# HG changeset patch # User RhodeCode Admin # Date 2023-01-10 08:22:41 # Node ID 0d20aaca60cde94ee294782f6275002b6b33fc80 # Parent 39136da699e4f7c5191450e24a60030d20a4297d caches: fixed auth plugin usage of cached settings. Don't use in-class cache as it breaks invalidation diff --git a/rhodecode/authentication/base.py b/rhodecode/authentication/base.py --- a/rhodecode/authentication/base.py +++ b/rhodecode/authentication/base.py @@ -150,7 +150,6 @@ class RhodeCodeAuthPluginBase(object): def __init__(self, plugin_id): self._plugin_id = plugin_id - self._settings = {} def __str__(self): return self.get_id() @@ -239,14 +238,11 @@ class RhodeCodeAuthPluginBase(object): """ Returns the plugin settings as dictionary. """ - if self._settings != {} and use_cache: - return self._settings - raw_settings = SettingsModel().get_all_settings() + raw_settings = SettingsModel().get_all_settings(cache=use_cache) settings = self._propagate_settings(raw_settings) - self._settings = settings - return self._settings + return settings def get_setting_by_name(self, name, default=None, plugin_cached_settings=None): """ diff --git a/rhodecode/authentication/registry.py b/rhodecode/authentication/registry.py --- a/rhodecode/authentication/registry.py +++ b/rhodecode/authentication/registry.py @@ -83,7 +83,7 @@ class AuthenticationPluginRegistry(objec # Add all enabled and active plugins to the list. We iterate over the # auth_plugins setting from DB because it also represents the ordering. enabled_plugins = SettingsModel().get_auth_plugins() - raw_settings = SettingsModel().get_all_settings() + raw_settings = SettingsModel().get_all_settings(cache=True) for plugin_id in enabled_plugins: plugin = self.get_plugin(plugin_id) if plugin is not None and plugin.is_active( diff --git a/rhodecode/tests/fixture.py b/rhodecode/tests/fixture.py --- a/rhodecode/tests/fixture.py +++ b/rhodecode/tests/fixture.py @@ -135,19 +135,21 @@ class Fixture(object): """ class context(object): - def _get_pluing(self): + def _get_plugin(self): plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid) plugin = RhodeCodeAuthPlugin(plugin_id) return plugin def __enter__(self): - plugin = self._get_pluing() + + plugin = self._get_plugin() plugin.create_or_update_setting('auth_restriction', auth_restriction) Session().commit() SettingsModel().invalidate_settings_cache() def __exit__(self, exc_type, exc_val, exc_tb): - plugin = self._get_pluing() + + plugin = self._get_plugin() plugin.create_or_update_setting( 'auth_restriction', RhodeCodeAuthPlugin.AUTH_RESTRICTION_NONE) Session().commit() @@ -167,19 +169,19 @@ class Fixture(object): """ class context(object): - def _get_pluing(self): + def _get_plugin(self): plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid) plugin = RhodeCodeAuthPlugin(plugin_id) return plugin def __enter__(self): - plugin = self._get_pluing() + plugin = self._get_plugin() plugin.create_or_update_setting('scope_restriction', scope_restriction) Session().commit() SettingsModel().invalidate_settings_cache() def __exit__(self, exc_type, exc_val, exc_tb): - plugin = self._get_pluing() + plugin = self._get_plugin() plugin.create_or_update_setting( 'scope_restriction', RhodeCodeAuthPlugin.AUTH_RESTRICTION_SCOPE_ALL) Session().commit() diff --git a/rhodecode/tests/rhodecode.ini b/rhodecode/tests/rhodecode.ini --- a/rhodecode/tests/rhodecode.ini +++ b/rhodecode/tests/rhodecode.ini @@ -40,41 +40,68 @@ port = 5000 ; Module to use, this setting shouldn't be changed use = egg:gunicorn#main -## Sets the number of process workers. You must set `instance_id = *` -## when this option is set to more than one worker, recommended -## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers -## The `instance_id = *` must be set in the [app:main] section below +; Sets the number of process workers. More workers means more concurrent connections +; RhodeCode can handle at the same time. Each additional worker also it increases +; memory usage as each has it's own set of caches. +; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more +; than 8-10 unless for really big deployments .e.g 700-1000 users. +; `instance_id = *` must be set in the [app:main] section below (which is the default) +; when using more than 1 worker. #workers = 2 -## number of threads for each of the worker, must be set to 1 for gevent -## generally recommened to be at 1 -#threads = 1 -## process name + +; Gunicorn access log level +#loglevel = info + +; Process name visible in process list #proc_name = rhodecode -## type of worker class, one of sync, gevent -## recommended for bigger setup is using of of other than sync one -#worker_class = sync -## The maximum number of simultaneous clients. Valid only for Gevent + +; Type of worker class, one of `sync`, `gevent` +; Recommended type is `gevent` +#worker_class = gevent + +; The maximum number of simultaneous clients per worker. Valid only for gevent #worker_connections = 10 -## max number of requests that worker will handle before being gracefully -## restarted, could prevent memory leaks + +; Max number of requests that worker will handle before being gracefully restarted. +; Prevents memory leaks, jitter adds variability so not all workers are restarted at once. #max_requests = 1000 #max_requests_jitter = 30 -## amount of time a worker can spend with handling a request before it -## gets killed and restarted. Set to 6hrs + +; Amount of time a worker can spend with handling a request before it +; gets killed and restarted. By default set to 21600 (6hrs) +; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h) #timeout = 21600 -## prefix middleware for RhodeCode. -## recommended when using proxy setup. -## allows to set RhodeCode under a prefix in server. -## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well. -## And set your prefix like: `prefix = /custom_prefix` -## be sure to also set beaker.session.cookie_path = /custom_prefix if you need -## to make your cookies only work on prefix url +; The maximum size of HTTP request line in bytes. +; 0 for unlimited +#limit_request_line = 0 + + +; Prefix middleware for RhodeCode. +; recommended when using proxy setup. +; allows to set RhodeCode under a prefix in server. +; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well. +; And set your prefix like: `prefix = /custom_prefix` +; be sure to also set beaker.session.cookie_path = /custom_prefix if you need +; to make your cookies only work on prefix url [filter:proxy-prefix] use = egg:PasteDeploy#prefix prefix = / [app:main] +; The %(here)s variable will be replaced with the absolute path of parent directory +; of this file +; Each option in the app:main can be override by an environmental variable +; +;To override an option: +; +;RC_ +;Everything should be uppercase, . and - should be replaced by _. +;For example, if you have these configuration settings: +;rc_cache.repo_object.backend = foo +;can be overridden by +;export RC_CACHE_REPO_OBJECT_BACKEND=foo + is_test = True use = egg:rhodecode-enterprise-ce @@ -115,8 +142,8 @@ generate_js_files = false ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh lang = en -## perform a full repository scan on each server start, this should be -## set to false after first startup, to allow faster server restarts. +; Perform a full repository scan and import on each server start. +; Settings this to true could lead to very long startup time. startup.import_repos = true ; Uncomment and set this path to use archive download cache. @@ -161,18 +188,17 @@ rss_include_diff = false ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid} gist_alias_url = -## List of views (using glob pattern syntax) that AUTH TOKENS could be -## used for access. -## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it -## came from the the logged in user who own this authentication token. -## Additionally @TOKEN syntaxt can be used to bound the view to specific -## authentication token. Such view would be only accessible when used together -## with this authentication token -## -## list of all views can be found under `/_admin/permissions/auth_token_access` -## The list should be "," separated and on a single line. -## -## Most common views to enable: +; List of views (using glob pattern syntax) that AUTH TOKENS could be +; used for access. +; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it +; came from the the logged in user who own this authentication token. +; Additionally @TOKEN syntax can be used to bound the view to specific +; authentication token. Such view would be only accessible when used together +; with this authentication token +; list of all views can be found under `/_admin/permissions/auth_token_access` +; The list should be "," separated and on a single line. +; Most common views to enable: + # RepoCommitsView:repo_commit_download # RepoCommitsView:repo_commit_patch # RepoCommitsView:repo_commit_raw @@ -218,19 +244,19 @@ auth_plugin.import_legacy_plugins = true ; This will be served instead of default 401 on bad authentication auth_ret_code = -## use special detection method when serving auth_ret_code, instead of serving -## ret_code directly, use 401 initially (Which triggers credentials prompt) -## and then serve auth_ret_code to clients +; use special detection method when serving auth_ret_code, instead of serving +; ret_code directly, use 401 initially (Which triggers credentials prompt) +; and then serve auth_ret_code to clients auth_ret_code_detection = false -## locking return code. When repository is locked return this HTTP code. 2XX -## codes don't break the transactions while 4XX codes do +; locking return code. When repository is locked return this HTTP code. 2XX +; codes don't break the transactions while 4XX codes do lock_ret_code = 423 -## allows to change the repository location in settings page +; allows to change the repository location in settings page allow_repo_location_change = true -## allows to setup custom hooks in settings page +; allows to setup custom hooks in settings page allow_custom_hooks_settings = true ## generated license token, goto license page in RhodeCode settings to obtain @@ -245,6 +271,31 @@ supervisor.group_id = dev ## Display extended labs settings labs_settings_active = true +; Custom exception store path, defaults to TMPDIR +; This is used to store exception from RhodeCode in shared directory +#exception_tracker.store_path = + +; Send email with exception details when it happens +#exception_tracker.send_email = false + +; Comma separated list of recipients for exception emails, +; e.g admin@rhodecode.com,devops@rhodecode.com +; Can be left empty, then emails will be sent to ALL super-admins +#exception_tracker.send_email_recipients = + +; optional prefix to Add to email Subject +#exception_tracker.email_prefix = [RHODECODE ERROR] + +; File store configuration. This is used to store and serve uploaded files +file_store.enabled = true + +; Storage backend, available options are: local +file_store.backend = local + +; path to store the uploaded binaries +file_store.storage_path = %(here)s/data/file_store + + ; ############# ; CELERY CONFIG ; ############# @@ -348,16 +399,19 @@ beaker.session.secure = false ## auto save the session to not to use .save() beaker.session.auto = false -## default cookie expiration time in seconds, set to `true` to set expire -## at browser close +; default cookie expiration time in seconds, set to `true` to set expire +; at browser close #beaker.session.cookie_expires = 3600 ; ############################# ; SEARCH INDEXING CONFIGURATION ; ############################# -## WHOOSH Backend, doesn't require additional services to run -## it works good with few dozen repos +; Full text search indexer is available in rhodecode-tools under +; `rhodecode-tools index` command + +; WHOOSH Backend, doesn't require additional services to run +; it works good with few dozen repos search.module = rhodecode.lib.index.whoosh search.location = %(here)s/data/index @@ -543,9 +597,12 @@ ssh.enable_ui_key_generator = true #statsd.statsd_prefix = #statsd.statsd_ipv6 = false - ; configure logging automatically at server startup set to false ; to use the below custom logging config. +; RC_LOGGING_FORMATTER +; RC_LOGGING_LEVEL +; env variables can control the settings for logging in case of autoconfigure + logging.autoconfigure = false ; specify your own custom logging config file to configure logging @@ -559,14 +616,15 @@ custom.conf = 1 ; ##################### ; LOGGING CONFIGURATION ; ##################### + [loggers] -keys = root, sqlalchemy, beaker, rhodecode, ssh_wrapper +keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper [handlers] keys = console, console_sql [formatters] -keys = generic, color_formatter, color_formatter_sql +keys = generic, json, color_formatter, color_formatter_sql ; ####### ; LOGGERS @@ -620,10 +678,9 @@ qualname = celery class = StreamHandler args = (sys.stderr, ) level = DEBUG +; To enable JSON formatted logs replace 'generic/color_formatter' with 'json' +; This allows sending properly formatted logs to grafana loki or elasticsearch formatter = generic -; To enable JSON formatted logs replace generic with json -; This allows sending properly formatted logs to grafana loki or elasticsearch -#formatter = json [handler_console_sql] ; "level = DEBUG" logs SQL queries and results. @@ -632,6 +689,8 @@ formatter = generic class = StreamHandler args = (sys.stderr, ) level = WARN +; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json' +; This allows sending properly formatted logs to grafana loki or elasticsearch formatter = generic ; ########## @@ -654,5 +713,5 @@ format = %(asctime)s.%(msecs)03d [%(proc datefmt = %Y-%m-%d %H:%M:%S [formatter_json] -format = %(message)s -class = rhodecode.lib._vendor.jsonlogger.JsonFormatter \ No newline at end of file +format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s +class = rhodecode.lib._vendor.jsonlogger.JsonFormatter