stegololz opened a new pull request, #63184: URL: https://github.com/apache/airflow/pull/63184
Performance improvement for the Keycloak auth manager. Loading the home/DAG UI pages triggers multiple `filter_authorized_dag_ids` calls for the same user and DAG set. Without caching, every call hits Keycloak individually, making the UI slow. This adds a TTL cache on `filter_authorized_dag_ids` so only the first call hits Keycloak and subsequent identical calls return from cache. A [single-flight](https://pkg.go.dev/golang.org/x/sync/singleflight) deduplication layer prevents the thundering herd problem where N concurrent cache misses all fire N identical Keycloak requests before any can populate the cache. The cache TTL is currently hardcoded at 30s. I'm open to discussion on the right value or whether it should be configurable. This is a pragmatic solution to reduce per-resource check overhead. Keycloak's UMA permission endpoint currently requires individual queries per resource (keycloak/keycloak#45311). If a better approach emerges — upstream or otherwise — this can be revisited. related: https://github.com/keycloak/keycloak/issues/45311 --- ##### Was generative AI tooling used to co-author this PR? - [X] Yes — Claude Opus 4.6 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
