-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expand Group providers to allow for paginated lookup of subgroups #22372
Comments
As work went along on this issue it made sense to eliminate the loading of thousands of groups into memory (via streams) and to allow for the pagination and searching to be done on the database side rather than as a stream operation. Additionally, the loading of group hierarchies assumes previously assumed that all subgroups would be loaded in this way so had to be modified to load only relevant sections pertaining to the groups given in the result. Finally, the UI needed to be changed to operate in a way that fetches subgroups as needed and changes to the REST API were made to reflect that pattern as well |
We have also been working on the UI changes that go along with these changes. Having the group providers work separated from the UI work procedurally makes sense. But without the UI changes Groups UI will break. Would you agree? |
closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>
Description
At present, subgroup lookups are not done directly through the storage layer by utilizing the
GroupLookupProvider
,GroupProvider
, and corresponding implementations (e.g.JpaRealmProvider
) and are instead supported on theGroupModel
object only.By expanding the storage layer's ability to interact with, lookup, and paginate results for subgroups, the door is opened to make tangible improvements to performance on the backend at scale. Notably, the ability to limit the amount of subgroups that are returned from the database and then loaded into memory
This eliminates the need to discard groups from the stream later as seen here:
keycloak/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/GroupsResource.java
Lines 94 to 105 in 1d444ff
as well as the amount of subgroups that are then consequently returned to the client at once.
Discussion
No response
Motivation
Red Hat is running into scenarios where groups operating at scale is becoming necessary (future multi-tenancy efforts being one scenario). Additionally, issues have been popping up from time to time where scalability is becoming an issue. Groups is one place that we have identified but could be used in the future as a template for how to ensure other keycloak resources scale well
Details
Some work has been done here but needs final touches, squashing, and a PR
The text was updated successfully, but these errors were encountered: