  coverage: 50.0% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/types    0.024s  coverage: 13.6% of statements
FAIL
Makefile:15: recipe for target 'native-test' failed
make: *** [native-test] Error 1

Will Beason added 3 commits March 14, 2022 08:31
Move storage logic to own class
5084c7b 
This prevents cases where we need mutexes to guard different sets of
information.

Signed-off-by: Will Beason <willbeason@google.com>
Make locking in Driver robust
1db6737 
Signed-off-by: Will Beason <willbeason@google.com>
Resolve reviewer comment
78c2b1d 
Signed-off-by: Will Beason <willbeason@google.com>
@willbeason
Copy link
Member Author

@willbeason looks like unit tests were timing out, re-ran it (edit: timed out again). do we need to increase the timeout value or is it a problem with code/tests?

here's the full output

go test ./pkg/... -coverprofile cover.out
?       github.com/open-policy-agent/frameworks/constraint/pkg/apis     [no test files]
?       github.com/open-policy-agent/frameworks/constraint/pkg/apis/constraints [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1alpha1       6.551s  coverage: 2.8% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates   [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1        6.532s  coverage: 45.9% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1alpha1  6.438s  coverage: 45.9% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1   6.498s  coverage: 45.9% of statements
coverage: 33.2% of statements
panic: test timed out after 10m0s

goroutine 107 [running]:
testing.(*M).startAlarm.func1()
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1788 +0x8e
created by time.goFunc
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/time/sleep.go:180 +0x31

goroutine 1 [chan receive, 10 minutes]:
testing.(*T).Run(0xc0005824e0, {0x14ada09, 0x46f053}, 0x152bf18)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
testing.runTests.func1(0xc0005824e0)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1598 +0x6e
testing.tRunner(0xc0005824e0, 0xc00073fce0)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
testing.runTests(0xc000050200, {0x219f220, 0x18, 0x18}, {0x48daed, 0x14a2da8, 0x21b7ec0})
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1596 +0x43f
testing.(*M).Run(0xc000050200)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1504 +0x51d
main.main()
        _testmain.go:161 +0x1f5

goroutine 19 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:1283 +0x6a
created by k8s.io/klog/v2.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:420 +0xfb

goroutine 12 [chan receive]:
github.com/golang/glog.(*loggingT).flushDaemon(0xc00018d740)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:882 +0x6a
created by github.com/golang/glog.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:410 +0x1c5

goroutine 103 [chan receive, 10 minutes]:
testing.(*T).Run(0xc000603380, {0x14a0a6c, 0x149ef92}, 0xc0002cac80)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
github.com/open-policy-agent/frameworks/constraint/pkg/client_test.TestClient_AddTemplate(0xc000603380)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/client_test.go:376 +0x189c
testing.tRunner(0xc000603380, 0x152bf18)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a

goroutine 104 [semacquire, 10 minutes]:
sync.runtime_SemacquireMutex(0xc000296400, 0x60, 0xc0001c1660)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/runtime/sema.go:71 +0x25
sync.(*RWMutex).RLock(...)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/sync/rwmutex.go:63
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).getStorage(0xc000225200, {0x16a5060, 0xc0001aa000}, {0x149ef92, 0xb})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:526 +0x97
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).removeData(0x12ddba0, {0x16a5060, 0xc0001aa000}, {0x149ef92, 0xc0001c1680}, {0xc000358360, 0x2, 0x2})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:494 +0x5b
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).RemoveTemplate(0xc000225200, {0x16a5060, 0xc0001aa000}, 0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:105 +0x1d7
github.com/open-policy-agent/frameworks/constraint/pkg/client.(*Client).RemoveTemplate(0xc00013fb00, {0x16a5060, 0xc0001aa000}, 0xc000156180)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/client.go:184 +0x155
github.com/open-policy-agent/frameworks/constraint/pkg/client_test.TestClient_AddTemplate.func1(0xc000603520)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/client_test.go:438 +0x737
testing.tRunner(0xc000603520, 0xc0002cac80)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a
FAIL    github.com/open-policy-agent/frameworks/constraint/pkg/client   600.016s
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/clienttest        [no test files]
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/clienttest/cts    [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/client/crds      0.020s  coverage: 89.6% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers   [no test files]
coverage: 49.1% of statements
panic: test timed out after 10m0s

goroutine 83 [running]:
testing.(*M).startAlarm.func1()
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1788 +0x8e
created by time.goFunc
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/time/sleep.go:180 +0x31

goroutine 1 [chan receive, 9 minutes]:
testing.(*T).Run(0xc0000c4680, {0x130c5e3, 0x46f053}, 0x1380fb8)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
testing.runTests.func1(0xc0000c4680)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1598 +0x6e
testing.tRunner(0xc0000c4680, 0xc00073fce0)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
testing.runTests(0xc000416080, {0x1e80000, 0x9, 0x9}, {0x48daed, 0x12fdb33, 0x1e99860})
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1596 +0x43f
testing.(*M).Run(0xc000416080)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1504 +0x51d
main.main()
        _testmain.go:117 +0x1f5

goroutine 19 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:1283 +0x6a
created by k8s.io/klog/v2.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/k8s.io/klog/v2/klog.go:420 +0xfb

goroutine 20 [chan receive]:
github.com/golang/glog.(*loggingT).flushDaemon(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:882 +0x6a
created by github.com/golang/glog.init.0
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/vendor/github.com/golang/glog/glog.go:410 +0x1c5

goroutine 16 [chan receive, 9 minutes]:
testing.(*T).Run(0xc0006031e0, {0x12fdc4b, 0xc0001404a0}, 0xc0002a5680)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1307 +0x375
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.TestDriver_RemoveTemplates(0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver_unit_test.go:158 +0x1dd
testing.tRunner(0xc0006031e0, 0x1380fb8)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a

goroutine 82 [semacquire, 9 minutes]:
sync.runtime_SemacquireMutex(0x12, 0x0, 0x8)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/runtime/sema.go:71 +0x25
sync.(*RWMutex).RLock(...)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/sync/rwmutex.go:63
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).getStorage(0xc0001b6cf0, {0x14cd8e0, 0xc000140000}, {0x12f0a22, 0x3})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:526 +0xa5
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).removeData(0x1162260, {0x14cd8e0, 0xc000140000}, {0x12f0a22, 0xc0001b6cf0}, {0xc00052db20, 0x2, 0x2})
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:494 +0x65
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.(*Driver).RemoveTemplate(0xc0001b6cf0, {0x14cd8e0, 0xc000140000}, 0x0)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver.go:105 +0x1ea
github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local.TestDriver_RemoveTemplates.func1(0xc000603380)
        /home/sozercan/go/src/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/driver_unit_test.go:176 +0x378
testing.tRunner(0xc000603380, 0xc0002a5680)
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1259 +0x102
created by testing.(*T).Run
        /home/linuxbrew/.linuxbrew/Cellar/go/1.17.8/libexec/src/testing/testing.go:1306 +0x35a
FAIL    github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local     600.019s
ok      github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/remote    0.010s  coverage: 19.3% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/client/errors    [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/core/constraints 0.044s  coverage: 100.0% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/core/templates   [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/externaldata     0.025s  coverage: 61.4% of statements
?       github.com/open-policy-agent/frameworks/constraint/pkg/handler  [no test files]
?       github.com/open-policy-agent/frameworks/constraint/pkg/handler/handlertest      [no test files]
ok      github.com/open-policy-agent/frameworks/constraint/pkg/regorewriter     0.055s  coverage: 71.8% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/schema   0.024s  coverage: 50.0% of statements
ok      github.com/open-policy-agent/frameworks/constraint/pkg/types    0.024s  coverage: 13.6% of statements
FAIL
Makefile:15: recipe for target 'native-test' failed
make: *** [native-test] Error 1

It was a problem with the code - I didn't lock properly. It's fixed, and I've moved that part of the code to it's own class so future devs will be unlikely to make the same mistake I did. Otherwise the logic is unchanged - just mutexes moved around.

Resolve reviewer comments
2d1a214 
Signed-off-by: Will Beason <willbeason@google.com>
@willbeason willbeason requested a review from ritazh March 14, 2022 15:56
ritazh
ritazh approved these changes Mar 15, 2022
View reviewed changes
Copy link
Member

@ritazh ritazh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@willbeason willbeason merged commit 00eadf6 into open-policy-agent:master Mar 15, 2022
@willbeason willbeason deleted the mega-1 branch March 15, 2022 18:23
@willbeason willbeason mentioned this pull request Mar 19, 2022
Closed
This was referenced Apr 5, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@julianKatz julianKatz mentioned this pull request Jun 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxsmythe maxsmythe maxsmythe approved these changes

@ritazh ritazh ritazh approved these changes

@sozercan sozercan sozercan approved these changes

@shomron shomron Awaiting requested review from shomron

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@willbeason @codecov-commenter @maxsmythe @sozercan @ritazh