luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Switches all ACL caches to 2Q.

This commit is contained in:
James Phillips 2016-08-09 11:00:22 -07:00
parent 1e75fa0362
commit 0fa059ec49
No known key found for this signature in database
GPG Key ID: 77183E682AC5FC11
3 changed files with 61 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
acl/cache.go
View File

@ -21,9 +21,9 @@ type aclEntry struct {
// Cache is used to implement policy and ACL caching // Cache is used to implement policy and ACL caching
type Cache struct { type Cache struct {
faultfn FaultFunc faultfn FaultFunc
aclCache *lru.Cache // Cache id -> acl aclCache *lru.TwoQueueCache // Cache id -> acl
policyCache *lru.Cache // Cache policy -> acl policyCache *lru.TwoQueueCache // Cache policy -> acl
ruleCache *lru.Cache // Cache rules -> policy ruleCache *lru.TwoQueueCache // Cache rules -> policy
} }
// NewCache constructs a new policy and ACL cache of a given size // NewCache constructs a new policy and ACL cache of a given size
@ -31,9 +31,22 @@ func NewCache(size int, faultfn FaultFunc) (*Cache, error) {
if size <= 0 { if size <= 0 {
return nil, fmt.Errorf("Must provide positive cache size") return nil, fmt.Errorf("Must provide positive cache size")
} }
rc, _ := lru.New(size)
pc, _ := lru.New(size) rc, err := lru.New2Q(size)
ac, _ := lru.New(size) if err != nil {
return nil, err
}
pc, err := lru.New2Q(size)
if err != nil {
return nil, err
}
ac, err := lru.New2Q(size)
if err != nil {
return nil, err
}
c := &Cache{ c := &Cache{
faultfn: faultfn, faultfn: faultfn,
aclCache: ac, aclCache: ac,

44
acl/cache_test.go
View File

@ -5,7 +5,7 @@ import (
) )
func TestCache_GetPolicy(t *testing.T) { func TestCache_GetPolicy(t *testing.T) {
c, err := NewCache(1, nil) c, err := NewCache(2, nil)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -24,11 +24,23 @@ func TestCache_GetPolicy(t *testing.T) {
t.Fatalf("should be cached") t.Fatalf("should be cached")
} }
// Cache a new policy // Work with some new policies to evict the original one
_, err = c.GetPolicy(testSimplePolicy) _, err = c.GetPolicy(testSimplePolicy)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
_, err = c.GetPolicy(testSimplePolicy)
if err != nil {
t.Fatalf("err: %v", err)
}
_, err = c.GetPolicy(testSimplePolicy2)
if err != nil {
t.Fatalf("err: %v", err)
}
_, err = c.GetPolicy(testSimplePolicy2)
if err != nil {
t.Fatalf("err: %v", err)
}
// Test invalidation of p // Test invalidation of p
p3, err := c.GetPolicy("") p3, err := c.GetPolicy("")
@ -44,12 +56,13 @@ func TestCache_GetACL(t *testing.T) {
policies := map[string]string{ policies := map[string]string{
"foo": testSimplePolicy, "foo": testSimplePolicy,
"bar": testSimplePolicy2, "bar": testSimplePolicy2,
"baz": testSimplePolicy3,
} }
faultfn := func(id string) (string, string, error) { faultfn := func(id string) (string, string, error) {
return "deny", policies[id], nil return "deny", policies[id], nil
} }
c, err := NewCache(1, faultfn) c, err := NewCache(2, faultfn)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -80,6 +93,18 @@ func TestCache_GetACL(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
_, err = c.GetACL("bar")
if err != nil {
t.Fatalf("err: %v", err)
}
_, err = c.GetACL("baz")
if err != nil {
t.Fatalf("err: %v", err)
}
_, err = c.GetACL("baz")
if err != nil {
t.Fatalf("err: %v", err)
}
acl3, err := c.GetACL("foo") acl3, err := c.GetACL("foo")
if err != nil { if err != nil {
@ -100,7 +125,7 @@ func TestCache_ClearACL(t *testing.T) {
return "deny", policies[id], nil return "deny", policies[id], nil
} }
c, err := NewCache(1, faultfn) c, err := NewCache(16, faultfn)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -135,7 +160,7 @@ func TestCache_Purge(t *testing.T) {
return "deny", policies[id], nil return "deny", policies[id], nil
} }
c, err := NewCache(1, faultfn) c, err := NewCache(16, faultfn)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -167,7 +192,7 @@ func TestCache_GetACLPolicy(t *testing.T) {
faultfn := func(id string) (string, string, error) { faultfn := func(id string) (string, string, error) {
return "deny", policies[id], nil return "deny", policies[id], nil
} }
c, err := NewCache(1, faultfn) c, err := NewCache(16, faultfn)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -220,7 +245,7 @@ func TestCache_GetACL_Parent(t *testing.T) {
return "", "", nil return "", "", nil
} }
c, err := NewCache(1, faultfn) c, err := NewCache(16, faultfn)
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
@ -296,3 +321,8 @@ key "bar/" {
policy = "read" policy = "read"
} }
` `
var testSimplePolicy3 = `
key "baz/" {
policy = "read"
}
`

10
consul/acl.go
View File

@ -112,16 +112,16 @@ func (s *Server) resolveToken(id string) (acl.ACL, error) {
// rpcFn is used to make an RPC call to the client or server. // rpcFn is used to make an RPC call to the client or server.
type rpcFn func(string, interface{}, interface{}) error type rpcFn func(string, interface{}, interface{}) error
// aclCache is used to cache ACL's and policies. // aclCache is used to cache ACLs and policies.
type aclCache struct { type aclCache struct {
config *Config config *Config
logger *log.Logger logger *log.Logger
// acls is a non-authoritative ACL cache. // acls is a non-authoritative ACL cache.
acls *lru.Cache acls *lru.TwoQueueCache
// aclPolicyCache is a non-authoritative policy cache. // aclPolicyCache is a non-authoritative policy cache.
policies *lru.Cache policies *lru.TwoQueueCache
// rpc is a function used to talk to the client/server. // rpc is a function used to talk to the client/server.
rpc rpcFn rpc rpcFn
@ -144,13 +144,13 @@ func newAclCache(conf *Config, logger *log.Logger, rpc rpcFn, local acl.FaultFun
} }
// Initialize the non-authoritative ACL cache // Initialize the non-authoritative ACL cache
cache.acls, err = lru.New(aclCacheSize) cache.acls, err = lru.New2Q(aclCacheSize)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to create ACL cache: %v", err) return nil, fmt.Errorf("Failed to create ACL cache: %v", err)
} }
// Initialize the ACL policy cache // Initialize the ACL policy cache
cache.policies, err = lru.New(aclCacheSize) cache.policies, err = lru.New2Q(aclCacheSize)
if err != nil { if err != nil {
return nil, fmt.Errorf("Failed to create ACL policy cache: %v", err) return nil, fmt.Errorf("Failed to create ACL policy cache: %v", err)
} }