[DR-3077] Log DRS resolution and URL signing to Bard #76
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## dev #76 +/- ##
============================================
+ Coverage 83.26% 84.17% +0.91%
- Complexity 207 228 +21
============================================
Files 33 36 +3
Lines 723 809 +86
Branches 69 75 +6
============================================
+ Hits 602 681 +79
- Misses 89 96 +7
Partials 32 32
☔ View full report in Codecov by Sentry. |
nmalfroy
force-pushed
the
dr-3077-nm-log-resolution-to-bard
branch
from
99ec736
to
8c77ebe
Compare
There was a problem hiding this comment.
Where did this definition come from? If Bard changes, I'm guessing this will be out of date, could that pose an issue?
There was a problem hiding this comment.
Yeah, I started from the swagger that gets generated from the api definition there. I ended up needing to do quite a bit of hand building to make it play nice with the code gen. I think for now it's ok but ultimately, yes we'll want some way to keep this in sync (thinking pact tests)
| type: object | ||
| required: | ||
| - appId | ||
| Itentify: |
There was a problem hiding this comment.
That's a funny name :) do you know why this is Itentify instead of Identify, is the latter a reserved word?
There was a problem hiding this comment.
That's because I derped :). I'll update
| @@ -30,4 +32,8 @@ public interface DrsHubConfigInterface { | |||
| Integer getPencilsDownSeconds(); | |||
|
|
|||
| Integer asyncThreads(); | |||
|
|
|||
| // If this is true, then we will track calls to the Bard API in MixPanel in addition to the | |||
There was a problem hiding this comment.
Nit: this might be nice as a docstring instead, I think that might make the comment more visible when viewing references in IDEs.
There was a problem hiding this comment.
Also, is there a reason that we've named this slightly off from the existing convention of pushToMixpanel?
There was a problem hiding this comment.
Nope. I'll update!
There was a problem hiding this comment.
Is this ever going to be true?
There was a problem hiding this comment.
Likely no, but it made it easier to test so I left it in as a potential knob
| import org.springframework.web.client.RestTemplate; | ||
|
|
||
| @Service | ||
| public record BardApiFactory(DrsHubConfig drsHubConfig) { |
There was a problem hiding this comment.
Is this a place where we'd benefit from sharing common HTTP clients? I wasn't 100% sure if it was relevant here. We made that switch in TDR and it helped our memory usage quite a bit:
There was a problem hiding this comment.
Hmmm maybe. Let me look
There was a problem hiding this comment.
It can be treacherous to share api clients: #75
There was a problem hiding this comment.
Especially since each API Client has the bearer-token baked into it, and it can't be set per-request.
There was a problem hiding this comment.
Yeah, I'll leave it separate
| @@ -25,6 +26,7 @@ public record DrsHubApiController( | |||
| implements DrsHubApi { | |||
|
|
|||
| @Override | |||
| @TrackCall | |||
There was a problem hiding this comment.
I thought this was a cool approach :)
|
|
||
| /** | ||
| * Add this annotation to a method to track its call as a user event in Bard. Note this should just | ||
| * be used within Controller classes |
There was a problem hiding this comment.
Why should this be used within Controller classes only, is it to guard against multiple logs for the same root event?
There was a problem hiding this comment.
Yeah, I wanted to log the explicit controller call since it maps nicely to a URL and HTTP method which is ultimately what we're interested (no value in tracking internal method calls)
There was a problem hiding this comment.
Cool! That could be helpful context to add in the docstring.
|
|
||
| /** | ||
| * Call the syncProfile endpoint in Bard. This ensures that the Terra user is properly associated | ||
| * with a MixPanel user. Note that this is if mixpanel tracking is enabled. |
There was a problem hiding this comment.
I'm not solid here on the behavior when mixpanel tracking isn't enabled: is this method never called, do the internals behave as no-ops, etc?
There was a problem hiding this comment.
Oh that's branching that lives in Bard. We always log to the warehouse but we can opt out of also logging to mixpanel (which we want to do in this case in all likelihood to not explode our quota)
| Exception ex) { | ||
| var path = request.getRequestURI(); | ||
| var responseStatus = HttpStatus.valueOf(response.getStatus()); | ||
| // Note: invalid responses will not be logged since there are no sessions to associate users |
There was a problem hiding this comment.
I appreciate this comment!
| addToPropertiesIfPresentInHeader(request, properties, "x-user-project", "userProject"); | ||
| addToPropertiesIfPresentInHeader(request, properties, "X-Forwarded-For", "ip"); | ||
| addToPropertiesIfPresentInHeader( | ||
| request, properties, "drshub-force-access-url", "forceAccessUrl"); |
There was a problem hiding this comment.
I am missing the intention behind pulling these specific header values into properties, but I think comment(s) would help (or breaking the code out further).
There was a problem hiding this comment.
Oh that's because those are the only known headers (that I could find) and I didn't want to just pass along all headers since that could include some sensitive info (like auth tokens, etc.)
There was a problem hiding this comment.
Got it! I think this would help grok-ability long-term to have in a code comment or something like that.
| @@ -30,4 +32,8 @@ public interface DrsHubConfigInterface { | |||
| Integer getPencilsDownSeconds(); | |||
|
|
|||
| Integer asyncThreads(); | |||
|
|
|||
| // If this is true, then we will track calls to the Bard API in MixPanel in addition to the | |||
There was a problem hiding this comment.
Is this ever going to be true?
| import org.springframework.web.client.RestTemplate; | ||
|
|
||
| @Service | ||
| public record BardApiFactory(DrsHubConfig drsHubConfig) { |
There was a problem hiding this comment.
It can be treacherous to share api clients: #75
| import org.springframework.web.client.RestTemplate; | ||
|
|
||
| @Service | ||
| public record BardApiFactory(DrsHubConfig drsHubConfig) { |
There was a problem hiding this comment.
Especially since each API Client has the bearer-token baked into it, and it can't be set per-request.
| this.trackInMixpanel = config.trackInMixPanel(); | ||
| } | ||
|
|
||
| @Async("asyncExecutor") |
There was a problem hiding this comment.
Is using the same executor as the requests going to cut into how performant DRSHub is?
There was a problem hiding this comment.
I was wondering about that. I kinda doubt it since it's already set to Tomcat max threads. One more reason to bump the JDK and us virtual threads
Note: the Interceptor has an @async annotation, meaning that logging will not block the response. This is also why I pulled in awaitility for the testing
- Add doc strings - Fix typo on api spec
nmalfroy
force-pushed
the
dr-3077-nm-log-resolution-to-bard
branch
from
8c77ebe
to
1afba40
Compare
|
Kudos, SonarCloud Quality Gate passed! |
This PR:
EventPropertiesis interesting since it's a combination of set fields and random extra values. I needed to add a custom serializer to properly handle that@TrackEventannotation will be tracked.At the end of the day, this ends up sending events to Bard that look like:
{ "event": "drshub:api", "properties": { "appId": "drshub", "pushToMixpanel": false, "statusCode": 200, "requestUrl": "/api/v4/drs/resolve or /api/v4/gcs/getSignedUrl", "userProject": "<the x-user-project header value>", "ip": "<the X-Forwarded-For header value>", "forceAccessUrl": "<the drshub-force-access-url header value>" } }where the last three are only sent if there is a header value set. This should give us enough information (the
userProjectfield in particular)This is better reviewed commit-by-commit