OIDC: Using caching to retrieve issuer configs. #1141
Conversation
eloycoto
force-pushed
the
OIDC-flipflop
branch
from
b6a4f5a to
3452324
Compare
This commit fix issues with the flipflop connections to the issuer. Multiple users have hundred of services with the same issuer, and multiple requests happen at the same time. This commit has two pourposes: - Make the issuer config retrieve a bit faster in the APIcast and do not make multiple requests to retrieve the same info. - In case that the issuer has internment issues, avoid that one service loads correctly, and others does not load at all. Fix THREESCALE-3809 Signed-off-by: Eloy Coto <[email protected]>
eloycoto
force-pushed
the
OIDC-flipflop
branch
from
3452324 to
677acb0
Compare
| location /api/ { | ||
| echo 'yay, api backend'; | ||
| } | ||
| --- request |
There was a problem hiding this comment.
Question. Maybe I'm missing something. The configuration reload mode is set to "lazy". Shouldn't there be one request to each of the services? And then verify somehow that in one of the request there's the "retrieving OIDC" message and in the other it's not there because it should be cached?
There was a problem hiding this comment.
there is no host, so retrieve the configuration for both.
gateway/src/resty/oidc/discovery.lua
Outdated
|
|
||
| function _M.new_with_http_client(http_client) | ||
| local self = setmetatable({ http_client = http_client }, mt) | ||
| self:init_cache() |
There was a problem hiding this comment.
Nitpick: I think that it's a bit unexpected that the method assigns self.something.
I'd change this to self.cache = init_cache() or just inline if it's simple enough.
| function _M:save_issuer_in_cache(issuer, config, ttl) | ||
| local expires = tonumber(ttl) or 0 | ||
|
|
||
| if not self.cache then |
There was a problem hiding this comment.
Nitpick : I think it's better to move this if to be the first line of the function.
I think it clearly says that if there's no cache there's nothing else to do.
eloycoto
force-pushed
the
OIDC-flipflop
branch
from
147bb88 to
2c4bd2a
Compare
Signed-off-by: Eloy Coto <[email protected]>
eloycoto
force-pushed
the
OIDC-flipflop
branch
from
2c4bd2a to
a54cdf6
Compare
This commit fix issues with the flipflop connections to the issuer.
Multiple users have hundred of services with the same issuer, and
multiple requests happen at the same time.
This commit has two pourposes:
not make multiple requests to retrieve the same info.
loads correctly, and others do not load at all.
Fix THREESCALE-3809