Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configurable Okta service synchronization duration. #31170

Merged
merged 2 commits into from Aug 30, 2023
Merged

Allow configurable Okta service synchronization duration. #31170

merged 2 commits into from Aug 30, 2023

Conversation

mdwn
Copy link
Contributor

@mdwn mdwn commented Aug 29, 2023

The time between Okta service synchronizations is now configurable. This will assist in slowing down Okta rate limits for users who have a significant number of Okta applications. The duration has been added to auth preference to allow users to tune this value when using the Okta plugin.

@github-actions github-actions bot requested review from avatus and lxea August 29, 2023 19:11
zmb3
zmb3 reviewed Aug 29, 2023
View reviewed changes
Copy link
Collaborator

@zmb3 zmb3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just so I understand this right - suppose there are 1000 entities in Okta that get synced.

Wouldn't this change result in the following behavior:

  • write 1000 things to the backend in a short period of time
  • wait for some amount of time
  • repeat

If that's the case, won't we still experience throttling? Should we instead insert a delay in between each of the 1000 writes?

api/proto/teleport/legacy/types/types.proto Outdated Show resolved Hide resolved
@mdwn
Copy link
Contributor Author

mdwn commented Aug 29, 2023

Just so I understand this right - suppose there are 1000 entities in Okta that get synced.

Wouldn't this change result in the following behavior:

  • write 1000 things to the backend in a short period of time
  • wait for some amount of time
  • repeat

If that's the case, won't we still experience throttling? Should we instead insert a delay in between each of the 1000 writes?

This is for the Okta API throttling rather than the backend throttling. The backend is being throttled within the Okta service, limiting to roughly 5 writes per second FWIW.

@mdwn
Allow configurable Okta service synchronization duration.
747471c 
The time between Okta service synchronizations is now configurable. This will
assist in slowing down Okta rate limits for users who have a significant
number of Okta applications. The duration has been added to auth preference
to allow users to tune this value when using the Okta plugin.
@mdwn mdwn force-pushed the mike.wilson/okta-duration branch from af95906 to 747471c Compare August 30, 2023 17:01
@mdwn mdwn enabled auto-merge August 30, 2023 17:01
@mdwn mdwn requested a review from r0mant August 30, 2023 18:24
@mdwn mdwn added this pull request to the merge queue Aug 30, 2023
Merged via the queue into master with commit 56b7c9a Aug 30, 2023
29 checks passed
@mdwn mdwn deleted the mike.wilson/okta-duration branch August 30, 2023 19:35
@public-teleport-github-review-bot
Copy link

@mdwn See the table below for backport results.

Branch Result
branch/v13 Failed
branch/v14 Create PR

This was referenced Aug 30, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmb3 zmb3 zmb3 left review comments

@r0mant r0mant r0mant approved these changes

@avatus avatus avatus approved these changes

@lxea lxea lxea approved these changes

Assignees
No one assigned
Labels
backport/branch/v13 backport/branch/v14 size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mdwn @r0mant @avatus @zmb3 @lxea