Merge pull request #189 from iExecBlockchainComputing/release/8.2.0

Release/8.2.0
iExecBlockchainComputing · Aug 11, 2023 · 95402e0 · 95402e0
2 parents 1e2760d + fc2aac2
commit 95402e0
Show file tree

Hide file tree

Showing 23 changed files with 907 additions and 52 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,19 @@
 
 All notable changes to this project will be documented in this file.
 
+## [[8.2.0]](https://github.com/iExecBlockchainComputing/iexec-sms/releases/tag/v8.2.0) 2023-08-11
+
+### New Features
+- Export metrics on secrets counts. (#181)
+### Quality
+- Remove `nexus.intra.iex.ec` repository. (#180)
+- Parameterize build of TEE applications while PR is not started. This allows faster builds. (#182 #184)
+- Refactor secrets measures. (#185)
+- Update `sconify.sh` script and use latest `5.7.2-wal` sconifier. (#186 #187 #188)
+- Add `/metrics` endpoint. (#183)
+### Dependency Upgrades
+- Upgrade to `jenkins-library` 2.6.0. (#182)
+
 ## [[8.1.2]](https://github.com/iExecBlockchainComputing/iexec-sms/releases/tag/v8.1.2) 2023-06-27
 
 ### Dependency Upgrades

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,9 +1,20 @@
-@Library('global-jenkins-library@2.4.0') _
+@Library('global-jenkins-library@2.6.0') _
 
 String repositoryName = 'iexec-sms'
 
 buildInfo = getBuildInfo()
 
+// add parameters for non-PR builds when branch is not develop or production branch
+boolean addParameters = !buildInfo.isPullRequestBuild && !buildInfo.isDevelopBranch && !buildInfo.isProductionBranch
+
+// Override properties defined in getBuildInfo and add parameters
+if (addParameters) {
+  properties([
+    buildDiscarder(logRotator(numToKeepStr: '10')),
+    parameters([booleanParam(description: 'Build TEE images', name: 'BUILD_TEE')])
+  ])
+}
+
 buildJavaProject(
         buildInfo: buildInfo,
         integrationTestsEnvVars: [],
@@ -16,11 +27,17 @@ buildJavaProject(
         preProductionVisibility: 'docker.io',
         productionVisibility: 'docker.io')
 
+// BUILD_TEE parameter only exists if addParameters is true
+// If BUILD_TEE is false, TEE builds won't be executed and we return here
+if (addParameters && !params.BUILD_TEE) {
+  return
+}
+
 sconeBuildUnlocked(
         nativeImage:     "docker-regis.iex.ec/$repositoryName:$buildInfo.imageTag",
         imageName:       repositoryName,
         imageTag:        buildInfo.imageTag,
         sconifyArgsPath: './docker/sconify.args',
-        sconifyImage:    'sconecuratedimages/iexec-sconify-image',
-        sconifyVersion:  '5.7.0-wal'
+        sconifyImage:    'scone-debug/iexec-sconify-image-unlocked',
+        sconifyVersion:  '5.7.2-wal'
 )
diff --git a/build.gradle b/build.gradle
@@ -31,9 +31,6 @@ allprojects {
                 password nexusPassword
             }
         }
-        maven {
-            url 'https://nexus.intra.iex.ec/repository/maven-public/'
-        }
         maven {
             url 'https://jitpack.io'
         }
@@ -88,6 +85,9 @@ dependencies {
     // feign
     implementation "io.github.openfeign:feign-jackson:$openFeignVersion"
     implementation "io.github.openfeign:feign-slf4j:$openFeignVersion"
+
+    // awaitility
+    testImplementation 'org.awaitility:awaitility'
 }
 
 sourceSets {

diff --git a/docker/sconify.sh b/docker/sconify.sh
@@ -1,16 +1,16 @@
 #!/bin/bash
-# IMG_FROM=iexechub/iexec-sms:7.1.0 IMG_TO=iexechub/iexec-sms:7.1.0-debug ./sconify.sh
+
 cd $(dirname $0)
 
-SCONE_IMG_NAME=sconecuratedimages/iexec-sconify-image
-SCONE_IMG_VERSION=5.7.0-wal
+SCONE_IMG_NAME=scone-debug/iexec-sconify-image-unlocked
+SCONE_IMG_VERSION=5.7.2-wal
 
-IMG_TO=${IMG_TO}-sconify-${SCONE_IMG_VERSION}-debug
+IMG_TO=${IMG_FROM}-sconify-${SCONE_IMG_VERSION}-debug
 
 ARGS=$(sed -e "s'\${IMG_FROM}'${IMG_FROM}'" -e "s'\${IMG_TO}'${IMG_TO}'" sconify.args)
 echo $ARGS
 
-SCONE_IMAGE="registry.scontain.com:5050/${SCONE_IMG_NAME}:${SCONE_IMG_VERSION}"
+SCONE_IMAGE="registry.scontain.com/${SCONE_IMG_NAME}:${SCONE_IMG_VERSION}"
 
 /bin/bash -c "docker run -t --rm \
     -v /var/run/docker.sock:/var/run/docker.sock \

diff --git a/gradle.properties b/gradle.properties
@@ -1,4 +1,4 @@
-version=8.1.2
+version=8.2.0
 iexecCommonVersion=8.2.1
 iexecCommonsPocoVersion=3.0.5
 

diff --git a/iexec-sms-library/src/main/java/com/iexec/sms/api/SmsClient.java b/iexec-sms-library/src/main/java/com/iexec/sms/api/SmsClient.java
@@ -20,6 +20,7 @@
 import com.iexec.commons.poco.chain.WorkerpoolAuthorization;
 import com.iexec.commons.poco.tee.TeeFramework;
 import com.iexec.sms.api.config.TeeServicesProperties;
+import com.iexec.sms.metric.SmsMetrics;
 import feign.Headers;
 import feign.Param;
 import feign.RequestLine;
@@ -123,4 +124,9 @@ ApiResponseBody<TeeSessionGenerationResponse, TeeSessionGenerationError> generat
     @RequestLine("GET /tee/properties/{teeFramework}")
     <T extends TeeServicesProperties> T getTeeServicesProperties(@Param("teeFramework") TeeFramework teeFramework);
     // endregion
+
+    // region Metrics
+    @RequestLine("GET /metrics")
+    SmsMetrics getMetrics();
+    // endregion
 }
diff --git a/...xec/sms/secret/AbstractSecretService.java → .../com/iexec/sms/metric/SecretsMetrics.java b/...xec/sms/secret/AbstractSecretService.java → .../com/iexec/sms/metric/SecretsMetrics.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020 IEXEC BLOCKCHAIN TECH
+ * Copyright 2023-2023 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,15 +14,17 @@
  * limitations under the License.
  */
 
-package com.iexec.sms.secret;
+package com.iexec.sms.metric;
 
-import com.iexec.sms.encryption.EncryptionService;
+import lombok.*;
 
-public abstract class AbstractSecretService {
-
-    protected final EncryptionService encryptionService;
-
-    protected AbstractSecretService(EncryptionService encryptionService) {
-        this.encryptionService = encryptionService;
-    }
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Getter
+public class SecretsMetrics {
+    private String secretsType;
+    private long initialCount;
+    private long storedCount;
+    private long addedSinceStartCount;
 }
diff --git a/iexec-sms-library/src/main/java/com/iexec/sms/metric/SmsMetrics.java b/iexec-sms-library/src/main/java/com/iexec/sms/metric/SmsMetrics.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2023-2023 IEXEC BLOCKCHAIN TECH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.iexec.sms.metric;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+import java.util.Map;
+
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Getter
+public class SmsMetrics {
+    /**
+     * A map of secrets metrics, whose key is the type of secrets it holds
+     * and value is the metrics themselves.
+     */
+    private Map<String, SecretsMetrics> secretsMetrics;
+}
diff --git a/src/main/java/com/iexec/sms/config/SecretsConfig.java b/src/main/java/com/iexec/sms/config/SecretsConfig.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2023-2023 IEXEC BLOCKCHAIN TECH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.iexec.sms.config;
+
+import com.iexec.sms.metric.MetricsService;
+import com.iexec.sms.secret.MeasuredSecretService;
+import com.iexec.sms.secret.compute.TeeTaskComputeSecretRepository;
+import com.iexec.sms.secret.web2.Web2SecretRepository;
+import com.iexec.sms.secret.web3.Web3SecretRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import javax.annotation.PreDestroy;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+@Configuration
+public class SecretsConfig {
+    private final MetricsService metricsService;
+    private final ScheduledExecutorService storageMetricsExecutorService;
+
+    @Autowired
+    public SecretsConfig(MetricsService metricsService) {
+        this.metricsService = metricsService;
+        this.storageMetricsExecutorService = Executors.newSingleThreadScheduledExecutor();
+    }
+
+    SecretsConfig(MetricsService metricsService,
+                  ScheduledExecutorService storageMetricsExecutorService) {
+        this.metricsService = metricsService;
+        this.storageMetricsExecutorService = storageMetricsExecutorService;
+    }
+
+    @PreDestroy
+    void shutdown() throws InterruptedException {
+        storageMetricsExecutorService.shutdown();
+        try {
+            if (!storageMetricsExecutorService.awaitTermination(800, TimeUnit.MILLISECONDS)) {
+                storageMetricsExecutorService.shutdownNow();
+            }
+        } catch (InterruptedException e) {
+            storageMetricsExecutorService.shutdownNow();
+            throw e;
+        }
+    }
+
+    @Bean
+    MeasuredSecretService web2MeasuredSecretService(Web2SecretRepository web2SecretRepository,
+                                                    @Value("${metrics.storage.refresh-interval}") int storedSecretsCountPeriod) {
+        return metricsService.registerNewMeasuredSecretService(
+                new MeasuredSecretService(
+                        "web2",
+                        "iexec.sms.secrets.web2.",
+                        web2SecretRepository::count,
+                        storageMetricsExecutorService,
+                        storedSecretsCountPeriod
+                )
+        );
+    }
+
+    @Bean
+    MeasuredSecretService web3MeasuredSecretService(Web3SecretRepository web3SecretRepository,
+                                                    @Value("${metrics.storage.refresh-interval}") int storedSecretsCountPeriod) {
+        return metricsService.registerNewMeasuredSecretService(
+                new MeasuredSecretService(
+                        "web3",
+                        "iexec.sms.secrets.web3.",
+                        web3SecretRepository::count,
+                        storageMetricsExecutorService,
+                        storedSecretsCountPeriod
+                )
+        );
+    }
+
+    @Bean
+    MeasuredSecretService computeMeasuredSecretService(TeeTaskComputeSecretRepository teeTaskComputeSecretRepository,
+                                                       @Value("${metrics.storage.refresh-interval}") int storedSecretsCountPeriod) {
+        return metricsService.registerNewMeasuredSecretService(
+                new MeasuredSecretService(
+                        "compute",
+                        "iexec.sms.secrets.compute.",
+                        teeTaskComputeSecretRepository::count,
+                        storageMetricsExecutorService,
+                        storedSecretsCountPeriod
+                )
+        );
+    }
+}
diff --git a/src/main/java/com/iexec/sms/metric/MetricsController.java b/src/main/java/com/iexec/sms/metric/MetricsController.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2023-2023 IEXEC BLOCKCHAIN TECH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.iexec.sms.metric;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import static org.springframework.http.ResponseEntity.ok;
+
+@RestController
+@RequestMapping("/metrics")
+public class MetricsController {
+
+    private final MetricsService metricsService;
+
+    public MetricsController(MetricsService metricsService) {
+        this.metricsService = metricsService;
+    }
+
+    @GetMapping
+    public ResponseEntity<SmsMetrics> getSmsMetrics() {
+        return ok(metricsService.getSmsMetrics());
+    }
+}