Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do cache invalidation for policies #15

Closed
pvbouwel opened this issue Dec 13, 2024 · 1 comment
Closed

Do cache invalidation for policies #15

pvbouwel opened this issue Dec 13, 2024 · 1 comment

Comments

@pvbouwel
Copy link
Contributor

Policies are cached but as they are retrieved from disk there should be some invalidation in case the disk-based version changes.

Because now the only way to invalidate the cache is to restart the process but that leaves a time window where requests can fail.
pvbouwel pushed a commit to pvbouwel/fakes3pp that referenced this issue Dec 17, 2024
feature: localPolicyRetriever cache invalidation [VITObelgium#15]
fd4b2b6
pvbouwel added a commit that referenced this issue Dec 17, 2024
@pvbouwel
Feature/invalidate cache (#16)
cdeab87 
feature: invalidate cache for LocalPolicyRetriever

* refactor: rename files to better reflect code that resides in them

* testing: add test cases to verify cache invalidation for LocalPolicyRetriever

At time of creation these tests fail with:
```
=== RUN   TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged
    ./cmd/policy-retrieval_test.go:271: Policy arn:aws:iam::000000000000:role/cache-invalidation2 was updated at 2024-12-14 15:53:10.511022552 +0100 CET m=+0.003016620 and now 2024-12-14 15:53:15.520616568 +0100 CET m=+5.012610662 policy manager still sees {
                "Version": "2012-10-17",
                "Statement": [
                        {
                                "Effect": "Allow",
                                "Action": "s3:*",
                                "Resource": "*",
                                "Condition" : {
                                                "StringLike" : {
                                                                "aws:RequestedRegion": "tst-1"
                                                }
                                }
                        }
                ]
        }
--- FAIL: TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged (5.01s)
```
and
```
=== RUN   TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged
    ./cmd/policy-retrieval_test.go:271: Policy arn:aws:iam::000000000000:role/cache-invalidation2 was updated at 2024-12-14 15:53:10.511022552 +0100 CET m=+0.003016620 and now 2024-12-14 15:53:15.520616568 +0100 CET m=+5.012610662 policy manager still sees {
                "Version": "2012-10-17",
                "Statement": [
                        {
                                "Effect": "Allow",
                                "Action": "s3:*",
                                "Resource": "*",
                                "Condition" : {
                                                "StringLike" : {
                                                                "aws:RequestedRegion": "tst-1"
                                                }
                                }
                        }
                ]
        }
--- FAIL: TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged (5.01s)
```

These tests are expected to pass with proper cache invalidation and they also would take less long. If cache invalidation would take longer than 5 seconds that variable can be further tuned but a higher value would also impact user experience.

* feature: localPolicyRetriever cache invalidation [#15]

* lint: add error checking of write for test case

---------

Co-authored-by: Peter Van Bouwel <[email protected]>
@pvbouwel
Copy link
Contributor Author

#16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pvbouwel