[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=915847&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-915847 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 22/Apr/24 15:19 Start Date: 22/Apr/24 15:19 Worklog Time Spent: 10m Work Description: jbertram merged PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871 Issue Time Tracking --- Worklog Id: (was: 915847) Time Spent: 2h 10m (was: 2h) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=914814&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-914814 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 16/Apr/24 09:05 Start Date: 16/Apr/24 09:05 Worklog Time Spent: 10m Work Description: gtully commented on PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871#issuecomment-2058602117 on the config change, if a similar feature became available in the core, it would never be a breaking change, it would require a config change, but not a break. new config would be needed and the plugin removed. But more generally, on plugins for "users", I think it is an extension point, but we are all users! Issue Time Tracking --- Worklog Id: (was: 914814) Time Spent: 2h (was: 1h 50m) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 2h > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=913751&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-913751 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 09/Apr/24 17:13 Start Date: 09/Apr/24 17:13 Worklog Time Spent: 10m Work Description: jbertram commented on PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871#issuecomment-2045717014 I've gone back and forth on this in my mind a few times. I see your points, but if this functionality "becomes part of lots of deployments" then changing the way it's configured will be a breaking change for users which won't be a good experience. If the configuration is part of the core schema then they can get auto-completion (depending on the config editor they use) and validation. The code will be shipped with the broker either way. Whether it is optional can depend on configuration regardless of it it is a plugin. Generally speaking, I see plugins as a way for _users_ to add functionality to the broker. Personally I think this makes sense in the core broker. Issue Time Tracking --- Worklog Id: (was: 913751) Time Spent: 1h 50m (was: 1h 40m) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[
https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=913748&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-913748
]
ASF GitHub Bot logged work on ARTEMIS-4709:
---
Author: ASF GitHub Bot
Created on: 09/Apr/24 16:47
Start Date: 09/Apr/24 16:47
Worklog Time Spent: 10m
Work Description: gtully commented on code in PR #4871:
URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1557991812
##
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java:
##
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.server.plugin.impl;
+
+import java.lang.invoke.MethodHandles;
+import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+import org.apache.activemq.artemis.api.core.ActiveMQDisconnectedException;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
+import
org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection;
+import org.apache.activemq.artemis.core.remoting.server.RemotingService;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
+import org.apache.activemq.artemis.utils.RandomUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ConnectionPeriodicExpiryPlugin implements
ActiveMQServerBasePlugin {
+
+ private static final Logger logger =
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+
+ private String name;
+ private long periodSeconds;
+ private int accuracyWindowSeconds;
+ private String acceptorMatchRegex;
+
+ private ScheduledExecutorService executor;
+ private RemotingService remotingService;
+ private Pattern matchPattern;
+ private ScheduledFuture task;
+
+ public ConnectionPeriodicExpiryPlugin() {
+ periodSeconds = TimeUnit.MINUTES.toSeconds(15);
+ accuracyWindowSeconds = 30;
+ }
+
+ @Override
+ public void registered(ActiveMQServer server) {
+
+ sanityCheckConfig();
+
+ executor = server.getScheduledPool();
+ remotingService = server.getRemotingService();
+ matchPattern = Pattern.compile(acceptorMatchRegex);
+
+ task = executor.scheduleWithFixedDelay(() -> {
Review Comment:
I don't know if it is necessary or better, but consistency is good. I was
trying to keep it as simple as possible, the task should be fast to complete,
and it delegates a new task for the actual disconnect so I did not thing it
warranted a separate executor.
Issue Time Tracking
---
Worklog Id: (was: 913748)
Time Spent: 1h 40m (was: 1.5h)
> Add a plugin to provide periodic expiry of connections on a per acceptor basis
> --
>
> Key: ARTEMIS-4709
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4709
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
>Affects Versions: 2.33.0
>Reporter: Gary Tully
>Assignee: Gary Tully
>Priority: Major
> Fix For: 2.34.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> When credential rotation needs to be enforced, active connections need to be
> terminated on some timeline to ensure credentials are reevaluated. There are
> management apis that can be used but these require some intervention.
> In addition to enforce some SLA around duration of connections, having an
> easy way to limit connections to a given maximum period can be helpful.
> A plugin that will be applied on an per acceptor basis, that can be used to
> disconnect connections that have lived for some pe
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[
https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=913212&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-913212
]
ASF GitHub Bot logged work on ARTEMIS-4709:
---
Author: ASF GitHub Bot
Created on: 05/Apr/24 14:07
Start Date: 05/Apr/24 14:07
Worklog Time Spent: 10m
Work Description: clebertsuconic commented on code in PR #4871:
URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1553725105
##
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java:
##
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.server.plugin.impl;
+
+import java.lang.invoke.MethodHandles;
+import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+import org.apache.activemq.artemis.api.core.ActiveMQDisconnectedException;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
+import
org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection;
+import org.apache.activemq.artemis.core.remoting.server.RemotingService;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
+import org.apache.activemq.artemis.utils.RandomUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ConnectionPeriodicExpiryPlugin implements
ActiveMQServerBasePlugin {
+
+ private static final Logger logger =
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+
+ private String name;
+ private long periodSeconds;
+ private int accuracyWindowSeconds;
+ private String acceptorMatchRegex;
+
+ private ScheduledExecutorService executor;
+ private RemotingService remotingService;
+ private Pattern matchPattern;
+ private ScheduledFuture task;
+
+ public ConnectionPeriodicExpiryPlugin() {
+ periodSeconds = TimeUnit.MINUTES.toSeconds(15);
+ accuracyWindowSeconds = 30;
+ }
+
+ @Override
+ public void registered(ActiveMQServer server) {
+
+ sanityCheckConfig();
+
+ executor = server.getScheduledPool();
+ remotingService = server.getRemotingService();
+ matchPattern = Pattern.compile(acceptorMatchRegex);
+
+ task = executor.scheduleWithFixedDelay(() -> {
Review Comment:
Optional: I have been using ActiveMQScheduledComponent to all the scheduled
services we have. it supports having a separate Executor for the task itself.
Issue Time Tracking
---
Worklog Id: (was: 913212)
Time Spent: 1.5h (was: 1h 20m)
> Add a plugin to provide periodic expiry of connections on a per acceptor basis
> --
>
> Key: ARTEMIS-4709
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4709
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
>Affects Versions: 2.33.0
>Reporter: Gary Tully
>Assignee: Gary Tully
>Priority: Major
> Fix For: 2.34.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> When credential rotation needs to be enforced, active connections need to be
> terminated on some timeline to ensure credentials are reevaluated. There are
> management apis that can be used but these require some intervention.
> In addition to enforce some SLA around duration of connections, having an
> easy way to limit connections to a given maximum period can be helpful.
> A plugin that will be applied on an per acceptor basis, that can be used to
> disconnect connections that have lived for some period can provide a nice
> building block for these use cases.
--
This message was sent by Atlassia
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912987&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912987 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 04/Apr/24 09:23 Start Date: 04/Apr/24 09:23 Worklog Time Spent: 10m Work Description: gtully commented on PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871#issuecomment-2036652885 > Is there a particular reason this needs to be a plugin vs. just a normal bit of functionality in the core server? Plugins are nice for some things, but they're kind of clunky to configure. This seems like something that would fit well on an `acceptor` URL. I am thinking that the broker is all about keeping connections alive or whacking them when consumers are slow etc, but this plugin is a very blunt and simple approach, that is ideal for security or some special operator sla, but not a core concern. It is cross cutting (generally applicable), but not typically necessary so leaving it totally optional makes sense to me. If it turns out that this plugin becomes part of lots of deployments, and possibly we need to improve from a performance point of view, we can consider pulling it into the core. The plugin api makes the logic simple to implement, understand and maintain or extend, but also makes it totally optional. I think those are all positives. On the config, I make this plugin a java bean with a name, and through properties it is fairly intuitive. I think the chunkiness of plugin config is a different problem, but not a reason to not use plugins! Issue Time Tracking --- Worklog Id: (was: 912987) Time Spent: 1h 20m (was: 1h 10m) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912878&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912878 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 03/Apr/24 17:13 Start Date: 03/Apr/24 17:13 Worklog Time Spent: 10m Work Description: jbertram commented on PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871#issuecomment-2035146948 Is there a particular reason this needs to be a plugin vs. just a normal bit of functionality in the core server? Plugins are nice for some things, but they're kind of clunky to configure. This seems like something that would fit well on an `acceptor` URL. Issue Time Tracking --- Worklog Id: (was: 912878) Time Spent: 1h 10m (was: 1h) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912811&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912811 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 03/Apr/24 10:36 Start Date: 03/Apr/24 10:36 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1549448744 ## docs/user-manual/broker-plugins.adoc: ## @@ -178,3 +178,30 @@ In the example below `ROLE_PROPERTY` is set to `permissions` when that property + +== Using the ConnectionPeriodicExpiryPlugin + +The `ConnectionPeriodicExpiryPlugin` will implement a global expiry (and disconnect) for connections that live longer than `periodSeconds` on a matching acceptor basis. + +This plugin can be useful when credential rotation or credential validation must be enforced at regular intervals as authentication will be enforced on reconnect. + +The plugin requires the configuration of the `acceptorMatchRegex` to determine the acceptors to monitor. It is typical to separate client acceptors and federation or cluster acceptors such that only client connections will be subject to periodic expiry. The `acceptorMatchRegex` must be configured to match the name of the acceptor(s) whose connections will be subject to periodic expiry. + +|=== +| Property | Property Description | Default Value + +|`acceptorMatchRegex`|the regular expression used to match against the names of acceptors to monitor | "" +|`periodSeconds`|the max duration or period, in seconds, that a connection can last | 15 minutes (as seconds) Review Comment: fair point, thanks! Issue Time Tracking --- Worklog Id: (was: 912811) Time Spent: 1h (was: 50m) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 1h > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[
https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912809&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912809
]
ASF GitHub Bot logged work on ARTEMIS-4709:
---
Author: ASF GitHub Bot
Created on: 03/Apr/24 10:36
Start Date: 03/Apr/24 10:36
Worklog Time Spent: 10m
Work Description: gtully commented on code in PR #4871:
URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1549447528
##
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java:
##
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.artemis.core.server.plugin.impl;
+
+import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+import org.apache.activemq.artemis.api.core.ActiveMQDisconnectedException;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
+import
org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection;
+import org.apache.activemq.artemis.core.remoting.server.RemotingService;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
+import org.apache.activemq.artemis.utils.RandomUtil;
+
+public class ConnectionPeriodicExpiryPlugin implements
ActiveMQServerBasePlugin {
+
+ private String name;
+ private long periodSeconds;
+ private int accuracyWindowSeconds;
+ private String acceptorMatchRegex;
+
+ private ScheduledExecutorService executor;
+ private RemotingService remotingService;
+ private Pattern matchPattern;
+ private ScheduledFuture task;
+
+ public ConnectionPeriodicExpiryPlugin() {
+ periodSeconds = TimeUnit.MINUTES.toSeconds(15);
+ accuracyWindowSeconds = 30;
+ acceptorMatchRegex = ""; // no match
+ }
+
+ @Override
+ public void registered(ActiveMQServer server) {
+ executor = server.getScheduledPool();
+ remotingService = server.getRemotingService();
+ matchPattern = Pattern.compile(acceptorMatchRegex);
+
+ task = executor.scheduleWithFixedDelay(() -> {
+
+ final long currentTime = System.currentTimeMillis();
+ for (Acceptor acceptor : remotingService.getAcceptors().values()) {
+if (matchPattern.matcher(acceptor.getName()).matches()) {
+ if (acceptor instanceof NettyAcceptor) {
+ NettyAcceptor nettyAcceptor = (NettyAcceptor) acceptor;
+
+ for (NettyServerConnection nettyServerConnection :
nettyAcceptor.getConnections().values()) {
+ RemotingConnection remotingConnection =
remotingService.getConnection(nettyServerConnection.getID());
+ if (currentTime > remotingConnection.getCreationTime() +
periodSeconds ) {
+executor.schedule(() -> {
+
remotingService.removeConnection(remotingConnection.getID());
+ remotingConnection.fail(new
ActiveMQDisconnectedException("terminated by session expiry plugin"));
+}, RandomUtil.randomMax(accuracyWindowSeconds),
TimeUnit.SECONDS);
+ }
+ }
+ }
+}
+ }
+ }, accuracyWindowSeconds, accuracyWindowSeconds, TimeUnit.SECONDS);
+ }
+
+ @Override
+ public void unregistered(ActiveMQServer server) {
+ task.cancel(true);
+ }
+
+ @Override
+ public void init(Map properties) {
+ name = properties.getOrDefault("name", name);
+ periodSeconds = Long.parseLong(properties.getOrDefault("periodSeconds",
Long.toString(periodSeconds)));
+ accuracyWindowSeconds =
Integer.parseInt(properties.getOrDefault("accuracyWindowSeconds",
Long.toString(accuracyWindowSeconds)));
+ if (accuracyWi
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[
https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912808&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912808
]
ASF GitHub Bot logged work on ARTEMIS-4709:
---
Author: ASF GitHub Bot
Created on: 03/Apr/24 10:33
Start Date: 03/Apr/24 10:33
Worklog Time Spent: 10m
Work Description: gtully commented on code in PR #4871:
URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1549442970
##
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java:
##
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.artemis.core.server.plugin.impl;
+
+import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+import org.apache.activemq.artemis.api.core.ActiveMQDisconnectedException;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
+import
org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection;
+import org.apache.activemq.artemis.core.remoting.server.RemotingService;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
+import org.apache.activemq.artemis.utils.RandomUtil;
+
+public class ConnectionPeriodicExpiryPlugin implements
ActiveMQServerBasePlugin {
+
+ private String name;
+ private long periodSeconds;
+ private int accuracyWindowSeconds;
+ private String acceptorMatchRegex;
+
+ private ScheduledExecutorService executor;
+ private RemotingService remotingService;
+ private Pattern matchPattern;
+ private ScheduledFuture task;
+
+ public ConnectionPeriodicExpiryPlugin() {
+ periodSeconds = TimeUnit.MINUTES.toSeconds(15);
+ accuracyWindowSeconds = 30;
+ acceptorMatchRegex = ""; // no match
+ }
+
+ @Override
+ public void registered(ActiveMQServer server) {
+ executor = server.getScheduledPool();
+ remotingService = server.getRemotingService();
+ matchPattern = Pattern.compile(acceptorMatchRegex);
+
+ task = executor.scheduleWithFixedDelay(() -> {
+
+ final long currentTime = System.currentTimeMillis();
+ for (Acceptor acceptor : remotingService.getAcceptors().values()) {
+if (matchPattern.matcher(acceptor.getName()).matches()) {
+ if (acceptor instanceof NettyAcceptor) {
+ NettyAcceptor nettyAcceptor = (NettyAcceptor) acceptor;
+
+ for (NettyServerConnection nettyServerConnection :
nettyAcceptor.getConnections().values()) {
+ RemotingConnection remotingConnection =
remotingService.getConnection(nettyServerConnection.getID());
+ if (currentTime > remotingConnection.getCreationTime() +
periodSeconds ) {
Review Comment:
good catch, thanks. fixed and some more tests added
Issue Time Tracking
---
Worklog Id: (was: 912808)
Time Spent: 40m (was: 0.5h)
> Add a plugin to provide periodic expiry of connections on a per acceptor basis
> --
>
> Key: ARTEMIS-4709
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4709
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
>Affects Versions: 2.33.0
>Reporter: Gary Tully
>Assignee: Gary Tully
>Priority: Major
> Fix For: 2.34.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> When credential rotation needs to be enforced, active connections need to be
> terminated on some timeline to ensure credentials are reevaluated. There are
> management apis that can be used but these require some intervention.
> In
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912807&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912807 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 03/Apr/24 10:32 Start Date: 03/Apr/24 10:32 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1549441701 ## artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java: ## @@ -0,0 +1,130 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Review Comment: thanks Issue Time Tracking --- Worklog Id: (was: 912807) Time Spent: 0.5h (was: 20m) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[
https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912667&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912667
]
ASF GitHub Bot logged work on ARTEMIS-4709:
---
Author: ASF GitHub Bot
Created on: 02/Apr/24 14:29
Start Date: 02/Apr/24 14:29
Worklog Time Spent: 10m
Work Description: gemmellr commented on code in PR #4871:
URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1547968121
##
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java:
##
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.artemis.core.server.plugin.impl;
+
+import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+import org.apache.activemq.artemis.api.core.ActiveMQDisconnectedException;
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor;
+import
org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection;
+import org.apache.activemq.artemis.core.remoting.server.RemotingService;
+import org.apache.activemq.artemis.core.server.ActiveMQServer;
+import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin;
+import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
+import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
+import org.apache.activemq.artemis.utils.RandomUtil;
+
+public class ConnectionPeriodicExpiryPlugin implements
ActiveMQServerBasePlugin {
+
+ private String name;
+ private long periodSeconds;
+ private int accuracyWindowSeconds;
+ private String acceptorMatchRegex;
+
+ private ScheduledExecutorService executor;
+ private RemotingService remotingService;
+ private Pattern matchPattern;
+ private ScheduledFuture task;
+
+ public ConnectionPeriodicExpiryPlugin() {
+ periodSeconds = TimeUnit.MINUTES.toSeconds(15);
+ accuracyWindowSeconds = 30;
+ acceptorMatchRegex = ""; // no match
+ }
+
+ @Override
+ public void registered(ActiveMQServer server) {
+ executor = server.getScheduledPool();
+ remotingService = server.getRemotingService();
+ matchPattern = Pattern.compile(acceptorMatchRegex);
+
+ task = executor.scheduleWithFixedDelay(() -> {
+
+ final long currentTime = System.currentTimeMillis();
+ for (Acceptor acceptor : remotingService.getAcceptors().values()) {
+if (matchPattern.matcher(acceptor.getName()).matches()) {
+ if (acceptor instanceof NettyAcceptor) {
+ NettyAcceptor nettyAcceptor = (NettyAcceptor) acceptor;
+
+ for (NettyServerConnection nettyServerConnection :
nettyAcceptor.getConnections().values()) {
+ RemotingConnection remotingConnection =
remotingService.getConnection(nettyServerConnection.getID());
+ if (currentTime > remotingConnection.getCreationTime() +
periodSeconds ) {
Review Comment:
Seems like it needs a validity check, connection could have already gone
away by other means while this checking was happening, so perhaps it could NPE
here.
Related...as is, if this task ever throws for any reason (e.g above
potential NPE) the expiry process will then simply stop working as the task
wont be rescheduled.
##
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/ConnectionPeriodicExpiryPlugin.java:
##
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
Review Comment
[jira] [Work logged] (ARTEMIS-4709) Add a plugin to provide periodic expiry of connections on a per acceptor basis
[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912617&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912617 ] ASF GitHub Bot logged work on ARTEMIS-4709: --- Author: ASF GitHub Bot Created on: 02/Apr/24 10:21 Start Date: 02/Apr/24 10:21 Worklog Time Spent: 10m Work Description: gtully opened a new pull request, #4871: URL: https://github.com/apache/activemq-artemis/pull/4871 (no comment) Issue Time Tracking --- Worklog Id: (was: 912617) Remaining Estimate: 0h Time Spent: 10m > Add a plugin to provide periodic expiry of connections on a per acceptor basis > -- > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker >Affects Versions: 2.33.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.34.0 > > Time Spent: 10m > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)
