Refactor gcp-fixture multipart parser

[mhl-b]

fixture.gcs.GoogleCloudStorageHttpHandler#parseMultipartRequestBody is giving hard times to understand how parsing works. This PR tries to follow https://www.rfc-editor.org/rfc/rfc2046.html#page-19 as a guidance for multipart content parsing.

[elasticsearchmachine]

Pinging @elastic/es-distributed-coordination (Team:Distributed Coordination)

[nicktindall]

Much nicer 👍

Might be worth adding some tests given that it's non-trivial?

[DaveCTurner]

Please could you add some unit tests for this? I.e. something test/fixtures/gcs-fixture/src/test/....

[DaveCTurner]

I would like to keep the behaviour where an invalid body causes a test failure rather than just an IllegalStateException

[mhl-b]

Throw AssertionError errors from the MultipartUpload.parseBody now.

[DaveCTurner]

I was sort of hoping to see tests that ensured that this kind of malformed body would throw an IAE from the parser. Throwing AssertionError from the parser itself basically means you can only test the happy path (or else catch AssertionError in tests which is best avoided if possible).

[mhl-b]

It's covered by all tests that use fixture. Metrics, retries, rest tests. There are some failures that I will address.

[DaveCTurner]

It's covered by all tests that uses fixture. Metrics, retries, rest tests. There are some failures that I will address.

I don't think that's true, these tests only cover the specific outputs that the GCS client sends. I suspect very few of them send multiple parts, and none of them send anything invalid.

[mhl-b]

There are tests that validate multipart upload parsing, directly and indirectly:

fixture.gcs.GoogleCloudStorageHttpHandlerTests#testIfGenerationMatch_MultipartUpload
org.elasticsearch.repositories.gcs.GoogleCloudStorageBlobContainerRetriesTests#testWriteBlobWithRetries
org.elasticsearch.repositories.blobstore.testkit.analyze.RepositoryAnalysisSuccessIT#testRepositoryAnalysis

Also added new tests for the MultipartUpload#readUntilDelimiter and MultipartUpload#skipUntilDelimiter.

[DaveCTurner]

It's legitimate to upload an empty blob comprising a single empty part isn't it? Certainly is in S3. We should be covering this case in these tests.

[mhl-b]

This test explicitly set content length to be at least 1 byte long. Empty content is not expected.

    protected static byte[] randomBlobContent() {
        return randomBlobContent(1);
    }

[mhl-b]

It's legitimate to send 0 byte blob. It will produce two body parts, json metadata and empty part with headers.

[nicktindall]

I think we could do away with that assertion (it might trip in the event someone changes randomBlobContent() down the track). It's not important for the test. I think the previous assertion (assertThat(content, isPresent());) was only there because the old parseMultipartRequestBody returned Optional.empty() when the parse failed.

I don't have strong feelings about it but given we check that the content equals the uploaded bytes further down it seems redundant?

[mhl-b]

Changed test with min-size 0 and removed content length assertion b4869f5. Manually tested with 0 sized blob, it works.

[DaveCTurner]

I was sort of hoping to see tests that ensured that this kind of malformed body would throw an IAE from the parser. Throwing AssertionError from the parser itself basically means you can only test the happy path (or else catch AssertionError in tests which is best avoided if possible).

[DaveCTurner]

Could we randomize this? I know it was fixed before, within the scope of createGzipCompressedMultipartUploadBody, but even that was a bit odd.

[mhl-b]

throwing AssertionError from the parser itself basically means you can only test the happy path (or else catch AssertionError in tests which is best avoided if possible).

True, at the same time the input we have depends on GCP SDK, not something we can easily change to produce unhappy path. Even if we can hack GCP client, then we would test hacked client against our own fixture, further away from the real world.

[DaveCTurner]

We're generating this boundary, we can set it to whatever we want. Let's use randomness to reflect that.

[DaveCTurner]

Oh sorry you're replying to a different thread 🤦

Yeah I don't want to hack the GCP client to produce invalid things, I just want some unit tests to check we're not being unduly lenient with our parsing.

[mhl-b]

Ah, sorry, for the boundary, yes. For some reason I cannot comment directly on the handling assertion comment. Dropped it here. Will do the boundary part.

[mhl-b]

I think fixed boundary string is fine in this test. With random boundary and random content we need to sanitize content, it should not contain boundary within. New parser is agnostic to boundary string, a new test added for a generic multipart request. So I propose to leave this test as it is.

[DaveCTurner]

I disagree, sorry, using the literal UUID a607a67c-6df7-4b87-b8a1-81f639a75a97 in this test implies to the reader that this UUID is in some way special. But it isn't, we could use any value here. We can keep the __END_OF_PART__ prefix to distinguish it from any string that could appear elsewhere in the body, but I'd really much prefer to have a random value here to help the reader understand that the boundary UUID is not required to be a fixed value.

[mhl-b]

No problem at all. Added random boundary string. 905620d

I removed static MULTIPART_BOUNDARY in following commit.

[nicktindall]

LGTM

[mhl-b]

@DaveCTurner are you ok with current version? There is still block on PR.

[DaveCTurner]

LGTM thanks Mikhail