[ENH] ✨ Connections to ldap can be retried

sugoi-api-ldap-config-provider/src/main/java/fr/insee/sugoi/config/LdapRealmProviderDAOImpl.java

@@ -15,7 +15,6 @@
 
 import com.unboundid.ldap.sdk.AddRequest;
 import com.unboundid.ldap.sdk.Filter;
-import com.unboundid.ldap.sdk.LDAPConnectionPool;
 import com.unboundid.ldap.sdk.LDAPException;
 import com.unboundid.ldap.sdk.ModifyRequest;
 import com.unboundid.ldap.sdk.SearchRequest;
@@ -29,6 +28,8 @@
 import fr.insee.sugoi.core.realm.RealmProvider;
 import fr.insee.sugoi.ldap.utils.LdapFactory;
 import fr.insee.sugoi.ldap.utils.LdapFilter;
+import fr.insee.sugoi.ldap.utils.RetriableLDAPException;
+import fr.insee.sugoi.ldap.utils.RetriableLdapConnectionPool;
 import fr.insee.sugoi.ldap.utils.config.LdapConfigKeys;
 import fr.insee.sugoi.ldap.utils.exception.LdapStoreConnectionFailedException;
 import fr.insee.sugoi.ldap.utils.mapper.RealmLdapMapper;
@@ -40,6 +41,7 @@
 import fr.insee.sugoi.model.exceptions.RealmAlreadyExistException;
 import fr.insee.sugoi.model.exceptions.RealmNotFoundException;
 import fr.insee.sugoi.model.exceptions.RealmWriteFailureException;
+import fr.insee.sugoi.model.exceptions.StoreException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -107,13 +109,16 @@ public class LdapRealmProviderDAOImpl implements RealmProvider {
   @Value("${fr.insee.sugoi.config.ldap.default.sortKey:}")
   private String defaultSortKey;
 
+  @Value("${fr.insee.sugoi.config.ldap.default.max-retries:10}")
+  private String maxRetries;
+
   @Autowired UiMappingService uiMappingService;
 
   private static final Logger logger = LoggerFactory.getLogger(LdapRealmProviderDAOImpl.class);
 
-  private LDAPConnectionPool ldapConnectionPoolAuthenticated;
+  private RetriableLdapConnectionPool ldapConnectionPoolAuthenticated;
 
-  private LDAPConnectionPool ldapConnectionPool;
+  private RetriableLdapConnectionPool ldapConnectionPool;
 
   @Value("${fr.insee.sugoi.users.maxoutputsize:1000}")
   private String defaultUserMaxOutputSize;
@@ -138,7 +143,7 @@ public Optional<Realm> load(String realmName) {
       } else {
         return Optional.empty();
       }
-    } catch (LDAPException e) {
+    } catch (RetriableLDAPException | LDAPException e) {
       throw new RealmNotFoundException("Impossible de charger le realm " + realmName, e);
     }
   }
@@ -155,8 +160,8 @@ public List<Realm> findAll() {
         realms.add(generateRealmFromSearchEntry(searchEntry));
       }
       return realms;
-    } catch (LDAPException e) {
-      throw new RealmNotFoundException("Impossible de charger les realms", e);
+    } catch (RetriableLDAPException | LDAPException e) {
+      throw new StoreException("Impossible de charger les realms", e);
     }
   }
 
@@ -187,7 +192,7 @@ public ProviderResponse createRealm(Realm realm, ProviderRequest providerRequest
         response.setStatus(ProviderResponseStatus.OK);
         response.setEntityId(realm.getName());
         return response;
-      } catch (LDAPException e) {
+      } catch (RetriableLDAPException e) {
         throw new RealmWriteFailureException("Failed to create realm " + realm.getName(), e);
       }
     } else {
@@ -216,7 +221,7 @@ public ProviderResponse updateRealm(Realm realm, ProviderRequest providerRequest
         response.setStatus(ProviderResponseStatus.OK);
         response.setEntityId(realm.getName());
         return response;
-      } catch (LDAPException e) {
+      } catch (RetriableLDAPException | LDAPException e) {
         throw new RealmWriteFailureException("Failed to update realm " + realm.getName(), e);
       }
     } else {
@@ -244,14 +249,14 @@ public ProviderResponse deleteRealm(String realmName, ProviderRequest providerRe
       response.setStatus(ProviderResponseStatus.OK);
       response.setEntityId(realmName);
       return response;
-    } catch (LDAPException e) {
+    } catch (RetriableLDAPException e) {
       throw new RealmWriteFailureException("Failed to delete realm " + realmName, e);
     }
   }
 
   private List<UserStorage> loadUserStorages(
       String realmName, Map<RealmConfigKeys, List<String>> defaultRealmProperties)
-      throws LDAPException {
+      throws RetriableLDAPException, LDAPException {
     List<UserStorage> userstorages =
         ldapPoolConnection()
             .search(
@@ -268,7 +273,8 @@ private List<UserStorage> loadUserStorages(
     return userstorages;
   }
 
-  private Realm generateRealmFromSearchEntry(SearchResultEntry searchEntry) throws LDAPException {
+  private Realm generateRealmFromSearchEntry(SearchResultEntry searchEntry)
+      throws RetriableLDAPException, LDAPException {
     Realm realm = RealmLdapMapper.mapFromSearchEntry(searchEntry);
     realm.setUserStorages(loadUserStorages(realm.getName(), realm.getProperties()));
     addDefaultOnRealm(realm);
@@ -330,7 +336,7 @@ private void addDefaultOnRealm(Realm realm) {
             List.of(defaultOrganizationMaxOutputSize));
   }
 
-  private LDAPConnectionPool ldapPoolConnection() {
+  private RetriableLdapConnectionPool ldapPoolConnection() {
     try {
       if (ldapConnectionPool == null) {
         if (useAuthenticatedConnectionForReading) {
@@ -351,7 +357,7 @@ private LDAPConnectionPool ldapPoolConnection() {
     }
   }
 
-  private LDAPConnectionPool ldapConnectionPoolAuthenticated() {
+  private RetriableLdapConnectionPool ldapConnectionPoolAuthenticated() {
     try {
       if (ldapConnectionPoolAuthenticated == null) {
         Map<RealmConfigKeys, String> config = new HashMap<>();
@@ -361,9 +367,10 @@ private LDAPConnectionPool ldapConnectionPoolAuthenticated() {
         config.put(LdapConfigKeys.USERNAME, defaultUsername);
         config.put(LdapConfigKeys.PASSWORD, defaultPassword);
         config.put(LdapConfigKeys.LDAP_CONNECTION_TIMEOUT, connectionTimeout);
-        ldapConnectionPool = LdapFactory.getConnectionPoolAuthenticated(config);
+        config.put(LdapConfigKeys.MAX_RETRIES, maxRetries);
+        ldapConnectionPoolAuthenticated = LdapFactory.getConnectionPoolAuthenticated(config);
       }
-      return ldapConnectionPool;
+      return ldapConnectionPoolAuthenticated;
     } catch (LDAPException e) {
       throw new LdapStoreConnectionFailedException(
           String.format("Failed authenticated connection to ldap realm store %s:%d", url, port), e);

sugoi-api-ldap-store-provider/src/main/java/fr/insee/sugoi/store/ldap/LdapReaderStore.java

@@ -19,6 +19,7 @@
 import fr.insee.sugoi.ldap.utils.LdapFactory;
 import fr.insee.sugoi.ldap.utils.LdapFilter;
 import fr.insee.sugoi.ldap.utils.LdapUtils;
+import fr.insee.sugoi.ldap.utils.RetriableLDAPException;
 import fr.insee.sugoi.ldap.utils.config.LdapConfigKeys;
 import fr.insee.sugoi.ldap.utils.mapper.AddressLdapMapper;
 import fr.insee.sugoi.ldap.utils.mapper.ApplicationLdapMapper;
@@ -53,10 +54,8 @@ public LdapReaderStore(
       if (Boolean.TRUE.equals(
           Boolean.valueOf(config.get(LdapConfigKeys.READ_CONNECTION_AUTHENTICATED)))) {
         this.ldapPoolConnection = LdapFactory.getConnectionPoolAuthenticated(config);
-        this.ldapMonoConnection = LdapFactory.getSingleConnectionAuthenticated(config);
       } else {
         this.ldapPoolConnection = LdapFactory.getConnectionPool(config);
-        this.ldapMonoConnection = LdapFactory.getSingleConnection(config);
       }
       this.config = config;
       userLdapMapper = new UserLdapMapper(config, mappings.get(MappingType.USERMAPPING));
@@ -300,7 +299,7 @@ private SearchResultEntry getEntryByDn(String dn) {
       logger.debug("Fetching {}", dn);
 
       return ldapPoolConnection.getEntry(dn, "+", "*");
-    } catch (LDAPException e) {
+    } catch (RetriableLDAPException e) {
       throw new StoreException("Failed to execute " + dn, e);
     }
   }
@@ -326,25 +325,16 @@ private <R extends SugoiObject> PageResult<R> searchOnLdap(
     if (pageableResult != null) {
       LdapUtils.setRequestControls(searchRequest, pageableResult, config);
     }
-    SearchResult searchResult = null;
+    SearchResult searchResult;
     try {
-      searchResult = ldapMonoConnection.search(searchRequest);
-    } catch (LDAPException e) {
-      if (e.getResultCode().intValue() == ResultCode.SERVER_DOWN_INT_VALUE) {
-        try {
-          if (Boolean.TRUE.equals(
-              Boolean.valueOf(config.get(LdapConfigKeys.READ_CONNECTION_AUTHENTICATED)))) {
-            ldapMonoConnection = LdapFactory.getSingleConnectionAuthenticated(config, true);
-          } else {
-            ldapMonoConnection = LdapFactory.getSingleConnection(config, true);
-          }
-        } catch (LDAPException e1) {
-          throw new StoreException("Search failed", e1);
-        }
-        searchResult = ldapMonoConnection.search(searchRequest);
+      if (Boolean.TRUE.equals(
+          Boolean.valueOf(config.get(LdapConfigKeys.READ_CONNECTION_AUTHENTICATED)))) {
+        searchResult = LdapFactory.getSingleConnectionAuthenticated(config).search(searchRequest);
       } else {
-        throw new StoreException("search failed", e);
+        searchResult = LdapFactory.getSingleConnection(config).search(searchRequest);
       }
+    } catch (LDAPException | RetriableLDAPException e) {
+      throw new StoreException("search failed", e);
     }
     PageResult<R> pageResult = new PageResult<>();
     pageResult.setResults(

sugoi-api-ldap-store-provider/src/main/java/fr/insee/sugoi/store/ldap/LdapStore.java

@@ -13,9 +13,8 @@
 */
 package fr.insee.sugoi.store.ldap;
 
-import com.unboundid.ldap.sdk.LDAPConnection;
-import com.unboundid.ldap.sdk.LDAPConnectionPool;
 import fr.insee.sugoi.core.configuration.GlobalKeysConfig;
+import fr.insee.sugoi.ldap.utils.RetriableLdapConnectionPool;
 import fr.insee.sugoi.ldap.utils.config.LdapConfigKeys;
 import fr.insee.sugoi.ldap.utils.mapper.AddressLdapMapper;
 import fr.insee.sugoi.ldap.utils.mapper.ApplicationLdapMapper;
@@ -30,9 +29,7 @@
 
 public class LdapStore {
 
-  protected LDAPConnectionPool ldapPoolConnection;
-  protected LDAPConnection ldapMonoConnection;
-
+  protected RetriableLdapConnectionPool ldapPoolConnection;
   protected static final Logger logger = LoggerFactory.getLogger(LdapStore.class);
 
   protected UserLdapMapper userLdapMapper;

sugoi-api-ldap-store-provider/src/main/java/fr/insee/sugoi/store/ldap/LdapStoreBeans.java

@@ -95,6 +95,9 @@ public class LdapStoreBeans {
   @Value("#{'${fr.insee.sugoi.ldap.default.application-mapping:name:ou,String,rw}'.split(';')}")
   private List<String> defaultApplicationMapping;
 
+  @Value("${fr.insee.sugoi.config.ldap.default.max-retries:10}")
+  private String maxRetries;
+
   @Bean("LdapReaderStore")
   @Lazy
   @Scope("prototype")
@@ -190,6 +193,12 @@ public Map<RealmConfigKeys, String> generateConfig(Realm realm, UserStorage user
                 && !userStorage.getProperties().get(LdapConfigKeys.ADDRESS_OBJECT_CLASSES).isEmpty()
             ? userStorage.getProperties().get(LdapConfigKeys.ADDRESS_OBJECT_CLASSES).get(0)
             : defaultAddressObjectClasses);
+    config.put(
+        LdapConfigKeys.MAX_RETRIES,
+        realm.getProperties().get(LdapConfigKeys.MAX_RETRIES) != null
+                && !realm.getProperties().get(LdapConfigKeys.MAX_RETRIES).isEmpty()
+            ? realm.getProperties().get(LdapConfigKeys.MAX_RETRIES).get(0)
+            : maxRetries);
 
     return config;
   }