-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement verification cache #3801
Conversation
i understand it doesnt verify the same credential but I hope it does report it as verified(if verified) in the output. |
|
||
// MetricsReporter is an interface used by a verification cache to report various metrics related to its operation. | ||
// Implementations must be thread-safe. | ||
type MetricsReporter interface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question: @rosecodym any reason we need this to be an interface? I'm seeing InMemoryMetrics
as the only struct that implements this interface.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, good question. The plan is to use this seam to plug in a Prometheus-based reporter in enterprise. Rather than drape those metrics all over the OSS codebase I opted to create this interface, which looks silly on its own (as you've pointed out) but I hope will save some headaches in the long run.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have prometheus metrics in the OSS codebase elsewhere, it doesn't cause any issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, just one non-blocking question
This looks great! |
Description:
This PR introduces a cache that allows the scanner to avoid emitting multiple requests to verify the same credential. In practice, it doesn't seem to reduce scan time at all, but it does seem to reduce the number of calls to
FromData
rather drastically.The cache is implemented as an opt-out feature that can be disabled with a new CLI flag. If we don't like this, we can change it.
The metrics collection hopefully isn't too architecture-astronauty; I wanted to create something useful here that could also accommodate future Prometheus configuration without making the implementation all stupid.
Here's the result of scanning rails a few times, with and without caching:
The caching doesn't speed the scans up, which is expected, because scans aren't generally bottlenecked by verification. However, it does reduce the number of verification requests, which is good for avoiding account lockouts and stuff like that.
Cached results get this cool new text:
Checklist:
make test-community
)?make lint
this requires golangci-lint)?