MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-20 02:27:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

make LRU cache global for internode tokens (#19555)

Browse Source
This commit is contained in:
Harshavardhana 2024-04-19 09:45:14 -07:00 committed by GitHub
parent ec816f3840
commit cd50e9b4bc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
cmd/jwt.go
View File

@ -50,28 +50,11 @@ var (
errMalformedAuth = errors.New("Malformed authentication input") errMalformedAuth = errors.New("Malformed authentication input")
) )
// cachedAuthenticateNode will cache authenticateNode results for given values up to ttl. type cacheKey struct {
func cachedAuthenticateNode(ttl time.Duration) func(accessKey, secretKey, audience string) (string, error) {
type key struct {
accessKey, secretKey, audience string accessKey, secretKey, audience string
} }
cache := expirable.NewLRU[key, string](100, nil, ttl) var cacheLRU = expirable.NewLRU[cacheKey, string](1000, nil, 15*time.Second)
return func(accessKey, secretKey, audience string) (s string, err error) {
k := key{accessKey: accessKey, secretKey: secretKey, audience: audience}
var ok bool
s, ok = cache.Get(k)
if !ok {
s, err = authenticateNode(accessKey, secretKey, audience)
if err != nil {
return "", err
}
cache.Add(k, s)
}
return s, nil
}
}
func authenticateNode(accessKey, secretKey, audience string) (string, error) { func authenticateNode(accessKey, secretKey, audience string) (string, error) {
claims := xjwt.NewStandardClaims() claims := xjwt.NewStandardClaims()
@ -161,7 +144,20 @@ func metricsRequestAuthenticate(req *http.Request) (*xjwt.MapClaims, []string, b
// newCachedAuthToken returns a token that is cached up to 15 seconds. // newCachedAuthToken returns a token that is cached up to 15 seconds.
// If globalActiveCred is updated it is reflected at once. // If globalActiveCred is updated it is reflected at once.
func newCachedAuthToken() func(audience string) string { func newCachedAuthToken() func(audience string) string {
fn := cachedAuthenticateNode(15 * time.Second) fn := func(accessKey, secretKey, audience string) (s string, err error) {
k := cacheKey{accessKey: accessKey, secretKey: secretKey, audience: audience}
var ok bool
s, ok = cacheLRU.Get(k)
if !ok {
s, err = authenticateNode(accessKey, secretKey, audience)
if err != nil {
return "", err
}
cacheLRU.Add(k, s)
}
return s, nil
}
return func(audience string) string { return func(audience string) string {
cred := globalActiveCred cred := globalActiveCred
token, err := fn(cred.AccessKey, cred.SecretKey, audience) token, err := fn(cred.AccessKey, cred.SecretKey, audience)

5
cmd/jwt_test.go
View File

@ -22,7 +22,6 @@ import (
"net/http" "net/http"
"os" "os"
"testing" "testing"
"time"
jwtgo "github.com/golang-jwt/jwt/v4" jwtgo "github.com/golang-jwt/jwt/v4"
xjwt "github.com/minio/minio/internal/jwt" xjwt "github.com/minio/minio/internal/jwt"
@ -181,11 +180,11 @@ func BenchmarkAuthenticateNode(b *testing.B) {
} }
}) })
b.Run("cached", func(b *testing.B) { b.Run("cached", func(b *testing.B) {
fn := cachedAuthenticateNode(time.Second) fn := newCachedAuthToken()
b.ResetTimer() b.ResetTimer()
b.ReportAllocs() b.ReportAllocs()
for i := 0; i < b.N; i++ { for i := 0; i < b.N; i++ {
fn(creds.AccessKey, creds.SecretKey, "aud") fn("aud")
} }
}) })
} }