feat(iris): add actor proxy service for external access to cluster actors#4126
feat(iris): add actor proxy service for external access to cluster actors#4126ravwojdyla merged 4 commits intomainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c761dd35d8
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| self._actor_proxy = ActorProxy(self._service._db) | ||
| # Auth policy: proxy route requires authentication (checked by _RouteAuthMiddleware). | ||
| requires_auth(self._actor_proxy.handle) |
There was a problem hiding this comment.
Calling requires_auth(self._actor_proxy.handle) attempts setattr on a bound method, which raises AttributeError ('method' object has no attribute ...) in Python. This happens during ControllerDashboard._create_app(), so controller startup fails before serving any routes. Annotate the underlying function (or wrap the handler in an annotated function) instead of mutating the bound method instance.
Useful? React with 👍 / 👎.
…tors Add a proxy route on the controller HTTP server that forwards ActorService RPCs to actors on worker VMs. External clients use ProxyResolver to route calls through the controller instead of connecting directly to internal IPs. - ActorProxy: resolves endpoint from DB, forwards raw HTTP to actor server - ProxyResolver: returns controller URL with X-Iris-Actor-Endpoint header - ActorClient: passes endpoint metadata as headers on all RPC calls - Dashboard: mounts proxy route with auth enforcement - Integration tests: full round-trip, missing header, unknown endpoint Closes #4109 Co-authored-by: Rafal Wojdyla <ravwojdyla@users.noreply.github.com>
setattr fails on bound methods in Python, so requires_auth() on self._actor_proxy.handle raised AttributeError at controller startup. Wrap in a local function decorated with @requires_auth instead. Co-Authored-By: Rafal Wojdyla <ravwojdyla@gmail.com>
ravwojdyla
force-pushed
the
claude/issue-4109-20260325-0332
branch
from
c761dd3 to
e8caa03
Compare
rjpower
left a comment
rjpower
left a comment
There was a problem hiding this comment.
lgtm!
i have this vague hand-wavy anxiety about actor -> cluster dependencies, but i don't think it's worth trying to address. (the only thing i could think of would be to define the proxyservice in the actor code, and then have some kind of generic route registration in the controller, but ultimately that doesn't feel worth the extra complexity.)
| def do_call(): | ||
| client = self.rpc_client() | ||
| return client.start_operation(call) | ||
| return client.start_operation(call, headers=self._rpc_headers or None) |
There was a problem hiding this comment.
it looks like rpc_headers is always set, so maybe we don't need the None part
| from starlette.requests import Request | ||
| from starlette.responses import JSONResponse, Response | ||
|
|
||
| from iris.actor.resolver import ACTOR_ENDPOINT_HEADER |
There was a problem hiding this comment.
nit: let's define the magic header constant here, we've been trying to avoid having cluster -> actor dependencies
- Remove unnecessary `or None` on _rpc_headers (always initialized as {})
- Define ACTOR_ENDPOINT_HEADER locally in actor_proxy.py to avoid
cluster → actor import dependency
Co-Authored-By: Rafal Wojdyla <ravwojdyla@gmail.com>
…tors (#4126) Adds an actor proxy route on the controller HTTP server that forwards ActorService RPCs to actors on worker VMs. External clients use ProxyResolver to route calls through the controller instead of connecting directly to internal IPs. Closes #4109 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Rafal Wojdyla <ravwojdyla@users.noreply.github.com>
2 participants
Adds an actor proxy route on the controller HTTP server that forwards ActorService RPCs to actors on worker VMs. External clients use ProxyResolver to route calls through the controller instead of connecting directly to internal IPs.
Closes #4109
Generated with Claude Code