Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Critical Security Admin APIs shouldn't trip memory circuit breakers #4687

Open
Bukhtawar opened this issue Aug 27, 2024 · 2 comments
Open

[BUG] Critical Security Admin APIs shouldn't trip memory circuit breakers #4687

Bukhtawar opened this issue Aug 27, 2024 · 2 comments
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@Bukhtawar
Copy link

What is the bug?

The below trace was observed on a cluster operating at 95% JVMMP and most likely the API request got tripped by memory circuit breaker

'429 Client Error: Too Many Requests for '
'url:  https://<endpoint>/_opendistro/_security/api/securityconfig']

On close evaluation, I noticed that that API actions for security configs don't override this method defaulting to true

https://github.com/opensearch-project/OpenSearch/blob/c71060e29f56918b87a78237ff117d9018456428/server/src/main/java/org/opensearch/rest/RestHandler.java#L62-L64

    default boolean canTripCircuitBreaker() {
        return true;
    }

How can one reproduce the bug?
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

What is the expected behavior?
CB shouldn't trip critical security admin API requests

What is your host/environment?

  • OS: [e.g. iOS]
  • Version [e.g. 22]
  • Plugins

Do you have any screenshots?
If applicable, add screenshots to help explain your problem.

Do you have any additional context?
Add any other context about the problem.
@Bukhtawar Bukhtawar added bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized labels Aug 27, 2024
@cwperks cwperks added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Sep 9, 2024
@cwperks
Copy link
Member

cwperks commented Sep 9, 2024

[Triage] Thanks for filing this issue @Bukhtawar . I agree that security APIs should not trip the circuit breaker.

@iamsharmaapoorv
Copy link

Hey,
Interested in picking this up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Bukhtawar @cwperks @iamsharmaapoorv