From reviews-return-3547-archive-asf-public=cust-asf.ponee.io@livy.incubator.apache.org Tue Mar 10 20:02:17 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id E5FF218064E for ; Tue, 10 Mar 2020 21:02:16 +0100 (CET) Received: (qmail 22736 invoked by uid 500); 10 Mar 2020 20:02:16 -0000 Mailing-List: contact reviews-help@livy.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: reviews@livy.incubator.apache.org Delivered-To: mailing list reviews@livy.incubator.apache.org Received: (qmail 22724 invoked by uid 99); 10 Mar 2020 20:02:16 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2020 20:02:16 +0000 From: GitBox To: reviews@livy.apache.org Subject: [GitHub] [incubator-livy] mgaido91 commented on a change in pull request #284: [LIVY-752][THRIFT] Fix implementation of limits on connections. Message-ID: <158387053617.3308.13523429829048491009.gitbox@gitbox.apache.org> References: In-Reply-To: Date: Tue, 10 Mar 2020 20:02:16 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit mgaido91 commented on a change in pull request #284: [LIVY-752][THRIFT] Fix implementation of limits on connections. URL: https://github.com/apache/incubator-livy/pull/284#discussion_r390577142 ########## File path: thriftserver/server/src/main/scala/org/apache/livy/thriftserver/LivyThriftSessionManager.scala ########## @@ -455,21 +443,58 @@ class LivyThriftSessionManager(val server: LivyThriftServer, val livyConf: LivyC } } - // Taken from Hive - private def anyViolations(username: String, ipAddress: String): Option[String] = { - val userAndAddress = username + ":" + ipAddress - if (trackConnectionsPerUser(username) && !withinLimits(username, userLimit)) { - Some(s"Connection limit per user reached (user: $username limit: $userLimit)") - } else if (trackConnectionsPerIpAddress(ipAddress) && - !withinLimits(ipAddress, ipAddressLimit)) { - Some(s"Connection limit per ipaddress reached (ipaddress: $ipAddress limit: " + - s"$ipAddressLimit)") - } else if (trackConnectionsPerUserIpAddress(username, ipAddress) && - !withinLimits(userAndAddress, userIpAddressLimit)) { - Some(s"Connection limit per user:ipaddress reached (user:ipaddress: $userAndAddress " + - s"limit: $userIpAddressLimit)") - } else { - None + // Visible for testing + @throws[HiveSQLException] + private[thriftserver] def incrementConnections( + username: String, + ipAddress: String, + forwardedAddresses: util.List[String]): Unit = { + val clientIpAddress: String = getOriginClientIpAddress(ipAddress, forwardedAddresses) + val userAndAddress = username + ":" + clientIpAddress + val trackUser = trackConnectionsPerUser(username) + val trackIpAddress = trackConnectionsPerIpAddress(clientIpAddress) + val trackUserIpAddress = trackConnectionsPerUserIpAddress(username, clientIpAddress) + var userLimitExceeded = false + var ipAddressLimitExceeded = false + var userIpAddressLimitExceeded = false + + // Optimistically increment the counts while getting them to check for violations. + if (trackUser) { + val userCount = incrementConnectionsCount(username) + if (userCount > userLimit) userLimitExceeded = true + } + if (trackIpAddress) { + val ipAddressCount = incrementConnectionsCount(clientIpAddress) + if (ipAddressCount > ipAddressLimit) ipAddressLimitExceeded = true + } + if (trackUserIpAddress) { + val userIpAddressCount = incrementConnectionsCount(userAndAddress) + if (userIpAddressCount > userIpAddressLimit) userIpAddressLimitExceeded = true + } + + // If any limit has been exceeded, we won't be going ahead with the connection, + // so decrement all counts that have been incremented. + if (userLimitExceeded || ipAddressLimitExceeded || userIpAddressLimitExceeded) { + if (trackUser) decrementConnectionsCount(username) Review comment: yes, thanks for the clarification @squito , that was what I meant. Honestly, I don't see a big difference in terms of complexity/readability and in one case we avoid some sync operations, so it is more efficient: hence I prefer that option. This part is not critical anyway IMHO, so it is not a big deal, but if you're not strongly against it, I'd go this way. Thanks. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org With regards, Apache Git Services