Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-1229

RBAC: A large number of csv entries slows down startup

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.5.0
    • 1.5.0
    • RBAC Plugin, Upstream
    • None
    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      = Improved startup performance for RBAC backend plugin

      Previously, the startup process would slow down when handling a large number of CSV entries due to roles and permission policies being added individually. In this release, roles and policies are now added in bulk, improving the startup speed of the RBAC backend plugin.
      Show
      = Improved startup performance for RBAC backend plugin Previously, the startup process would slow down when handling a large number of CSV entries due to roles and permission policies being added individually. In this release, roles and policies are now added in bulk, improving the startup speed of the RBAC backend plugin.
    • Bug Fix
    • Done
    • RHDH Plugins 3270, RHDH Plugins 3271

      Plugin Name

      rbac

      ๐Ÿ“œ Description

      I use a large number or records in csv file

      '''
      ...
      g, group:default/project_dev1, role:default/Group.Developer
      g, group:default/project_dev2, role:default/Group.Developer
      โ€ฆ
      g, group:default/project_dev1000, role:default/Group.Developer
      '''

      Every such record produces in logs lines
      ย {{

      {"actor":\{"actorId":"rbac-backend"}

      ,"eventName":"UpdateRole","isAuditLog":true,"level":"info","message":"Updated role: deleted members","meta":{"author":"csv permission policy file","members":["group:default/project_dev1"],"modifiedBy":"csv permission policy file","roleEntityRef":"role:default/Group.Developer","source":"csv-file"},"plugin":"permission","service":"backstage","stage":"handleRBACData","status":"succeeded"}
      {"actor":

      {"actorId":"rbac-backend"}

      ,"eventName":"UpdateRole","isAuditLog":true,"level":"info","message":"Updated role: deleted members","meta":{"author":"csv permission policy file","members":["group:default/project_dev2"],"modifiedBy":"csv permission policy file","roleEntityRef":"role:default/Group.Developer","source":"csv-file"},"plugin":"permission","service":"backstage","stage":"handleRBACData","status":"succeeded"}}}
      ย 
      And this lasts 2-3 minutes for my case. During this time backstage hungs and returns 200 ok or 503 error response.

      So, here I seeย two issues:

      1. main: it takes too long to upload all rbac records into DB, and why do we do this meanwhile? Can we ignore update if there were not any changes?
      2. secondary: deploy of new pod affects database and causes an issue for the currently active pod. This also happens when pod migrates between nodes. So regular process for k8s affect stability of application.

      ๐Ÿ‘ Expected behavior

      It should allow deployment of new version of application with close to zero downtime.

      ๐Ÿ‘Ž Actual Behavior with Screenshots

      Every pod restart it updates all records in DB and takes a couple of minutes for this process. Ongoing updates affect currently active backstage instance it starts to return 503.

      ๐Ÿ‘Ÿ Reproduction steps

      Create rbac-policy.csv with more than thousand of lines.

      ๐Ÿ“ƒ Provide the context for the Bug.

      I would like to minimize downtime and possible service degradation that can happen during deployment of new backstage version, or migration of pod(s) between k8s nodes.

      ๐Ÿ‘€ Have you spent some time to check if this bug has been raised before?

      • ย 
        I checked and didn't find similar issue
        ย 

      ๐Ÿข Have you read the Code of Conduct?

      Are you willing to submit PR?

      None

      ย 

      Upstream link: https://github.com/backstage/community-plugins/issues/2552

              rh-ee-pknight Patrick Knight
              rh-ee-pknight Patrick Knight
              RHIDP - Plugins
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: