We sometimes see timeouts when enforcing authorization. However, it is hard to debug because the code does not log or otherwise emit any latency metrics for the call to the auth provider plugin.
For example, if the backing LDAP or Sentry is very slow, we would not know where the bottleneck is. Neither the service nor the clients (in the containers) log.
We should instrument the code to be able to produce these metrics.
The same applies to impersonation, if the Kerberos call is very slow, we need to know where the bottleneck is.