Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add cache to hydrator #418

Merged
merged 11 commits into from
May 1, 2020
Merged

Conversation

pike1212
Copy link
Contributor

Related issue

#417

Proposed changes

Add ability to configure a cache for hydrate calls

Checklist

  • I have read the contributing guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security. vulnerability, I
    confirm that I got green light (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further comments

Works similar to the id token cache, but uses a cache_ttl config to determine if it should cache calls

@pike1212 pike1212 changed the title Add cache to hydrator feat: add cache to hydrator Apr 24, 2020
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sweet! I think we will be able to use this in a couple of places!

Could you please add some docs to the hydrator so that this feature is documented?

pipeline/mutate/mutator_hydrator.go Outdated Show resolved Hide resolved
pipeline/mutate/mutator_hydrator.go Outdated Show resolved Hide resolved
.schema/config.schema.json Outdated Show resolved Hide resolved
pipeline/mutate/mutator_hydrator.go Outdated Show resolved Hide resolved
@@ -104,6 +143,13 @@ func (a *MutatorHydrator) Mutate(r *http.Request, session *authn.AuthenticationS
return errors.WithStack(err)
}

if cfg.Cache.Ttl != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we not also respsect Cache-Control headers? Maybe the server doesn't want us to cache the requests and sends Cache-Control: no-cache or some other cache value?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's actually a http.NetTransport that does that: https://github.com/gregjones/httpcache

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That library will only work for GET requests. I imagine the hydrator is mostly used where someone is controlling both Oathkeeper and the hydrate service.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I see - yeah I think it makes sense. We can also add this at a later stage anyways as it won't be a breaking change.

pipeline/mutate/mutator_hydrator.go Outdated Show resolved Hide resolved
pipeline/mutate/mutator_hydrator.go Outdated Show resolved Hide resolved
@aeneasr
Copy link
Member

aeneasr commented Apr 28, 2020

Linter complains because of format: make format; git commit -a -m "format"; git push :)

@aeneasr
Copy link
Member

aeneasr commented May 1, 2020

Thank you, this looks perfect :)

@aeneasr aeneasr merged commit 1ae6e7a into ory:master May 1, 2020
@pike1212
Copy link
Contributor Author

pike1212 commented May 1, 2020

I found an issue where the downstream id token mutator adds header information that gets put into the hydrate cache, and with a large volume of calls will sometimes cause a concurrent write error in the id token mutator.

@aeneasr
Copy link
Member

aeneasr commented May 1, 2020

Do you know how to fix this?

@pike1212
Copy link
Contributor Author

pike1212 commented May 4, 2020

I was able to fix it by using a deep copy library in and out of the cache (https://github.com/mitchellh/copystructure). The other option might be to just cache the json response instead of the de-serialized struct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants