Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/invalidate cache #16

Merged
merged 4 commits into from
Dec 17, 2024

Conversation

pvbouwel
Copy link
Contributor

Implement cache invalidation for the LocalPolicyRetriever.

Uses inotify to efficiently watch files for changes/deletion. Added testcases that fail without the invalidations.

Peter Van Bouwel added 4 commits December 14, 2024 14:44
…etriever

At time of creation these tests fail with:
```
=== RUN   TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged
    ./cmd/policy-retrieval_test.go:271: Policy arn:aws:iam::000000000000:role/cache-invalidation2 was updated at 2024-12-14 15:53:10.511022552 +0100 CET m=+0.003016620 and now 2024-12-14 15:53:15.520616568 +0100 CET m=+5.012610662 policy manager still sees {
                "Version": "2012-10-17",
                "Statement": [
                        {
                                "Effect": "Allow",
                                "Action": "s3:*",
                                "Resource": "*",
                                "Condition" : {
                                                "StringLike" : {
                                                                "aws:RequestedRegion": "tst-1"
                                                }
                                }
                        }
                ]
        }
--- FAIL: TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged (5.01s)
```
and
```
=== RUN   TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged
    ./cmd/policy-retrieval_test.go:271: Policy arn:aws:iam::000000000000:role/cache-invalidation2 was updated at 2024-12-14 15:53:10.511022552 +0100 CET m=+0.003016620 and now 2024-12-14 15:53:15.520616568 +0100 CET m=+5.012610662 policy manager still sees {
                "Version": "2012-10-17",
                "Statement": [
                        {
                                "Effect": "Allow",
                                "Action": "s3:*",
                                "Resource": "*",
                                "Condition" : {
                                                "StringLike" : {
                                                                "aws:RequestedRegion": "tst-1"
                                                }
                                }
                        }
                ]
        }
--- FAIL: TestCacheInvalidationLocalPolicyRetrieverIfPolicyIsChanged (5.01s)
```

These tests are expected to pass with proper cache invalidation and they also would take less long. If cache invalidation would take longer than 5 seconds that variable can be further tuned but a higher value would also impact user experience.
@pvbouwel pvbouwel merged commit cdeab87 into VITObelgium:main Dec 17, 2024
4 checks passed
@pvbouwel pvbouwel deleted the feature/invalidate_cache branch December 17, 2024 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant