Merge pull request #2439 from kuzzleio/2.21.1-proposal

Release 2.21.1
kuzzleio · Mar 6, 2023 · eeaba49 · eeaba49
2 parents 3c80d89 + de70d5e
commit eeaba49
Show file tree

Hide file tree

Showing 17 changed files with 237 additions and 36 deletions.
diff --git a/.github/workflows/workflow-deployments.yaml b/.github/workflows/workflow-deployments.yaml
@@ -2,6 +2,22 @@ name: Workflow Deployments
 
 on:
   workflow_call:
+    inputs:
+      node_lts_current_version:
+        description: "Current Node LTS Version"
+        required: true
+        default: "18"
+        type: string
+      node_lts_active_version:
+        description: "Active Node LTS Version"
+        required: true
+        default: "16"
+        type: string
+      docker_platforms:
+        description: "Docker platforms"
+        required: true
+        default: "linux/amd64,linux/arm64"
+        type: string
   workflow_dispatch:
     inputs:
       doc_deploy:
@@ -19,6 +35,21 @@ on:
         required: true
         default: true
         type: boolean
+      node_lts_current_version:
+        description: "Current Node LTS Version"
+        required: true
+        default: "18"
+        type: string
+      node_lts_active_version:
+        description: "Active Node LTS Version"
+        required: true
+        default: "16"
+        type: string
+      docker_platforms:
+        description: "Docker platforms"
+        required: true
+        default: "linux/amd64,linux/arm64"
+        type: string
 
 jobs:
   # -----------------------------------------------------------------------------
@@ -56,7 +87,7 @@ jobs:
       - uses: ./.github/actions/install-packages
       - uses: actions/setup-node@v2
         with:
-          node-version: ${{ env.NODE_LTS_CURRENT_VERSION }}
+          node-version: ${{ inputs.node_lts_current_version }}
       - uses: actions/cache@v2
         with:
           path: "**/node_modules"
@@ -87,7 +118,7 @@ jobs:
           context: .
           file: ./docker/images/kuzzle/Dockerfile
           push: true
-          platforms: ${{ env.DOCKER_PLATFORMS }}
+          platforms: ${{ inputs.docker_platforms }}
           tags: kuzzleio/kuzzle:${{ steps.get-version.outputs.major-version }},kuzzleio/kuzzle:latest,kuzzleio/kuzzle:${{ steps.get-version.outputs.version }}
 
   npm-deploy:
@@ -99,7 +130,7 @@ jobs:
       - uses: ./.github/actions/install-packages
       - uses: actions/setup-node@v2
         with:
-          node-version: ${{ env.NODE_LTS_ACTIVE_VERSION }}
+          node-version: ${{ inputs.node_lts_active_version }}
           registry-url: "https://registry.npmjs.org"
       - run: npm install
       - run: npm publish

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -23,6 +23,9 @@ jobs:
           echo "::set-output name=matrix::{\"node-version\": [\"$NODE_LTS_MAINTENANCE_VERSION\", \"$NODE_LTS_ACTIVE_VERSION\"]}"
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
+      node_lts_active_version: ${{ env.NODE_LTS_ACTIVE_VERSION }}
+      node_lts_current_version: ${{ env.NODE_LTS_CURRENT_VERSION }}
+      docker_platforms: ${{ env.DOCKER_PLATFORMS }}
 
   danger-js:
     name: Danger JS
@@ -199,6 +202,10 @@ jobs:
 
   deploy-workflow:
     name: Deployment Workflow
-    needs: [cluster-monkey-tests]
+    needs: [cluster-monkey-tests, prepare-matrix]
     uses: ./.github/workflows/workflow-deployments.yaml
     secrets: inherit
+    with:
+      node_lts_active_version: ${{ needs.prepare-matrix.outputs.node_lts_active_version }}
+      node_lts_current_version: ${{ needs.prepare-matrix.outputs.node_lts_current_version }}
+      docker_platforms: ${{ needs.prepare-matrix.outputs.docker_platforms }}
diff --git a/lib/api/controllers/debugController.ts b/lib/api/controllers/debugController.ts
@@ -22,6 +22,7 @@
 import { KuzzleRequest } from "../request";
 import { NativeController } from "./baseController";
 import * as kerror from "../../kerror";
+import get from "lodash/get";
 
 /**
  * @class DebugController
@@ -49,13 +50,29 @@ export class DebugController extends NativeController {
    * Connect the debugger
    */
   async enable() {
+    if (!get(global.kuzzle.config, "security.debug.native_debug_protocol")) {
+      throw kerror.get(
+        "core",
+        "debugger",
+        "native_debug_protocol_usage_denied"
+      );
+    }
+
     await global.kuzzle.ask("core:debugger:enable");
   }
 
   /**
    * Disconnect the debugger and clears all the events listeners
    */
   async disable() {
+    if (!get(global.kuzzle.config, "security.debug.native_debug_protocol")) {
+      throw kerror.get(
+        "core",
+        "debugger",
+        "native_debug_protocol_usage_denied"
+      );
+    }
+
     await global.kuzzle.ask("core:debugger:disable");
   }
 
@@ -64,6 +81,14 @@ export class DebugController extends NativeController {
    * See: https://chromedevtools.github.io/devtools-protocol/v8/
    */
   async post(request: KuzzleRequest) {
+    if (!get(global.kuzzle.config, "security.debug.native_debug_protocol")) {
+      throw kerror.get(
+        "core",
+        "debugger",
+        "native_debug_protocol_usage_denied"
+      );
+    }
+
     const method = request.getBodyString("method");
     const params = request.getBodyObject("params", {});
 
@@ -75,6 +100,14 @@ export class DebugController extends NativeController {
    * See events from: https://chromedevtools.github.io/devtools-protocol/v8/
    */
   async addListener(request: KuzzleRequest) {
+    if (!get(global.kuzzle.config, "security.debug.native_debug_protocol")) {
+      throw kerror.get(
+        "core",
+        "debugger",
+        "native_debug_protocol_usage_denied"
+      );
+    }
+
     if (request.context.connection.protocol !== "websocket") {
       throw kerror.get(
         "api",
@@ -98,6 +131,14 @@ export class DebugController extends NativeController {
    * Remove the websocket connection from the events' listeners
    */
   async removeListener(request: KuzzleRequest) {
+    if (!get(global.kuzzle.config, "security.debug.native_debug_protocol")) {
+      throw kerror.get(
+        "core",
+        "debugger",
+        "native_debug_protocol_usage_denied"
+      );
+    }
+
     if (request.context.connection.protocol !== "websocket") {
       throw kerror.get(
         "api",

diff --git a/lib/api/funnel.js b/lib/api/funnel.js
@@ -51,6 +51,7 @@ const debug = require("../util/debug")("kuzzle:funnel");
 const processError = kerror.wrap("api", "process");
 const { has } = require("../util/safeObject");
 const { HttpStream } = require("../types");
+const get = require("lodash/get");
 
 // Actions of the auth controller that does not necessite to verify the token
 // when cookie auth is active
@@ -179,6 +180,12 @@ class Funnel {
       throw processError.get("not_enough_nodes");
     }
 
+    const isRequestFromDebugSession = get(
+      request,
+      "context.connection.misc.internal.debugSession",
+      false
+    );
+
     if (this.overloaded) {
       const now = Date.now();
 
@@ -226,7 +233,8 @@ class Funnel {
      */
     if (
       this.pendingRequestsQueue.length >=
-      global.kuzzle.config.limits.requestsBufferSize
+        global.kuzzle.config.limits.requestsBufferSize &&
+      !isRequestFromDebugSession
     ) {
       const error = processError.get("overloaded");
       global.kuzzle.emit("log:error", error);
@@ -239,7 +247,13 @@ class Funnel {
         request.internalId,
         new PendingRequest(request, fn, context)
       );
-      this.pendingRequestsQueue.push(request.internalId);
+
+      if (isRequestFromDebugSession) {
+        // Push at the front to prioritize debug requests
+        this.pendingRequestsQueue.unshift(request.internalId);
+      } else {
+        this.pendingRequestsQueue.push(request.internalId);
+      }
 
       if (!this.overloaded) {
         this.overloaded = true;

diff --git a/lib/cluster/node.js b/lib/cluster/node.js
@@ -256,6 +256,15 @@ class ClusterNode {
    */
   preventEviction(evictionPrevented) {
     this.publisher.sendNodePreventEviction(evictionPrevented);
+    // This node is subscribed to the other node and might not receive their heartbeat while debugging
+    // so this node should not have the responsability of evicting others when his own eviction is prevented
+    // when debugging.
+    // Otherwise when recovering from a debug session, all the other nodes will be evicted.
+    for (const subscriber of this.remoteNodes.values()) {
+      subscriber.handleNodePreventEviction({
+        evictionPrevented,
+      });
+    }
   }
 
   /**

diff --git a/lib/cluster/subscriber.js b/lib/cluster/subscriber.js
@@ -680,7 +680,15 @@ class ClusterSubscriber {
    * to recover, otherwise we evict it from the cluster.
    */
   async checkHeartbeat() {
-    if (this.state === stateEnum.EVICTED || this.remoteNodeEvictionPrevented) {
+    if (this.remoteNodeEvictionPrevented) {
+      // Fake the heartbeat while the node eviction prevention is enabled
+      // otherwise when the node eviction prevention is disabled
+      // the node will be evicted if it did not send a heartbeat before disabling the protection.
+      this.lastHeartbeat = Date.now();
+      return;
+    }
+
+    if (this.state === stateEnum.EVICTED) {
       return;
     }
 

diff --git a/lib/cluster/workers/IDCardRenewer.js b/lib/cluster/workers/IDCardRenewer.js
@@ -29,6 +29,10 @@ class IDCardRenewer {
       const redisConf = config.redis || {};
       await this.initRedis(redisConf.config, redisConf.name);
     } catch (error) {
+      // eslint-disable-next-line no-console
+      console.error(
+        `Failed to connect to redis, could not refresh ID card: ${error.message}`
+      );
       this.parentPort.postMessage({
         error: `Failed to connect to redis, could not refresh ID card: ${error.message}`,
       });