Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add authorization caching #591

Merged
merged 3 commits into from
Apr 10, 2024
Merged

feat: Add authorization caching #591

merged 3 commits into from
Apr 10, 2024

Conversation

elsand
Copy link
Collaborator

@elsand elsand commented Apr 4, 2024
edited
Loading

This adds caching to the details- and search authorization calls. Keys are derived from the request models, using only the principal claims relevant for user identification (skipping jti, exp etc which will needlessly bloat the number of keys and reduce hit rate).

This will create several keys per user, and for some bulk-operating end user systems, potentially thousands within the total TTL of the entries. To control RAM usage, memory cache is disabled and this relies solely on the Redis cache. This trades replica memory usage against Redis ingress/egress. For end user systems performing each search/details request just once, this makes no difference (as calls will miss the cache anyway), but for normal users in the portal which might navigate back and forth and change ordering/non-auth-related filters, the Redis traffic will increase compared to having the memory level cache enabled.

@elsand elsand requested a review from a team as a code owner April 4, 2024 09:19
arealmaas
arealmaas previously approved these changes Apr 4, 2024
View reviewed changes
Copy link
Collaborator

@arealmaas arealmaas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jøss, herlig hvor konfigurerbart og kraftig FusionCache er!

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Apr 9, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@elsand elsand merged commit 2f86d7e into main Apr 10, 2024
14 checks passed
@elsand elsand deleted the feature/authorization-cache branch April 10, 2024 12:40
@dialogporten-bot dialogporten-bot mentioned this pull request Apr 10, 2024
Merged
oskogstad pushed a commit that referenced this pull request May 7, 2024
@dialogporten-bot
chore(main): release 1.6.0 (#623)
4762a9b 
🤖 I have created a release *beep* *boop*
---


##
[1.6.0](v1.5.0...v1.6.0)
(2024-05-07)


### Features

* Add authorization caching
([#591](#591))
([2f86d7e](2f86d7e))
* Add GraphQL POC
([#636](#636))
([c779eac](c779eac))
* Add support for apps as serviceresource
([#658](#658))
([adf91ce](adf91ce))
* Authorized parties endpoint in enduser API
([#661](#661))
([050ccbb](050ccbb))


### Bug Fixes

* Accept app references with urn:altinn:resource prefix
([#685](#685))
([c9a5606](c9a5606))
* ensure performed by is set for activities
([#628](#628))
([1adf075](1adf075))
* Use HttpClient wrappers that ensure success to match FusionCache
expectations ([#684](#684))
([7c1e966](7c1e966))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oskogstad oskogstad oskogstad approved these changes

@arealmaas arealmaas arealmaas left review comments

Assignees
No one assigned
Labels
None yet
Projects
Dialogporten / Arbeidsflate
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elsand @arealmaas @oskogstad