You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@kyuubi.apache.org by GitBox <gi...@apache.org> on 2022/04/14 08:00:14 UTC
[GitHub] [incubator-kyuubi] wForget opened a new pull request, #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
wForget opened a new pull request, #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364
<!--
Thanks for sending a pull request!
Here are some tips for you:
1. If this is your first time, please read our contributor guidelines: https://kyuubi.readthedocs.io/en/latest/community/contributions.html
2. If the PR is related to an issue in https://github.com/apache/incubator-kyuubi/issues, add '[KYUUBI #XXXX]' in your PR title, e.g., '[KYUUBI #XXXX] Your PR title ...'.
3. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP][KYUUBI #XXXX] Your PR title ...'.
-->
### _Why are the changes needed?_
<!--
Please clarify why the changes are needed. For instance,
1. If you add a feature, you can talk about the use case of it.
2. If you fix a bug, you can clarify why it is a bug.
-->
close #2301
### _How was this patch tested?_
- [X] Add some test cases that check the changes thoroughly including negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851044644
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
> move all the logic from common to server would be more clear
OK, thanks. I'll do that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] ulysses-you commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
ulysses-you commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851100736
##########
kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala:
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.session
+
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.atomic.AtomicInteger
+
+import org.apache.commons.lang3.StringUtils
+
+import org.apache.kyuubi.KyuubiSQLException
+
+trait SessionLimiter {
+ def increment(userIpAddress: UserIpAddress): Unit
+ def decrement(userIpAddress: UserIpAddress): Unit
+}
+
+case class UserIpAddress(user: String, ipAddress: String)
+
+class SessionLimiterImpl(userLimit: Int, ipAddressLimit: Int, userIpAddressLimit: Int)
+ extends SessionLimiter {
+
+ private val _counters: java.util.Map[String, AtomicInteger] =
+ new ConcurrentHashMap[String, AtomicInteger]()
+
+ private[session] def counters(): java.util.Map[String, AtomicInteger] = _counters
+
+ override def increment(userIpAddress: UserIpAddress): Unit = {
+ val user = userIpAddress.user
+ val ipAddress = userIpAddress.ipAddress
+ // increment userIpAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(user) && StringUtils.isNotBlank(ipAddress)) {
+ incrLimitCount(
+ s"$user:$ipAddress",
+ userIpAddressLimit,
+ s"Connection limit per user:ipaddress reached" +
Review Comment:
remove `s`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] yaooqinn commented on pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
yaooqinn commented on PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#issuecomment-1101972773
thanks, merged to master
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] yaooqinn commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
yaooqinn commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851030271
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
shall we add this only in the server?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851104715
##########
kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala:
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.session
+
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.atomic.AtomicInteger
+
+import org.apache.commons.lang3.StringUtils
+
+import org.apache.kyuubi.KyuubiSQLException
+
+trait SessionLimiter {
+ def increment(userIpAddress: UserIpAddress): Unit
+ def decrement(userIpAddress: UserIpAddress): Unit
+}
+
+case class UserIpAddress(user: String, ipAddress: String)
+
+class SessionLimiterImpl(userLimit: Int, ipAddressLimit: Int, userIpAddressLimit: Int)
+ extends SessionLimiter {
+
+ private val _counters: java.util.Map[String, AtomicInteger] =
+ new ConcurrentHashMap[String, AtomicInteger]()
+
+ private[session] def counters(): java.util.Map[String, AtomicInteger] = _counters
+
+ override def increment(userIpAddress: UserIpAddress): Unit = {
+ val user = userIpAddress.user
+ val ipAddress = userIpAddress.ipAddress
+ // increment userIpAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(user) && StringUtils.isNotBlank(ipAddress)) {
+ incrLimitCount(
+ s"$user:$ipAddress",
+ userIpAddressLimit,
+ s"Connection limit per user:ipaddress reached" +
+ s" (user:ipaddress: $user:$ipAddress limit: $userIpAddressLimit)")
+ }
+ // increment user count
+ if (userLimit > 0 && StringUtils.isNotBlank(user)) {
+ incrLimitCount(
+ user,
+ userLimit,
+ s"Connection limit per user reached (user: $user limit: $userLimit)")
+ }
+ // increment ipAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(ipAddress)) {
+ incrLimitCount(
+ ipAddress,
+ ipAddressLimit,
+ s"Connection limit per ipaddress reached (ipaddress: $ipAddress limit: $ipAddressLimit)")
+ }
+ }
+
+ override def decrement(userIpAddress: UserIpAddress): Unit = {
+ val user = userIpAddress.user
+ val ipAddress = userIpAddress.ipAddress
+ // decrement user count
+ if (userLimit > 0 && StringUtils.isNotBlank(user)) {
+ decrLimitCount(user)
+ }
+ // decrement ipAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(ipAddress)) {
+ decrLimitCount(ipAddress)
+ }
+ // decrement userIpAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(user) && StringUtils.isNotBlank(ipAddress)) {
+ decrLimitCount(s"$user:$ipAddress")
+ }
+ }
+
+ private def incrLimitCount(key: String, limit: Int, errorMsg: String): Unit = {
+ val count = _counters.computeIfAbsent(key, _ => new AtomicInteger())
+ if (count.incrementAndGet() > limit) {
+ count.decrementAndGet()
Review Comment:
> shall we syncronized the whole method ? we should make sure the `increment and decrement` atomic
I don't think it's necessary, we just need to make sure that increment and comparison operations are atomic.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851089523
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
Review Comment:
> we do not expose this value, so `limiter` is enough
thanks, i have fixed it
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851035614
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
I just set the limiter in KyuubiSessionManager, so do I need to make some changes here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851056104
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
@yaooqinn I need to decrement limit after close session, in KyuubiSessionManager's closeSession method we can't seem to implement it well. Because the session will be removed from handleToSession after closeSession.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] ulysses-you commented on pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
ulysses-you commented on PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#issuecomment-1101043019
@wForget please resolve the conflicts, thank you
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851087996
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
> @yaooqinn I need to decrement limit after close session, in KyuubiSessionManager's closeSession method we can't seem to implement it well. Because the session will be removed from handleToSession after closeSession.
Sorry, please ignore this comment, I have moved it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] yaooqinn commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
yaooqinn commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851840012
##########
kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala:
##########
@@ -43,10 +43,13 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
// this lazy is must be specified since the conf is null when the class initialization
lazy val sessionConfAdvisor: SessionConfAdvisor = PluginLoader.loadSessionConfAdvisor(conf)
+ @volatile private var limiter: Option[SessionLimiter] = None
Review Comment:
volatile necessary?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] yaooqinn closed pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
yaooqinn closed pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
URL: https://github.com/apache/incubator-kyuubi/pull/2364
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] yaooqinn commented on pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
yaooqinn commented on PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#issuecomment-1100002188
A general question,does it possible mix with metrics
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#issuecomment-1100035497
> A general question,does it possible mix with metrics
Sounds good, do we need to ensure atomicity of increment and comparison operations on metric counters?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851853375
##########
kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala:
##########
@@ -43,10 +43,13 @@ class KyuubiSessionManager private (name: String) extends SessionManager(name) {
// this lazy is must be specified since the conf is null when the class initialization
lazy val sessionConfAdvisor: SessionConfAdvisor = PluginLoader.loadSessionConfAdvisor(conf)
+ @volatile private var limiter: Option[SessionLimiter] = None
Review Comment:
It is unnecessary, I will remove it
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] wForget commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
wForget commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851031395
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
> shall we add this only in the server?
I'm also not sure if we need to add it in Engine too? Since the engine can be shared maybe we can also add limiter to the engine. What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] yaooqinn commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
yaooqinn commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851033771
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
Yes, maybe. It won't be late when we have plans on such a thing for engines. So let's focus on the PR's scope itself
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] yaooqinn commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
yaooqinn commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851036592
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
+
+ protected def setSessionLimiter(limiter: SessionLimiter): Unit = {
Review Comment:
move all the logic from common to server would be more clear
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] ulysses-you commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
ulysses-you commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851100328
##########
kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala:
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.session
+
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.atomic.AtomicInteger
+
+import org.apache.commons.lang3.StringUtils
+
+import org.apache.kyuubi.KyuubiSQLException
+
+trait SessionLimiter {
+ def increment(userIpAddress: UserIpAddress): Unit
+ def decrement(userIpAddress: UserIpAddress): Unit
+}
+
+case class UserIpAddress(user: String, ipAddress: String)
+
+class SessionLimiterImpl(userLimit: Int, ipAddressLimit: Int, userIpAddressLimit: Int)
+ extends SessionLimiter {
+
+ private val _counters: java.util.Map[String, AtomicInteger] =
+ new ConcurrentHashMap[String, AtomicInteger]()
+
+ private[session] def counters(): java.util.Map[String, AtomicInteger] = _counters
+
+ override def increment(userIpAddress: UserIpAddress): Unit = {
+ val user = userIpAddress.user
+ val ipAddress = userIpAddress.ipAddress
+ // increment userIpAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(user) && StringUtils.isNotBlank(ipAddress)) {
Review Comment:
ipAddressLimit -> userIpAddressLimit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] ulysses-you commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
ulysses-you commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851102201
##########
kyuubi-server/src/main/scala/org/apache/kyuubi/session/SessionLimiter.scala:
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.session
+
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.atomic.AtomicInteger
+
+import org.apache.commons.lang3.StringUtils
+
+import org.apache.kyuubi.KyuubiSQLException
+
+trait SessionLimiter {
+ def increment(userIpAddress: UserIpAddress): Unit
+ def decrement(userIpAddress: UserIpAddress): Unit
+}
+
+case class UserIpAddress(user: String, ipAddress: String)
+
+class SessionLimiterImpl(userLimit: Int, ipAddressLimit: Int, userIpAddressLimit: Int)
+ extends SessionLimiter {
+
+ private val _counters: java.util.Map[String, AtomicInteger] =
+ new ConcurrentHashMap[String, AtomicInteger]()
+
+ private[session] def counters(): java.util.Map[String, AtomicInteger] = _counters
+
+ override def increment(userIpAddress: UserIpAddress): Unit = {
+ val user = userIpAddress.user
+ val ipAddress = userIpAddress.ipAddress
+ // increment userIpAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(user) && StringUtils.isNotBlank(ipAddress)) {
+ incrLimitCount(
+ s"$user:$ipAddress",
+ userIpAddressLimit,
+ s"Connection limit per user:ipaddress reached" +
+ s" (user:ipaddress: $user:$ipAddress limit: $userIpAddressLimit)")
+ }
+ // increment user count
+ if (userLimit > 0 && StringUtils.isNotBlank(user)) {
+ incrLimitCount(
+ user,
+ userLimit,
+ s"Connection limit per user reached (user: $user limit: $userLimit)")
+ }
+ // increment ipAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(ipAddress)) {
+ incrLimitCount(
+ ipAddress,
+ ipAddressLimit,
+ s"Connection limit per ipaddress reached (ipaddress: $ipAddress limit: $ipAddressLimit)")
+ }
+ }
+
+ override def decrement(userIpAddress: UserIpAddress): Unit = {
+ val user = userIpAddress.user
+ val ipAddress = userIpAddress.ipAddress
+ // decrement user count
+ if (userLimit > 0 && StringUtils.isNotBlank(user)) {
+ decrLimitCount(user)
+ }
+ // decrement ipAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(ipAddress)) {
+ decrLimitCount(ipAddress)
+ }
+ // decrement userIpAddress count
+ if (ipAddressLimit > 0 && StringUtils.isNotBlank(user) && StringUtils.isNotBlank(ipAddress)) {
+ decrLimitCount(s"$user:$ipAddress")
+ }
+ }
+
+ private def incrLimitCount(key: String, limit: Int, errorMsg: String): Unit = {
+ val count = _counters.computeIfAbsent(key, _ => new AtomicInteger())
+ if (count.incrementAndGet() > limit) {
+ count.decrementAndGet()
Review Comment:
shall we syncronized the whole method ? we should make sure the `increment and decrement` atomic
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] codecov-commenter commented on pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#issuecomment-1098865065
# [Codecov](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#2364](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (557954f) into [master](https://codecov.io/gh/apache/incubator-kyuubi/commit/659d981c66ac98ccf1ca5a1e525053fc9417c9f6?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (659d981) will **increase** coverage by `0.06%`.
> The diff coverage is `82.81%`.
```diff
@@ Coverage Diff @@
## master #2364 +/- ##
============================================
+ Coverage 62.68% 62.74% +0.06%
Complexity 69 69
============================================
Files 357 358 +1
Lines 16890 16963 +73
Branches 2276 2287 +11
============================================
+ Hits 10587 10643 +56
- Misses 5321 5327 +6
- Partials 982 993 +11
```
| [Impacted Files](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...g/apache/kyuubi/session/KyuubiSessionManager.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLXNlcnZlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9zZXNzaW9uL0t5dXViaVNlc3Npb25NYW5hZ2VyLnNjYWxh) | `92.30% <71.42%> (-4.57%)` | :arrow_down: |
| [...ala/org/apache/kyuubi/session/SessionManager.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLWNvbW1vbi9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9zZXNzaW9uL1Nlc3Npb25NYW5hZ2VyLnNjYWxh) | `87.40% <75.00%> (-0.38%)` | :arrow_down: |
| [...ala/org/apache/kyuubi/session/SessionLimiter.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLWNvbW1vbi9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9zZXNzaW9uL1Nlc3Npb25MaW1pdGVyLnNjYWxh) | `80.48% <80.48%> (ø)` | |
| [...in/scala/org/apache/kyuubi/config/KyuubiConf.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLWNvbW1vbi9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9jb25maWcvS3l1dWJpQ29uZi5zY2FsYQ==) | `96.40% <100.00%> (+0.05%)` | :arrow_up: |
| [...apache/kyuubi/engine/hive/HiveProcessBuilder.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLXNlcnZlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9lbmdpbmUvaGl2ZS9IaXZlUHJvY2Vzc0J1aWxkZXIuc2NhbGE=) | `84.61% <0.00%> (-6.30%)` | :arrow_down: |
| [...ache/kyuubi/operation/KyuubiOperationManager.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLXNlcnZlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9vcGVyYXRpb24vS3l1dWJpT3BlcmF0aW9uTWFuYWdlci5zY2FsYQ==) | `94.11% <0.00%> (-1.97%)` | :arrow_down: |
| [...n/scala/org/apache/kyuubi/engine/ProcBuilder.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLXNlcnZlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9lbmdpbmUvUHJvY0J1aWxkZXIuc2NhbGE=) | `81.87% <0.00%> (-0.93%)` | :arrow_down: |
| [.../kyuubi/credentials/HadoopCredentialsManager.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLXNlcnZlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9jcmVkZW50aWFscy9IYWRvb3BDcmVkZW50aWFsc01hbmFnZXIuc2NhbGE=) | `93.12% <0.00%> (-0.77%)` | :arrow_down: |
| [.../org/apache/kyuubi/operation/KyuubiOperation.scala](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-a3l1dWJpLXNlcnZlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2t5dXViaS9vcGVyYXRpb24vS3l1dWJpT3BlcmF0aW9uLnNjYWxh) | `68.00% <0.00%> (+1.33%)` | :arrow_up: |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [659d981...557954f](https://codecov.io/gh/apache/incubator-kyuubi/pull/2364?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org
[GitHub] [incubator-kyuubi] ulysses-you commented on a diff in pull request #2364: [KYUUBI #2301] Limit the maximum number of concurrent connections per user and ipaddress
Posted by GitBox <gi...@apache.org>.
ulysses-you commented on code in PR #2364:
URL: https://github.com/apache/incubator-kyuubi/pull/2364#discussion_r851087549
##########
kyuubi-common/src/main/scala/org/apache/kyuubi/session/SessionManager.scala:
##########
@@ -69,6 +69,12 @@ abstract class SessionManager(name: String) extends CompositeService(name) {
private val timeoutChecker =
ThreadUtils.newDaemonSingleThreadScheduledExecutor(s"$name-timeout-checker")
+ @volatile private var _limiter: Option[SessionLimiter] = None
Review Comment:
we do not expose this value, so `limiter` is enough
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org