Fixed a bug where the mapper cloud crash when using DNS based ClientIntents (#304)

Author: zohar7ch

run-e2e.sh

@@ -0,0 +1,139 @@
+#!/bin/bash
+#
+#set -euo pipefail
+#
+## Required inputs (can also be passed as env vars)
+#MAPPER_TAG="06f15b3088aee47db853d9c321a7b97efc6534c4"
+#SNIFFER_TAG="06f15b3088aee47db853d9c321a7b97efc6534c4"
+#MAPPER_IMAGE="mapper"
+#SNIFFER_IMAGE="sniffer"
+#REGISTRY="us-central1-docker.pkg.dev/main-383408/otterize"
+#INSTALL_EXTRA_FLAGS=" --set kafkawatcher.enable=true --set kafkawatcher.kafkaServers={\"kafka-0.kafka\"} "
+#
+## Ensure required commands are available
+#for cmd in docker kubectl helm minikube jq ; do
+#  command -v $cmd >/dev/null 2>&1 || { echo >&2 "$cmd is required but not installed."; exit 1; }
+#done
+#
+#echo ">> Starting minikube"
+#minikube start --cpus=4 --memory 4096 --disk-size 32g --cni=calico
+#
+#sleep 10
+#
+#echo ">> Waiting for Calico to be ready"
+#kubectl wait pods -n kube-system -l k8s-app=calico-kube-controllers --for condition=Ready --timeout=120s
+#kubectl wait pods -n kube-system -l k8s-app=calico-node --for condition=Ready --timeout=120s
+#
+#echo ">> Pulling Docker images"
+#docker pull "${REGISTRY}/mapper:${MAPPER_TAG}"
+#minikube image load "${REGISTRY}/mapper:${MAPPER_TAG}"
+#docker pull "${REGISTRY}/sniffer:${SNIFFER_TAG}"
+#minikube image load "${REGISTRY}/sniffer:${SNIFFER_TAG}"
+#
+#echo ">> Setting up Helm dependencies and deploying Network Mapper"
+#helm dep up ./helm-charts/network-mapper
+#helm install otterize ./helm-charts/network-mapper -n otterize-system --create-namespace \
+#  --set debug=true \
+#  --set-string mapper.repository="${REGISTRY}" \
+#  --set-string mapper.image="${MAPPER_IMAGE}" \
+#  --set-string mapper.tag="${MAPPER_TAG}" \
+#  --set-string mapper.pullPolicy=Never \
+#  --set-string sniffer.repository="${REGISTRY}" \
+#  --set-string sniffer.image="${SNIFFER_IMAGE}" \
+#  --set-string sniffer.tag="${SNIFFER_TAG}" \
+#  --set-string sniffer.pullPolicy=Never \
+#  --set global.telemetry.enabled=false \
+#  $INSTALL_EXTRA_FLAGS
+#
+#
+#echo ">> Waiting for Otterize components to be ready"
+#kubectl wait pods -n otterize-system -l app=otterize-network-sniffer --for condition=Ready --timeout=90s
+#kubectl wait pods -n otterize-system -l app=otterize-network-mapper --for condition=Ready --timeout=90s
+#
+#echo ">> Deploying Kafka via Helm"
+#helm repo add otterize https://helm.otterize.com
+#helm repo update
+#helm install --create-namespace -n kafka -f https://docs.otterize.com/code-examples/kafka-mapping/helm/values.yaml kafka otterize/kafka --version 21.4.4
+#
+#echo ">> Deploying Kafka Tutorial Services"
+#kubectl apply -n otterize-tutorial-kafka-mapping -f https://docs.otterize.com/code-examples/kafka-mapping/all.yaml
+#
+#echo ">> Waiting for Kafka and Tutorial Services"
+#sleep 10
+#kubectl wait pods -n kafka -l app.kubernetes.io/component=kafka --for condition=Ready --timeout=180s
+#kubectl wait pods -n kafka -l app.kubernetes.io/component=zookeeper --for condition=Ready --timeout=180s
+#kubectl wait pods -n otterize-tutorial-kafka-mapping -l app=client --for condition=Ready --timeout=90s
+#kubectl wait pods -n otterize-tutorial-kafka-mapping -l app=client-2 --for condition=Ready --timeout=90s
+#
+#
+#echo ">> Waiting for intents to be discovered..."
+#for i in {1..5}; do
+#
+#    OUTPUT_JSON=`otterize network-mapper export --telemetry-enabled=false -n otterize-tutorial-kafka-mapping --format=json`
+#    if [ `echo "$OUTPUT_JSON" | jq ". | length"` != 2 ] || [ `echo "$OUTPUT_JSON" | jq '[.[] | select(.spec.targets[] | has("kafka"))] | length'` != 2 ] ; then
+#      echo "wait for discovered intents";
+#      echo _SNIFFER LOGS_
+#      kubectl logs --since=15s -n otterize-system -l app=otterize-network-sniffer
+#      echo _MAPPER LOGS_
+#      kubectl logs --since=15s -n otterize-system -l app=otterize-network-mapper
+#      sleep 10 ;
+#    fi
+#
+##    intents_count=$(otterize network-mapper export --telemetry-enabled=false -n otterize-tutorial-kafka-mapping --format=json | jq length)
+##    if [ "$intents_count" -eq 2 ]; then
+##        echo "Intents discovered"
+##        break
+##    fi
+##    echo "Waiting... ($i)"
+##    echo "_SNIFFER LOGS_"
+##    kubectl logs --since=15s -n otterize-system -l app=otterize-network-sniffer
+##    echo "_MAPPER LOGS_"
+##    kubectl logs --since=15s -n otterize-system -l app=otterize-network-mapper
+##    sleep 10
+#done
+#
+#echo ">> Outputting final logs"
+#kubectl logs -n otterize-system -l app=otterize-network-sniffer --tail=-1
+#kubectl logs -n otterize-system -l app=otterize-network-mapper --tail=-1
+#
+#echo ">> Exporting and comparing discovered intents"
+#
+
+echo "export intents and compare to expected file"
+INTENTS_JSON=`otterize network-mapper export --telemetry-enabled=false -n otterize-tutorial-kafka-mapping --format=json`
+echo "1"
+echo $INTENTS_JSON
+INTENTS_JSON_NO_KIND=`echo "$INTENTS_JSON" | jq 'map(del(.spec.workload.kind))'`
+echo "2"
+echo $INTENTS_JSON_NO_KIND
+INTENTS_JSON_NO_KIND_AND_SORTED=`echo "$INTENTS_JSON_NO_KIND" | jq 'sort_by(.metadata.namespace + .metadata.name) | map(.spec.targets |= (sort_by(keys_unsorted[0]) | map(if .kafka? then .kafka.topics |= map(.operations |= sort) else . end)))'`
+echo "3"
+echo $INTENTS_JSON_NO_KIND_AND_SORTED
+echo "$INTENTS_JSON_NO_KIND_AND_SORTED" > /tmp/intents.json
+#echo "expected" && cat .github/workflows/tests-expected-results/kafka-tutorial-intents.json
+#echo "actual" && cat /tmp/intents.json
+#diff .github/workflows/tests-expected-results/kafka-tutorial-intents.json /tmp/intents.json
+
+#
+#otterize network-mapper export --telemetry-enabled=false -n otterize-tutorial-kafka-mapping --format=json | jq \
+#'sort_by(.metadata.namespace, .metadata.name) | map(
+#    .spec.targets |= (sort_by(keys[0])
+#      | map(
+#          if .kafka?
+#          then .kafka.topics |= map(
+#              .operations |= sort
+#            )
+#          else .
+#          end
+#        )
+#    )
+#  )' > /tmp/intents.json
+#
+#diff .github/workflows/tests-expected-results/kafka-tutorial-intents.json /tmp/intents.json && echo "Test passed" || {
+#    echo "Test failed"
+#    echo "Expected:"
+#    cat .github/workflows/tests-expected-results/kafka-tutorial-intents.json
+#    echo "Actual:"
+#    cat /tmp/intents.json
+#    exit 1
+#}

src/mapper/pkg/dnscache/dns_cache.go

@@ -3,6 +3,7 @@ package dnscache
 import (
 	"context"
 	"github.com/otterize/network-mapper/src/mapper/pkg/config"
+	"github.com/otterize/network-mapper/src/mapper/pkg/dnscache/ttl_cache"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 	"net"
@@ -11,7 +12,7 @@ import (
 )
 
 type DNSCache struct {
-	cache *TTLCache[string, string]
+	cache *ttl_cache.TTLCache[string, string]
 }
 
 type Resolver interface {
@@ -23,7 +24,7 @@ func NewDNSCache() *DNSCache {
 	if capacity == 0 {
 		logrus.Panic("Capacity cannot be 0")
 	}
-	dnsRecordCache := NewTTLCache[string, string](capacity)
+	dnsRecordCache := ttl_cache.NewTTLCache[string, string](capacity)
 
 	return &DNSCache{
 		cache: dnsRecordCache,
@@ -41,18 +42,9 @@ func (d *DNSCache) GetResolvedIPs(dnsName string) []string {
 
 func (d *DNSCache) GetResolvedIPsForWildcard(dnsName string) []string {
 	dnsSuffix := strings.TrimPrefix(dnsName, "*") // Strip the wildcard, leave the '.example.com' suffix
-	result := make([]string, 0)
-	for entry := range d.cache.items {
-		if strings.HasSuffix(entry, dnsSuffix) {
-			// Calling cache.Get() to utilize the LRU instead of iterating over the value too
-			result = append(result, d.cache.Get(entry)...)
-		}
-	}
-	return result
-}
+	result := d.cache.Filter(func(key string) bool {
+		return strings.HasSuffix(key, dnsSuffix)
+	})
 
-// CacheValue holds the value and its expiration time
-type CacheValue[V any] struct {
-	Value      V
-	Expiration time.Time
+	return result
 }

src/mapper/pkg/dnscache/dns_cache_test.go

@@ -66,24 +66,6 @@ func (s *DNSCacheTestSuite) TestCapacityConfig() {
 	}
 }
 
-func (s *DNSCacheTestSuite) TestTTL() {
-	cache := NewDNSCache()
-
-	cache.AddOrUpdateDNSData("my-future-blog.de", IP1, 1*time.Second)
-	ips := cache.GetResolvedIPs("my-future-blog.de")
-	s.Require().Len(ips, 1)
-	s.Require().Equal(IP1, ips[0])
-
-	// This is the only place where we sleep in the test, to make sure the TTL works as expected
-	time.Sleep(2 * time.Second)
-
-	cache.cache.cleanupExpired()
-
-	ips = cache.GetResolvedIPs("my-future-blog.de")
-	s.Require().Len(ips, 0)
-
-}
-
 func (s *DNSCacheTestSuite) TestWildcardIP() {
 	cache := NewDNSCache()
 	cache.AddOrUpdateDNSData("www.surf-forecast.com", IP1, 60*time.Second)

src/mapper/pkg/dnscache/ttl_cache.go …pper/pkg/dnscache/ttl_cache/ttl_cache.gosrc/mapper/pkg/dnscache/ttl_cache.go renamed to src/mapper/pkg/dnscache/ttl_cache/ttl_cache.go src/mapper/pkg/dnscache/ttl_cache.go renamed to src/mapper/pkg/dnscache/ttl_cache/ttl_cache.go

@@ -1,11 +1,19 @@
-package dnscache
+package ttl_cache
 
 import (
 	"container/list"
 	"sync"
 	"time"
 )
 
+type Predicate[K comparable] func(key K) bool
+
+// CacheValue holds the value and its expiration time
+type CacheValue[V any] struct {
+	Value      V
+	Expiration time.Time
+}
+
 // CacheEntry represents an entry in the cache, linking the key with its list element for LRU
 type CacheEntry[K comparable, V comparable] struct {
 	Key   K
@@ -95,6 +103,10 @@ func (c *TTLCache[K, V]) Get(key K) []V {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
+	return c.getUnsafe(key)
+}
+
+func (c *TTLCache[K, V]) getUnsafe(key K) []V {
 	// Check if the key exists
 	if _, exists := c.items[key]; !exists {
 		return make([]V, 0)
@@ -145,6 +157,22 @@ func (c *TTLCache[K, V]) cleanupExpired() {
 	}
 }
 
+// Filter returns all the values that matches the predicator and removes any expired values
+func (c *TTLCache[K, V]) Filter(predicate Predicate[K]) []V {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	result := make([]V, 0)
+	for key, _ := range c.items {
+		if predicate(key) {
+			// Calling `getUnsafe` to utilize the LRU instead of iterating over the value too
+			result = append(result, c.getUnsafe(key)...)
+		}
+	}
+
+	return result
+}
+
 // lruValueExpiration gets the expiration time for a given LRU element
 func (c *TTLCache[K, V]) lruValueExpiration(elem *list.Element) time.Time {
 	cacheEntry := elem.Value.(CacheEntry[K, V])

src/mapper/pkg/dnscache/ttl_cache/ttl_cache_test.go

@@ -0,0 +1,62 @@
+package ttl_cache
+
+import (
+	"fmt"
+	"github.com/stretchr/testify/suite"
+	"testing"
+	"time"
+)
+
+type TTLCacheTestSuite struct {
+	suite.Suite
+}
+
+func (s *TTLCacheTestSuite) TestCacheFilterWhileWrite() {
+	cache := NewTTLCache[string, string](100)
+	stop := make(chan struct{})
+
+	go func() {
+		// Intensive write to the cache
+		for {
+			cache.Insert("example.com", fmt.Sprintf("192.0.2.%d", time.Now().UnixNano()%255), 5*time.Second)
+			time.Sleep(1 * time.Millisecond)
+		}
+	}()
+
+	go func() {
+		// Iterating over the cache
+		for {
+			_ = cache.Filter(func(key string) bool {
+				return true
+			})
+			time.Sleep(1 * time.Millisecond)
+		}
+	}()
+
+	// Let them race for 15 seconds
+	// Unfortunately, there isn't a way to make sure that they won't race (which will yield fatal error: concurrent map iteration and map write)
+	// so we hope that 15 seconds are good enough interval to reproduce the error if it exists
+	time.Sleep(15 * time.Second)
+	close(stop)
+}
+
+func (s *TTLCacheTestSuite) TestTTL() {
+	cache := NewTTLCache[string, string](100)
+
+	cache.Insert("my-future-blog.de", "ip1", 1*time.Second)
+	ips := cache.Get("my-future-blog.de")
+	s.Require().Len(ips, 1)
+	s.Require().Equal("ip1", ips[0])
+
+	// This is the only place where we sleep in the test, to make sure the TTL works as expected
+	time.Sleep(2 * time.Second)
+
+	cache.cleanupExpired()
+
+	ips = cache.Get("my-future-blog.de")
+	s.Require().Len(ips, 0)
+}
+
+func TestTTLCacheTestSuite(t *testing.T) {
+	suite.Run(t, new(TTLCacheTestSuite))
+}