Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-12002

Auth Enforcement Service should emit timing information

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.1
    • Component/s: Security
    • Labels:
    • Rank:
      1|i004db:

      Description

      We sometimes see timeouts when enforcing authorization. However, it is hard to debug because the code does not log or otherwise emit any latency metrics for the call to the auth provider plugin.

      For example, if the backing LDAP or Sentry is very slow, we would not know where the bottleneck is. Neither the service nor the clients (in the containers) log.

      We should instrument the code to be able to produce these metrics.

      The same applies to impersonation, if the Kerberos call is very slow, we need to know where the bottleneck is.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rsinha Rohit Sinha
                Reporter:
                andreas Andreas Neumann
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: