Skip to content

Commit

Permalink
feat: add support for a lazy refresh (#2184)
Browse files Browse the repository at this point in the history
When clients run the Proxy in environments where the CPU may be
throttled, the background connection info refresh operation can fail to
complete, causing connection errors. This commit introduces an option
for a lazy refresh. Connection info is retrieved on an as needed-basis
and cached based on the associated certificate's expiration. No
background goroutine runs, unlike the default refresh ahead cache.

 Enable it like so:

 ./alloydb-auth-proxy <INSTANCE_URI> --lazy-refresh

A lazy refresh may result in increased latency (more requests will be
subject to waiting for the refresh to complete), but gains in
reliability.

Fixes #625
  • Loading branch information
enocom committed May 6, 2024
1 parent eb4435b commit 5148081
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 1 deletion.
6 changes: 6 additions & 0 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -591,6 +591,12 @@ only. Uses the port specified by the http-port flag.`)
localFlags.BoolVar(&c.conf.RunConnectionTest, "run-connection-test", false, `Runs a connection test
against all specified instances. If an instance is unreachable, the Proxy exits with a failure
status code.`)
localFlags.BoolVar(&c.conf.LazyRefresh, "lazy-refresh", false,
`Configure a lazy refresh where connection info is retrieved only if
the cached copy has expired. Use this setting in environments where the
CPU may be throttled and a background refresh cannot run reliably
(e.g., Cloud Run)`,
)

// Global and per instance flags
localFlags.StringVarP(&c.conf.Addr, "address", "a", "127.0.0.1",
Expand Down
8 changes: 8 additions & 0 deletions cmd/root_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -470,6 +470,14 @@ func TestNewCommandArguments(t *testing.T) {
Debug: true,
}),
},
{
desc: "using the lazy refresh flag",
args: []string{"--lazy-refresh",
"projects/proj/locations/region/clusters/clust/instances/inst"},
want: withDefaults(&proxy.Config{
LazyRefresh: true,
}),
},
{
desc: "using the admin port flag",
args: []string{"--admin-port", "7777",
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/GoogleCloudPlatform/alloydb-auth-proxy
go 1.22

require (
cloud.google.com/go/alloydbconn v1.9.0
cloud.google.com/go/alloydbconn v1.9.1-0.20240501175657-75fb63e9b9a7
contrib.go.opencensus.io/exporter/prometheus v0.4.2
contrib.go.opencensus.io/exporter/stackdriver v0.13.14
github.com/coreos/go-systemd/v22 v22.5.0
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ cloud.google.com/go/alloydb v1.10.1 h1:KvVpLE5p0Fo1mFD1kPwSB0QVakC3o4EjwA4Li+df6
cloud.google.com/go/alloydb v1.10.1/go.mod h1:szWIAnysr54f9p06dcfH5tfH/YXZtF/VxmO8PJFxiXA=
cloud.google.com/go/alloydbconn v1.9.0 h1:dKpWhov50QsZ7gN0qWYDLfvSDuwkNoIBLSGPVdYJQtw=
cloud.google.com/go/alloydbconn v1.9.0/go.mod h1:UtiELzF0Fojagw+Cd8HFH5ABGoB4bNMIBtMbWhvwC5o=
cloud.google.com/go/alloydbconn v1.9.1-0.20240501175657-75fb63e9b9a7 h1:fzZKaRt+DA4mML/WSFzZScAz+IgseuHAAHB9JZsFYT0=
cloud.google.com/go/alloydbconn v1.9.1-0.20240501175657-75fb63e9b9a7/go.mod h1:UtiELzF0Fojagw+Cd8HFH5ABGoB4bNMIBtMbWhvwC5o=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
Expand Down
11 changes: 11 additions & 0 deletions internal/proxy/proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,12 @@ type Config struct {
// PSC enables connections via the PSC endpoint for all instances.
PSC bool

// LazyRefresh configures the Go Connector to retrieve connection info
// lazily and as-needed. Otherwise, no background refresh cycle runs. This
// setting is useful in environments where the CPU may be throttled outside
// of a request context, e.g., Cloud Run.
LazyRefresh bool

// Token is the Bearer token used for authorization.
Token string

Expand Down Expand Up @@ -326,6 +332,11 @@ func (c *Config) DialerOptions(l alloydb.Logger) ([]alloydbconn.Option, error) {
opts = append(opts, alloydbconn.WithDebugLogger(l))
}

if c.LazyRefresh {
opts = append(opts, alloydbconn.WithLazyRefresh())
}


return opts, nil
}

Expand Down

0 comments on commit 5148081

Please sign in to comment.