Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added authentication token caching #51

Merged
merged 4 commits into from
Jun 18, 2024
Merged

Added authentication token caching #51

merged 4 commits into from
Jun 18, 2024

Conversation

bKiralyWdf
Copy link
Contributor

Motivation

The CF Service Operator currently constructs a new CF Client for every reconcile loop. This means that it has to perform the discovery of the UAA endpoint and the fetching of the token for every reconcile. As these endpoints are unauthenticated, they are subject to stricter rate-limits than the authenticated endpoints, thus leading to a quick exhaustion of the rate limit in the case of many CF resources.

Proposal

This PR proposes a mechanism to cache the CF Client for each combination of API URL and Username (which is guaranteed to identify a unique user), and let the existing oAuth automatic token renewal mechanism of the CF Client renew the token whenever necessary.

Tests

Tests are included to check that the requests are not performed when the CF Client is cached.

Minor additions

I have also changed the secret name of the webhook TLS secret for the local development script, as it did not match that of the helm chart (https://github.com/SAP/cf-service-operator-helm/blob/main/chart/templates/webhook.yaml#L45).

RalfHammer
RalfHammer previously approved these changes Jun 13, 2024
View reviewed changes
Copy link
Contributor

@RalfHammer RalfHammer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

uwefreidank
uwefreidank previously approved these changes Jun 13, 2024
View reviewed changes
Copy link
Contributor

@uwefreidank uwefreidank left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bKiralyWdf bKiralyWdf dismissed stale reviews from uwefreidank and RalfHammer via 1614646 June 14, 2024 11:55
uwefreidank
uwefreidank reviewed Jun 14, 2024
View reviewed changes
internal/cf/client.go
if err == nil {
spaceClientCache[identifier] = client
}
} else {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we cover the password rotation for the OrgClient as well?

@TheBigElmo TheBigElmo merged commit ba1d2d0 into main Jun 18, 2024
6 checks passed
@TheBigElmo TheBigElmo deleted the add-caching-of-auth-token branch June 18, 2024 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RalfHammer RalfHammer RalfHammer approved these changes

@cbarbian-sap cbarbian-sap Awaiting requested review from cbarbian-sap

@uwefreidank uwefreidank Awaiting requested review from uwefreidank

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bKiralyWdf @uwefreidank @RalfHammer @TheBigElmo