LCOV - code coverage report
Current view: top level - proxy/src/control_plane - messages.rs (source / functions) Coverage Total Hit
Test: 2e3a7638747e564a4f6d1af1cc0c3b3438fbb740.info Lines: 62.5 % 192 120
Test Date: 2024-11-20 01:36:58 Functions: 20.2 % 188 38

            Line data    Source code
       1              : use std::fmt::{self, Display};
       2              : 
       3              : use measured::FixedCardinalityLabel;
       4              : use serde::{Deserialize, Serialize};
       5              : 
       6              : use crate::auth::IpPattern;
       7              : use crate::intern::{BranchIdInt, EndpointIdInt, ProjectIdInt, RoleNameInt};
       8              : use crate::proxy::retry::CouldRetry;
       9              : 
      10              : /// Generic error response with human-readable description.
      11              : /// Note that we can't always present it to user as is.
      12            0 : #[derive(Debug, Deserialize, Clone)]
      13              : pub(crate) struct ControlPlaneErrorMessage {
      14              :     pub(crate) error: Box<str>,
      15              :     #[serde(skip)]
      16              :     pub(crate) http_status_code: http::StatusCode,
      17              :     pub(crate) status: Option<Status>,
      18              : }
      19              : 
      20              : impl ControlPlaneErrorMessage {
      21            3 :     pub(crate) fn get_reason(&self) -> Reason {
      22            3 :         self.status
      23            3 :             .as_ref()
      24            3 :             .and_then(|s| s.details.error_info.as_ref())
      25            3 :             .map_or(Reason::Unknown, |e| e.reason)
      26            3 :     }
      27              : 
      28            0 :     pub(crate) fn get_user_facing_message(&self) -> String {
      29              :         use super::errors::REQUEST_FAILED;
      30            0 :         self.status
      31            0 :             .as_ref()
      32            0 :             .and_then(|s| s.details.user_facing_message.as_ref())
      33            0 :             .map_or_else(|| {
      34            0 :                 // Ask @neondatabase/control-plane for review before adding more.
      35            0 :                 match self.http_status_code {
      36              :                     http::StatusCode::NOT_FOUND => {
      37              :                         // Status 404: failed to get a project-related resource.
      38            0 :                         format!("{REQUEST_FAILED}: endpoint cannot be found")
      39              :                     }
      40              :                     http::StatusCode::NOT_ACCEPTABLE => {
      41              :                         // Status 406: endpoint is disabled (we don't allow connections).
      42            0 :                         format!("{REQUEST_FAILED}: endpoint is disabled")
      43              :                     }
      44              :                     http::StatusCode::LOCKED | http::StatusCode::UNPROCESSABLE_ENTITY => {
      45              :                         // Status 423: project might be in maintenance mode (or bad state), or quotas exceeded.
      46            0 :                         format!("{REQUEST_FAILED}: endpoint is temporarily unavailable. Check your quotas and/or contact our support.")
      47              :                     }
      48            0 :                     _ => REQUEST_FAILED.to_owned(),
      49              :                 }
      50            0 :             }, |m| m.message.clone().into())
      51            0 :     }
      52              : }
      53              : 
      54              : impl Display for ControlPlaneErrorMessage {
      55            0 :     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
      56            0 :         let msg: &str = self
      57            0 :             .status
      58            0 :             .as_ref()
      59            0 :             .and_then(|s| s.details.user_facing_message.as_ref())
      60            0 :             .map_or_else(|| self.error.as_ref(), |m| m.message.as_ref());
      61            0 :         write!(f, "{msg}")
      62            0 :     }
      63              : }
      64              : 
      65              : impl CouldRetry for ControlPlaneErrorMessage {
      66            6 :     fn could_retry(&self) -> bool {
      67              :         // If the error message does not have a status,
      68              :         // the error is unknown and probably should not retry automatically
      69            6 :         let Some(status) = &self.status else {
      70            2 :             return false;
      71              :         };
      72              : 
      73              :         // retry if the retry info is set.
      74            4 :         if status.details.retry_info.is_some() {
      75            4 :             return true;
      76            0 :         }
      77            0 : 
      78            0 :         // if no retry info set, attempt to use the error code to guess the retry state.
      79            0 :         let reason = status
      80            0 :             .details
      81            0 :             .error_info
      82            0 :             .map_or(Reason::Unknown, |e| e.reason);
      83            0 : 
      84            0 :         reason.can_retry()
      85            6 :     }
      86              : }
      87              : 
      88            0 : #[derive(Debug, Deserialize, Clone)]
      89              : #[allow(dead_code)]
      90              : pub(crate) struct Status {
      91              :     pub(crate) code: Box<str>,
      92              :     pub(crate) message: Box<str>,
      93              :     pub(crate) details: Details,
      94              : }
      95              : 
      96            0 : #[derive(Debug, Deserialize, Clone)]
      97              : pub(crate) struct Details {
      98              :     pub(crate) error_info: Option<ErrorInfo>,
      99              :     pub(crate) retry_info: Option<RetryInfo>,
     100              :     pub(crate) user_facing_message: Option<UserFacingMessage>,
     101              : }
     102              : 
     103            0 : #[derive(Copy, Clone, Debug, Deserialize)]
     104              : pub(crate) struct ErrorInfo {
     105              :     pub(crate) reason: Reason,
     106              :     // Schema could also have `metadata` field, but it's not structured. Skip it for now.
     107              : }
     108              : 
     109            0 : #[derive(Clone, Copy, Debug, Deserialize, Default)]
     110              : pub(crate) enum Reason {
     111              :     /// RoleProtected indicates that the role is protected and the attempted operation is not permitted on protected roles.
     112              :     #[serde(rename = "ROLE_PROTECTED")]
     113              :     RoleProtected,
     114              :     /// ResourceNotFound indicates that a resource (project, endpoint, branch, etc.) wasn't found,
     115              :     /// usually due to the provided ID not being correct or because the subject doesn't have enough permissions to
     116              :     /// access the requested resource.
     117              :     /// Prefer a more specific reason if possible, e.g., ProjectNotFound, EndpointNotFound, etc.
     118              :     #[serde(rename = "RESOURCE_NOT_FOUND")]
     119              :     ResourceNotFound,
     120              :     /// ProjectNotFound indicates that the project wasn't found, usually due to the provided ID not being correct,
     121              :     /// or that the subject doesn't have enough permissions to access the requested project.
     122              :     #[serde(rename = "PROJECT_NOT_FOUND")]
     123              :     ProjectNotFound,
     124              :     /// EndpointNotFound indicates that the endpoint wasn't found, usually due to the provided ID not being correct,
     125              :     /// or that the subject doesn't have enough permissions to access the requested endpoint.
     126              :     #[serde(rename = "ENDPOINT_NOT_FOUND")]
     127              :     EndpointNotFound,
     128              :     /// BranchNotFound indicates that the branch wasn't found, usually due to the provided ID not being correct,
     129              :     /// or that the subject doesn't have enough permissions to access the requested branch.
     130              :     #[serde(rename = "BRANCH_NOT_FOUND")]
     131              :     BranchNotFound,
     132              :     /// RateLimitExceeded indicates that the rate limit for the operation has been exceeded.
     133              :     #[serde(rename = "RATE_LIMIT_EXCEEDED")]
     134              :     RateLimitExceeded,
     135              :     /// NonDefaultBranchComputeTimeExceeded indicates that the compute time quota of non-default branches has been
     136              :     /// exceeded.
     137              :     #[serde(rename = "NON_PRIMARY_BRANCH_COMPUTE_TIME_EXCEEDED")]
     138              :     NonDefaultBranchComputeTimeExceeded,
     139              :     /// ActiveTimeQuotaExceeded indicates that the active time quota was exceeded.
     140              :     #[serde(rename = "ACTIVE_TIME_QUOTA_EXCEEDED")]
     141              :     ActiveTimeQuotaExceeded,
     142              :     /// ComputeTimeQuotaExceeded indicates that the compute time quota was exceeded.
     143              :     #[serde(rename = "COMPUTE_TIME_QUOTA_EXCEEDED")]
     144              :     ComputeTimeQuotaExceeded,
     145              :     /// WrittenDataQuotaExceeded indicates that the written data quota was exceeded.
     146              :     #[serde(rename = "WRITTEN_DATA_QUOTA_EXCEEDED")]
     147              :     WrittenDataQuotaExceeded,
     148              :     /// DataTransferQuotaExceeded indicates that the data transfer quota was exceeded.
     149              :     #[serde(rename = "DATA_TRANSFER_QUOTA_EXCEEDED")]
     150              :     DataTransferQuotaExceeded,
     151              :     /// LogicalSizeQuotaExceeded indicates that the logical size quota was exceeded.
     152              :     #[serde(rename = "LOGICAL_SIZE_QUOTA_EXCEEDED")]
     153              :     LogicalSizeQuotaExceeded,
     154              :     /// RunningOperations indicates that the project already has some running operations
     155              :     /// and scheduling of new ones is prohibited.
     156              :     #[serde(rename = "RUNNING_OPERATIONS")]
     157              :     RunningOperations,
     158              :     /// ConcurrencyLimitReached indicates that the concurrency limit for an action was reached.
     159              :     #[serde(rename = "CONCURRENCY_LIMIT_REACHED")]
     160              :     ConcurrencyLimitReached,
     161              :     /// LockAlreadyTaken indicates that the we attempted to take a lock that was already taken.
     162              :     #[serde(rename = "LOCK_ALREADY_TAKEN")]
     163              :     LockAlreadyTaken,
     164              :     /// ActiveEndpointsLimitExceeded indicates that the limit of concurrently active endpoints was exceeded.
     165              :     #[serde(rename = "ACTIVE_ENDPOINTS_LIMIT_EXCEEDED")]
     166              :     ActiveEndpointsLimitExceeded,
     167              :     #[default]
     168              :     #[serde(other)]
     169              :     Unknown,
     170              : }
     171              : 
     172              : impl Reason {
     173            0 :     pub(crate) fn is_not_found(self) -> bool {
     174            0 :         matches!(
     175            0 :             self,
     176              :             Reason::ResourceNotFound
     177              :                 | Reason::ProjectNotFound
     178              :                 | Reason::EndpointNotFound
     179              :                 | Reason::BranchNotFound
     180              :         )
     181            0 :     }
     182              : 
     183            0 :     pub(crate) fn can_retry(self) -> bool {
     184            0 :         match self {
     185              :             // do not retry role protected errors
     186              :             // not a transitive error
     187            0 :             Reason::RoleProtected => false,
     188              :             // on retry, it will still not be found
     189              :             Reason::ResourceNotFound
     190              :             | Reason::ProjectNotFound
     191              :             | Reason::EndpointNotFound
     192            0 :             | Reason::BranchNotFound => false,
     193              :             // we were asked to go away
     194              :             Reason::RateLimitExceeded
     195              :             | Reason::NonDefaultBranchComputeTimeExceeded
     196              :             | Reason::ActiveTimeQuotaExceeded
     197              :             | Reason::ComputeTimeQuotaExceeded
     198              :             | Reason::WrittenDataQuotaExceeded
     199              :             | Reason::DataTransferQuotaExceeded
     200              :             | Reason::LogicalSizeQuotaExceeded
     201            0 :             | Reason::ActiveEndpointsLimitExceeded => false,
     202              :             // transitive error. control plane is currently busy
     203              :             // but might be ready soon
     204              :             Reason::RunningOperations
     205              :             | Reason::ConcurrencyLimitReached
     206            0 :             | Reason::LockAlreadyTaken => true,
     207              :             // unknown error. better not retry it.
     208            0 :             Reason::Unknown => false,
     209              :         }
     210            0 :     }
     211              : }
     212              : 
     213            0 : #[derive(Copy, Clone, Debug, Deserialize)]
     214              : #[allow(dead_code)]
     215              : pub(crate) struct RetryInfo {
     216              :     pub(crate) retry_delay_ms: u64,
     217              : }
     218              : 
     219            0 : #[derive(Debug, Deserialize, Clone)]
     220              : pub(crate) struct UserFacingMessage {
     221              :     pub(crate) message: Box<str>,
     222              : }
     223              : 
     224              : /// Response which holds client's auth secret, e.g. [`crate::scram::ServerSecret`].
     225              : /// Returned by the `/proxy_get_role_secret` API method.
     226            9 : #[derive(Deserialize)]
     227              : pub(crate) struct GetRoleSecret {
     228              :     pub(crate) role_secret: Box<str>,
     229              :     pub(crate) allowed_ips: Option<Vec<IpPattern>>,
     230              :     pub(crate) project_id: Option<ProjectIdInt>,
     231              : }
     232              : 
     233              : // Manually implement debug to omit sensitive info.
     234              : impl fmt::Debug for GetRoleSecret {
     235            0 :     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
     236            0 :         f.debug_struct("GetRoleSecret").finish_non_exhaustive()
     237            0 :     }
     238              : }
     239              : 
     240              : /// Response which holds compute node's `host:port` pair.
     241              : /// Returned by the `/proxy_wake_compute` API method.
     242            3 : #[derive(Debug, Deserialize)]
     243              : pub(crate) struct WakeCompute {
     244              :     pub(crate) address: Box<str>,
     245              :     pub(crate) aux: MetricsAuxInfo,
     246              : }
     247              : 
     248              : /// Async response which concludes the console redirect auth flow.
     249              : /// Also known as `kickResponse` in the console.
     250            4 : #[derive(Debug, Deserialize)]
     251              : pub(crate) struct KickSession<'a> {
     252              :     /// Session ID is assigned by the proxy.
     253              :     pub(crate) session_id: &'a str,
     254              : 
     255              :     /// Compute node connection params.
     256              :     #[serde(deserialize_with = "KickSession::parse_db_info")]
     257              :     pub(crate) result: DatabaseInfo,
     258              : }
     259              : 
     260              : impl KickSession<'_> {
     261            1 :     fn parse_db_info<'de, D>(des: D) -> Result<DatabaseInfo, D::Error>
     262            1 :     where
     263            1 :         D: serde::Deserializer<'de>,
     264            1 :     {
     265            2 :         #[derive(Deserialize)]
     266              :         enum Wrapper {
     267              :             // Currently, console only reports `Success`.
     268              :             // `Failure(String)` used to be here... RIP.
     269              :             Success(DatabaseInfo),
     270              :         }
     271              : 
     272            1 :         Wrapper::deserialize(des).map(|x| match x {
     273            1 :             Wrapper::Success(info) => info,
     274            1 :         })
     275            1 :     }
     276              : }
     277              : 
     278              : /// Compute node connection params.
     279           36 : #[derive(Deserialize)]
     280              : pub(crate) struct DatabaseInfo {
     281              :     pub(crate) host: Box<str>,
     282              :     pub(crate) port: u16,
     283              :     pub(crate) dbname: Box<str>,
     284              :     pub(crate) user: Box<str>,
     285              :     /// Console always provides a password, but it might
     286              :     /// be inconvenient for debug with local PG instance.
     287              :     pub(crate) password: Option<Box<str>>,
     288              :     pub(crate) aux: MetricsAuxInfo,
     289              :     #[serde(default)]
     290              :     pub(crate) allowed_ips: Option<Vec<IpPattern>>,
     291              : }
     292              : 
     293              : // Manually implement debug to omit sensitive info.
     294              : impl fmt::Debug for DatabaseInfo {
     295            0 :     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
     296            0 :         f.debug_struct("DatabaseInfo")
     297            0 :             .field("host", &self.host)
     298            0 :             .field("port", &self.port)
     299            0 :             .field("dbname", &self.dbname)
     300            0 :             .field("user", &self.user)
     301            0 :             .field("allowed_ips", &self.allowed_ips)
     302            0 :             .finish_non_exhaustive()
     303            0 :     }
     304              : }
     305              : 
     306              : /// Various labels for prometheus metrics.
     307              : /// Also known as `ProxyMetricsAuxInfo` in the console.
     308           30 : #[derive(Debug, Deserialize, Clone)]
     309              : pub(crate) struct MetricsAuxInfo {
     310              :     pub(crate) endpoint_id: EndpointIdInt,
     311              :     pub(crate) project_id: ProjectIdInt,
     312              :     pub(crate) branch_id: BranchIdInt,
     313              :     #[serde(default)]
     314              :     pub(crate) cold_start_info: ColdStartInfo,
     315              : }
     316              : 
     317           12 : #[derive(Debug, Default, Serialize, Deserialize, Clone, Copy, FixedCardinalityLabel)]
     318              : #[serde(rename_all = "snake_case")]
     319              : pub enum ColdStartInfo {
     320              :     #[default]
     321              :     Unknown,
     322              :     /// Compute was already running
     323              :     Warm,
     324              :     #[serde(rename = "pool_hit")]
     325              :     #[label(rename = "pool_hit")]
     326              :     /// Compute was not running but there was an available VM
     327              :     VmPoolHit,
     328              :     #[serde(rename = "pool_miss")]
     329              :     #[label(rename = "pool_miss")]
     330              :     /// Compute was not running and there were no VMs available
     331              :     VmPoolMiss,
     332              : 
     333              :     // not provided by control plane
     334              :     /// Connection available from HTTP pool
     335              :     HttpPoolHit,
     336              :     /// Cached connection info
     337              :     WarmCached,
     338              : }
     339              : 
     340              : impl ColdStartInfo {
     341            0 :     pub(crate) fn as_str(self) -> &'static str {
     342            0 :         match self {
     343            0 :             ColdStartInfo::Unknown => "unknown",
     344            0 :             ColdStartInfo::Warm => "warm",
     345            0 :             ColdStartInfo::VmPoolHit => "pool_hit",
     346            0 :             ColdStartInfo::VmPoolMiss => "pool_miss",
     347            0 :             ColdStartInfo::HttpPoolHit => "http_pool_hit",
     348            0 :             ColdStartInfo::WarmCached => "warm_cached",
     349              :         }
     350            0 :     }
     351              : }
     352              : 
     353            0 : #[derive(Debug, Deserialize, Clone)]
     354              : pub struct EndpointJwksResponse {
     355              :     pub jwks: Vec<JwksSettings>,
     356              : }
     357              : 
     358            0 : #[derive(Debug, Deserialize, Clone)]
     359              : pub struct JwksSettings {
     360              :     pub id: String,
     361              :     pub jwks_url: url::Url,
     362              :     pub provider_name: String,
     363              :     pub jwt_audience: Option<String>,
     364              :     pub role_names: Vec<RoleNameInt>,
     365              : }
     366              : 
     367              : #[cfg(test)]
     368              : mod tests {
     369              :     use serde_json::json;
     370              : 
     371              :     use super::*;
     372              : 
     373            6 :     fn dummy_aux() -> serde_json::Value {
     374            6 :         json!({
     375            6 :             "endpoint_id": "endpoint",
     376            6 :             "project_id": "project",
     377            6 :             "branch_id": "branch",
     378            6 :             "cold_start_info": "unknown",
     379            6 :         })
     380            6 :     }
     381              : 
     382              :     #[test]
     383            1 :     fn parse_kick_session() -> anyhow::Result<()> {
     384            1 :         // This is what the console's kickResponse looks like.
     385            1 :         let json = json!({
     386            1 :             "session_id": "deadbeef",
     387            1 :             "result": {
     388            1 :                 "Success": {
     389            1 :                     "host": "localhost",
     390            1 :                     "port": 5432,
     391            1 :                     "dbname": "postgres",
     392            1 :                     "user": "john_doe",
     393            1 :                     "password": "password",
     394            1 :                     "aux": dummy_aux(),
     395            1 :                 }
     396            1 :             }
     397            1 :         });
     398            1 :         serde_json::from_str::<KickSession<'_>>(&json.to_string())?;
     399              : 
     400            1 :         Ok(())
     401            1 :     }
     402              : 
     403              :     #[test]
     404            1 :     fn parse_db_info() -> anyhow::Result<()> {
     405            1 :         // with password
     406            1 :         serde_json::from_value::<DatabaseInfo>(json!({
     407            1 :             "host": "localhost",
     408            1 :             "port": 5432,
     409            1 :             "dbname": "postgres",
     410            1 :             "user": "john_doe",
     411            1 :             "password": "password",
     412            1 :             "aux": dummy_aux(),
     413            1 :         }))?;
     414              : 
     415              :         // without password
     416            1 :         serde_json::from_value::<DatabaseInfo>(json!({
     417            1 :             "host": "localhost",
     418            1 :             "port": 5432,
     419            1 :             "dbname": "postgres",
     420            1 :             "user": "john_doe",
     421            1 :             "aux": dummy_aux(),
     422            1 :         }))?;
     423              : 
     424              :         // new field (forward compatibility)
     425            1 :         serde_json::from_value::<DatabaseInfo>(json!({
     426            1 :             "host": "localhost",
     427            1 :             "port": 5432,
     428            1 :             "dbname": "postgres",
     429            1 :             "user": "john_doe",
     430            1 :             "project": "hello_world",
     431            1 :             "N.E.W": "forward compatibility check",
     432            1 :             "aux": dummy_aux(),
     433            1 :         }))?;
     434              : 
     435              :         // with allowed_ips
     436            1 :         let dbinfo = serde_json::from_value::<DatabaseInfo>(json!({
     437            1 :             "host": "localhost",
     438            1 :             "port": 5432,
     439            1 :             "dbname": "postgres",
     440            1 :             "user": "john_doe",
     441            1 :             "password": "password",
     442            1 :             "aux": dummy_aux(),
     443            1 :             "allowed_ips": ["127.0.0.1"],
     444            1 :         }))?;
     445              : 
     446            1 :         assert_eq!(
     447            1 :             dbinfo.allowed_ips,
     448            1 :             Some(vec![IpPattern::Single("127.0.0.1".parse()?)])
     449              :         );
     450              : 
     451            1 :         Ok(())
     452            1 :     }
     453              : 
     454              :     #[test]
     455            1 :     fn parse_wake_compute() -> anyhow::Result<()> {
     456            1 :         let json = json!({
     457            1 :             "address": "0.0.0.0",
     458            1 :             "aux": dummy_aux(),
     459            1 :         });
     460            1 :         serde_json::from_str::<WakeCompute>(&json.to_string())?;
     461            1 :         Ok(())
     462            1 :     }
     463              : 
     464              :     #[test]
     465            1 :     fn parse_get_role_secret() -> anyhow::Result<()> {
     466            1 :         // Empty `allowed_ips` field.
     467            1 :         let json = json!({
     468            1 :             "role_secret": "secret",
     469            1 :         });
     470            1 :         serde_json::from_str::<GetRoleSecret>(&json.to_string())?;
     471            1 :         let json = json!({
     472            1 :             "role_secret": "secret",
     473            1 :             "allowed_ips": ["8.8.8.8"],
     474            1 :         });
     475            1 :         serde_json::from_str::<GetRoleSecret>(&json.to_string())?;
     476            1 :         let json = json!({
     477            1 :             "role_secret": "secret",
     478            1 :             "allowed_ips": ["8.8.8.8"],
     479            1 :             "project_id": "project",
     480            1 :         });
     481            1 :         serde_json::from_str::<GetRoleSecret>(&json.to_string())?;
     482              : 
     483            1 :         Ok(())
     484            1 :     }
     485              : }
        

Generated by: LCOV version 2.1-beta