Add a lockdown mode health check

Added a new "lockdown mode" LDAP connection pool health check that can be used to determine whether a Ping Identity Directory Server instance is currently in lockdown mode.
pingidentity · Jan 23, 2024 · 8dfccb7 · 8dfccb7
1 parent 0f1893c
commit 8dfccb7
Show file tree

Hide file tree

Showing 5 changed files with 934 additions and 39 deletions.
diff --git a/docs/release-notes.html b/docs/release-notes.html
@@ -101,6 +101,13 @@ <h3>Version 7.0.0</h3>
                   <br><br>
                 </li>
 
+                <li>
+                  Added a new "lockdown mode" LDAP connection pool health check that can be used to
+                  determine whether a Ping Identity Directory Server instance is currently in
+                  lockdown mode.
+                  <br><br>
+                </li>
+
                 <li>
                   Added a new "active alerts" LDAP connection pool health check that can retrieve
                   the set of active alert types from a Ping Identity Directory Server instance to

diff --git a/messages/unboundid-ldapsdk-unboundidds.properties b/messages/unboundid-ldapsdk-unboundidds.properties
@@ -640,3 +640,12 @@ ERR_ACTIVE_ALERTS_HEALTH_CHECK_UNAVAILABLE_ALERT=Monitor entry ''{0}'' \
 ERR_ACTIVE_ALERTS_HEALTH_CHECK_DEGRADED_ALERT=Monitor entry ''{0}'' \
   indicates that server {1} currently considers itself degraded with alert \
   type {2}.
+ERR_LOCKDOWN_MODE_HEALTH_CHECK_ERROR_GETTING_MONITOR_ENTRY=An error occurred \
+  while attempting to retrieve entry ''{0}'' from server {1}:  {2}
+ERR_LOCKDOWN_MODE_HEALTH_CHECK_NO_MONITOR_ENTRY=No entry was returned when \
+  attempting to retrieve entry ''{0}'' from server {1}.
+ERR_LOCKDOWN_MODE_HEALTH_CHECK_NO_MONITOR_ATTR=Entry ''{0}'' retrieved from \
+  server {1} does not appear to include attribute {2} that can be used to \
+  determine whether the server is in lockdown mode.
+ERR_LOCKDOWN_MODE_HEALTH_CHECK_IS_IN_LOCKDOWN_MODE=Server {0} is currently in \
+  lockdown mode.
diff --git a/src/com/unboundid/ldap/sdk/unboundidds/ActiveAlertsLDAPConnectionPoolHealthCheck.java b/src/com/unboundid/ldap/sdk/unboundidds/ActiveAlertsLDAPConnectionPoolHealthCheck.java
@@ -276,6 +276,7 @@ public ActiveAlertsLDAPConnectionPoolHealthCheck(
          Filter.createANDFilter(),
          DEGRADED_ALERT_TYPE_ATTRIBUTE_NAME,
          UNAVAILABLE_ALERT_TYPE_ATTRIBUTE_NAME);
+    searchRequest.setResponseTimeoutMillis(this.maxResponseTimeMillis);
   }
 
 
@@ -433,12 +434,11 @@ public void ensureConnectionValidAfterException(
 
 
   /**
-   * Indicates whether this health check will test for the existence of the
-   * target entry whenever a new connection is created.
+   * Indicates whether this health check will check for active alerts whenever
+   * a new connection is created.
    *
-   * @return  {@code true} if this health check will test for the existence of
-   *          the target entry whenever a new connection is created, or
-   *          {@code false} if not.
+   * @return  {@code true} if this health check will check for active alerts
+   *          whenever a new connection is created, or {@code false} if not.
    */
   public boolean invokeOnCreate()
   {
@@ -448,15 +448,15 @@ public boolean invokeOnCreate()
 
 
   /**
-   * Indicates whether this health check will test for the existence of the
-   * target entry after a connection has been authenticated, including after
-   * authenticating a newly-created connection, as well as after calls to the
-   * connection pool's {@code bindAndRevertAuthentication} and
+   * Indicates whether this health check will check for active alerts after a
+   * connection has been authenticated, including after authenticating a
+   * newly-created connection, as well as after calls to the connection pool's
+   * {@code bindAndRevertAuthentication} and
    * {@code releaseAndReAuthenticateConnection} methods.
    *
-   * @return  {@code true} if this health check will test for the existence of
-   *          the target entry whenever a connection has been authenticated, or
-   *          {@code false} if not.
+   * @return  {@code true} if this health check will check for active alerts
+   *          whenever a connection has been authenticated, or {@code false} if
+   *          not.
    */
   public boolean invokeAfterAuthentication()
   {
@@ -466,12 +466,12 @@ public boolean invokeAfterAuthentication()
 
 
   /**
-   * Indicates whether this health check will test for the existence of the
-   * target entry whenever a connection is to be checked out for use.
+   * Indicates whether this health check will check for active alerts whenever a
+   * connection is to be checked out for use.
    *
-   * @return  {@code true} if this health check will test for the existence of
-   *          the target entry whenever a connection is to be checked out, or
-   *          {@code false} if not.
+   * @return  {@code true} if this health check will check for active alerts
+   *          whenever a connection is to be checked out, or {@code false} if
+   *          not.
    */
   public boolean invokeOnCheckout()
   {
@@ -481,12 +481,11 @@ public boolean invokeOnCheckout()
 
 
   /**
-   * Indicates whether this health check will test for the existence of the
-   * target entry whenever a connection is to be released back to the pool.
+   * Indicates whether this health check will check for active alerts whenever a
+   * connection is to be released back to the pool.
    *
-   * @return  {@code true} if this health check will test for the existence of
-   *          the target entry whenever a connection is to be released, or
-   *          {@code false} if not.
+   * @return  {@code true} if this health check will check for active alerts
+   *          whenever a connection is to be released, or {@code false} if not.
    */
   public boolean invokeOnRelease()
   {
@@ -496,12 +495,11 @@ public boolean invokeOnRelease()
 
 
   /**
-   * Indicates whether this health check will test for the existence of the
-   * target entry during periodic background health checks.
+   * Indicates whether this health check will check for active alerts during
+   * periodic background health checks.
    *
-   * @return  {@code true} if this health check will test for the existence of
-   *          the target entry during periodic background health checks, or
-   *          {@code false} if not.
+   * @return  {@code true} if this health check will check for active alerts
+   *          during periodic background health checks, or {@code false} if not.
    */
   public boolean invokeForBackgroundChecks()
   {
@@ -511,13 +509,11 @@ public boolean invokeForBackgroundChecks()
 
 
   /**
-   * Indicates whether this health check will test for the existence of the
-   * target entry if an exception is caught while processing an operation on a
-   * connection.
+   * Indicates whether this health check will check for active alerts if an
+   * exception is caught while processing an operation on a connection.
    *
-   * @return  {@code true} if this health check will test for the existence of
-   *          the target entry whenever an exception is caught, or {@code false}
-   *          if not.
+   * @return  {@code true} if this health check will check for active alerts
+   *          whenever an exception is caught, or {@code false} if not.
    */
   public boolean invokeOnException()
   {
@@ -528,10 +524,10 @@ public boolean invokeOnException()
 
   /**
    * Retrieves the maximum length of time in milliseconds that this health
-   * check should wait for the entry to be returned.
+   * check should wait for the target monitor entry to be returned.
    *
    * @return  The maximum length of time in milliseconds that this health check
-   *          should wait for the entry to be returned.
+   *          should wait for the target monitor entry to be returned.
    */
   public long getMaxResponseTimeMillis()
   {
@@ -599,10 +595,10 @@ public Collection<String> getIgnoredUnavailableAlertTypes()
    * @param  conn  The connection to be checked.
    *
    * @throws  LDAPException  If a problem occurs while trying to retrieve the
-   *                         entry, if it cannot be retrieved in an acceptable
-   *                         length of time, or if the server reports that it
-   *                         has active degraded or unavailable alert types
-   *                         that should not be ignored.
+   *                         target monitor entry, if it cannot be retrieved in
+   *                         an acceptable length of time, or if the server
+   *                         reports that it has active degraded or unavailable
+   *                         alert types that should not be ignored.
    */
   private void checkActiveAlertTypes(@NotNull final LDAPConnection conn)
           throws LDAPException