Issue 731: Add RetryOnRenew handler to renew expired token

2012-01-10 09:44:01 +00:00 · 2012-01-10 09:44:01 +00:00 · 2d0db63f51
parent da0b870295
commit 2d0db63f51
5 changed files with 389 additions and 3 deletions
--- a/apis/cloudservers/src/main/java/org/jclouds/cloudservers/config/CloudServersRestClientModule.java
+++ b/apis/cloudservers/src/main/java/org/jclouds/cloudservers/config/CloudServersRestClientModule.java
@ -27,6 +27,7 @@ import org.jclouds.cloudservers.CloudServersClient;
 import org.jclouds.cloudservers.ServerManagement;
 import org.jclouds.cloudservers.handlers.ParseCloudServersErrorFromHttpResponse;
 import org.jclouds.http.HttpErrorHandler;
+import org.jclouds.http.HttpRetryHandler;
 import org.jclouds.http.RequiresHttp;
 import org.jclouds.http.annotation.ClientError;
 import org.jclouds.http.annotation.Redirection;
@ -35,6 +36,7 @@ import org.jclouds.json.config.GsonModule.DateAdapter;
 import org.jclouds.json.config.GsonModule.Iso8601DateAdapter;
 import org.jclouds.openstack.OpenStackAuthAsyncClient.AuthenticationResponse;
 import org.jclouds.openstack.config.OpenStackAuthenticationModule;
+import org.jclouds.openstack.handlers.RetryOnRenew;
 import org.jclouds.openstack.reference.AuthHeaders;
 import org.jclouds.rest.ConfiguresRestClient;
 import org.jclouds.rest.config.RestClientModule;
@ -74,6 +76,11 @@ public class CloudServersRestClientModule extends RestClientModule<CloudServersC
      bind(HttpErrorHandler.class).annotatedWith(ServerError.class).to(ParseCloudServersErrorFromHttpResponse.class);
   }

+   @Override
+   protected void bindRetryHandlers() {
+      bind(HttpRetryHandler.class).annotatedWith(ClientError.class).to(RetryOnRenew.class);
+   }
+
   @Provides
   @Singleton
   @ServerManagement
--- a/apis/cloudservers/src/test/java/org/jclouds/cloudservers/handlers/RetryOnRenewExpectTest.java
+++ b/apis/cloudservers/src/test/java/org/jclouds/cloudservers/handlers/RetryOnRenewExpectTest.java
@ -0,0 +1,173 @@
+/**
+ * Licensed to jclouds, Inc. (jclouds) under one or more
+ * contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  jclouds licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jclouds.cloudservers.handlers;
+
+import java.net.URI;
+
+import org.jclouds.cloudservers.CloudServersClient;
+import org.jclouds.cloudservers.internal.BaseCloudServersRestClientExpectTest;
+import org.jclouds.http.HttpRequest;
+import org.jclouds.http.HttpResponse;
+import org.jclouds.io.Payloads;
+import org.jclouds.rest.AuthorizationException;
+import org.testng.annotations.Test;
+
+import com.google.common.collect.ImmutableMultimap;
+
+/**
+ * Tests behavior of {@code RetryOnRenew} handler
+ * 
+ * @author grkvlt@apache.org
+ */
+@Test(groups = "unit", testName = "RetryOnRenewExpectTest")
+public class RetryOnRenewExpectTest extends BaseCloudServersRestClientExpectTest {
+
+   @Test
+   public void testShouldReauthenticateOn401() {
+      String authToken = "d6245d35-22a0-47c0-9770-2c5097da25fc";
+      String authToken2 = "12345678-9012-47c0-9770-2c5097da25fc";
+      
+      HttpRequest initialAuth = HttpRequest.builder().method("GET").endpoint(URI.create("https://auth/v1.0"))
+               .headers(
+               ImmutableMultimap.<String, String> builder()
+               .put("X-Auth-User", "identity")
+               .put("X-Auth-Key", "credential")
+               .put("Accept", "*/*").build()).build();
+      
+      
+      HttpResponse responseWithUrls = HttpResponse.builder().statusCode(204).message("HTTP/1.1 204 No Content")
+               .headers(ImmutableMultimap.<String,String>builder()
+               .put("Server", "Apache/2.2.3 (Red Hat)")
+               .put("vary", "X-Auth-Token,X-Auth-Key,X-Storage-User,X-Storage-Pass")
+               .put("X-Storage-Url", "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_dc1f419c-5059-4c87-a389-3f2e33a77b22")
+               .put("Cache-Control", "s-maxage=86399")
+               .put("Content-Type", "text/xml")
+               .put("Date", "Tue, 10 Jan 2012 22:08:47 GMT")
+               .put("X-Auth-Token", authToken)
+               .put("X-Server-Management-Url","https://servers.api.rackspacecloud.com/v1.0/413274")
+               .put("X-Storage-Token", authToken)
+               .put("Connection", "Keep-Alive")
+               .put("X-CDN-Management-Url", "https://cdn1.clouddrive.com/v1/MossoCloudFS_dc1f419c-5059-4c87-a389-3f2e33a77b22")
+               .put("Content-Length", "0")
+               .build()).build();
+      
+      HttpResponse responseWithUrls2 = HttpResponse.builder().statusCode(204).message("HTTP/1.1 204 No Content")
+               .headers(ImmutableMultimap.<String,String>builder()
+               .put("Server", "Apache/2.2.3 (Red Hat)")
+               .put("vary", "X-Auth-Token,X-Auth-Key,X-Storage-User,X-Storage-Pass")
+               .put("X-Storage-Url", "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_dc1f419c-5059-4c87-a389-3f2e33a77b22")
+               .put("Cache-Control", "s-maxage=86399")
+               .put("Content-Type", "text/xml")
+               .put("Date", "Tue, 10 Jan 2012 22:08:47 GMT")
+               .put("X-Auth-Token", authToken2)
+               .put("X-Server-Management-Url","https://servers.api.rackspacecloud.com/v1.0/413274")
+               .put("X-Storage-Token", authToken2)
+               .put("Connection", "Keep-Alive")
+               .put("X-CDN-Management-Url", "https://cdn1.clouddrive.com/v1/MossoCloudFS_dc1f419c-5059-4c87-a389-3f2e33a77b22")
+               .put("Content-Length", "0")
+               .build()).build();
+                     
+      HttpRequest deleteImage = HttpRequest.builder().method("DELETE").endpoint(
+               URI.create("https://servers.api.rackspacecloud.com/v1.0/413274/images/11?now=1257695648897")).headers(
+               ImmutableMultimap.<String, String> builder()
+               .put("X-Auth-Token", authToken).build()).build();
+
+      HttpResponse pleaseRenew = HttpResponse.builder().statusCode(401)
+               .message("HTTP/1.1 401 Unauthorized")
+               .payload(Payloads.newStringPayload("[{\"unauthorized\":{\"message\":\"Invalid authentication token.  Please renew.\",\"code\":401}}]"))
+               .build();
+
+      HttpRequest deleteImage2 = HttpRequest.builder().method("DELETE").endpoint(
+               URI.create("https://servers.api.rackspacecloud.com/v1.0/413274/images/11?now=1257695648897")).headers(
+               ImmutableMultimap.<String, String> builder()
+               .put("X-Auth-Token", authToken2).build()).build();
+
+      HttpResponse imageDeleted = HttpResponse.builder().statusCode(204).message("HTTP/1.1 204 No Content").build();
+
+      CloudServersClient clientWhenImageExists = orderedRequestsSendResponses(initialAuth, responseWithUrls,
+                deleteImage, pleaseRenew, initialAuth, responseWithUrls2, deleteImage2, imageDeleted);
+      
+      assert clientWhenImageExists.deleteImage(11);
+   }
+
+   @Test(expectedExceptions=AuthorizationException.class)
+   public void testDoesNotReauthenticateOnFatal401() {
+      String authToken = "d6245d35-22a0-47c0-9770-2c5097da25fc";
+      
+      HttpRequest initialAuth = HttpRequest.builder().method("GET").endpoint(URI.create("https://auth/v1.0"))
+               .headers(
+               ImmutableMultimap.<String, String> builder()
+               .put("X-Auth-User", "identity")
+               .put("X-Auth-Key", "credential")
+               .put("Accept", "*/*").build()).build();
+      
+      
+      HttpResponse responseWithUrls = HttpResponse.builder().statusCode(204).message("HTTP/1.1 204 No Content")
+               .headers(ImmutableMultimap.<String,String>builder()
+               .put("Server", "Apache/2.2.3 (Red Hat)")
+               .put("vary", "X-Auth-Token,X-Auth-Key,X-Storage-User,X-Storage-Pass")
+               .put("X-Storage-Url", "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_dc1f419c-5059-4c87-a389-3f2e33a77b22")
+               .put("Cache-Control", "s-maxage=86399")
+               .put("Content-Type", "text/xml")
+               .put("Date", "Tue, 10 Jan 2012 22:08:47 GMT")
+               .put("X-Auth-Token", authToken)
+               .put("X-Server-Management-Url","https://servers.api.rackspacecloud.com/v1.0/413274")
+               .put("X-Storage-Token", authToken)
+               .put("Connection", "Keep-Alive")
+               .put("X-CDN-Management-Url", "https://cdn1.clouddrive.com/v1/MossoCloudFS_dc1f419c-5059-4c87-a389-3f2e33a77b22")
+               .put("Content-Length", "0")
+               .build()).build();
+      
+      HttpRequest deleteImage = HttpRequest.builder().method("DELETE").endpoint(
+               URI.create("https://servers.api.rackspacecloud.com/v1.0/413274/images/11?now=1257695648897")).headers(
+               ImmutableMultimap.<String, String> builder()
+               .put("X-Auth-Token", authToken).build()).build();
+
+      HttpResponse unauthResponse = HttpResponse.builder().statusCode(401)
+               .message("HTTP/1.1 401 Unauthorized")
+               .payload(Payloads.newStringPayload("[{\"unauthorized\":{\"message\":\"Fatal unauthorized.\",\"code\":401}}]"))
+               .build();
+
+      CloudServersClient client = orderedRequestsSendResponses(initialAuth, responseWithUrls,
+                deleteImage, unauthResponse);
+      
+      client.deleteImage(11);
+   }
+
+   // FIXME stack trace shows the AuthorizationException, but it's buried inside a guice TestException
+   @Test(enabled=false, expectedExceptions=AuthorizationException.class)
+   public void testDoesNotReauthenticateOnAuthentication401() {
+      HttpRequest initialAuth = HttpRequest.builder().method("GET").endpoint(URI.create("https://auth/v1.0"))
+               .headers(
+               ImmutableMultimap.<String, String> builder()
+               .put("X-Auth-User", "identity")
+               .put("X-Auth-Key", "credential")
+               .put("Accept", "*/*").build()).build();
+      
+      
+      HttpResponse unauthResponse = HttpResponse.builder().statusCode(401)
+               .message("HTTP/1.1 401 Unauthorized")
+               .payload(Payloads.newStringPayload("[{\"unauthorized\":{\"message\":\"A different message implying fatal.\",\"code\":401}}]"))
+               .build();
+
+      CloudServersClient client = orderedRequestsSendResponses(initialAuth, unauthResponse);
+                    
+      client.deleteImage(11);
+   }
+}
--- a/common/openstack/src/main/java/org/jclouds/openstack/config/OpenStackAuthenticationModule.java
+++ b/common/openstack/src/main/java/org/jclouds/openstack/config/OpenStackAuthenticationModule.java
@ -40,6 +40,10 @@ import org.jclouds.rest.AsyncClientFactory;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.base.Throwables;
+import com.google.common.cache.CacheBuilder;
+import com.google.common.cache.CacheLoader;
+import com.google.common.cache.LoadingCache;
+import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.google.inject.AbstractModule;
 import com.google.inject.Provides;

@ -104,10 +108,41 @@ public class OpenStackAuthenticationModule extends AbstractModule {

   @Provides
   @Singleton
-   protected Supplier<AuthenticationResponse> provideAuthenticationResponseCache(
+   public LoadingCache<String,AuthenticationResponse> provideAuthenticationResponseCache2(
            final GetAuthenticationResponse getAuthenticationResponse) {
-      return Suppliers.memoizeWithExpiration(new RetryOnTimeOutExceptionSupplier<AuthenticationResponse>(
-               getAuthenticationResponse), 23, TimeUnit.HOURS);
+      
+      final RetryOnTimeOutExceptionSupplier<AuthenticationResponse> delegate = 
+               new RetryOnTimeOutExceptionSupplier<AuthenticationResponse>(getAuthenticationResponse);
+
+      CacheLoader<String, AuthenticationResponse> cacheLoader = new CacheLoader<String, AuthenticationResponse>() {
+         @Override
+         public AuthenticationResponse load(String key) throws Exception {
+            return delegate.get();
+         }
+      };
+      
+      LoadingCache<String, AuthenticationResponse> cache = CacheBuilder.newBuilder().expireAfterWrite(23, TimeUnit.HOURS)
+               .build(cacheLoader);
+      
+      return cache;
+   }
+
+   @Provides
+   @Singleton
+   protected Supplier<AuthenticationResponse> provideAuthenticationResponseSupplier(
+            final LoadingCache<String,AuthenticationResponse> cache) {
+      return new Supplier<AuthenticationResponse>() {
+         @Override
+         public AuthenticationResponse get() {
+            try {
+               return cache.get("key");
+            } catch (UncheckedExecutionException e) {
+               throw Throwables.propagate(e.getCause());
+            } catch (ExecutionException e) {
+               throw Throwables.propagate(e.getCause());
+            }
+         }
+      };
   }

   @Provides
--- a/common/openstack/src/main/java/org/jclouds/openstack/handlers/RetryOnRenew.java
+++ b/common/openstack/src/main/java/org/jclouds/openstack/handlers/RetryOnRenew.java
@ -0,0 +1,98 @@
+/**
+ * Licensed to jclouds, Inc. (jclouds) under one or more
+ * contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  jclouds licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jclouds.openstack.handlers;
+
+import static org.jclouds.http.HttpUtils.releasePayload;
+
+import java.io.IOException;
+
+import javax.annotation.Resource;
+
+import org.jclouds.http.HttpCommand;
+import org.jclouds.http.HttpResponse;
+import org.jclouds.http.HttpRetryHandler;
+import org.jclouds.logging.Logger;
+import org.jclouds.openstack.OpenStackAuthAsyncClient.AuthenticationResponse;
+import org.jclouds.openstack.reference.AuthHeaders;
+import org.jclouds.util.Strings2;
+
+import com.google.common.cache.LoadingCache;
+import com.google.common.collect.Multimap;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+/**
+ * This will parse and set an appropriate exception on the command object.
+ * 
+ * @author Adrian Cole
+ * 
+ */
+@Singleton
+public class RetryOnRenew implements HttpRetryHandler {
+   @Resource
+   protected Logger logger = Logger.NULL;
+
+   // This doesn't work yet
+//   @Inject
+//   Supplier<AuthenticationResponse> providedAuthenticationResponseCache;
+
+   @Inject
+   LoadingCache<String,AuthenticationResponse> authenticationResponseCache;
+
+   @Override
+   public boolean shouldRetryRequest(HttpCommand command, HttpResponse response) {
+      boolean retry = false; // default
+      try {
+         switch (response.getStatusCode()) {
+            case 401:
+               // Do not retry on 401 from authentication request
+               Multimap<String, String> headers = command.getCurrentRequest().getHeaders();
+               if (headers != null && headers.containsKey(AuthHeaders.AUTH_USER) && headers.containsKey(AuthHeaders.AUTH_KEY) &&
+                     !headers.containsKey(AuthHeaders.AUTH_TOKEN)) {
+                  retry = false;
+               } else {
+                  String content = parsePayloadOrNull(response);
+                  if (content != null && content.contains("lease renew")) {
+                     // Otherwise invalidate the token cache, to force reauthentication
+                     authenticationResponseCache.invalidateAll();
+                     retry = true;
+                  } else {
+                     retry = false;
+                  }
+               }
+               break;
+         }
+         return retry;
+         
+      } finally {
+         releasePayload(response);
+      }
+   }
+   
+   String parsePayloadOrNull(HttpResponse response) {
+      if (response.getPayload() != null) {
+         try {
+            return Strings2.toStringAndClose(response.getPayload().getInput());
+         } catch (IOException e) {
+            logger.warn(e, "exception reading error from response", response);
+         }
+      }
+      return null;
+   }
+}
--- a/common/openstack/src/test/java/org/jclouds/openstack/handlers/RetryOnRenewTest.java
+++ b/common/openstack/src/test/java/org/jclouds/openstack/handlers/RetryOnRenewTest.java
@ -0,0 +1,73 @@
+/**
+ * Licensed to jclouds, Inc. (jclouds) under one or more
+ * contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  jclouds licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jclouds.openstack.handlers;
+
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
+import static org.easymock.classextension.EasyMock.createMock;
+import static org.easymock.classextension.EasyMock.replay;
+import static org.easymock.classextension.EasyMock.verify;
+import static org.testng.Assert.assertTrue;
+
+import org.jclouds.http.HttpCommand;
+import org.jclouds.http.HttpRequest;
+import org.jclouds.http.HttpResponse;
+import org.jclouds.io.Payloads;
+import org.jclouds.openstack.OpenStackAuthAsyncClient.AuthenticationResponse;
+import org.testng.annotations.Test;
+
+import com.google.common.cache.LoadingCache;
+
+/**
+ * Tests behavior of {@code RetryOnRenew} handler
+ * 
+ * @author grkvlt@apache.org
+ */
+@Test(groups = "unit", testName = "RetryOnRenewTest")
+public class RetryOnRenewTest {
+   @Test
+   public void test401ShouldRetry() {
+      HttpCommand command = createMock(HttpCommand.class);
+      HttpRequest request = createMock(HttpRequest.class);
+      HttpResponse response = createMock(HttpResponse.class);
+      @SuppressWarnings("unchecked")
+      LoadingCache<String,AuthenticationResponse> cache = createMock(LoadingCache.class);
+
+      expect(command.getCurrentRequest()).andReturn(request);
+
+      cache.invalidateAll();
+      expectLastCall();
+      
+      expect(response.getPayload()).andReturn(Payloads.newStringPayload("token expired, please renew")).anyTimes();
+      expect(response.getStatusCode()).andReturn(401).atLeastOnce();
+
+      replay(command);
+      replay(response);
+      replay(cache);
+      
+      RetryOnRenew retry = new RetryOnRenew();
+      retry.authenticationResponseCache = cache;
+      
+      assertTrue(retry.shouldRetryRequest(command, response));
+
+      verify(command);
+      verify(response);
+      verify(cache);
+   }
+}