Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perf: speed-up policy evaluation #419

Merged
merged 11 commits into from
Feb 6, 2024
Merged

perf: speed-up policy evaluation #419

merged 11 commits into from
Feb 6, 2024

Conversation

jcosentino11
Copy link
Member

@jcosentino11 jcosentino11 commented Feb 2, 2024
edited
Loading

Issue #, if available:

Description of changes:

  • Replace regex where possible
  • Replace streams/collectors in some places

So far these changes provide roughly a ~2x speedup. Still using regex for the resource name to match, as emulating Pattern.UNICODE_CHARACTER_CLASS behavior looks to be very complicated, otherwise we would have gotten closer to a ~4x speedup on the benchmarks.

Why is this change necessary:

How was this change tested:

Any additional information or context required to review the change:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 2, 2024
edited
Loading

Benchmark Results

Benchmark Score
com.aws.greengrass.clientdevices.auth.benchmark.AuthorizationBenchmarks.GIVEN_policy_with_thing_name_variable_WHEN_auth_request_THEN_successful_auth 1286353.65 ops/s
com.aws.greengrass.clientdevices.auth.benchmark.AuthorizationBenchmarks.GIVEN_single_group_permission_WHEN_simple_auth_request_THEN_successful_auth 2544763.40 ops/s

@MikeDombo
Copy link
Member

We identified new issues on unchanged lines of code. Navigate to the Amazon CodeGuru Reviewer console to view the recommendations to fix them.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 3, 2024
edited
Loading

Code Coverage Report

File Coverage
All files 74%
com.aws.greengrass.clientdevices.auth.PermissionEvaluationUtils 90%
com.aws.greengrass.clientdevices.auth.CertificateManager 88%
com.aws.greengrass.clientdevices.auth.ClientDevicesAuthService 77%
com.aws.greengrass.clientdevices.auth.DeviceAuthClient 73%
com.aws.greengrass.clientdevices.auth.certificate.ClientCertificateGenerator 95%
com.aws.greengrass.clientdevices.auth.certificate.CertificateHelper 74%
com.aws.greengrass.clientdevices.auth.certificate.CertificateStore 72%
com.aws.greengrass.clientdevices.auth.certificate.CertificateExpiryMonitor 77%
com.aws.greengrass.clientdevices.auth.certificate.ServerCertificateGenerator 93%
com.aws.greengrass.clientdevices.auth.certificate.CertificateGenerator 70%
com.aws.greengrass.clientdevices.auth.certificate.CertificateExpiryMonitor$CertRotationDecider 90%
com.aws.greengrass.clientdevices.auth.iot.usecases.VerifyIotCertificate 94%
com.aws.greengrass.clientdevices.auth.iot.usecases.VerifyThingAttachedToCertificate 89%
com.aws.greengrass.clientdevices.auth.iot.usecases.CreateIoTThingSession 67%
com.aws.greengrass.clientdevices.auth.iot.usecases.VerifyCertificateValidityPeriod 88%
com.aws.greengrass.clientdevices.auth.certificate.infra.BackgroundCertificateRefresh 82%
com.aws.greengrass.clientdevices.auth.iot.infra.ThingRegistry 92%
com.aws.greengrass.clientdevices.auth.certificate.usecases.ConfigureManagedCertificateAuthority 85%
com.aws.greengrass.clientdevices.auth.certificate.usecases.ConfigureCustomCertificateAuthority 83%
com.aws.greengrass.clientdevices.auth.certificate.usecases.RegisterCertificateAuthorityUseCase 65%
com.aws.greengrass.clientdevices.auth.configuration.MetricsConfiguration 83%
com.aws.greengrass.clientdevices.auth.configuration.GroupManager 84%
com.aws.greengrass.clientdevices.auth.configuration.CAConfiguration 96%
com.aws.greengrass.clientdevices.auth.configuration.RuntimeConfiguration 83%
com.aws.greengrass.clientdevices.auth.configuration.SecurityConfiguration 80%
com.aws.greengrass.clientdevices.auth.configuration.GroupDefinition 75%
com.aws.greengrass.clientdevices.auth.configuration.ExpressionVisitor 84%
com.aws.greengrass.clientdevices.auth.configuration.GroupConfiguration 92%
com.aws.greengrass.clientdevices.auth.api.ClientDevicesAuthServiceApi 85%
com.aws.greengrass.clientdevices.auth.api.GetCertificateRequestWithGenerator 75%
com.aws.greengrass.clientdevices.auth.api.UseCases 71%
com.aws.greengrass.clientdevices.auth.session.attribute.WildcardSuffixAttribute 96%
com.aws.greengrass.clientdevices.auth.iot.IotAuthClient$Default 56%
com.aws.greengrass.clientdevices.auth.iot.Thing 85%
com.aws.greengrass.clientdevices.auth.iot.Certificate 74%
com.aws.greengrass.clientdevices.auth.iot.GreengrassV2DataClientFactory 18%
com.aws.greengrass.clientdevices.auth.iot.CertificateRegistry 95%
com.aws.greengrass.clientdevices.auth.infra.NetworkStateProvider$Default 83%
com.aws.greengrass.ipc.IPCUtils 83%
com.aws.greengrass.ipc.VerifyClientDeviceIdentityOperationHandler 60%
com.aws.greengrass.ipc.GetClientDeviceAuthTokenOperationHandler 83%
com.aws.greengrass.ipc.AuthorizeClientDeviceActionOperationHandler 79%
com.aws.greengrass.ipc.SubscribeToCertificateUpdatesOperationHandler 81%
com.aws.greengrass.clientdevices.auth.session.SessionConfig 92%
com.aws.greengrass.clientdevices.auth.session.SessionManager 88%
com.aws.greengrass.clientdevices.auth.certificate.handlers.CAConfigurationChangedHandler 93%
com.aws.greengrass.clientdevices.auth.certificate.handlers.CertificateRotationHandler 96%
com.aws.greengrass.clientdevices.auth.metrics.handlers.SessionCreationEventHandler 88%
com.aws.greengrass.clientdevices.auth.metrics.handlers.MetricsConfigurationChangedHandler 70%
com.aws.greengrass.clientdevices.auth.metrics.handlers.AuthorizeClientDeviceActionsMetricHandler 88%
com.aws.greengrass.clientdevices.auth.metrics.handlers.VerifyClientDeviceIdentityEventHandler 88%
com.aws.greengrass.clientdevices.auth.metrics.handlers.CertificateSubscriptionEventHandler 83%
com.aws.greengrass.clientdevices.auth.util.ResizableLinkedBlockingQueue 90%
com.aws.greengrass.clientdevices.auth.util.ParseIPAddress 90%
com.aws.greengrass.clientdevices.auth.connectivity.CISShadowMonitor$SucceedOnceOperation 88%
com.aws.greengrass.clientdevices.auth.connectivity.CISShadowMonitor 79%
com.aws.greengrass.clientdevices.auth.connectivity.CISShadowMonitor$ProcessCISShadowTask 83%
com.aws.greengrass.clientdevices.auth.connectivity.CISShadowMonitor$CISShadowTaskQueue 86%
com.aws.greengrass.clientdevices.auth.connectivity.HostAddress 67%
com.aws.greengrass.clientdevices.auth.connectivity.CISShadowMonitor$CISShadowTaskExecutor 80%
com.aws.greengrass.clientdevices.auth.configuration.parser.TokenMgrError 22%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpressionTokenManager 61%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTStart 33%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTAnd 67%
com.aws.greengrass.clientdevices.auth.configuration.parser.Token 58%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpressionDefaultVisitor 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTOr 67%
com.aws.greengrass.clientdevices.auth.configuration.parser.SimpleCharStream 28%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpressionTreeConstants 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.JJTRuleExpressionState 67%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTThing 67%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpression 63%
com.aws.greengrass.clientdevices.auth.configuration.parser.SimpleNode 27%

Minimum allowed coverage is 50%

Generated by 🐒 cobertura-action against 3d67e1f

@jcosentino11 jcosentino11 marked this pull request as ready for review February 3, 2024 02:12
@jcosentino11 jcosentino11 changed the title chore: perf experiments perf: speed-up policy evaluation Feb 3, 2024
@MikeDombo
Copy link
Member

2 megaops/s seems good enough :)

MikeDombo
MikeDombo reviewed Feb 3, 2024
View reviewed changes
src/main/java/com/aws/greengrass/clientdevices/auth/PermissionEvaluationUtils.java Outdated
Comment on lines 60 to 74
Operation op;
try {
op = parseOperation(request.getOperation());
} catch (PolicyException e) {
logger.atError().setCause(e).log();
return false;
}

Resource rsc;
try {
rsc = parseResource(request.getResource());
} catch (PolicyException e) {
logger.atError().setCause(e).log();
return false;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: these two try can be combined.

src/main/java/com/aws/greengrass/clientdevices/auth/PermissionEvaluationUtils.java Outdated
@@ -119,6 +130,7 @@ private boolean compareOperation(Operation requestOperation, String policyOperat
if (requestOperation.getOperationStr().equals(policyOperation)) {
return true;
}
// TODO
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

todo?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah to replace string formats, will take care of those now

src/main/java/com/aws/greengrass/clientdevices/auth/PermissionEvaluationUtils.java Show resolved Hide resolved
src/main/java/com/aws/greengrass/clientdevices/auth/PermissionEvaluationUtils.java Show resolved Hide resolved
src/main/java/com/aws/greengrass/clientdevices/auth/PermissionEvaluationUtils.java Outdated
throw new PolicyException(EXCEPTION_MALFORMED_RESOURCE);
}

String resourceName = typeAndName.substring(split + 1);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

MikeDombo
MikeDombo reviewed Feb 6, 2024
View reviewed changes
src/main/java/com/aws/greengrass/clientdevices/auth/PermissionEvaluationUtils.java Outdated
* @param end substring end,
* @return substring
*/
private static String safeSubstring(@NonNull String str, int start, int end) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nonnull will throw if it is null. Is that what you want?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really any safer or just not doing what you expect it to do. This seems more confusing to me than helpful IMO

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe just needs a rename: "substringWhenInBounds" for example

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if it's more confusing doesn't seem worth it, will just add checking inline

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, also added more tests

@jcosentino11 jcosentino11 merged commit 86b5050 into main Feb 6, 2024
5 checks passed
@jcosentino11 jcosentino11 deleted the policy-eval-perf branch February 6, 2024 23:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MikeDombo MikeDombo MikeDombo approved these changes

@sameerzuberi sameerzuberi sameerzuberi approved these changes

@robcmann robcmann Awaiting requested review from robcmann

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jcosentino11 @MikeDombo @sameerzuberi