Skip to content

[9.0] Improve performance of TheImpersonator #8157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chrisburr merged 1 commit into from
Apr 15, 2025
Merged

[9.0] Improve performance of TheImpersonator #8157

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 18 additions & 7 deletions src/DIRAC/FrameworkSystem/Utilities/diracx.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
import requests

from cachetools import TTLCache, cached
from cachetools import TTLCache, LRUCache, cached
from cachetools.keys import hashkey
from pathlib import Path
from tempfile import NamedTemporaryFile
from typing import Any
from collections.abc import Generator
from DIRAC import gConfig
from DIRAC.ConfigurationSystem.Client.Helpers import Registry

from contextlib import contextmanager

from diracx.core.preferences import DiracxPreferences

Expand All @@ -25,6 +26,8 @@
DEFAULT_TOKEN_CACHE_TTL = 5 * 60
DEFAULT_TOKEN_CACHE_SIZE = 1024

legacy_exchange_session = requests.Session()


def get_token(
username: str, group: str, dirac_properties: set[str], *, expires_minutes: int | None = None, source: str = ""
Expand All @@ -42,7 +45,7 @@ def get_token(
vo = Registry.getVOForGroup(group)
scopes = [f"vo:{vo}", f"group:{group}"] + [f"property:{prop}" for prop in dirac_properties]

r = requests.get(
r = legacy_exchange_session.get(
f"{diracxUrl}/api/auth/legacy-exchange",
params={
"preferred_username": username,
Expand Down Expand Up @@ -71,7 +74,11 @@ def _get_token_file(username: str, group: str, dirac_properties: set[str], *, so
return token_location


def TheImpersonator(credDict: dict[str, Any], *, source: str = "") -> SyncDiracClient:
diracx_client_cache = LRUCache(maxsize=64)


@contextmanager
def TheImpersonator(credDict: dict[str, Any], *, source: str = "") -> Generator[SyncDiracClient, None, None]:
"""
Client to be used by DIRAC server needing to impersonate
a user for diracx.
Expand All @@ -90,6 +97,10 @@ def TheImpersonator(credDict: dict[str, Any], *, source: str = "") -> SyncDiracC
set(credDict.get("groupProperties", []) + credDict.get("properties", [])),
source=source,
)
pref = DiracxPreferences(url=diracxUrl, credentials_path=token_location)

return SyncDiracClient(diracx_preferences=pref)
client = diracx_client_cache.get(token_location)
if client is None:
pref = DiracxPreferences(url=diracxUrl, credentials_path=token_location)
client = SyncDiracClient(diracx_preferences=pref)
client.__enter__()
diracx_client_cache[token_location] = client
yield client
Loading