refactor!: remove maxConnections from generic HTTP config and fix enforcement in CRT engine (#904)

Author: aajtodd

.changes/3b28cba8-790f-4997-aeeb-0aa5f2ec6d43.json

@@ -0,0 +1,6 @@
+{
+    "id": "3b28cba8-790f-4997-aeeb-0aa5f2ec6d43",
+    "type": "bugfix",
+    "description": "Enforce `maxConnections` for CRT HTTP engine",
+    "issues": ["awslabs/smithy-kotlin#880"]
+}

.changes/8e9156e5-eabc-4980-9423-2276eb3d8974.json

@@ -0,0 +1,5 @@
+{
+    "id": "8e9156e5-eabc-4980-9423-2276eb3d8974",
+    "type": "misc",
+    "description": "**BREAKING**: Remove `maxConnections` from generic HTTP engine config since it can't be enforced for OkHttp."
+}

runtime/protocol/http-client-engines/http-client-engine-crt/api/http-client-engine-crt.api

@@ -17,6 +17,7 @@ public final class aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig
 	public synthetic fun <init> (Laws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig$Builder;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public final fun getClientBootstrap ()Laws/sdk/kotlin/crt/io/ClientBootstrap;
 	public final fun getInitialWindowSizeBytes ()I
+	public final fun getMaxConnections-pVg5ArA ()I
 	public final fun setClientBootstrap (Laws/sdk/kotlin/crt/io/ClientBootstrap;)V
 	public fun toBuilderApplicator ()Lkotlin/jvm/functions/Function1;
 }
@@ -25,8 +26,10 @@ public final class aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig
 	public fun <init> ()V
 	public final fun getClientBootstrap ()Laws/sdk/kotlin/crt/io/ClientBootstrap;
 	public final fun getInitialWindowSizeBytes ()I
+	public final fun getMaxConnections-pVg5ArA ()I
 	public final fun setClientBootstrap (Laws/sdk/kotlin/crt/io/ClientBootstrap;)V
 	public final fun setInitialWindowSizeBytes (I)V
+	public final fun setMaxConnections-WZ4Q5Ns (I)V
 }
 
 public final class aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig$Companion {

runtime/protocol/http-client-engines/http-client-engine-crt/common/src/aws/smithy/kotlin/runtime/http/engine/crt/ConnectionManager.kt

@@ -0,0 +1,128 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package aws.smithy.kotlin.runtime.http.engine.crt
+
+import aws.sdk.kotlin.crt.http.*
+import aws.sdk.kotlin.crt.io.SocketOptions
+import aws.sdk.kotlin.crt.io.TlsContext
+import aws.sdk.kotlin.crt.io.TlsContextOptionsBuilder
+import aws.sdk.kotlin.crt.io.Uri
+import aws.smithy.kotlin.runtime.config.TlsVersion
+import aws.smithy.kotlin.runtime.crt.SdkDefaultIO
+import aws.smithy.kotlin.runtime.http.HttpErrorCode
+import aws.smithy.kotlin.runtime.http.HttpException
+import aws.smithy.kotlin.runtime.http.engine.ProxyConfig
+import aws.smithy.kotlin.runtime.http.request.HttpRequest
+import aws.smithy.kotlin.runtime.io.Closeable
+import kotlinx.coroutines.TimeoutCancellationException
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.Semaphore
+import kotlinx.coroutines.sync.withLock
+import kotlinx.coroutines.withTimeout
+import aws.sdk.kotlin.crt.io.TlsContext as CrtTlsContext
+import aws.sdk.kotlin.crt.io.TlsVersion as CrtTlsVersion
+import aws.smithy.kotlin.runtime.config.TlsVersion as SdkTlsVersion
+
+internal class ConnectionManager(
+    private val config: CrtHttpEngineConfig,
+) : Closeable {
+    private val leases = Semaphore(config.maxConnections.toInt())
+
+    private val crtTlsContext: TlsContext = TlsContextOptionsBuilder()
+        .apply {
+            verifyPeer = true
+            alpn = config.tlsContext.alpn.joinToString(separator = ";") { it.protocolId }
+            minTlsVersion = toCrtTlsVersion(config.tlsContext.minVersion)
+        }
+        .build()
+        .let(::CrtTlsContext)
+
+    private val options = HttpClientConnectionManagerOptionsBuilder().apply {
+        clientBootstrap = config.clientBootstrap ?: SdkDefaultIO.ClientBootstrap
+        tlsContext = crtTlsContext
+        manualWindowManagement = true
+        socketOptions = SocketOptions(
+            connectTimeoutMs = config.connectTimeout.inWholeMilliseconds.toInt(),
+        )
+        initialWindowSize = config.initialWindowSizeBytes
+        maxConnections = config.maxConnections.toInt()
+        maxConnectionIdleMs = config.connectionIdleTimeout.inWholeMilliseconds
+    }
+
+    // connection managers are per host
+    private val connManagers = mutableMapOf<String, HttpClientConnectionManager>()
+    private val mutex = Mutex()
+
+    public suspend fun acquire(request: HttpRequest): HttpClientConnection {
+        val proxyConfig = config.proxySelector.select(request.url)
+
+        val manager = getManagerForUri(request.uri, proxyConfig)
+        var leaseAcquired = false
+
+        return try {
+            // wait for an actual connection
+            val conn = withTimeout(config.connectionAcquireTimeout) {
+                // get a permit to acquire a connection (limits overall connections since managers are per/host)
+                leases.acquire()
+                leaseAcquired = true
+                manager.acquireConnection()
+            }
+
+            LeasedConnection(conn)
+        } catch (ex: Exception) {
+            if (leaseAcquired) {
+                leases.release()
+            }
+            val httpEx = when (ex) {
+                is HttpException -> ex
+                is TimeoutCancellationException -> HttpException("timed out waiting for an HTTP connection to be acquired from the pool", errorCode = HttpErrorCode.CONNECTION_ACQUIRE_TIMEOUT)
+                else -> HttpException(ex)
+            }
+
+            throw httpEx
+        }
+    }
+    private suspend fun getManagerForUri(uri: Uri, proxyConfig: ProxyConfig): HttpClientConnectionManager = mutex.withLock {
+        connManagers.getOrPut(uri.authority) {
+            val connOpts = options.apply {
+                this.uri = uri
+                proxyOptions = when (proxyConfig) {
+                    is ProxyConfig.Http -> HttpProxyOptions(
+                        proxyConfig.url.host.toString(),
+                        proxyConfig.url.port,
+                        authUsername = proxyConfig.url.userInfo?.username,
+                        authPassword = proxyConfig.url.userInfo?.password,
+                        authType = if (proxyConfig.url.userInfo != null) HttpProxyAuthorizationType.Basic else HttpProxyAuthorizationType.None,
+                    )
+                    else -> null
+                }
+            }.build()
+            HttpClientConnectionManager(connOpts)
+        }
+    }
+    override fun close() {
+        connManagers.forEach { entry -> entry.value.close() }
+        crtTlsContext.close()
+    }
+
+    private inner class LeasedConnection(private val delegate: HttpClientConnection) : HttpClientConnection by delegate {
+        override fun close() {
+            try {
+                // close actually returns to the pool
+                delegate.close()
+            } finally {
+                leases.release()
+            }
+        }
+    }
+}
+
+private fun toCrtTlsVersion(sdkTlsVersion: SdkTlsVersion?): CrtTlsVersion = when (sdkTlsVersion) {
+    null -> aws.sdk.kotlin.crt.io.TlsVersion.SYS_DEFAULT
+    TlsVersion.TLS_1_0 -> CrtTlsVersion.TLSv1
+    TlsVersion.TLS_1_1 -> CrtTlsVersion.TLS_V1_1
+    TlsVersion.TLS_1_2 -> CrtTlsVersion.TLS_V1_2
+    TlsVersion.TLS_1_3 -> CrtTlsVersion.TLS_V1_3
+}

runtime/protocol/http-client-engines/http-client-engine-crt/common/src/aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngine.kt

@@ -5,20 +5,9 @@
 
 package aws.smithy.kotlin.runtime.http.engine.crt
 
-import aws.sdk.kotlin.crt.http.HttpClientConnectionManager
-import aws.sdk.kotlin.crt.http.HttpClientConnectionManagerOptionsBuilder
-import aws.sdk.kotlin.crt.http.HttpProxyAuthorizationType
-import aws.sdk.kotlin.crt.http.HttpProxyOptions
-import aws.sdk.kotlin.crt.io.SocketOptions
-import aws.sdk.kotlin.crt.io.TlsContextOptionsBuilder
-import aws.sdk.kotlin.crt.io.Uri
-import aws.smithy.kotlin.runtime.crt.SdkDefaultIO
-import aws.smithy.kotlin.runtime.http.HttpErrorCode
-import aws.smithy.kotlin.runtime.http.HttpException
 import aws.smithy.kotlin.runtime.http.config.EngineFactory
 import aws.smithy.kotlin.runtime.http.engine.HttpClientEngine
 import aws.smithy.kotlin.runtime.http.engine.HttpClientEngineBase
-import aws.smithy.kotlin.runtime.http.engine.ProxyConfig
 import aws.smithy.kotlin.runtime.http.engine.callContext
 import aws.smithy.kotlin.runtime.http.request.HttpRequest
 import aws.smithy.kotlin.runtime.http.response.HttpCall
@@ -27,13 +16,8 @@ import aws.smithy.kotlin.runtime.operation.ExecutionContext
 import aws.smithy.kotlin.runtime.telemetry.logging.logger
 import aws.smithy.kotlin.runtime.time.Instant
 import kotlinx.coroutines.*
-import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.Semaphore
-import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.sync.withPermit
-import aws.sdk.kotlin.crt.io.TlsContext as CrtTlsContext
-import aws.sdk.kotlin.crt.io.TlsVersion as CrtTlsVersion
-import aws.smithy.kotlin.runtime.config.TlsVersion as SdkTlsVersion
 
 internal const val DEFAULT_WINDOW_SIZE_BYTES: Int = 16 * 1024
 internal const val CHUNK_BUFFER_SIZE: Long = 64 * 1024
@@ -51,15 +35,6 @@ public class CrtHttpEngine(public override val config: CrtHttpEngineConfig) : Ht
         override val engineConstructor: (CrtHttpEngineConfig.Builder.() -> Unit) -> CrtHttpEngine = ::invoke
     }
 
-    private val crtTlsContext: CrtTlsContext = TlsContextOptionsBuilder()
-        .apply {
-            verifyPeer = true
-            alpn = config.tlsContext.alpn.joinToString(separator = ";") { it.protocolId }
-            minTlsVersion = toCrtTlsVersion(config.tlsContext.minVersion)
-        }
-        .build()
-        .let(::CrtTlsContext)
-
     // FIXME - re-enable when SLF4j default is available
     // init {
     //     if (config.socketReadTimeout != CrtHttpEngineConfig.Default.socketReadTimeout) {
@@ -75,36 +50,17 @@ public class CrtHttpEngine(public override val config: CrtHttpEngineConfig) : Ht
     //     }
     // }
 
-    private val options = HttpClientConnectionManagerOptionsBuilder().apply {
-        clientBootstrap = config.clientBootstrap ?: SdkDefaultIO.ClientBootstrap
-        tlsContext = crtTlsContext
-        manualWindowManagement = true
-        socketOptions = SocketOptions(
-            connectTimeoutMs = config.connectTimeout.inWholeMilliseconds.toInt(),
-        )
-        initialWindowSize = config.initialWindowSizeBytes
-        // FIXME - given managers are _per host_ the maxConnections parameter is not actually respected here
-        maxConnections = config.maxConnections.toInt()
-        maxConnectionIdleMs = config.connectionIdleTimeout.inWholeMilliseconds
-    }
-
-    // connection managers are per host
-    private val connManagers = mutableMapOf<String, HttpClientConnectionManager>()
-    private val mutex = Mutex()
     private val requestLimiter = Semaphore(config.maxConcurrency.toInt())
+    private val connectionManager = ConnectionManager(config)
 
     override suspend fun roundTrip(context: ExecutionContext, request: HttpRequest): HttpCall = requestLimiter.withPermit {
         val callContext = callContext()
         val logger = callContext.logger<CrtHttpEngine>()
-        val proxyConfig = config.proxySelector.select(request.url)
-        val manager = getManagerForUri(request.uri, proxyConfig)
 
         // LIFETIME: connection will be released back to the pool/manager when
         // the response completes OR on exception (both handled by the completion handler registered on the stream
         // handler)
-        val conn = withTimeoutOrNull(config.connectionAcquireTimeout) {
-            manager.acquireConnection()
-        } ?: throw HttpException("timed out waiting for an HTTP connection to be acquired from the pool", errorCode = HttpErrorCode.CONNECTION_ACQUIRE_TIMEOUT)
+        val conn = connectionManager.acquire(request)
         logger.trace { "Acquired connection ${conn.id}" }
 
         val respHandler = SdkStreamResponseHandler(conn, callContext)
@@ -137,34 +93,6 @@ public class CrtHttpEngine(public override val config: CrtHttpEngineConfig) : Ht
     override fun shutdown() {
         // close all resources
         // SAFETY: shutdown is only invoked once AND only after all requests have completed and no more are coming
-        connManagers.forEach { entry -> entry.value.close() }
-        crtTlsContext.close()
+        connectionManager.close()
     }
-
-    private suspend fun getManagerForUri(uri: Uri, proxyConfig: ProxyConfig): HttpClientConnectionManager = mutex.withLock {
-        connManagers.getOrPut(uri.authority) {
-            val connOpts = options.apply {
-                this.uri = uri
-                proxyOptions = when (proxyConfig) {
-                    is ProxyConfig.Http -> HttpProxyOptions(
-                        proxyConfig.url.host.toString(),
-                        proxyConfig.url.port,
-                        authUsername = proxyConfig.url.userInfo?.username,
-                        authPassword = proxyConfig.url.userInfo?.password,
-                        authType = if (proxyConfig.url.userInfo != null) HttpProxyAuthorizationType.Basic else HttpProxyAuthorizationType.None,
-                    )
-                    else -> null
-                }
-            }.build()
-            HttpClientConnectionManager(connOpts)
-        }
-    }
-}
-
-private fun toCrtTlsVersion(sdkTlsVersion: SdkTlsVersion?): CrtTlsVersion = when (sdkTlsVersion) {
-    null -> CrtTlsVersion.SYS_DEFAULT
-    SdkTlsVersion.TLS_1_0 -> CrtTlsVersion.TLSv1
-    SdkTlsVersion.TLS_1_1 -> CrtTlsVersion.TLS_V1_1
-    SdkTlsVersion.TLS_1_2 -> CrtTlsVersion.TLS_V1_2
-    SdkTlsVersion.TLS_1_3 -> CrtTlsVersion.TLS_V1_3
 }

runtime/protocol/http-client-engines/http-client-engine-crt/common/src/aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig.kt

@@ -28,6 +28,11 @@ public class CrtHttpEngineConfig private constructor(builder: Builder) : HttpCli
         public val Default: CrtHttpEngineConfig = CrtHttpEngineConfig(Builder())
     }
 
+    /**
+     * Maximum number of open connections
+     */
+    public val maxConnections: UInt = builder.maxConnections
+
     /**
      * The amount of data that can be buffered before reading from the socket will cease. Reading will
      * resume as data is consumed.
@@ -43,6 +48,7 @@ public class CrtHttpEngineConfig private constructor(builder: Builder) : HttpCli
         super.toBuilderApplicator()()
 
         if (this is Builder) {
+            maxConnections = this@CrtHttpEngineConfig.maxConnections
             initialWindowSizeBytes = this@CrtHttpEngineConfig.initialWindowSizeBytes
             clientBootstrap = this@CrtHttpEngineConfig.clientBootstrap
         }
@@ -52,6 +58,11 @@ public class CrtHttpEngineConfig private constructor(builder: Builder) : HttpCli
      * A builder for [CrtHttpEngineConfig]
      */
     public class Builder : BuilderImpl() {
+        /**
+         * Maximum number of open connections
+         */
+        public var maxConnections: UInt = 64u
+
         /**
          * Set the amount of data that can be buffered before reading from the socket will cease. Reading will
          * resume as data is consumed.

runtime/protocol/http-client-engines/http-client-engine-crt/common/src/aws/smithy/kotlin/runtime/http/engine/crt/SdkStreamResponseHandler.kt

@@ -207,6 +207,7 @@ internal class SdkStreamResponseHandler(
             }
 
             logger.trace { "Closing connection ${conn.id}" }
+            // return to pool
             conn.close()
         }
     }