ISPN-12868 Configure ACL cache #9165
Conversation
| */ | ||
| void flushGlobalACLCache(); | ||
| CompletionStage<Void> flushGlobalACLCache(); |
There was a problem hiding this comment.
This is public API, so we should deprecate rather than change it?
There was a problem hiding this comment.
Not really: the only way to obtain a GlobalSecurityManager is through the component registry. I wouldn't worry about it
| .create(); | ||
| } | ||
|
|
||
| private CompletionStage<RestResponse> aclCacheFlush(RestRequest request) { | ||
| EmbeddedCacheManager cm = invocationHelper.getRestCacheManager().getInstance(); | ||
| return SecurityActions.getGlobalComponentRegistry(cm).getComponent(GlobalSecurityManager.class).flushGlobalACLCache() |
There was a problem hiding this comment.
You can cache the GlobalSecurityManager instead of looking it up on every request I think
There was a problem hiding this comment.
Rethinking about it: this is such a rare operation, that caching the GSM would be wasteful
| @@ -80,9 +82,18 @@ public Invocations getInvocations() { | |||
| .invocation().methods(PUT).path("/v2/security/roles/{principal}").withAction("deny") | |||
| .permission(AuthorizationPermission.ADMIN).name("ROLES DENY").auditContext(AuditContext.SERVER) | |||
| .handleWith(this::deny) | |||
| .invocation().methods(POST).path("/v2/security/cache").withAction("flush") | |||
| .permission(AuthorizationPermission.ADMIN).name("ACL CACHE FLUSH").auditContext(AuditContext.SERVER) | |||
| .handleWith(this::aclCacheFlush) | |||
There was a problem hiding this comment.
Not strictly related to this PR, but well, let's not waste the context :)
Could add an indent or a line break between each invocation declaration to make it easier to read?
| return SecurityActions.getGlobalComponentRegistry(cm).getComponent(GlobalSecurityManager.class).flushGlobalACLCache() | ||
| .thenApply(v -> new NettyRestResponse.Builder().status(NO_CONTENT).build()); | ||
| } | ||
|
|
There was a problem hiding this comment.
I couldn't find any documentation for the SecurityResource, could you add it? It could be in another PR
tristantarrant
force-pushed
the
ISPN-12868/acl_cache
branch
from
65e0569
to
1ea1d60
Compare
|
@tristantarrant FYI I pushed some suggested doc for the ACL cache. |
tristantarrant
force-pushed
the
ISPN-12868/acl_cache
branch
from
c8f0b6b
to
ee61fc2
Compare
|
I've squashed the commits and added docs for the public security resource methods (I'd rather not document the methods which are of exclusive use to the console) |
tristantarrant
force-pushed
the
ISPN-12868/acl_cache
branch
from
ee61fc2
to
147f884
Compare
|
Thanks @tristantarrant |
https://issues.redhat.com/browse/ISPN-12868