Adding rate limit for auth task creation

Author: jonathan-buttner

x-pack/plugin/inference/src/internalClusterTest/java/org/elasticsearch/xpack/inference/integration/AuthorizationTaskExecutorIT.java

@@ -112,6 +112,9 @@ protected Settings nodeSettings() {
             // Ensure that the polling logic only occurs once so we can deterministically control when an authorization response is
             // received
             .put(ElasticInferenceServiceSettings.PERIODIC_AUTHORIZATION_ENABLED.getKey(), false)
+            // Use very short intervals for testing purposes so that waiting for the task to be recreated is fast
+            .put(ElasticInferenceServiceSettings.AUTHORIZATION_REQUEST_INTERVAL.getKey(), TimeValue.timeValueMillis(1))
+            .put(ElasticInferenceServiceSettings.MAX_AUTHORIZATION_REQUEST_JITTER.getKey(), TimeValue.timeValueMillis(1))
             .build();
     }
 

x-pack/plugin/inference/src/internalClusterTest/java/org/elasticsearch/xpack/inference/integration/AuthorizationTaskExecutorMultipleNodesIT.java

@@ -8,6 +8,7 @@
 package org.elasticsearch.xpack.inference.integration;
 
 import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.core.TimeValue;
 import org.elasticsearch.inference.TaskType;
 import org.elasticsearch.license.LicenseSettings;
 import org.elasticsearch.plugins.Plugin;
@@ -91,6 +92,9 @@ protected Settings nodeSettings(int nodeOrdinal, Settings otherSettings) {
             .put(LicenseSettings.SELF_GENERATED_LICENSE_TYPE.getKey(), "trial")
             .put(ElasticInferenceServiceSettings.ELASTIC_INFERENCE_SERVICE_URL.getKey(), gatewayUrl)
             .put(ElasticInferenceServiceSettings.PERIODIC_AUTHORIZATION_ENABLED.getKey(), false)
+            // Use very short intervals for testing purposes so that waiting for the task to be recreated is fast
+            .put(ElasticInferenceServiceSettings.AUTHORIZATION_REQUEST_INTERVAL.getKey(), TimeValue.timeValueMillis(1))
+            .put(ElasticInferenceServiceSettings.MAX_AUTHORIZATION_REQUEST_JITTER.getKey(), TimeValue.timeValueMillis(1))
             .build();
     }
 

x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/elastic/ElasticInferenceServiceSettings.java

@@ -44,15 +44,15 @@ public class ElasticInferenceServiceSettings {
     );
 
     private static final TimeValue DEFAULT_AUTH_REQUEST_INTERVAL = TimeValue.timeValueMinutes(10);
-    static final Setting<TimeValue> AUTHORIZATION_REQUEST_INTERVAL = Setting.timeSetting(
+    public static final Setting<TimeValue> AUTHORIZATION_REQUEST_INTERVAL = Setting.timeSetting(
         "xpack.inference.elastic.authorization_request_interval",
         DEFAULT_AUTH_REQUEST_INTERVAL,
         Setting.Property.NodeScope,
         Setting.Property.Dynamic
     );
 
     private static final TimeValue DEFAULT_AUTH_REQUEST_JITTER = TimeValue.timeValueMinutes(5);
-    static final Setting<TimeValue> MAX_AUTHORIZATION_REQUEST_JITTER = Setting.timeSetting(
+    public static final Setting<TimeValue> MAX_AUTHORIZATION_REQUEST_JITTER = Setting.timeSetting(
         "xpack.inference.elastic.max_authorization_request_jitter",
         DEFAULT_AUTH_REQUEST_JITTER,
         Setting.Property.NodeScope,

x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/services/elastic/authorization/AuthorizationTaskExecutor.java

@@ -18,6 +18,7 @@
 import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.ClusterStateListener;
 import org.elasticsearch.cluster.service.ClusterService;
+import org.elasticsearch.common.Randomness;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.io.stream.StreamInput;
@@ -45,6 +46,8 @@
 import org.elasticsearch.xpack.inference.common.BroadcastMessageAction;
 
 import java.io.IOException;
+import java.time.Clock;
+import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -71,6 +74,8 @@ public class AuthorizationTaskExecutor extends PersistentTasksExecutor<Authoriza
     private final AtomicReference<AuthorizationPoller> currentTask = new AtomicReference<>();
     private final AtomicBoolean running = new AtomicBoolean(false);
     private final FeatureService featureService;
+    private Instant nextCreateTaskAttemptTime;
+    private final Clock clock;
 
     public static AuthorizationTaskExecutor create(
         ClusterService clusterService,
@@ -84,7 +89,8 @@ public static AuthorizationTaskExecutor create(
             clusterService,
             new PersistentTasksService(clusterService, parameters.serviceComponents().threadPool(), parameters.client()),
             featureService,
-            parameters
+            parameters,
+            Clock.systemUTC()
         );
     }
 
@@ -93,13 +99,16 @@ public static AuthorizationTaskExecutor create(
         ClusterService clusterService,
         PersistentTasksService persistentTasksService,
         FeatureService featureService,
-        AuthorizationPoller.Parameters pollerParameters
+        AuthorizationPoller.Parameters pollerParameters,
+        Clock clock
     ) {
         super(TASK_NAME, pollerParameters.serviceComponents().threadPool().executor(UTILITY_THREAD_POOL_NAME));
         this.clusterService = Objects.requireNonNull(clusterService);
         this.featureService = Objects.requireNonNull(featureService);
         this.persistentTasksService = Objects.requireNonNull(persistentTasksService);
         this.pollerParameters = Objects.requireNonNull(pollerParameters);
+        this.clock = Objects.requireNonNull(clock);
+        this.nextCreateTaskAttemptTime = Instant.MIN;
     }
 
     /**
@@ -144,6 +153,8 @@ private void sendStartRequest(@Nullable ClusterState state) {
             return;
         }
 
+        updateNextCreateTaskAttemptTime();
+
         persistentTasksService.sendClusterStartRequest(
             TASK_NAME,
             TASK_NAME,
@@ -166,7 +177,10 @@ private boolean shouldSkipCreatingTask(@Nullable ClusterState state) {
             return true;
         }
 
-        return clusterCanSupportFeature(state) == false || running.get() == false || authorizationTaskExists(state);
+        return clusterCanSupportFeature(state) == false
+            || running.get() == false
+            || authorizationTaskExists(state)
+            || hasAttemptedToCreateTaskRecently();
     }
 
     private boolean clusterCanSupportFeature(@Nullable ClusterState state) {
@@ -185,6 +199,25 @@ private static boolean authorizationTaskExists(@Nullable ClusterState state) {
         return ClusterPersistentTasksCustomMetadata.getTaskWithId(state, TASK_NAME) != null;
     }
 
+    private boolean hasAttemptedToCreateTaskRecently() {
+        return Instant.now(clock).isBefore(nextCreateTaskAttemptTime);
+    }
+
+    private void updateNextCreateTaskAttemptTime() {
+        var random = Randomness.get();
+        var jitter = (long) (pollerParameters.elasticInferenceServiceSettings().getMaxAuthorizationRequestJitter().millis() * random
+            .nextDouble());
+        var waitTimeMillis = pollerParameters.elasticInferenceServiceSettings().getAuthRequestInterval().millis() + jitter;
+
+        nextCreateTaskAttemptTime = Instant.now(clock).plusMillis(waitTimeMillis);
+        logger.debug(
+            "Create task rate limit info interval: [{}] ms, jitter: [{}] ms",
+            pollerParameters.elasticInferenceServiceSettings().getAuthRequestInterval().millis(),
+            jitter
+        );
+        logger.debug("Next create task attempt time [{}]", nextCreateTaskAttemptTime);
+    }
+
     public synchronized void stop() {
         if (running.compareAndSet(true, false)) {
             logger.info("Shutting down authorization task executor");

x-pack/plugin/inference/src/test/java/org/elasticsearch/xpack/inference/services/elastic/authorization/AuthorizationTaskExecutorTests.java

@@ -29,6 +29,9 @@
 import org.junit.Before;
 import org.mockito.Mockito;
 
+import java.time.Clock;
+import java.time.Duration;
+
 import static org.elasticsearch.cluster.metadata.Metadata.EMPTY_METADATA;
 import static org.elasticsearch.persistent.PersistentTasksExecutor.NO_NODE_FOUND;
 import static org.elasticsearch.test.ClusterServiceUtils.createClusterService;
@@ -86,7 +89,8 @@ public void testMultipleCallsToStart_OnlyRegistersOnce() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();
         executor.startAndImmediatelyCreateTask();
@@ -117,7 +121,8 @@ public void testStartLazy_OnlyRegistersOnce_NeverCallsPersistentTaskService() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndLazyCreateTask();
         executor.startAndLazyCreateTask();
@@ -154,7 +159,8 @@ public void testDoesNotRegisterListener_IfUrlIsEmpty() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();
         executor.startAndImmediatelyCreateTask();
@@ -170,6 +176,17 @@ public void testDoesNotRegisterListener_IfUrlIsEmpty() {
     }
 
     public void testMultipleCallsToStart_AndStop() {
+        var now = Clock.systemUTC().instant();
+        var oneDayInFuture = now.plus(Duration.ofDays(1));
+        var clock = mock(Clock.class);
+        // The AuthorizationTaskExecutor does these calls:
+        // 1. Check if the last create task time is expired (first call to instant()),
+        // this will pass so a call to create the task will occur
+        // 2. Then it will update the last create task time (second call to instant())
+        // 3. On the next cluster state change, it will check if the last create task time is expired (third call to instant()),
+        // we'll return now + 1 day to ensure that it is expired and allows another call to create the task
+        when(clock.instant()).thenReturn(now).thenReturn(now).thenReturn(oneDayInFuture);
+
         var eisUrl = "abc";
         var mockClusterService = createMockEmptyClusterService();
         var executor = new AuthorizationTaskExecutor(
@@ -185,7 +202,8 @@ public void testMultipleCallsToStart_AndStop() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            clock
         );
         executor.startAndImmediatelyCreateTask();
         executor.startAndImmediatelyCreateTask();
@@ -216,6 +234,62 @@ public void testMultipleCallsToStart_AndStop() {
         verify(persistentTasksService, times(2)).sendClusterRemoveRequest(eq(AuthorizationPoller.TASK_NAME), any(), any());
     }
 
+    public void testMultipleCallsToStart_OnlyCallsSendClusterStartRequestOnce_WhenRateLimited() {
+        var now = Clock.systemUTC().instant();
+        var clock = mock(Clock.class);
+        when(clock.instant()).thenReturn(now);
+
+        var eisUrl = "abc";
+        var mockClusterService = createMockEmptyClusterService();
+        var executor = new AuthorizationTaskExecutor(
+            mockClusterService,
+            persistentTasksService,
+            enabledFeatureServiceMock,
+            new AuthorizationPoller.Parameters(
+                createWithEmptySettings(threadPool),
+                mock(ElasticInferenceServiceAuthorizationRequestHandler.class),
+                mock(Sender.class),
+                ElasticInferenceServiceSettingsTests.create(eisUrl, TimeValue.timeValueMillis(1), TimeValue.timeValueMillis(1), true),
+                mock(ModelRegistry.class),
+                mock(Client.class),
+                createMockCCMFeature(false),
+                createMockCCMService(false)
+            ),
+            clock
+        );
+        executor.startAndImmediatelyCreateTask();
+        executor.startAndImmediatelyCreateTask();
+        executor.stop();
+        executor.stop();
+        verify(mockClusterService, times(1)).addListener(executor);
+        verify(persistentTasksService, times(1)).sendClusterStartRequest(
+            eq(AuthorizationPoller.TASK_NAME),
+            eq(AuthorizationPoller.TASK_NAME),
+            eq(AuthorizationTaskParams.INSTANCE),
+            any(),
+            any()
+        );
+        verify(mockClusterService, times(1)).removeListener(executor);
+        verify(persistentTasksService, times(1)).sendClusterRemoveRequest(eq(AuthorizationPoller.TASK_NAME), any(), any());
+
+        Mockito.clearInvocations(persistentTasksService);
+        Mockito.clearInvocations(mockClusterService);
+
+        executor.startAndImmediatelyCreateTask();
+        executor.stop();
+        verify(mockClusterService, times(1)).addListener(executor);
+        // No additional calls because time hasn't advanced to allow another task creation call
+        verify(persistentTasksService, never()).sendClusterStartRequest(
+            eq(AuthorizationPoller.TASK_NAME),
+            eq(AuthorizationPoller.TASK_NAME),
+            eq(AuthorizationTaskParams.INSTANCE),
+            any(),
+            any()
+        );
+        verify(mockClusterService, times(1)).removeListener(executor);
+        verify(persistentTasksService, times(1)).sendClusterRemoveRequest(eq(AuthorizationPoller.TASK_NAME), any(), any());
+    }
+
     public void testCallsSendClusterStartRequest_WhenStartIsCalled() {
         var eisUrl = "abc";
         var mockClusterService = createMockEmptyClusterService();
@@ -232,7 +306,8 @@ public void testCallsSendClusterStartRequest_WhenStartIsCalled() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();
 
@@ -282,7 +357,8 @@ public void testDoesNotCallSendClusterStartRequest_WhenStartIsCalled_WhenItIsAlr
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();
 
@@ -297,6 +373,17 @@ public void testDoesNotCallSendClusterStartRequest_WhenStartIsCalled_WhenItIsAlr
     }
 
     public void testCreatesTask_WhenItDoesNotExistOnClusterStateChange() {
+        var now = Clock.systemUTC().instant();
+        var oneDayInFuture = now.plus(Duration.ofDays(1));
+        var clock = mock(Clock.class);
+        // The AuthorizationTaskExecutor does these calls:
+        // 1. Check if the last create task time is expired (first call to instant()),
+        // this will pass so a call to create the task will occur
+        // 2. Then it will update the last create task time (second call to instant())
+        // 3. On the next cluster state change, it will check if the last create task time is expired (third call to instant()),
+        // we'll return now + 1 day to ensure that it is expired and allows another call to create the task
+        when(clock.instant()).thenReturn(now).thenReturn(now).thenReturn(oneDayInFuture);
+
         var eisUrl = "abc";
 
         var executor = new AuthorizationTaskExecutor(
@@ -312,7 +399,8 @@ public void testCreatesTask_WhenItDoesNotExistOnClusterStateChange() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            clock
         );
         executor.startAndImmediatelyCreateTask();
 
@@ -329,6 +417,9 @@ public void testCreatesTask_WhenItDoesNotExistOnClusterStateChange() {
         );
 
         Mockito.clearInvocations(persistentTasksService);
+        Mockito.clearInvocations(clock);
+        when(clock.instant()).thenReturn(oneDayInFuture.plus(Duration.ofDays(1)));
+
         // Ensure that if the task is gone, it will be recreated.
         var listener2 = new PlainActionFuture<Void>();
         clusterService.getClusterApplierService().onNewClusterState("initialization", this::initialState, listener2);
@@ -369,7 +460,8 @@ public void testDoesNotCreateTask_WhenFeatureIsNotSupported() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();
 
@@ -400,7 +492,8 @@ public void testDoesNotRegisterClusterStateListener_DoesNotCreateTask_WhenTheEis
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();
 
@@ -430,7 +523,8 @@ public void testDoesNotRegisterClusterStateListener_DoesNotCreateTask_WhenTheEis
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();
 
@@ -483,7 +577,8 @@ public void testDoesNotCreateTask_OnClusterStateChange_WhenItAlreadyExists() {
                 mock(Client.class),
                 createMockCCMFeature(false),
                 createMockCCMService(false)
-            )
+            ),
+            Clock.systemUTC()
         );
         executor.startAndImmediatelyCreateTask();