feat: cda infrastructure worker

Author: jbutler

src/main/java/com/aws/greengrass/clientdevices/auth/ClientDevicesAuthService.java

@@ -14,7 +14,9 @@
 import com.aws.greengrass.clientdevices.auth.configuration.CDAConfiguration;
 import com.aws.greengrass.clientdevices.auth.configuration.GroupConfiguration;
 import com.aws.greengrass.clientdevices.auth.configuration.GroupManager;
+import com.aws.greengrass.clientdevices.auth.configuration.InfrastructureConfiguration;
 import com.aws.greengrass.clientdevices.auth.connectivity.CISShadowMonitor;
+import com.aws.greengrass.clientdevices.auth.infra.CDAExecutor;
 import com.aws.greengrass.clientdevices.auth.infra.NetworkState;
 import com.aws.greengrass.clientdevices.auth.session.MqttSessionFactory;
 import com.aws.greengrass.clientdevices.auth.session.SessionConfig;
@@ -30,7 +32,6 @@
 import com.aws.greengrass.ipc.SubscribeToCertificateUpdatesOperationHandler;
 import com.aws.greengrass.ipc.VerifyClientDeviceIdentityOperationHandler;
 import com.aws.greengrass.lifecyclemanager.PluginService;
-import com.aws.greengrass.util.Coerce;
 import com.fasterxml.jackson.databind.MapperFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCService;
@@ -45,6 +46,8 @@
 import java.util.concurrent.TimeUnit;
 import javax.inject.Inject;
 
+import static com.aws.greengrass.clientdevices.auth.configuration.InfrastructureConfiguration.DEFAULT_THREAD_POOL_SIZE;
+import static com.aws.greengrass.clientdevices.auth.configuration.InfrastructureConfiguration.DEFAULT_WORK_QUEUE_DEPTH;
 import static com.aws.greengrass.componentmanager.KernelConfigResolver.CONFIGURATION_CONFIG_KEY;
 import static software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCService.AUTHORIZE_CLIENT_DEVICE_ACTION;
 import static software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCService.GET_CLIENT_DEVICE_AUTH_TOKEN;
@@ -55,22 +58,17 @@
 public class ClientDevicesAuthService extends PluginService {
     public static final String CLIENT_DEVICES_AUTH_SERVICE_NAME = "aws.greengrass.clientdevices.Auth";
 
+    private CDAConfiguration cdaConfiguration;
+    private InfrastructureConfiguration infrastructureConfig;
+
     // TODO: Move configuration related constants to appropriate configuration class
     public static final String DEVICE_GROUPS_TOPICS = "deviceGroups";
     public static final String PERFORMANCE_TOPIC = "performance";
     public static final String MAX_ACTIVE_AUTH_TOKENS_TOPIC = "maxActiveAuthTokens";
     public static final String CLOUD_REQUEST_QUEUE_SIZE_TOPIC = "cloudRequestQueueSize";
     public static final String MAX_CONCURRENT_CLOUD_REQUESTS_TOPIC = "maxConcurrentCloudRequests";
-    // Limit the queue size before we start rejecting requests
-    private static final int DEFAULT_CLOUD_CALL_QUEUE_SIZE = 100;
-    private static final int DEFAULT_THREAD_POOL_SIZE = 1;
     public static final int DEFAULT_MAX_ACTIVE_AUTH_TOKENS = 2500;
 
-    // Create a threadpool for calling the cloud. Single thread will be used by default.
-    private ThreadPoolExecutor cloudCallThreadPool;
-    private int cloudCallQueueSize;
-    private CDAConfiguration cdaConfiguration;
-
 
     /**
      * Constructor.
@@ -88,32 +86,10 @@ protected void install() throws InterruptedException {
 
         context.get(UseCases.class).init(context);
         context.get(CertificateManager.class).updateCertificatesConfiguration(new CertificatesConfig(getConfig()));
-        initializeInfrastructure();
         initializeHandlers();
         subscribeToConfigChanges();
     }
 
-    private int getValidCloudCallQueueSize(Topics topics) {
-        int newSize = Coerce.toInt(
-                topics.findOrDefault(DEFAULT_CLOUD_CALL_QUEUE_SIZE,
-                        CONFIGURATION_CONFIG_KEY, PERFORMANCE_TOPIC, CLOUD_REQUEST_QUEUE_SIZE_TOPIC));
-        if (newSize <= 0) {
-            logger.atWarn().log("{} illegal size, will not change the queue size from {}",
-                    CLOUD_REQUEST_QUEUE_SIZE_TOPIC, cloudCallQueueSize);
-            return cloudCallQueueSize; // existing size
-        }
-        return newSize;
-    }
-
-    private void initializeInfrastructure() {
-        cloudCallQueueSize = DEFAULT_CLOUD_CALL_QUEUE_SIZE;
-        cloudCallQueueSize = getValidCloudCallQueueSize(config);
-        cloudCallThreadPool = new ThreadPoolExecutor(1,
-                DEFAULT_THREAD_POOL_SIZE, 60, TimeUnit.SECONDS,
-                new ResizableLinkedBlockingQueue<>(cloudCallQueueSize));
-        cloudCallThreadPool.allowCoreThreadTimeOut(true); // act as a cached threadpool
-    }
-
     private void initializeHandlers() {
         // Register auth session handlers
         context.get(SessionManager.class).setSessionConfig(new SessionConfig(getConfig()));
@@ -146,34 +122,20 @@ private void configChangeHandler(WhatHappened whatHappened, Node node) {
             return;
         }
         logger.atDebug().kv("why", whatHappened).kv("node", node).log();
+
         // NOTE: This should not live here. The service doesn't have to have knowledge about where/how
         // keys are stored
-        Topics deviceGroupTopics = this.config.lookupTopics(CONFIGURATION_CONFIG_KEY, DEVICE_GROUPS_TOPICS);
-
-        try {
-            // NOTE: Extract this to a method these are infrastructure concerns.
-            int threadPoolSize = Coerce.toInt(this.config.findOrDefault(DEFAULT_THREAD_POOL_SIZE,
-                    CONFIGURATION_CONFIG_KEY, PERFORMANCE_TOPIC, MAX_CONCURRENT_CLOUD_REQUESTS_TOPIC));
-            if (threadPoolSize >= cloudCallThreadPool.getCorePoolSize()) {
-                cloudCallThreadPool.setMaximumPoolSize(threadPoolSize);
-            }
-        } catch (IllegalArgumentException e) {
-            logger.atWarn().log("Unable to update CDA threadpool size due to {}", e.getMessage());
-        }
-
-        if (whatHappened != WhatHappened.initialized && node != null && node.childOf(CLOUD_REQUEST_QUEUE_SIZE_TOPIC)) {
-            // NOTE: Extract this to a method these are infrastructure concerns.
-            BlockingQueue<Runnable> q = cloudCallThreadPool.getQueue();
-            if (q instanceof ResizableLinkedBlockingQueue) {
-                cloudCallQueueSize = getValidCloudCallQueueSize(this.config);
-                ((ResizableLinkedBlockingQueue) q).resize(cloudCallQueueSize);
-            }
-        }
-
         if (whatHappened == WhatHappened.initialized || node == null || node.childOf(DEVICE_GROUPS_TOPICS)) {
+            Topics deviceGroupTopics = this.config.lookupTopics(CONFIGURATION_CONFIG_KEY, DEVICE_GROUPS_TOPICS);
             updateDeviceGroups(whatHappened, deviceGroupTopics);
         }
 
+        InfrastructureConfiguration newInfraConfig = InfrastructureConfiguration.from(getConfig());
+        if (infrastructureConfig == null || !newInfraConfig.equals(infrastructureConfig)) {
+            updateInfrastructure(newInfraConfig);
+            infrastructureConfig = newInfraConfig;
+        }
+
         onConfigurationChanged();
     }
 
@@ -189,10 +151,20 @@ protected void shutdown() throws InterruptedException {
         context.get(CertificateManager.class).stopMonitors();
     }
 
-    @Override
-    public void postInject() {
-        super.postInject();
+    private void updateInfrastructure(InfrastructureConfiguration infraConfig) {
+        context.get(CDAExecutor.class).accept(infraConfig);
+    }
+
+    private void initializeInfrastructure() {
+        BlockingQueue<Runnable> queue = new ResizableLinkedBlockingQueue<>(DEFAULT_WORK_QUEUE_DEPTH);
+        ThreadPoolExecutor executor = new ThreadPoolExecutor(DEFAULT_THREAD_POOL_SIZE,
+                DEFAULT_THREAD_POOL_SIZE, 60, TimeUnit.SECONDS, queue);
+        context.put(CDAExecutor.class, new CDAExecutor(executor));
+    }
+
+    private void initializeIPC() {
         AuthorizationHandler authorizationHandler = context.get(AuthorizationHandler.class);
+
         try {
             authorizationHandler.registerComponent(this.getName(),
                     new HashSet<>(Arrays.asList(SUBSCRIBE_TO_CERTIFICATE_UPDATES,
@@ -212,17 +184,20 @@ public void postInject() {
                 new SubscribeToCertificateUpdatesOperationHandler(context, certificateManager, authorizationHandler));
         greengrassCoreIPCService.setVerifyClientDeviceIdentityHandler(context ->
                 new VerifyClientDeviceIdentityOperationHandler(context, serviceApi,
-                        authorizationHandler, cloudCallThreadPool));
+                        authorizationHandler, this.context.get(CDAExecutor.class)));
         greengrassCoreIPCService.setGetClientDeviceAuthTokenHandler(context ->
                 new GetClientDeviceAuthTokenOperationHandler(context, serviceApi, authorizationHandler,
-                        cloudCallThreadPool));
+                        this.context.get(CDAExecutor.class)));
         greengrassCoreIPCService.setAuthorizeClientDeviceActionHandler(context ->
                 new AuthorizeClientDeviceActionOperationHandler(context, serviceApi,
                         authorizationHandler));
     }
 
-    public CertificateManager getCertificateManager() {
-        return context.get(CertificateManager.class);
+    @Override
+    public void postInject() {
+        super.postInject();
+        initializeInfrastructure();
+        initializeIPC();
     }
 
     private void updateDeviceGroups(WhatHappened whatHappened, Topics deviceGroupsTopics) {
@@ -250,7 +225,7 @@ void updateCACertificateConfig(List<String> caCerts) {
     protected CompletableFuture<Void> close(boolean waitForDependers) {
         // shutdown the threadpool in close, not in shutdown() because it is created
         // and injected in the constructor and we won't be able to restart it after it stops.
-        cloudCallThreadPool.shutdown();
+        context.get(CDAExecutor.class).shutdown();
         return super.close(waitForDependers);
     }
 }

src/main/java/com/aws/greengrass/clientdevices/auth/configuration/InfrastructureConfiguration.java

@@ -0,0 +1,68 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.clientdevices.auth.configuration;
+
+import com.aws.greengrass.config.Topics;
+import com.aws.greengrass.logging.api.Logger;
+import com.aws.greengrass.logging.impl.LogManager;
+import com.aws.greengrass.util.Coerce;
+import lombok.Value;
+
+/**
+ * Represents client device infrastructure configuration.
+ * </p>
+ * NOTE: currently we're shoving some unrelated things under the `performance` key.
+ * Things like maxActiveAuthTokens and refresh periods should be grouped separately.
+ * <p>
+ * |---- configuration
+ * |    |---- performance:
+ * |          |---- cloudRequestQueueSize: "..."
+ * |          |---- maxConcurrentCloudRequests: [...]
+ * </p>
+ */
+@Value
+public final class InfrastructureConfiguration {
+    private static final Logger logger = LogManager.getLogger(InfrastructureConfiguration.class);
+
+    public static final int DEFAULT_WORK_QUEUE_DEPTH = 100;
+    public static final int DEFAULT_THREAD_POOL_SIZE = 1;
+
+    public static final String PERFORMANCE_TOPIC = "performance";
+    // TODO: Need to determine if this is useful. We may want different numbers for internal
+    //  vs external usage - e.g. IPC work queue throttling vs internal cert refreshes
+    public static final String WORK_QUEUE_DEPTH = "cloudRequestQueueSize"; // Deprecate?
+    public static final String THREAD_POOL_SIZE = "maxConcurrentCloudRequests"; // Deprecate?
+
+    int workQueueDepth;
+    int threadPoolSize;
+
+    private InfrastructureConfiguration(int workQueueDepth, int threadPoolSize) {
+        this.workQueueDepth = workQueueDepth;
+        this.threadPoolSize = threadPoolSize;
+    }
+
+    /**
+     * Factory method for creating an immutable InfrastructureConfiguration from the service configuration.
+     *
+     * @param configurationTopics the configuration key of the service configuration
+     */
+    public static InfrastructureConfiguration from(Topics configurationTopics) {
+        Topics infraTopics = configurationTopics.lookupTopics(PERFORMANCE_TOPIC);
+
+        return new InfrastructureConfiguration(
+                getWorkQueueDepthFromConfiguration(infraTopics),
+                getThreadPoolSizeFromConfiguration(infraTopics)
+        );
+    }
+
+    private static int getWorkQueueDepthFromConfiguration(Topics infraTopics) {
+        return Coerce.toInt(infraTopics.findOrDefault(DEFAULT_WORK_QUEUE_DEPTH, WORK_QUEUE_DEPTH));
+    }
+
+    private static int getThreadPoolSizeFromConfiguration(Topics infraTopics) {
+        return Coerce.toInt(infraTopics.findOrDefault(DEFAULT_THREAD_POOL_SIZE, THREAD_POOL_SIZE));
+    }
+}

src/main/java/com/aws/greengrass/clientdevices/auth/infra/CDAExecutor.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.aws.greengrass.clientdevices.auth.infra;
+
+import com.aws.greengrass.clientdevices.auth.configuration.InfrastructureConfiguration;
+import com.aws.greengrass.clientdevices.auth.util.ResizableLinkedBlockingQueue;
+
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Future;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.function.Consumer;
+
+public final class CDAExecutor implements Executor, Consumer<InfrastructureConfiguration> {
+    private final ThreadPoolExecutor executor;
+    private final BlockingQueue<Runnable> executorQueue;
+
+    /**
+     * Creates a new CDAExecutor with the given underlying ThreadPoolExecutor.
+     * The underlying work queue should be resizeable in order to respond
+     * to component configuration updates.
+     *
+     * @param executor Thread pool executor to be used as the underlying work thread pool.
+     */
+    public CDAExecutor(ThreadPoolExecutor executor) {
+        this.executor = executor;
+        this.executorQueue = executor.getQueue();
+    }
+
+    public void shutdown() {
+        executor.shutdown();
+    }
+
+    @Override
+    public void execute(Runnable command) {
+        executor.execute(command);
+    }
+
+    public <T> Future<T> execute(Callable<T> callable) {
+        return executor.submit(callable);
+    }
+
+    @Override
+    public void accept(InfrastructureConfiguration infrastructureConfiguration) {
+        // Thread pool size may not shrink below core pool size, so reduce this accordingly
+        int maxPoolSize = infrastructureConfiguration.getThreadPoolSize();
+
+        if (maxPoolSize > executor.getCorePoolSize()) {
+            maxPoolSize = executor.getCorePoolSize();
+        }
+        executor.setMaximumPoolSize(maxPoolSize);
+
+        // Only attempt to resize the underlying work queue if it is a ResizeableLinkedBlockingQueue
+        if (executorQueue instanceof ResizableLinkedBlockingQueue) {
+            int queueDepth = infrastructureConfiguration.getWorkQueueDepth();
+            ((ResizableLinkedBlockingQueue) executorQueue).resize(queueDepth);
+        }
+    }
+}

src/main/java/com/aws/greengrass/ipc/GetClientDeviceAuthTokenOperationHandler.java

@@ -29,7 +29,7 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executor;
 import java.util.concurrent.RejectedExecutionException;
 
 import static com.aws.greengrass.ipc.common.ExceptionUtil.translateExceptions;
@@ -46,7 +46,7 @@ public class GetClientDeviceAuthTokenOperationHandler
     private final AuthorizationHandler authorizationHandler;
     private final ClientDevicesAuthServiceApi clientDevicesAuthServiceApi;
     private final Map<String, String> credentialMap = new HashMap<>();
-    private final ExecutorService cloudCallThreadPool;
+    private final Executor cloudCallThreadPool;
 
     /**
      * Constructor.
@@ -60,7 +60,7 @@ public GetClientDeviceAuthTokenOperationHandler(
             OperationContinuationHandlerContext context,
             ClientDevicesAuthServiceApi clientDevicesAuthServiceApi,
             AuthorizationHandler authorizationHandler,
-            ExecutorService cloudCallThreadPool
+            Executor cloudCallThreadPool
     ) {
 
         super(context);

src/main/java/com/aws/greengrass/ipc/VerifyClientDeviceIdentityOperationHandler.java

@@ -11,6 +11,7 @@
 import com.aws.greengrass.authorization.exceptions.AuthorizationException;
 import com.aws.greengrass.clientdevices.auth.ClientDevicesAuthService;
 import com.aws.greengrass.clientdevices.auth.api.ClientDevicesAuthServiceApi;
+import com.aws.greengrass.clientdevices.auth.infra.CDAExecutor;
 import com.aws.greengrass.logging.api.Logger;
 import com.aws.greengrass.logging.impl.LogManager;
 import com.aws.greengrass.util.Utils;
@@ -25,7 +26,6 @@
 import software.amazon.awssdk.eventstreamrpc.model.EventStreamJsonMessage;
 
 import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutorService;
 import java.util.concurrent.RejectedExecutionException;
 
 import static com.aws.greengrass.ipc.common.ExceptionUtil.translateExceptions;
@@ -41,7 +41,7 @@ public class VerifyClientDeviceIdentityOperationHandler
     private final ClientDevicesAuthServiceApi clientDevicesAuthServiceApi;
     private final String serviceName;
     private final AuthorizationHandler authorizationHandler;
-    private final ExecutorService cloudCallThreadPool;
+    private final CDAExecutor cloudCallThreadPool;
 
     /**
      * Constructor.
@@ -53,7 +53,7 @@ public class VerifyClientDeviceIdentityOperationHandler
      */
     public VerifyClientDeviceIdentityOperationHandler(
             OperationContinuationHandlerContext context, ClientDevicesAuthServiceApi clientDevicesAuthServiceApi,
-            AuthorizationHandler authorizationHandler, ExecutorService cloudCallThreadPool) {
+            AuthorizationHandler authorizationHandler, CDAExecutor cloudCallThreadPool) {
 
         super(context);
         this.clientDevicesAuthServiceApi = clientDevicesAuthServiceApi;

src/test/java/com/aws/greengrass/clientdevices/auth/ClientDevicesAuthServiceTest.java

@@ -305,10 +305,8 @@ private String getCaPassphrase() {
     }
 
     private List<String> getCaCertificates()
-            throws ServiceLoadException, CertificateEncodingException, KeyStoreException, IOException {
-        ClientDevicesAuthService clientDevicesAuthService =
-                (ClientDevicesAuthService) kernel.locate(ClientDevicesAuthService.CLIENT_DEVICES_AUTH_SERVICE_NAME);
-        return clientDevicesAuthService.getCertificateManager().getCACertificates();
+            throws CertificateEncodingException, KeyStoreException, IOException {
+        return kernel.getContext().get(CertificateManager.class).getCACertificates();
     }