Move some security APIs to using promises in place of callbacks #123812
Conversation
We ahve some incredibly deep callstacks in security that seem to visibly raise context switch costs, make profiling more complicated and generally make the code rather hard to follow. Since the methods adjusted here return a result synchronously we can both save overhead and make things a little easier to follow by using promises as returns in place of consuming callbacks.
original-brownbear
added
>non-issue
:Security/Security
|
Pinging @elastic/es-security (Team:Security) |
server/src/main/java/org/elasticsearch/action/support/SubscribableListener.java
Show resolved
Hide resolved
| try { | ||
| res.rawResult(); | ||
| } catch (Exception e) { | ||
| listener.onFailure(e); | ||
| return; |
There was a problem hiding this comment.
I'd rather add something like this to SubscribableListener over exposing rawResult():
public boolean completeIfFailed(ActionListener<?> listener) {
final Object currentState = state;
if (currentState instanceof FailureResult result) {
listener.onFailure(result.exception());
return true;
} else {
return false;
}
}
There was a problem hiding this comment.
I went for just an isSuccess now like other solutions have. There isn't much of a reason to be tricky for the failure path and this way we have a fast solution for the hot success path. Let me know what you think :) Combining this approach with the get-results on listenable futures would allow neat simplifications + speedups in some places I believe (by avoiding allocating new listeners).
...ugin/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
Outdated
Show resolved
Hide resolved
...ugin/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
Outdated
Show resolved
Hide resolved
I think we should yea, gotta be a little careful maybe because of thread-context though. That kind of thing is made it impossible to go further with this kind of change in security for the time being when I tried because any thread-local context that only exists around the |
| public final boolean isSuccess() { | ||
| return state instanceof SuccessResult; |
There was a problem hiding this comment.
This bit LGTM, I'll leave the rest to the security team
| * @return a listener to be notified of the authorization result | ||
| */ | ||
| void authorizeIndexAction( | ||
| SubscribableListener<IndexAuthorizationResult> authorizeIndexAction( |
There was a problem hiding this comment.
The change to this interface will cause compilation errors of CustomAuthorizationEngine. Can you adjust the security example plugin as well?
| while (requestInterceptorIterator.hasNext()) { | ||
| var res = requestInterceptorIterator.next().intercept(requestInfo, authorizationEngine, authorizationInfo); | ||
| if (res.isSuccess() == false) { | ||
| res.addListener(new DelegatingActionListener<>(listener) { |
There was a problem hiding this comment.
What would you think if we changed the request interceptors to be fully sync and not return a promise?
public interface RequestInterceptor {
void intercept(RequestInfo requestInfo, AuthorizationEngine authorizationEngine, AuthorizationInfo authorizationInfo)
throws ElasticsearchSecurityException;
}then runRequestInterceptors would look like this
private void runRequestInterceptors(
RequestInfo requestInfo,
AuthorizationInfo authorizationInfo,
AuthorizationEngine authorizationEngine,
ActionListener<Void> listener
) {
for (RequestInterceptor requestInterceptor : requestInterceptors) {
try {
requestInterceptor.intercept(requestInfo, authorizationEngine, authorizationInfo);
} catch (Exception e) {
listener.onFailure(e);
return;
}
}
listener.onResponse(null);
}
original-brownbear
added
the
auto-backport
|
Thanks you two! I fixed up the plugin. + I'm all on board with a sync API here, but is that possible looking at the code it might fork today? |
💔 Backport failed
You can use sqren/backport to manually backport by running |
…tic#123812) We have some incredibly deep callstacks in security that seem to visibly raise context switch costs, make profiling more complicated and generally make the code rather hard to follow. Since the methods adjusted here return a result synchronously we can both save overhead and make things a little easier to follow by using promises as returns in place of consuming callbacks.
You are right. 🤦 |
4 participants
We ahve some incredibly deep callstacks in security that seem to visibly raise context switch costs, make profiling more complicated and generally make the code rather hard to follow.
Also, deeply nested listener chains tend to make logic consume more heap because we almost inevitably continue holding on to things we no longer need as we go down the stack.
Since the methods adjusted here mostly return a result synchronously on the hot path, we can both save overhead (we can do a couple follow-ups to that effect) and make things a little easier to follow by using promises as returns in place of consuming callbacks.
A good example of the effects of this change would be this piece of search request REST handling that flattens out enormously.
Before:
After:
