mirror of https://github.com/minio/minio.git
make LRU cache global for internode tokens (#19555)
This commit is contained in:
Harshavardhana
GitHub
parent
ec816f3840
commit
cd50e9b4bc
40
cmd/jwt.go
40
cmd/jwt.go
|
|
@ -50,29 +50,12 @@ var (
|
|||
errMalformedAuth = errors.New("Malformed authentication input")
|
||||
)
|
||||
|
||||
// cachedAuthenticateNode will cache authenticateNode results for given values up to ttl.
|
||||
func cachedAuthenticateNode(ttl time.Duration) func(accessKey, secretKey, audience string) (string, error) {
|
||||
type key struct {
|
||||
accessKey, secretKey, audience string
|
||||
}
|
||||
|
||||
cache := expirable.NewLRU[key, string](100, nil, ttl)
|
||||
return func(accessKey, secretKey, audience string) (s string, err error) {
|
||||
k := key{accessKey: accessKey, secretKey: secretKey, audience: audience}
|
||||
|
||||
var ok bool
|
||||
s, ok = cache.Get(k)
|
||||
if !ok {
|
||||
s, err = authenticateNode(accessKey, secretKey, audience)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
cache.Add(k, s)
|
||||
}
|
||||
return s, nil
|
||||
}
|
||||
type cacheKey struct {
|
||||
accessKey, secretKey, audience string
|
||||
}
|
||||
|
||||
var cacheLRU = expirable.NewLRU[cacheKey, string](1000, nil, 15*time.Second)
|
||||
|
||||
func authenticateNode(accessKey, secretKey, audience string) (string, error) {
|
||||
claims := xjwt.NewStandardClaims()
|
||||
claims.SetExpiry(UTCNow().Add(defaultInterNodeJWTExpiry))
|
||||
|
|
@ -161,7 +144,20 @@ func metricsRequestAuthenticate(req *http.Request) (*xjwt.MapClaims, []string, b
|
|||
// newCachedAuthToken returns a token that is cached up to 15 seconds.
|
||||
// If globalActiveCred is updated it is reflected at once.
|
||||
func newCachedAuthToken() func(audience string) string {
|
||||
fn := cachedAuthenticateNode(15 * time.Second)
|
||||
fn := func(accessKey, secretKey, audience string) (s string, err error) {
|
||||
k := cacheKey{accessKey: accessKey, secretKey: secretKey, audience: audience}
|
||||
|
||||
var ok bool
|
||||
s, ok = cacheLRU.Get(k)
|
||||
if !ok {
|
||||
s, err = authenticateNode(accessKey, secretKey, audience)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
cacheLRU.Add(k, s)
|
||||
}
|
||||
return s, nil
|
||||
}
|
||||
return func(audience string) string {
|
||||
cred := globalActiveCred
|
||||
token, err := fn(cred.AccessKey, cred.SecretKey, audience)
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ import (
|
|||
"net/http"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
jwtgo "github.com/golang-jwt/jwt/v4"
|
||||
xjwt "github.com/minio/minio/internal/jwt"
|
||||
|
|
@ -181,11 +180,11 @@ func BenchmarkAuthenticateNode(b *testing.B) {
|
|||
}
|
||||
})
|
||||
b.Run("cached", func(b *testing.B) {
|
||||
fn := cachedAuthenticateNode(time.Second)
|
||||
fn := newCachedAuthToken()
|
||||
b.ResetTimer()
|
||||
b.ReportAllocs()
|
||||
for i := 0; i < b.N; i++ {
|
||||
fn(creds.AccessKey, creds.SecretKey, "aud")
|
||||
fn("aud")
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue