IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Authz: client cache (#100195)

Browse Source 
* Reduce client permissions cache for authz client

* Adjust server cache ttl
This commit is contained in:
Karl Persson 2025-02-06 17:16:30 +01:00 committed by GitHub
parent f8509273cb
commit 011301f06f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/services/authz/client.go
View File

@ -124,6 +124,10 @@ func newInProcLegacyClient(server *rbac.Service, tracer tracing.Tracer) (authlib
authzlib.WithGrpcConnectionClientOption(channel), authzlib.WithGrpcConnectionClientOption(channel),
authzlib.WithDisableAccessTokenClientOption(), authzlib.WithDisableAccessTokenClientOption(),
authzlib.WithTracerClientOption(tracer), authzlib.WithTracerClientOption(tracer),
authzlib.WithCacheClientOption(cache.NewLocalCache(cache.Config{
Expiry: 30 * time.Second,
CleanupInterval: 2 * time.Minute,
})),
) )
} }
@ -147,6 +151,10 @@ func newGrpcLegacyClient(authCfg *Cfg, tracer tracing.Tracer) (authlib.AccessCli
grpc.WithStreamInterceptor(clientInterceptor.StreamClientInterceptor), grpc.WithStreamInterceptor(clientInterceptor.StreamClientInterceptor),
), ),
authzlib.WithTracerClientOption(tracer), authzlib.WithTracerClientOption(tracer),
authzlib.WithCacheClientOption(cache.NewLocalCache(cache.Config{
Expiry: 30 * time.Second,
CleanupInterval: 2 * time.Minute,
})),
// TODO: remove this once access tokens are supported on-prem // TODO: remove this once access tokens are supported on-prem
authzlib.WithDisableAccessTokenClientOption(), authzlib.WithDisableAccessTokenClientOption(),
) )
@ -181,6 +189,10 @@ func newCloudLegacyClient(authCfg *Cfg, tracer tracing.Tracer) (authlib.AccessCl
grpc.WithUnaryInterceptor(clientInterceptor.UnaryClientInterceptor), grpc.WithUnaryInterceptor(clientInterceptor.UnaryClientInterceptor),
grpc.WithStreamInterceptor(clientInterceptor.StreamClientInterceptor), grpc.WithStreamInterceptor(clientInterceptor.StreamClientInterceptor),
), ),
authzlib.WithCacheClientOption(cache.NewLocalCache(cache.Config{
Expiry: 30 * time.Second,
CleanupInterval: 2 * time.Minute,
})),
authzlib.WithTracerClientOption(tracer), authzlib.WithTracerClientOption(tracer),
) )
if err != nil { if err != nil {

10
pkg/services/authz/rbac/service.go
View File

@ -31,10 +31,10 @@ import (
) )
const ( const (
shortCacheTTL = 1 * time.Minute shortCacheTTL = 30 * time.Second
shortCleanupInterval = 5 * time.Minute shortCleanupInterval = 2 * time.Minute
longCacheTTL = 5 * time.Minute longCacheTTL = 2 * time.Minute
longCleanupInterval = 10 * time.Minute longCleanupInterval = 4 * time.Minute
) )
type Service struct { type Service struct {
@ -82,7 +82,7 @@ func NewService(
idCache: newCacheWrap[store.UserIdentifiers](cache, logger, longCacheTTL), idCache: newCacheWrap[store.UserIdentifiers](cache, logger, longCacheTTL),
permCache: newCacheWrap[map[string]bool](cache, logger, shortCacheTTL), permCache: newCacheWrap[map[string]bool](cache, logger, shortCacheTTL),
teamCache: newCacheWrap[[]int64](cache, logger, shortCacheTTL), teamCache: newCacheWrap[[]int64](cache, logger, shortCacheTTL),
basicRoleCache: newCacheWrap[store.BasicRole](cache, logger, longCacheTTL), basicRoleCache: newCacheWrap[store.BasicRole](cache, logger, shortCacheTTL),
folderCache: newCacheWrap[map[string]FolderNode](cache, logger, shortCacheTTL), folderCache: newCacheWrap[map[string]FolderNode](cache, logger, shortCacheTTL),
sf: new(singleflight.Group), sf: new(singleflight.Group),
} }