dajac commented on a change in pull request #8933: URL: https://github.com/apache/kafka/pull/8933#discussion_r456282490
########## File path: core/src/main/scala/kafka/server/ControllerMutationQuotaManager.scala ########## @@ -0,0 +1,205 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package kafka.server + +import kafka.network.RequestChannel +import kafka.network.RequestChannel.Session +import org.apache.kafka.common.MetricName +import org.apache.kafka.common.errors.ThrottlingQuotaExceededException +import org.apache.kafka.common.metrics.Metrics +import org.apache.kafka.common.metrics.QuotaViolationException +import org.apache.kafka.common.metrics.Sensor +import org.apache.kafka.common.metrics.Sensor.QuotaEnforcementType +import org.apache.kafka.common.protocol.Errors +import org.apache.kafka.common.utils.Time +import org.apache.kafka.server.quota.ClientQuotaCallback + +import scala.jdk.CollectionConverters._ + +/** + * The ControllerMutationQuota trait defines a quota for a given user/clientId pair. Such + * quota is not meant to be cached forever but rather during the lifetime of processing + * a request. + */ +trait ControllerMutationQuota { + def isExceeded: Boolean + def accept(permits: Double): Unit + def throttleTime: Int +} + +/** + * Default quota used when quota is disabled. + */ +object UnboundedControllerMutationQuota extends ControllerMutationQuota { + override def isExceeded: Boolean = false + override def accept(permits: Double): Unit = () + override def throttleTime: Int = 0 +} + +/** + * The StrictControllerMutationQuota defines a strict quota for a given user/clientId pair. The + * quota is strict meaning that it does not accept any mutations once the quota is exhausted until + * it gets back to the defined rate. + * + * @param time @Time object to use + * @param quotaSensor @Sensor object with a defined quota for a given user/clientId pair + */ +class StrictControllerMutationQuota(private val time: Time, + private val quotaSensor: Sensor) extends ControllerMutationQuota { + + private var lastThrottleTimeMs = 0L + private var lastRecordedTimeMs = 0L + + override def isExceeded: Boolean = lastThrottleTimeMs > 0 + + override def accept(permits: Double): Unit = { + val timeMs = time.milliseconds + try { + quotaSensor.record(permits, timeMs, QuotaEnforcementType.STRICT) + } catch { + case e: QuotaViolationException => + lastThrottleTimeMs = ClientQuotaManager.throttleTime(e, timeMs) + lastRecordedTimeMs = timeMs + throw new ThrottlingQuotaExceededException(lastThrottleTimeMs.toInt, + Errors.THROTTLING_QUOTA_EXCEEDED.message) + } + } + + override def throttleTime: Int = { + // If a throttle time has been recorded, we adjust it by deducting the time elapsed + // between the recording and now. We do this because `throttleTime` may be called + // long after having recorded it (e.g. when creating topics). + val deltaTimeMs = time.milliseconds - lastRecordedTimeMs + Math.max(0, lastThrottleTimeMs - deltaTimeMs).toInt Review comment: I realized that I could have better explained this in the comment. I actually do this to deduce the time that the request spent waiting in the purgatory. Let's take an example. A `CreateTopicsRequest` with two topics may be able to create the first topic while the second is refused due to a quota exception with, say a throttling time of 5s. Then the request goes to the purgatory waiting until the first topic is created. That could take few seconds or even longer that the actual throttle time. In the latter case, we want the let the client retries immediately. Therefore, I deduce the time between the last recorded throttle time and now to reflect that. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
