opendev/gerrit
Code Issues Proposed changes
gerrit/Documentation/index.txt
Patrick Hiesel fc9817f3f3 Add QuotaBackend and QuotaEnforcer extension point 
In a recent discussion on the mailing list we agreed that Gerrit-core
would benefit from a mechanism to enforce various kinds of quotas.

As there is no gold-standard for quota checking and there are vastly
different quotas that one might want to enforce (HTTP-QPS,
number-of-projects, numBytesPerProject to name just a few) we provide
this as an extension point for plugins.

This commit implements the extension point in core using AutoValue
requests and responses to keep the interface as stable as possible. We
abstract away from this interface by implementing QuotaBackend and
DefaultQuotaBackend to centralize the plugin calling, provide a fluent
API for Gerrit-core to interact with and be able to provide a different
implementation that doesn't require plugins in tests and other settings
that might have such a need. The returned QuotaResponse.Aggregated
object offers throwing methods to assert that all quota checks passed
and eliminate try-catch-throw boiler-plate in callers.

Decoupling QuotaBackend from QuotaEnforcer also makes it so that we can
improve the fluent interface as we get more callers to make it easy to
use while keeping QuotaEnforcer stable to break as little plugins as
possible.

In the following paragraphs, I'll outline a bit of the thoughts that
went into the design of the interfaces:

For QuotaEnforcer, we don't want to throw exceptions, but have rich
return types instead. One reason is that the general Java world is
moving into the direction of UncheckedExceptions, another reason is that
we can be richer in expressing what happened in a returned object.

QuotaRequestContext contains all state besides the quota group and the
number of tokens we want to deduct. This is because this state might
change and be extended in the future. In this case we want existing
plugins to remain compatible.

Why are we passing Change.Id, Account.Id and Project.NameKey as Java
objects to plugins instead of just encompassing them as IdStrings in
the quota group (/projects/my-project/create)?
Mainly because we don't want plugins to have to parse this back into an
identifier they can use which would be wasteful and add complexity.

Why are we passing these at all?
There are uses cases where it matters which top-level entity the request
is for. For example: Limiting the number of bytes per project. We want
to support these as well.

Why is QuotaEnforcer offering a refill mechanism?
We offer a refill mechanism that basically tries to roll-back the last
quota request. This is only triggered when one of the QuotaEnforcers
denied the request, but other succeed. In this case, the succeeded ones
might have deducted quota for the request, even though others did not
and we let the request fail because of a lack of quota. In this case
we want to try to undo the action. This is best-effort and plugins
can choose not to do refilling.

Why is QuotaBackend *not* offering a refill mechanism?
We don't want to pollute core-Gerrit with try-catch-finally blocks that
refill quota. This is a design decision to keep the code simple. An
action in Gerrit that failed after it passed a quota check will have
deducted quota. Most QuotaEnforcer implementations are refilling, so
this is only a cosmetic issue that vanishes fast. Overall, we see the
QuotaBackend as a monolith, that can support internal rollbacks without
offering this mechanism to external callers.

In subsequent commits, we want to add quota checks to Gerrit-core and
adapt the Quota Plugin to use the new system instead of other hooks as
it does right now.

We will also provide tests where applicable.

Change-Id: I0ac9d4de583871f92040db55f0df29465029ad55
2018-12-04 13:23:18 +01:00

118 lines
4.2 KiB
Plaintext
Raw Blame History

= Gerrit Code Review for Git
== Quickstarts
. link:linux-quickstart.html[Quickstart for Installing Gerrit on Linux]
== About Gerrit
. link:intro-rockstar.html[Why Code Review?]
. link:intro-quick.html[Product Overview]
. link:intro-how-gerrit-works.html[How Gerrit Works]
. link:intro-gerrit-walkthrough.html[Basic Gerrit Walkthrough]
== Guides
. link:intro-user.html[User Guide]
. link:intro-project-owner.html[Project Owner Guide]
. link:https://source.android.com/source/developing[Default Android Workflow] (external)
== Tutorials
. Web
.. link:user-review-ui.html[Reviewing Changes]
.. link:user-search.html[Searching Changes]
.. link:user-inline-edit.html[Manipulating Changes in Browser]
.. link:user-notify.html[Subscribing to Email Notifications]
. SSH
.. link:user-upload.html#ssh[SSH connection details]
.. link:cmd-index.html[Command Line Tools]
. Git
.. Commands, scenarios
... link:user-upload.html[Uploading Changes]
... link:error-messages.html[Error Messages]
.. Changes
... link:user-changeid.html[Change-Id Lines]
... link:user-signedoffby.html[Signed-off-by Lines]
... link:user-change-cleanup.html[Change Cleanup]
== Project Management
. link:project-configuration.html[Project Configuration]
.. link:config-labels.html[Review Labels]
.. link:config-project-config.html[Project Configuration File Format]
. link:access-control.html[Access Controls]
. Multi-project management
.. link:user-submodules.html[Submodules]
.. link:https://source.android.com/source/using-repo.html[Repo] (external)
. Prolog rules
.. link:prolog-cookbook.html[Prolog Cookbook]
.. link:prolog-change-facts.html[Prolog Facts for Gerrit Changes]
. link:intro-project-owner.html#project-deletion[Project deletion]
== Customization and Integration
. link:user-dashboards.html[Dashboards]
. link:rest-api.html[REST API]
. link:config-gitweb.html[Gitweb Integration]
. link:config-themes.html[Themes]
. link:config-sso.html[Single Sign-On Systems]
. link:config-hooks.html[Hooks]
. link:config-mail.html[Mail Templates]
. link:config-cla.html[Contributor Agreements]
. link:config-robot-comments.html[Robot Comments]
== Server Administration
. link:install.html[Installation Guide]
. link:config-gerrit.html[System Settings]
. link:cmd-index.html[Command Line Tools]
. link:config-plugins.html#replication[Replication]
. link:config-plugins.html[Plugins]
. link:metrics.html[Metrics]
. link:config-reverseproxy.html[Reverse Proxy]
. link:config-auto-site-initialization.html[Automatic Site Initialization on Startup]
. link:pgm-index.html[Server Side Administrative Tools]
. link:user-request-tracing.html[Request Tracing]
. link:note-db.html[NoteDb]
. link:config-accounts.html[Accounts on NoteDb]
. link:config-groups.html[Groups on NoteDb]
== Developer
. Getting Started
.. link:dev-readme.html[Developer Setup]
.. link:dev-bazel.html[Building with Bazel]
.. link:dev-eclipse.html[Eclipse Setup]
.. link:dev-intellij.html[IntelliJ Setup]
.. link:dev-contributing.html[Contributing to Gerrit]
. Plugin Development
.. link:dev-plugins.html[Developing Plugins]
.. link:dev-build-plugins.html[Building Gerrit plugins]
.. link:js-api.html[JavaScript Plugin API]
.. link:config-validation.html[Validation Interfaces]
.. link:dev-stars.html[Starring Changes]
.. link:quota.html[Quota Enforcement]
. link:dev-design.html[System Design]
. link:i18n-readme.html[i18n Support]
== Maintainer
. link:dev-release.html[Making a Gerrit Release]
. link:dev-release-subproject.html[Making a Release of a Gerrit Subproject]
. link:dev-release-jgit.html[Making a Release of JGit]
== Concepts
. link:config-labels.html[Review Labels]
. link:access-control.html[Access Controls]
. link:concept-changes.html[Changes]
. link:concept-refs-for-namespace.html[The refs/for Namespace]
. link:concept-patch-sets.html[Patch Sets]
== Resources
* link:licenses.html[Licenses and Notices]
* link:https://www.gerritcodereview.com/[Homepage]
* link:https://www.gerritcodereview.com/download/index.html[Downloads]
* link:https://bugs.chromium.org/p/gerrit/issues/list[Issue Tracking]
* link:https://gerrit.googlesource.com/gerrit[Source Code]
* link:https://www.gerritcodereview.com/about.md[A History of Gerrit Code Review]
GERRIT
------
Part of link:https://www.gerritcodereview.com/[Gerrit Code Review]
SEARCHBOX
---------
View Git Blame Copy Permalink