Skip to content

Commit

Permalink
fix(helthcheck): don't run alternator query ping when authentication …
Browse files Browse the repository at this point in the history
…is enforced

This is a workaround for #4036.
Ref #4036
  • Loading branch information
Michal-Leszczynski committed Sep 17, 2024
1 parent 36438e1 commit 8081999
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 18 deletions.
24 changes: 13 additions & 11 deletions pkg/ping/dynamoping/dynamoping.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,6 @@ import (
type Config struct {
Addr string
RequiresAuthentication bool
Username string
Password string
Timeout time.Duration
TLSConfig *tls.Config
}
Expand Down Expand Up @@ -71,10 +69,19 @@ var unauthorisedMessage = []string{
"The security token included in the request is invalid.",
}

// ErrAlternatorQueryPingNotSupported is returned when alternator query ping is executed,
// but managed cluster enforces alternator authentication.
// See #4036 for more details.
var ErrAlternatorQueryPingNotSupported = errors.New("ScyllaDB Manager does not support alternator query ping when authentication is enforced")

// QueryPing checks if host is available, it returns RTT and error. Special errors
// are ErrTimeout and ErrUnauthorised. Ping is based on executing
// a real query.
func QueryPing(ctx context.Context, config Config) (rtt time.Duration, err error) {
if config.RequiresAuthentication {
return 0, ErrAlternatorQueryPingNotSupported
}

t := timeutc.Now()
defer func() {
rtt = timeutc.Since(t)
Expand All @@ -92,18 +99,13 @@ func QueryPing(ctx context.Context, config Config) (rtt time.Duration, err error

sess := session.Must(session.NewSessionWithOptions(session.Options{
Config: aws.Config{
Endpoint: aws.String(config.Addr),
Region: aws.String("scylla"),
HTTPClient: httpClient(config),
Endpoint: aws.String(config.Addr),
Region: aws.String("scylla"),
HTTPClient: httpClient(config),
Credentials: credentials.AnonymousCredentials,
},
}))

if config.RequiresAuthentication && config.Username != "" && config.Password != "" {
sess.Config.Credentials = credentials.NewStaticCredentials(config.Username, config.Password, "")
} else {
sess.Config.Credentials = credentials.AnonymousCredentials
}

svc := dynamodb.New(sess)

ctx, cancel := context.WithDeadline(ctx, t.Add(config.Timeout))
Expand Down
17 changes: 10 additions & 7 deletions pkg/service/healthcheck/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -300,15 +300,18 @@ func (s *Service) pingAlternator(ctx context.Context, _ uuid.UUID, host string,
return 0, nil
}

pingFunc := dynamoping.SimplePing
if queryPing, err := ni.SupportsAlternatorQuery(); err == nil && queryPing {
pingFunc = dynamoping.QueryPing
}

addr := ni.AlternatorAddr(host)
config := dynamoping.Config{
Addr: addr,
Timeout: timeout,
Addr: addr,
Timeout: timeout,
RequiresAuthentication: ni.AlternatorEnforceAuthorization,
}

pingFunc := dynamoping.SimplePing
if !config.RequiresAuthentication {
if queryPing, err := ni.SupportsAlternatorQuery(); err == nil && queryPing {
pingFunc = dynamoping.QueryPing
}
}

tlsConfig := ni.AlternatorTLSConfig()
Expand Down

0 comments on commit 8081999

Please sign in to comment.