Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PIMS-1440 getSelf Optimization #2255

Merged
merged 7 commits into from
Mar 18, 2024
Merged

PIMS-1440 getSelf Optimization #2255

merged 7 commits into from
Mar 18, 2024

Conversation

dbarkowsky
Copy link
Collaborator

@dbarkowsky dbarkowsky commented Mar 15, 2024
edited
Loading

🎯 Summary

PIMS-1440

The wait times for syncing Keycloak roles and user roles was longer than expected (2.5 seconds per call).

Trying to optimize these syncs and getSelf controller by moving them to post-login and cron jobs.
The result is a much faster getSelf call, but with these tradeoffs:

  • If you change possible roles in Keycloak (not through PIMS), it could be up to 10 minutes before it's reflected in PIMS tables. This kind of change would also need database and code changes, so I question whether we need this sync at all, or if it should just be handled alongside a PR.
  • If you change a user's role in Keycloak (not through PIMS), the user table won't be updated to reflect that until the post-login hook is called again. No issue with security here, as we shouldn't be checking the user table for role permissions. Check the Keycloak token instead. It just means when looking at a user on the User Table or their User Details, their role might be out of date for a short while. We shouldn't be doing this through the Keycloak portal anyway unless it's for developer stuff. Change users' roles through PIMS instead.

Changes

  • Moved syncKeycloakUser to afterUserLogin hook in Keycloak middleware. The user's roles should be synced at that time.
  • Moved syncKeycloakRoles to a cron job that runs every 10 minutes.

🔰 Checklist

  • I have read and agree with the following checklist and am following the guidelines in our Code of Conduct document.
  • I have performed a self-review of my code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have made corresponding changes to the documentation where required.
  • I have tested my changes to the best of my ability.
  • My changes generate no new warnings.

@dbarkowsky dbarkowsky self-assigned this Mar 15, 2024
@github-actions GitHub Actions
Copy link

🚀 Deployment Information

The Express API Image has been built with the tag: 2255. Please make sure to utilize this specific tag when promoting these changes to the TEST and PROD environments during the API deployment. For more updates please monitor Image Tags Page on Wiki.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Mar 15, 2024
edited
Loading

Code Climate has analyzed commit 6d1ea9d and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 95.0%.

View more on Code Climate.

@dbarkowsky dbarkowsky marked this pull request as ready for review March 15, 2024 19:18
TaylorFries
TaylorFries approved these changes Mar 18, 2024
View reviewed changes
Copy link
Collaborator

@TaylorFries TaylorFries left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

username update seems to work as expected. unsure how to test cron other than merging and seeing how it goes.

@TaylorFries TaylorFries merged commit 2b2b798 into main Mar 18, 2024
5 checks passed
@TaylorFries TaylorFries deleted the PIMS-1440-useSelf-Optimization branch March 18, 2024 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TaylorFries TaylorFries TaylorFries approved these changes

@LawrenceLau2020 LawrenceLau2020 Awaiting requested review from LawrenceLau2020 LawrenceLau2020 is a code owner

@Sharala-Perumal Sharala-Perumal Awaiting requested review from Sharala-Perumal Sharala-Perumal is a code owner

@GrahamS-Quartech GrahamS-Quartech Awaiting requested review from GrahamS-Quartech

@ManishSihag ManishSihag Awaiting requested review from ManishSihag ManishSihag is a code owner

Assignees

@dbarkowsky dbarkowsky

Labels
Dependencies Express
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dbarkowsky @TaylorFries