Add REST endpoint to flush a cache
Change-Id: Ic5d1ab37f5808d760e0d86b5956cce9557d0292b Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This commit is contained in:
@@ -302,6 +302,34 @@ As result a link:#cache-info[CacheInfo] entity is returned.
|
||||
}
|
||||
----
|
||||
|
||||
[[flush-cache]]
|
||||
=== Flush Cache
|
||||
--
|
||||
'POST /config/server/caches/link:#cache-name[\{cache-name\}]/flush'
|
||||
--
|
||||
|
||||
Flushes a cache.
|
||||
|
||||
The caller must be a member of a group that is granted the
|
||||
link:access-control.html#capability_flushCaches[Flush Caches] capability
|
||||
or the link:access-control.html#capability_administrateServer[
|
||||
Administrate Server] capability.
|
||||
|
||||
The "web_sessions" cache can only be flushed if the caller is member of
|
||||
a group that is granted the
|
||||
link:access-control.html#capability_administrateServer[Administrate
|
||||
Server] capability.
|
||||
|
||||
.Request
|
||||
----
|
||||
POST /config/server/caches/projects/flush HTTP/1.0
|
||||
----
|
||||
|
||||
.Response
|
||||
----
|
||||
HTTP/1.1 200 OK
|
||||
----
|
||||
|
||||
[[list-capabilities]]
|
||||
=== List Capabilities
|
||||
--
|
||||
|
@@ -0,0 +1,116 @@
|
||||
// Copyright (C) 2014 The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.gerrit.acceptance.rest.config;
|
||||
|
||||
import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS;
|
||||
import static com.google.gerrit.server.project.Util.allow;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import com.google.gerrit.acceptance.AbstractDaemonTest;
|
||||
import com.google.gerrit.acceptance.RestResponse;
|
||||
import com.google.gerrit.common.data.GlobalCapability;
|
||||
import com.google.gerrit.reviewdb.client.AccountGroup;
|
||||
import com.google.gerrit.server.config.AllProjectsName;
|
||||
import com.google.gerrit.server.config.ListCaches.CacheInfo;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.ProjectConfig;
|
||||
import com.google.gerrit.server.group.SystemGroupBackend;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.inject.Inject;
|
||||
|
||||
import org.apache.http.HttpStatus;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
public class FlushCacheIT extends AbstractDaemonTest {
|
||||
|
||||
@Inject
|
||||
private ProjectCache projectCache;
|
||||
|
||||
@Inject
|
||||
private AllProjectsName allProjects;
|
||||
|
||||
@Inject
|
||||
private MetaDataUpdate.Server metaDataUpdateFactory;
|
||||
|
||||
@Test
|
||||
public void flushCache() throws IOException {
|
||||
RestResponse r = adminSession.get("/config/server/caches/groups");
|
||||
CacheInfo result = newGson().fromJson(r.getReader(), CacheInfo.class);
|
||||
assertTrue(result.entries.mem.longValue() > 0);
|
||||
|
||||
r = adminSession.post("/config/server/caches/groups/flush");
|
||||
assertEquals(HttpStatus.SC_OK, r.getStatusCode());
|
||||
r.consume();
|
||||
|
||||
r = adminSession.get("/config/server/caches/groups");
|
||||
result = newGson().fromJson(r.getReader(), CacheInfo.class);
|
||||
assertNull(result.entries.mem);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void flushCache_Forbidden() throws IOException {
|
||||
RestResponse r = userSession.post("/config/server/caches/accounts/flush");
|
||||
assertEquals(HttpStatus.SC_FORBIDDEN, r.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void flushCache_NotFound() throws IOException {
|
||||
RestResponse r = adminSession.post("/config/server/caches/nonExisting/flush");
|
||||
assertEquals(HttpStatus.SC_NOT_FOUND, r.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void flushCacheWithGerritPrefix() throws IOException {
|
||||
RestResponse r = adminSession.post("/config/server/caches/gerrit-accounts/flush");
|
||||
assertEquals(HttpStatus.SC_OK, r.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void flushWebSessionsCache() throws IOException {
|
||||
RestResponse r = adminSession.post("/config/server/caches/web_sessions/flush");
|
||||
assertEquals(HttpStatus.SC_OK, r.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void flushWebSessionsCache_Forbidden() throws IOException {
|
||||
ProjectConfig cfg = projectCache.checkedGet(allProjects).getConfig();
|
||||
AccountGroup.UUID registeredUsers =
|
||||
SystemGroupBackend.getGroup(REGISTERED_USERS).getUUID();
|
||||
allow(cfg, GlobalCapability.VIEW_CACHES, registeredUsers);
|
||||
allow(cfg, GlobalCapability.FLUSH_CACHES, registeredUsers);
|
||||
saveProjectConfig(cfg);
|
||||
|
||||
RestResponse r = userSession.post("/config/server/caches/accounts/flush");
|
||||
assertEquals(HttpStatus.SC_OK, r.getStatusCode());
|
||||
r.consume();
|
||||
|
||||
r = userSession.post("/config/server/caches/web_sessions/flush");
|
||||
assertEquals(HttpStatus.SC_FORBIDDEN, r.getStatusCode());
|
||||
}
|
||||
|
||||
private void saveProjectConfig(ProjectConfig cfg) throws IOException {
|
||||
MetaDataUpdate md = metaDataUpdateFactory.create(allProjects);
|
||||
try {
|
||||
cfg.commit(md);
|
||||
} finally {
|
||||
md.close();
|
||||
}
|
||||
projectCache.evict(allProjects);
|
||||
}
|
||||
}
|
@@ -0,0 +1,55 @@
|
||||
// Copyright (C) 2014 The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.gerrit.server.config;
|
||||
|
||||
import com.google.gerrit.common.data.GlobalCapability;
|
||||
import com.google.gerrit.extensions.annotations.RequiresCapability;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.FlushCache.Input;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
|
||||
@RequiresCapability(GlobalCapability.FLUSH_CACHES)
|
||||
@Singleton
|
||||
public class FlushCache implements RestModifyView<CacheResource, Input> {
|
||||
public static class Input {
|
||||
}
|
||||
|
||||
private static final String WEB_SESSIONS = "web_sessions";
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
|
||||
@Inject
|
||||
public FlushCache(Provider<CurrentUser> self) {
|
||||
this.self = self;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<String> apply(CacheResource rsrc, Input input)
|
||||
throws AuthException {
|
||||
if (WEB_SESSIONS.equals(rsrc.getName())
|
||||
&& !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException(String.format(
|
||||
"only site administrators can flush %s", WEB_SESSIONS));
|
||||
}
|
||||
|
||||
rsrc.getCache().invalidateAll();
|
||||
return Response.ok("");
|
||||
}
|
||||
}
|
@@ -27,5 +27,6 @@ public class RestCacheAdminModule extends RestApiModule {
|
||||
DynamicMap.mapOf(binder(), CACHE_KIND);
|
||||
child(CONFIG_KIND, "caches").to(CachesCollection.class);
|
||||
get(CACHE_KIND).to(GetCache.class);
|
||||
post(CACHE_KIND, "flush").to(FlushCache.class);
|
||||
}
|
||||
}
|
||||
|
@@ -20,6 +20,7 @@ import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS
|
||||
import com.google.common.cache.Cache;
|
||||
import com.google.common.cache.CacheBuilder;
|
||||
import com.google.common.collect.Lists;
|
||||
import com.google.gerrit.common.data.AccessSection;
|
||||
import com.google.gerrit.common.data.GroupReference;
|
||||
import com.google.gerrit.common.data.LabelType;
|
||||
import com.google.gerrit.common.data.LabelValue;
|
||||
@@ -125,6 +126,24 @@ public class Util {
|
||||
return grant(project, permissionName, newRule(project, group), ref);
|
||||
}
|
||||
|
||||
public static PermissionRule allow(ProjectConfig project,
|
||||
String capabilityName, AccountGroup.UUID group) {
|
||||
PermissionRule rule = newRule(project, group);
|
||||
project.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true)
|
||||
.getPermission(capabilityName, true)
|
||||
.add(rule);
|
||||
return rule;
|
||||
}
|
||||
|
||||
public static PermissionRule block(ProjectConfig project,
|
||||
String capabilityName, AccountGroup.UUID group) {
|
||||
PermissionRule rule = newRule(project, group);
|
||||
project.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true)
|
||||
.getPermission(capabilityName, true)
|
||||
.add(rule);
|
||||
return rule;
|
||||
}
|
||||
|
||||
public static PermissionRule block(ProjectConfig project,
|
||||
String permissionName, AccountGroup.UUID group, String ref) {
|
||||
PermissionRule r = grant(project, permissionName, newRule(project, group), ref);
|
||||
|
@@ -20,8 +20,9 @@ import com.google.common.cache.Cache;
|
||||
import com.google.gerrit.common.data.GlobalCapability;
|
||||
import com.google.gerrit.extensions.annotations.RequiresCapability;
|
||||
import com.google.gerrit.extensions.registration.DynamicMap;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.sshd.BaseCommand;
|
||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||
import com.google.gerrit.server.config.CacheResource;
|
||||
import com.google.gerrit.server.config.FlushCache;
|
||||
import com.google.gerrit.sshd.CommandMetaData;
|
||||
import com.google.inject.Inject;
|
||||
|
||||
@@ -48,18 +49,10 @@ final class FlushCaches extends CacheCommand {
|
||||
private boolean list;
|
||||
|
||||
@Inject
|
||||
IdentifiedUser currentUser;
|
||||
private FlushCache flushCache;
|
||||
|
||||
@Override
|
||||
protected void run() throws Failure {
|
||||
if (caches.contains(WEB_SESSIONS)
|
||||
&& !currentUser.getCapabilities().canAdministrateServer()) {
|
||||
String msg = String.format(
|
||||
"fatal: only site administrators can flush %s",
|
||||
WEB_SESSIONS);
|
||||
throw new UnloggedFailure(BaseCommand.STATUS_NOT_ADMIN, msg);
|
||||
}
|
||||
|
||||
if (list) {
|
||||
if (all || caches.size() > 0) {
|
||||
throw error("error: cannot use --list with --all or --cache");
|
||||
@@ -104,9 +97,12 @@ final class FlushCaches extends CacheCommand {
|
||||
String n = cacheNameOf(e.getPluginName(), e.getExportName());
|
||||
if (flush(n)) {
|
||||
try {
|
||||
e.getProvider().get().invalidateAll();
|
||||
} catch (Throwable err) {
|
||||
stderr.println("error: cannot flush cache \"" + n + "\": " + err);
|
||||
flushCache.apply(
|
||||
new CacheResource(e.getPluginName(), e.getExportName(),
|
||||
e.getProvider()), null);
|
||||
} catch (RestApiException err) {
|
||||
stderr.println("error: cannot flush cache \"" + n + "\": "
|
||||
+ err.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user