Merge pull request 'Micrometer Monitoring' (#33) from feature/18278 into develop

Author: fmichielssen

pom.xml

@@ -240,7 +240,14 @@
 			<artifactId>mysql-connector-java</artifactId>
 		</dependency>
 
-
+		<dependency>
+			<groupId>io.micrometer</groupId>
+			<artifactId>micrometer-registry-prometheus</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>io.micrometer</groupId>
+			<artifactId>micrometer-registry-influx</artifactId>
+		</dependency>
 
 		<!-- Kubernetes -->
 		<dependency>

src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java

@@ -31,15 +31,20 @@
 import org.springframework.boot.actuate.health.HealthIndicator;
 import org.springframework.boot.actuate.redis.RedisHealthIndicator;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
 import org.springframework.boot.web.server.PortInUseException;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.core.env.Environment;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
-import org.springframework.session.data.redis.config.ConfigureRedisAction;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
 import org.springframework.session.web.http.DefaultCookieSerializer;
+import org.springframework.session.security.SpringSessionBackedSessionRegistry;
 import org.springframework.web.filter.FormContentFilter;
 
 import javax.annotation.PostConstruct;
@@ -142,16 +147,6 @@ public JSR353Module jsr353Module() {
 		return new JSR353Module();
 	}
 
-	/**
-	 * Compatibility with AWS ElastiCache
-	 *
-	 * @return
-	 */
-	@Bean
-	public static ConfigureRedisAction configureRedisAction() {
-		return ConfigureRedisAction.NO_OP;
-	}
-
 	@Bean
 	public HealthIndicator redisSessionHealthIndicator(RedisConnectionFactory rdeRedisConnectionFactory) {
 		if (Objects.equals(environment.getProperty("spring.session.store-type"), "redis")) {
@@ -174,11 +169,27 @@ public Health health() {
 		}
 	}
 
+	/**
+	 * This Bean ensures that User Session are properly expired when using Redis for session storage.
+	 */
+	@Bean
+	@ConditionalOnProperty(name = "spring.session.store-type", havingValue = "redis")
+	public <S extends Session> SessionRegistry sessionRegistry(FindByIndexNameSessionRepository<S> sessionRepository) {
+		return new SpringSessionBackedSessionRegistry<S>(sessionRepository);
+	}
+
+	@Bean
+	public HttpSessionEventPublisher httpSessionEventPublisher() {
+		return new HttpSessionEventPublisher();
+	}
+
 	private static void setDefaultProperties(SpringApplication app) {
 		Properties properties = new Properties();
 
 		// use in-memory session storage by default. Can be overwritten in application.yml
 		properties.put("spring.session.store-type", "none");
+		// required for proper working of the SP_USER_INITIATED_LOGOUT session attribute in the UserService
+		properties.put("spring.session.redis.flush-mode", "IMMEDIATE");
 
 		// disable multi-part handling by Spring. We don't need this anywhere in the application.
 		// When enabled this will cause problems when proxying file-uploads to the shiny apps.
@@ -189,6 +200,22 @@ private static void setDefaultProperties(SpringApplication app) {
 
 		properties.put("spring.application.name", "ContainerProxy");
 
+		// Metrics configuration
+		// ====================
+
+		// disable all supported exporters by default
+		// Note: if we upgrade to Spring Boot 2.4.0 we can use properties.put("management.metrics.export.defaults.enabled", "false");
+		properties.put("management.metrics.export.prometheus.enabled", "false");
+		properties.put("management.metrics.export.influx.enabled", "false");
+		// set actuator to port 9090 (can be overwritten)
+		properties.put("management.server.port", "9090");
+		// enable prometheus endpoint by default (but not the exporter)
+		properties.put("management.endpoint.prometheus.enabled", "true");
+		// include prometheus and health endpoint in exposure
+		properties.put("management.endpoints.web.exposure.include", "health,prometheus");
+
+		// ====================
+
 		// Health configuration
 		// ====================
 
@@ -198,7 +225,7 @@ private static void setDefaultProperties(SpringApplication app) {
 		properties.put("management.health.ldap.enabled", false);
 		// disable default redis health endpoint since it's managed by redisSession
 		properties.put("management.health.redis.enabled", "false");
-		// enable Kubernetes porobes
+		// enable Kubernetes probes
 		properties.put("management.endpoint.health.probes.enabled", true);
 
 		// ====================

src/main/java/eu/openanalytics/containerproxy/auth/UserLogoutHandler.java

@@ -35,7 +35,7 @@ public class UserLogoutHandler implements LogoutHandler {
 
 	@Inject
 	private UserService userService;
-	
+
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		userService.logout(authentication);

src/main/java/eu/openanalytics/containerproxy/auth/impl/KerberosAuthenticationBackend.java

@@ -27,6 +27,8 @@
 
 import javax.inject.Inject;
 
+import eu.openanalytics.containerproxy.event.UserLogoutEvent;
+import org.springframework.context.event.EventListener;
 import org.springframework.core.env.Environment;
 import org.springframework.core.io.FileSystemResource;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -52,25 +54,22 @@
 import eu.openanalytics.containerproxy.auth.impl.kerberos.KRBClientCacheRegistry;
 import eu.openanalytics.containerproxy.auth.impl.kerberos.KRBTicketRenewalManager;
 import eu.openanalytics.containerproxy.model.spec.ContainerSpec;
-import eu.openanalytics.containerproxy.service.EventService;
-import eu.openanalytics.containerproxy.service.EventService.EventType;
 
 public class KerberosAuthenticationBackend implements IAuthenticationBackend {
 
 	public static final String NAME = "kerberos";
 
 	private KRBClientCacheRegistry ccacheReg;
-	
+
+	private KRBTicketRenewalManager renewalManager;
+
 	@Inject
 	Environment environment;
 
 	@Lazy
 	@Inject
 	AuthenticationManager authenticationManager;
 
-	@Inject
-	EventService eventService;
-	
 	@Override
 	public String getName() {
 		return NAME;
@@ -116,13 +115,9 @@ public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder a
 		ticketValidator.setDebug(true);
 		ticketValidator.afterPropertiesSet();
 
-		KRBTicketRenewalManager renewalManager = new KRBTicketRenewalManager(
+		renewalManager = new KRBTicketRenewalManager(
 				delegSvcPrinc, delegSvcKeytab, backendPrincipals, ccacheReg, ticketRenewInterval);
 
-		eventService.addListener(e -> {
-			if (EventType.Logout.toString().equals(e.type)) renewalManager.stop(e.user);
-		});
-		
 		KerberosServiceAuthenticationProvider authProvider = new KerberosServiceAuthenticationProvider() {
 			@Override
 			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
@@ -138,6 +133,11 @@ public Authentication authenticate(Authentication authentication) throws Authent
 		auth.authenticationProvider(authProvider);
 	}
 
+	@EventListener
+	public void on(UserLogoutEvent event) {
+		renewalManager.stop(event.getUserId());
+	}
+
 	@Override
 	public void customizeContainer(ContainerSpec spec) {
 		String principal = getCurrentPrincipal();

src/main/java/eu/openanalytics/containerproxy/backend/AbstractContainerBackend.java

@@ -129,8 +129,8 @@ public void initialize() throws ContainerProxyException {
 	public void startProxy(Proxy proxy) throws ContainerProxyException {
 		proxy.setId(UUID.randomUUID().toString());
 		proxy.setStatus(ProxyStatus.Starting);
-		proxy.setStartupTimestamp(System.currentTimeMillis());
-
+		proxy.setCreatedTimestamp(System.currentTimeMillis());
+		
 		try {
 			doStartProxy(proxy);
 		} catch (Throwable t) {
@@ -142,7 +142,8 @@ public void startProxy(Proxy proxy) throws ContainerProxyException {
 			stopProxy(proxy);
 			throw new ContainerProxyException("Container did not respond in time");
 		}
-		
+
+		proxy.setStartupTimestamp(System.currentTimeMillis());
 		proxy.setStatus(ProxyStatus.Up);
 	}
 

src/main/java/eu/openanalytics/containerproxy/event/AuthFailedEvent.java

@@ -0,0 +1,46 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.event;
+
+import org.springframework.context.ApplicationEvent;
+
+public class AuthFailedEvent extends ApplicationEvent {
+
+    private final String userId;
+    private final String sessionId;
+
+    public AuthFailedEvent(Object source, String userId, String sessionId) {
+        super(source);
+        this.userId = userId;
+        this.sessionId = sessionId;
+    }
+
+    public String getSessionId() {
+        return sessionId;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+}
+
+

src/main/java/eu/openanalytics/containerproxy/event/ProxyStartEvent.java

@@ -0,0 +1,51 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.event;
+
+import org.springframework.context.ApplicationEvent;
+
+import java.time.Duration;
+
+public class ProxyStartEvent extends ApplicationEvent {
+
+    private final String userId;
+    private final String specId;
+    private final Duration startupTime;
+
+    public ProxyStartEvent(Object source, String userId, String specId, Duration startupTime) {
+        super(source);
+        this.userId = userId;
+        this.specId = specId;
+        this.startupTime = startupTime;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public String getSpecId() {
+        return specId;
+    }
+
+    public Duration getStartupTime() {
+        return startupTime;
+    }
+}

src/main/java/eu/openanalytics/containerproxy/event/ProxyStartFailedEvent.java

@@ -0,0 +1,44 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.event;
+
+import org.springframework.context.ApplicationEvent;
+
+public class ProxyStartFailedEvent extends ApplicationEvent {
+
+    private final String userId;
+    private final String specId;
+
+    public ProxyStartFailedEvent(Object source, String userId, String specId) {
+        super(source);
+        this.userId = userId;
+        this.specId = specId;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public String getSpecId() {
+        return specId;
+    }
+
+}