Reduce JWT overhead for internode tokens (#13738)

Since JWT tokens remain valid for up to 15 minutes, we don't have to regenerate tokens for every call. Cache tokens for matching access+secret+audience for up to 15 seconds. ``` BenchmarkAuthenticateNode/uncached-32 270567 4179 ns/op 2961 B/op 33 allocs/op BenchmarkAuthenticateNode/cached-32 7684824 157.5 ns/op 48 B/op 1 allocs/op ``` Reduces internode call allocations a great deal.
2025-11-08 21:24:55 -05:00 · 2021-11-23 09:51:53 -08:00
parent ef0b8367b5
commit 142c6b11b3
7 changed files with 65 additions and 17 deletions
--- a/cmd/jwt_test.go
+++ b/cmd/jwt_test.go
@@ -21,6 +21,7 @@ import (
 	"net/http"
 	"os"
 	"testing"
+	"time"

 	jwtgo "github.com/golang-jwt/jwt/v4"
 	"github.com/minio/minio/internal/auth"
@@ -224,11 +225,22 @@ func BenchmarkAuthenticateNode(b *testing.B) {
 	}

 	creds := globalActiveCred
-	b.ResetTimer()
-	b.ReportAllocs()
-	for i := 0; i < b.N; i++ {
-		authenticateNode(creds.AccessKey, creds.SecretKey, "")
-	}
+	b.Run("uncached", func(b *testing.B) {
+		fn := authenticateNode
+		b.ResetTimer()
+		b.ReportAllocs()
+		for i := 0; i < b.N; i++ {
+			fn(creds.AccessKey, creds.SecretKey, "aud")
+		}
+	})
+	b.Run("cached", func(b *testing.B) {
+		fn := cachedAuthenticateNode(time.Second)
+		b.ResetTimer()
+		b.ReportAllocs()
+		for i := 0; i < b.N; i++ {
+			fn(creds.AccessKey, creds.SecretKey, "aud")
+		}
+	})
 }

 func BenchmarkAuthenticateWeb(b *testing.B) {