Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Made the Timeout in LicenseInformationService configurable via CLI argument (#584) #773

Merged
merged 7 commits into from
Dec 9, 2024
Merged

Made the Timeout in LicenseInformationService configurable via CLI argument (#584) #773

merged 7 commits into from
Dec 9, 2024

Conversation

kidcline1
Copy link
Contributor

  • Added new command line argument for generator (lto)
  • Modified LicenseInformationService and LicenseInformationFetcher to allow passing timeout as an argument
  • Removed hardcoded limit of 30 seconds

@kidcline1 kidcline1 requested a review from a team as a code owner November 1, 2024 09:50
@kidcline1
Copy link
Contributor Author

@microsoft-github-policy-service agree

@DaveTryon
Copy link
Contributor

DaveTryon commented Nov 1, 2024
edited
Loading

Strictly speaking, this is a breaking change because it changes a public interface; it would break any consumers of the API who had their own implementation of the ILicenseInformationFetcher interface. The non-breaking way to make this change is to leave ILicenseInformationFetcher unchanged, and to create a new interface:

public interface ILicenseInformationFetcher2 : ILicenseInformationFetcher
{
    /// <summary>
    /// Calls the ClearlyDefined API to get the license information for the list of components.
    /// </summary>
    /// <param name="listOfComponentsForApi"> A list of strings formatted into a list of strings that can be used to call the batch ClearlyDefined API.</param>
    /// <param name="timeoutInSeconds">Timeout in seconds to use when making web requests</param>
    /// <returns></returns>
    Task<List<string>> FetchLicenseInformationAsync(List<string> listOfComponentsForApi, int timeoutinSeconds);
}

Then you derive LicenseInformationFetcher from ILicenseInformationFetcher2. In ComponentDetectionBaseWalker.cs, you do something like this to safely call the method:

ILicenseInformationFetcher2 licenseInformationFetcher2 = licenseInformationFetcher as ILicenseInformationFetcher2;
// Maybe spit out a warning message if licenseInformationFetcher2 is null but configuration.LicenseInformationTimeout is not null
if (licenseInformationFetcher2 is null || configuration.LicenseInformationTimeout is null)
{
    apiResponses = await licenseInformationFetcher.FetchLicenseInformationAsync(listOfComponentsForApi);
}
else
{
    apiResponses = await licenseInformationFetcher2.FetchLicenseInformationAsync(listOfComponentsForApi, configuration.LicenseInformationTimeout.Value);
}

DaveTryon
DaveTryon requested changes Nov 1, 2024
View reviewed changes
Copy link
Contributor

@DaveTryon DaveTryon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left several comments

kidcline1 and others added 2 commits November 2, 2024 08:00
@kidcline1
Merge branch 'main' into add-configurable-timeout
60d1bbc
@kidcline1
Added recommended fixes for PR microsoft#773
e2ed187 
- Renamed variables to specify Seconds
- Added new CLI arg -lto to docs
- Added support for negative values for -lto
- Added tests for limits of -lto
- Fixed breaking API change by creating new Interfaces
- Changed some magic numbers to constants instead
- Added some Warning statements
@kidcline1
Copy link
Contributor Author

Strictly speaking, this is a breaking change because it changes a public interface; it would break any consumers of the API who had their own implementation of the ILicenseInformationFetcher interface. The non-breaking way to make this change is to leave ILicenseInformationFetcher unchanged, and to create a new interface:

public interface ILicenseInformationFetcher2 : ILicenseInformationFetcher
{
    /// <summary>
    /// Calls the ClearlyDefined API to get the license information for the list of components.
    /// </summary>
    /// <param name="listOfComponentsForApi"> A list of strings formatted into a list of strings that can be used to call the batch ClearlyDefined API.</param>
    /// <param name="timeoutInSeconds">Timeout in seconds to use when making web requests</param>
    /// <returns></returns>
    Task<List<string>> FetchLicenseInformationAsync(List<string> listOfComponentsForApi, int timeoutinSeconds);
}

Then you derive LicenseInformationFetcher from ILicenseInformationFetcher2. In ComponentDetectionBaseWalker.cs, you do something like this to safely call the method:

ILicenseInformationFetcher2 licenseInformationFetcher2 = licenseInformationFetcher as ILicenseInformationFetcher2;
// Maybe spit out a warning message if licenseInformationFetcher2 is null but configuration.LicenseInformationTimeout is not null
if (licenseInformationFetcher2 is null || configuration.LicenseInformationTimeout is null)
{
    apiResponses = await licenseInformationFetcher.FetchLicenseInformationAsync(listOfComponentsForApi);
}
else
{
    apiResponses = await licenseInformationFetcher2.FetchLicenseInformationAsync(listOfComponentsForApi, configuration.LicenseInformationTimeout.Value);
}

I was wondering how best to handle that. Thank you for the suggestion - I have implemented the two new interfaces ILicenseInformationFetcher2 and ILicenseInformationService2 as you suggested to prevent breaking changes to the API.

@kidcline1
Copy link
Contributor Author

Left several comments

Hello @DaveTryon, thank you for the thorough code review. I have made the requested changes in the latest commit.

DaveTryon
DaveTryon requested changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@DaveTryon DaveTryon left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes--it's very close. I think we need to be more explicit/restrictive in the allowed range of timeout values, make sure that the docs and tests cover the range, and we'll be ready to go

@codecov-commenter
Copy link

codecov-commenter commented Nov 4, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 43.13725% with 29 lines in your changes missing coverage. Please review.

Project coverage is 69.98%. Comparing base (970a9e0) to head (66a6f16).

Files with missing lines Patch % Lines
...Sbom.Api/Executors/ComponentDetectionBaseWalker.cs 0.00% 12 Missing ⚠️
...ft.Sbom.Api/Executors/LicenseInformationFetcher.cs 0.00% 9 Missing ⚠️
...ft.Sbom.Api/Executors/LicenseInformationService.cs 0.00% 7 Missing ⚠️
src/Microsoft.Sbom.Api/Config/ConfigSanitizer.cs 94.44% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #773      +/-   ##
==========================================
- Coverage   70.13%   69.98%   -0.15%     
==========================================
  Files         277      277              
  Lines        8651     8700      +49     
  Branches     1006     1014       +8     
==========================================
+ Hits         6067     6089      +22     
- Misses       2065     2091      +26     
- Partials      519      520       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kidcline1
Added additional recommended fixes for PR microsoft#773
e3e21ad 
- Fixed a couple of minor bugs
- Reduced valid input range for -lto to 1-86400
- Moved MaxTimeout and DefaultTimeout to Constants class
@kidcline1
Copy link
Contributor Author

Thanks for the changes--it's very close. I think we need to be more explicit/restrictive in the allowed range of timeout values, make sure that the docs and tests cover the range, and we'll be ready to go

Thanks. I've made the changes requested. For the change I commented on, I made the change based on what I think you were getting at since LicenseInformationFetcher and LicenseInformationService are so similar.

@erri120 erri120 mentioned this pull request Nov 6, 2024
Closed
@EinmalIM
Copy link

I would like to set the timeout as well. Really looking forward to getting that feature.

@kidcline1
Copy link
Contributor Author

Hello @DaveTryon, I've made the changes requested. Is there anything else I need to do on my end?

DaveTryon
DaveTryon approved these changes Dec 5, 2024
View reviewed changes
Copy link
Contributor

@DaveTryon DaveTryon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @kidcline1! I was busy on other tasks and lost track of this. These changes look really good to me. Assuming everything goes smoothly, we should get this merged in the next day or two. Our entire organization is currently operating under a release freeze for the holidays, so we won't be able to release the new version until early January.

@DaveTryon DaveTryon merged commit 4d0ce83 into microsoft:main Dec 9, 2024
7 checks passed
@DaveTryon DaveTryon mentioned this pull request Feb 4, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DaveTryon DaveTryon DaveTryon approved these changes

@sfoslund sfoslund sfoslund approved these changes

@RobGallo RobGallo Awaiting requested review from RobGallo RobGallo is a code owner automatically assigned from microsoft/sbom-pr-reviewers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kidcline1 @DaveTryon @codecov-commenter @EinmalIM @sfoslund