[CASSANDRA-16957] Actively update auth caches in the background - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.1-alpha1, 4.1
Component/s: Feature/Authorization
Labels:
None

Change Category:
Operability
Complexity:
Normal
Platform:

All
Impacts:

None
Source Control Link:

https://git-wip-us.apache.org/repos/asf?p=cassandra.git;a=commit;h=eae7b9c3ade386f28c5f0c7ee015b0d0445388ac
Test and Documentation Plan:

Hide

New unit testing. New config params w/comments explaining their usage and relationships w/others.

Show
New unit testing. New config params w/comments explaining their usage and relationships w/others.

Description

Currently the guava cache backing the various auth caches refreshes its data lazily; you won't get an update on cached credentials until you try and read them and they're expired. For the PasswordCache in particular, this not only gives us a window of async "serve the old while you fetch the new" which isn't ideal, but also causes the cache to be invalidated and thus not adding value / perf after expiration period (24h I believe by default).

The expected behavior after this change is for the caches to auto-refresh themselves on an interval so you a) don't have stale data sitting around waiting to be served, and b) getting invalidated so having effectively a dead cache for intermittent users assuming you have the backing resources to serve them proactively.

Attachments

Issue Links

is depended upon by

CASSANDRA-16958 Prewarm role and credentials caches to avoid timeouts at startup

Resolved

is related to

CASSANDRA-17063 Make capacity/validity/updateinterval/activeupdate for Auth Caches configurable via nodetool

Resolved

Activity

People

Assignee:: Josh McKenzie

Reporter:: Josh McKenzie

Authors:: Josh McKenzie

Reviewers:: Caleb Rackliffe

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Sep/21 14:12

Updated:: 27/May/22 19:25

Resolved:: 09/Nov/21 20:35