Move GCP proxy code to the old [] proxy's location

1. Moved code for the GCP proxy to where the [] proxy code used to live. 3. Corrected reference to the GCP proxy location. 4. Misc changes to make ErrorProne and various tools happy. +diekmann to LGTM terraform whitelist change. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=213630560
2025-08-04 00:42:12 +02:00 · 2018-09-19 08:20:21 -07:00 · 2018-09-19 08:20:21 -07:00 · 3fc7271145
commit 3fc7271145
parent 961e5cc7c7
102 changed files with 296 additions and 11 deletions
--- a/java/google/registry/proxy/metric/BackendMetrics.java
+++ b/java/google/registry/proxy/metric/BackendMetrics.java
@ -0,0 +1,126 @@
+// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.proxy.metric;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.monitoring.metrics.CustomFitter;
+import com.google.monitoring.metrics.EventMetric;
+import com.google.monitoring.metrics.ExponentialFitter;
+import com.google.monitoring.metrics.FibonacciFitter;
+import com.google.monitoring.metrics.IncrementableMetric;
+import com.google.monitoring.metrics.LabelDescriptor;
+import com.google.monitoring.metrics.MetricRegistryImpl;
+import google.registry.util.NonFinalForTesting;
+import io.netty.handler.codec.http.FullHttpResponse;
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+/** Backend metrics instrumentation. */
+@Singleton
+public class BackendMetrics {
+
+  // Maximum request size is defined in the config file, this is not realistic and we'd be out of
+  // memory when the size approach 1 GB.
+  private static final CustomFitter DEFAULT_SIZE_FITTER = FibonacciFitter.create(1073741824);
+
+  // Maximum 1 hour latency, this is not specified by the spec, but given we have a one hour idle
+  // timeout, it seems reasonable that maximum latency is set to 1 hour as well. If we are
+  // approaching anywhere near 1 hour latency, we'd be way out of SLO anyway.
+  private static final ExponentialFitter DEFAULT_LATENCY_FITTER =
+      ExponentialFitter.create(22, 2, 1.0);
+
+  private static final ImmutableSet<LabelDescriptor> LABELS =
+      ImmutableSet.of(
+          LabelDescriptor.create("protocol", "Name of the protocol."),
+          LabelDescriptor.create(
+              "client_cert_hash", "SHA256 hash of the client certificate, if available."));
+
+  static final IncrementableMetric requestsCounter =
+      MetricRegistryImpl.getDefault()
+          .newIncrementableMetric(
+              "/proxy/backend/requests",
+              "Total number of requests send to the backend.",
+              "Requests",
+              LABELS);
+
+  static final IncrementableMetric responsesCounter =
+      MetricRegistryImpl.getDefault()
+          .newIncrementableMetric(
+              "/proxy/backend/responses",
+              "Total number of responses received by the backend.",
+              "Responses",
+              ImmutableSet.<LabelDescriptor>builder()
+                  .addAll(LABELS)
+                  .add(LabelDescriptor.create("status", "HTTP status code."))
+                  .build());
+
+  static final EventMetric requestBytes =
+      MetricRegistryImpl.getDefault()
+          .newEventMetric(
+              "/proxy/backend/request_bytes",
+              "Size of the backend requests sent.",
+              "Request Bytes",
+              LABELS,
+              DEFAULT_SIZE_FITTER);
+
+  static final EventMetric responseBytes =
+      MetricRegistryImpl.getDefault()
+          .newEventMetric(
+              "/proxy/backend/response_bytes",
+              "Size of the backend responses received.",
+              "Response Bytes",
+              LABELS,
+              DEFAULT_SIZE_FITTER);
+
+  static final EventMetric latencyMs =
+      MetricRegistryImpl.getDefault()
+          .newEventMetric(
+              "/proxy/backend/latency_ms",
+              "Round-trip time between a request sent and its corresponding response received.",
+              "Latency Milliseconds",
+              LABELS,
+              DEFAULT_LATENCY_FITTER);
+
+  @Inject
+  BackendMetrics() {}
+
+  /**
+   * Resets all backend metrics.
+   *
+   * <p>This should only used in tests to clear out states. No production code should call this
+   * function.
+   */
+  void resetMetric() {
+    requestBytes.reset();
+    requestsCounter.reset();
+    responseBytes.reset();
+    responsesCounter.reset();
+    latencyMs.reset();
+  }
+
+  @NonFinalForTesting
+  public void requestSent(String protocol, String certHash, int bytes) {
+    requestsCounter.increment(protocol, certHash);
+    requestBytes.record(bytes, protocol, certHash);
+  }
+
+  @NonFinalForTesting
+  public void responseReceived(
+      String protocol, String certHash, FullHttpResponse response, long latency) {
+    latencyMs.record(latency, protocol, certHash);
+    responseBytes.record(response.content().readableBytes(), protocol, certHash);
+    responsesCounter.increment(protocol, certHash, response.status().toString());
+  }
+}
--- a/java/google/registry/proxy/metric/FrontendMetrics.java
+++ b/java/google/registry/proxy/metric/FrontendMetrics.java
@ -0,0 +1,125 @@
+// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.proxy.metric;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.monitoring.metrics.IncrementableMetric;
+import com.google.monitoring.metrics.LabelDescriptor;
+import com.google.monitoring.metrics.Metric;
+import com.google.monitoring.metrics.MetricRegistryImpl;
+import google.registry.util.NonFinalForTesting;
+import io.netty.channel.Channel;
+import io.netty.channel.group.ChannelGroup;
+import io.netty.channel.group.DefaultChannelGroup;
+import io.netty.util.concurrent.GlobalEventExecutor;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+/** Frontend metrics instrumentation. */
+@Singleton
+public class FrontendMetrics {
+
+  /**
+   * Labels to register front metrics with.
+   *
+   * <p>The client certificate hash value is only used for EPP metrics. For WHOIS metrics, it will
+   * always be {@code "none"}. In order to get the actual registrar name, one can use the {@code
+   * nomulus} tool:
+   *
+   * <pre>
+   * nomulus -e production list_registrars -f clientCertificateHash | grep $HASH
+   * </pre>
+   */
+  private static final ImmutableSet<LabelDescriptor> LABELS =
+      ImmutableSet.of(
+          LabelDescriptor.create("protocol", "Name of the protocol."),
+          LabelDescriptor.create(
+              "client_cert_hash", "SHA256 hash of the client certificate, if available."));
+
+  private static final ConcurrentMap<ImmutableList<String>, ChannelGroup> activeConnections =
+      new ConcurrentHashMap<>();
+
+  static final Metric<Long> activeConnectionsGauge =
+      MetricRegistryImpl.getDefault()
+          .newGauge(
+              "/proxy/frontend/active_connections",
+              "Number of active connections from clients to the proxy.",
+              "Active Connections",
+              LABELS,
+              () ->
+                  activeConnections
+                      .entrySet()
+                      .stream()
+                      .collect(
+                          ImmutableMap.toImmutableMap(
+                              Map.Entry::getKey, entry -> (long) entry.getValue().size())),
+              Long.class);
+
+  static final IncrementableMetric totalConnectionsCounter =
+      MetricRegistryImpl.getDefault()
+          .newIncrementableMetric(
+              "/proxy/frontend/total_connections",
+              "Total number connections ever made from clients to the proxy.",
+              "Total Connections",
+              LABELS);
+
+  static final IncrementableMetric quotaRejectionsCounter =
+      MetricRegistryImpl.getDefault()
+          .newIncrementableMetric(
+              "/proxy/frontend/quota_rejections",
+              "Total number rejected quota request made by proxy for each connection.",
+              "Quota Rejections",
+              LABELS);
+
+  @Inject
+  public FrontendMetrics() {}
+
+  /**
+   * Resets all frontend metrics.
+   *
+   * <p>This should only be used in tests to reset states. Production code should not call this
+   * method.
+   */
+  @VisibleForTesting
+  void resetMetrics() {
+    totalConnectionsCounter.reset();
+    activeConnections.clear();
+  }
+
+  @NonFinalForTesting
+  public void registerActiveConnection(String protocol, String certHash, Channel channel) {
+    totalConnectionsCounter.increment(protocol, certHash);
+    ImmutableList<String> labels = ImmutableList.of(protocol, certHash);
+    ChannelGroup channelGroup;
+    if (activeConnections.containsKey(labels)) {
+      channelGroup = activeConnections.get(labels);
+    } else {
+      channelGroup = new DefaultChannelGroup(GlobalEventExecutor.INSTANCE);
+      activeConnections.put(labels, channelGroup);
+    }
+    channelGroup.add(channel);
+  }
+
+  @NonFinalForTesting
+  public void registerQuotaRejection(String protocol, String certHash) {
+    quotaRejectionsCounter.increment(protocol, certHash);
+  }
+}
--- a/java/google/registry/proxy/metric/MetricParameters.java
+++ b/java/google/registry/proxy/metric/MetricParameters.java
@ -0,0 +1,143 @@
+// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.proxy.metric;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.api.services.monitoring.v3.model.MonitoredResource;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.flogger.FluentLogger;
+import com.google.common.io.CharStreams;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.Map;
+import java.util.function.Function;
+import javax.inject.Inject;
+
+/**
+ * Utility class to obtain labels for monitored resource of type {@code gke_container}.
+ *
+ * <p>Custom metrics collected by the proxy need to be associated with a {@link MonitoredResource}.
+ * When running on GKE, the type is {@code gke_container}. The labels for this type are used to
+ * group related metrics together, and to avoid out-of-order metrics writes. This class provides a
+ * map of the labels where the values are either read from environment variables (pod and container
+ * related labels) or queried from GCE metadata server (cluster and instance related labels).
+ *
+ * @see <a
+ *     href="https://cloud.google.com/monitoring/custom-metrics/creating-metrics#which-resource">
+ *     Creating Custom Metrics - Choosing a monitored resource type</a>
+ * @see <a href="https://cloud.google.com/monitoring/api/resources#tag_gke_container">Monitored
+ *     Resource Types - gke_container</a>
+ * @see <a href="https://cloud.google.com/compute/docs/storing-retrieving-metadata#querying">Storing
+ *     and Retrieving Instance Metadata - Getting metadata</a>
+ * @see <a
+ *     href="https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/">
+ *     Expose Pod Information to Containers Through Environment Variables </a>
+ */
+public class MetricParameters {
+
+  // Environment variable names, defined in the GKE deployment pod spec.
+  static final String NAMESPACE_ID_ENV = "NAMESPACE_ID";
+  static final String POD_ID_ENV = "POD_ID";
+  static final String CONTAINER_NAME_ENV = "CONTAINER_NAME";
+
+  // GCE metadata server URLs to retrieve instance related information.
+  private static final String GCE_METADATA_URL_BASE = "http://metadata.google.internal/";
+  static final String PROJECT_ID_PATH = "computeMetadata/v1/project/project-id";
+  static final String CLUSTER_NAME_PATH = "computeMetadata/v1/instance/attributes/cluster-name";
+  static final String INSTANCE_ID_PATH = "computeMetadata/v1/instance/id";
+  static final String ZONE_PATH = "computeMetadata/v1/instance/zone";
+
+  private static final FluentLogger logger = FluentLogger.forEnclosingClass();
+
+  private final Map<String, String> envVarMap;
+  private final Function<String, HttpURLConnection> connectionFactory;
+
+  MetricParameters(
+      Map<String, String> envVarMap, Function<String, HttpURLConnection> connectionFactory) {
+    this.envVarMap = envVarMap;
+    this.connectionFactory = connectionFactory;
+  }
+
+  @Inject
+  MetricParameters() {
+    this(ImmutableMap.copyOf(System.getenv()), MetricParameters::gceConnectionFactory);
+  }
+
+  private static HttpURLConnection gceConnectionFactory(String path) {
+    String url = GCE_METADATA_URL_BASE + path;
+    try {
+      HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
+      connection.setRequestMethod("GET");
+      // The metadata server requires this header to be set when querying from a GCE instance.
+      connection.setRequestProperty("Metadata-Flavor", "Google");
+      connection.setDoOutput(true);
+      return connection;
+    } catch (IOException e) {
+      throw new RuntimeException(String.format("Incorrect GCE metadata server URL: %s", url), e);
+    }
+  }
+
+  private String readEnvVar(String envVar) {
+    return envVarMap.getOrDefault(envVar, "");
+  }
+
+  private String readGceMetadata(String path) {
+    String value = "";
+    HttpURLConnection connection = connectionFactory.apply(path);
+    try {
+      connection.connect();
+      int responseCode = connection.getResponseCode();
+      if (responseCode < 200 || responseCode > 299) {
+        logger.atWarning().log(
+            "Got an error response: %d\n%s",
+            responseCode,
+            CharStreams.toString(new InputStreamReader(connection.getErrorStream(), UTF_8)));
+      } else {
+        value = CharStreams.toString(new InputStreamReader(connection.getInputStream(), UTF_8));
+      }
+    } catch (IOException e) {
+      logger.atWarning().withCause(e).log("Cannot obtain GCE metadata from path %s", path);
+    }
+    return value;
+  }
+
+  public ImmutableMap<String, String> makeLabelsMap() {
+    // The zone metadata is in the form of "projects/<PROJECT_NUMERICAL_ID>/zones/<ZONE_NAME>".
+    // We only need the last part after the slash.
+    String fullZone = readGceMetadata(ZONE_PATH);
+    String zone;
+    String[] fullZoneArray = fullZone.split("/", -1);
+    if (fullZoneArray.length < 4) {
+      logger.atWarning().log("Zone %s is valid.", fullZone);
+      // This will make the metric report throw, but it happens in a different thread and will not
+      // kill the whole application.
+      zone = "";
+    } else {
+      zone = fullZoneArray[3];
+    }
+    return new ImmutableMap.Builder<String, String>()
+        .put("project_id", readGceMetadata(PROJECT_ID_PATH))
+        .put("cluster_name", readGceMetadata(CLUSTER_NAME_PATH))
+        .put("namespace_id", readEnvVar(NAMESPACE_ID_ENV))
+        .put("instance_id", readGceMetadata(INSTANCE_ID_PATH))
+        .put("pod_id", readEnvVar(POD_ID_ENV))
+        .put("container_name", readEnvVar(CONTAINER_NAME_ENV))
+        .put("zone", zone)
+        .build();
+  }
+}