Skip to content

feat: cache argo cd rbac #7587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Nov 3, 2021
Merged

feat: cache argo cd rbac #7587

merged 15 commits into from
Nov 3, 2021

Conversation

pasha-codefresh
Copy link
Member

farodin91 and others added 7 commits July 16, 2021 09:57
@farodin91
chore: set up basic caching for rbac
84d1beb 
Part of: argoproj#4296

Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
@pasha-codefresh
group diff should set resource id use new interface
c4acd8f 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
@pasha-codefresh
123
ac3dc7f 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
@pasha-codefresh
Merge branch 'master' of github.com:pasha-codefresh/argo-cd into cach…
9a827c4 
…e-argo-cd

� Conflicts:
�	util/rbac/rbac.go
@pasha-codefresh
cache argocd rbac
4450526 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
@pasha-codefresh
remove applications generator
b8a56c1 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
@pasha-codefresh
remove redundant changes
c252e4e 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
@codecov
Copy link

codecov bot commented Nov 1, 2021
edited
Loading

Codecov Report

Merging #7587 (0e58f59) into master (513d8a4) will increase coverage by 0.07%.
The diff coverage is 89.39%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #7587      +/-   ##
==========================================
+ Coverage   41.39%   41.46%   +0.07%     
==========================================
  Files         161      161              
  Lines       21686    21723      +37     
==========================================
+ Hits         8976     9008      +32     
- Misses      11445    11449       +4     
- Partials     1265     1266       +1
Impacted Files Coverage Δ
util/rbac/rbac.go 77.04% <88.70%> (+0.64%) ⬆️
server/rbacpolicy/rbacpolicy.go 82.35% <100.00%> (+3.56%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 513d8a4...0e58f59. Read the comment docs.

@yeya24
Copy link
Contributor

yeya24 commented Nov 1, 2021

IIUC, the AddFunction call needs to invalidate the cache as well?

@yeya24
Copy link
Contributor

yeya24 commented Nov 2, 2021

We also implemented the rbac cache based on #6739 and have been using it on prod for several weeks. The issue of the casbin cached enforcer is that it doesn't free memory and will hold cached items forever.

@pasha-codefresh
Copy link
Member Author

Thank you for comment @yeya24

@alexmt
refactor: created cached enformers per project
5cff4e7 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
alexmt
alexmt requested changes Nov 2, 2021
View reviewed changes
util/rbac/rbac.go Outdated
var err error
if policy == "" {
enf = e.Enforcer
enf = e.wrapperEnforcer
} else {
enf, err = newEnforcerSafe(newBuiltInModel(), newAdapter(e.adapter.builtinPolicy, e.adapter.userDefinedPolicy, policy))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the project has roles with policies then the cache is not used. We should support this use case as well and use cached enforces with project with policies.

@alexmt alexmt mentioned this pull request Nov 2, 2021
Merged
@pasha-codefresh
Merge pull request #1 from alexmt/cache-argo-cd
8e7e760
@pasha-codefresh
fix linter
be06096 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
@pasha-codefresh
fix generated file
5755af1 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
@pasha-codefresh pasha-codefresh force-pushed the cache-argo-cd branch 2 times, most recently from c165c11 to c252e4e Compare November 3, 2021 10:31
@pasha-codefresh
remove eof
d20baa7 
Signed-off-by: pashavictorovich <pavel@codefresh.io>
alexmt
alexmt approved these changes Nov 3, 2021
View reviewed changes
Copy link
Collaborator

@alexmt alexmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexmt
Copy link
Collaborator

alexmt commented Nov 3, 2021

Thanks a lot to @farodin91 for working on initial implementation in #6739!

@alexmt alexmt merged commit fe3cc72 into argoproj:master Nov 3, 2021
lukpep pushed a commit to lukpep/argo-cd that referenced this pull request Nov 3, 2021
@pasha-codefresh @lukpep
feat: cache argo cd rbac (argoproj#7587)
5b17f11 
feat: cache argo cd rbac (argoproj#7587)

Part of: argoproj#4296

Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
Signed-off-by: pashavictorovich <pavel@codefresh.io>
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: lukasz.peplinski <lukpep@gmail.com>
@alexmt alexmt mentioned this pull request Nov 29, 2021
Closed
@yeya24 yeya24 mentioned this pull request Feb 9, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexmt alexmt alexmt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pasha-codefresh @yeya24 @alexmt @farodin91