Add cache for teams and orgs

melegiul · svenseeberg · melegiul · commit 4d864b8e75ec · 2021-11-11T13:20:17.000+01:00
Cache is populated during external user sync

Co-authored-by: Sven Seeberg &lt;mail@sven-seeberg.de&gt;
Co-authored-by: Giuliano Mele &lt;giuliano.mele@verdigado.com&gt;
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
@@ -56,12 +56,14 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 	}
 
 	if user != nil {
+		if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
+			orgCache := make(map[string]*models.User)
+			teamCache := make(map[string]*models.Team)
+			source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)
+		}
 		if isAttributeSSHPublicKeySet && models.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {
 			return user, models.RewriteAllPublicKeys()
 		}
-		if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
-			source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove)
-		}
 		return user, nil
 	}
 
@@ -101,7 +103,9 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		_ = user.UploadAvatar(sr.Avatar)
 	}
 	if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
-		source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove)
+		orgCache := make(map[string]*models.User)
+		teamCache := make(map[string]*models.Team)
+		source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)
 	}
 
 	return user, err
diff --git a/services/auth/source/ldap/source_group_sync.go b/services/auth/source/ldap/source_group_sync.go
@@ -10,17 +10,22 @@ import (
 )
 
 // SyncLdapGroupsToTeams maps LDAP groups to organization and team memberships
-func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[string][]string, ldapTeamRemove map[string][]string) {
+func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[string][]string, ldapTeamRemove map[string][]string, orgCache map[string]*models.User, teamCache map[string]*models.Team) {
+	var err error
 	if source.TeamGroupMapRemoval {
 		// when the user is not a member of configs LDAP group, remove mapped organizations/teams memberships
-		removeMappedMemberships(user, ldapTeamRemove)
+		removeMappedMemberships(user, ldapTeamRemove, orgCache, teamCache)
 	}
 	for orgName, teamNames := range ldapTeamAdd {
-		org, err := models.GetOrgByName(orgName)
-		if err != nil {
-			// organization must be created before LDAP group sync
-			log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
-			continue
+		org, ok := orgCache[orgName]
+		if !ok {
+			org, err = models.GetOrgByName(orgName)
+			if err != nil {
+				// organization must be created before LDAP group sync
+				log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
+				continue
+			}
+			orgCache[orgName] = org
 		}
 		if isMember, err := models.IsOrganizationMember(org.ID, user.ID); !isMember && err == nil {
 			log.Trace("LDAP group sync: adding user [%s] to organization [%s]", user.Name, org.Name)
@@ -31,18 +36,22 @@ func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[s
 			}
 		}
 		for _, teamName := range teamNames {
-			team, err := org.GetTeam(teamName)
-			if err != nil {
-				// team must be created before LDAP group sync
-				log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
-				continue
+			team, ok := teamCache[orgName+teamName]
+			if !ok {
+				team, err = org.GetTeam(teamName)
+				if err != nil {
+					// team must be created before LDAP group sync
+					log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
+					continue
+				}
+				teamCache[orgName+teamName] = team
 			}
 			if isMember, err := models.IsTeamMember(org.ID, team.ID, user.ID); !isMember && err == nil {
 				log.Trace("LDAP group sync: adding user [%s] to team [%s]", user.Name, org.Name)
 			} else {
 				continue
 			}
-			err = team.AddMember(user.ID)
+			err := team.AddMember(user.ID)
 			if err != nil {
 				log.Error("LDAP group sync: Could not add user to team: %v", err)
 			}
@@ -53,21 +62,29 @@ func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[s
 // remove membership to organizations/teams if user is not member of corresponding LDAP group
 // e.g. lets assume user is member of LDAP group "x", but LDAP group team map contains LDAP groups "x" and "y"
 // then users membership gets removed for all organizations/teams mapped by LDAP group "y"
-func removeMappedMemberships(user *models.User, ldapTeamRemove map[string][]string) {
+func removeMappedMemberships(user *models.User, ldapTeamRemove map[string][]string, orgCache map[string]*models.User, teamCache map[string]*models.Team) {
+	var err error
 	for orgName, teamNames := range ldapTeamRemove {
-		org, err := models.GetOrgByName(orgName)
-		if err != nil {
-			// organization must be created before LDAP group sync
-			log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
-			continue
-		}
-		for _, teamName := range teamNames {
-			team, err := org.GetTeam(teamName)
+		org, ok := orgCache[orgName]
+		if !ok {
+			org, err = models.GetOrgByName(orgName)
 			if err != nil {
-				// team must must be created before LDAP group sync
-				log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
+				// organization must be created before LDAP group sync
+				log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
 				continue
 			}
+			orgCache[orgName] = org
+		}
+		for _, teamName := range teamNames {
+			team, ok := teamCache[orgName+teamName]
+			if !ok {
+				team, err = org.GetTeam(teamName)
+				if err != nil {
+					// team must must be created before LDAP group sync
+					log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
+					continue
+				}
+			}
 			if isMember, err := models.IsTeamMember(org.ID, team.ID, user.ID); isMember && err == nil {
 				log.Trace("LDAP group sync: removing user [%s] from team [%s]", user.Name, org.Name)
 			} else {
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
@@ -58,6 +58,8 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 	})
 
 	userPos := 0
+	orgCache := make(map[string]*models.User)
+	teamCache := make(map[string]*models.Team)
 
 	for _, su := range sr {
 		select {
@@ -166,7 +168,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 		}
 		// Synchronize LDAP groups with organization and team memberships
 		if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
-			source.SyncLdapGroupsToTeams(usr, su.LdapTeamAdd, su.LdapTeamRemove)
+			source.SyncLdapGroupsToTeams(usr, su.LdapTeamAdd, su.LdapTeamRemove, orgCache, teamCache)
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -56,12 +56,14 @@ func (source Source) Authenticate(user models.User, userName, password string)`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`if user != nil {`
	`59`	`+ if source.TeamGroupMapEnabled \|\| source.TeamGroupMapRemoval {`
	`60`	`+ orgCache := make(map[string]*models.User)`
	`61`	`+ teamCache := make(map[string]*models.Team)`
	`62`	`+ source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)`
	`63`	`+ }`
`59`	`64`	`if isAttributeSSHPublicKeySet && models.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {`
`60`	`65`	`return user, models.RewriteAllPublicKeys()`
`61`	`66`	`}`
`62`		`- if source.TeamGroupMapEnabled \|\| source.TeamGroupMapRemoval {`
`63`		`- source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove)`
`64`		`- }`
`65`	`67`	`return user, nil`
`66`	`68`	`}`
`67`	`69`
`@@ -101,7 +103,9 @@ func (source Source) Authenticate(user models.User, userName, password string)`
`101`	`103`	`_ = user.UploadAvatar(sr.Avatar)`
`102`	`104`	`}`
`103`	`105`	`if source.TeamGroupMapEnabled \|\| source.TeamGroupMapRemoval {`
`104`		`- source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove)`
	`106`	`+ orgCache := make(map[string]*models.User)`
	`107`	`+ teamCache := make(map[string]*models.Team)`
	`108`	`+ source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)`
`105`	`109`	`}`
`106`	`110`
`107`	`111`	`return user, err`
Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,8 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {`
`58`	`58`	`})`
`59`	`59`
`60`	`60`	`userPos := 0`
	`61`	`+ orgCache := make(map[string]*models.User)`
	`62`	`+ teamCache := make(map[string]*models.Team)`
`61`	`63`
`62`	`64`	`for _, su := range sr {`
`63`	`65`	`select {`
`@@ -166,7 +168,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {`
`166`	`168`	`}`
`167`	`169`	`// Synchronize LDAP groups with organization and team memberships`
`168`	`170`	`if source.TeamGroupMapEnabled \|\| source.TeamGroupMapRemoval {`
`169`		`- source.SyncLdapGroupsToTeams(usr, su.LdapTeamAdd, su.LdapTeamRemove)`
	`171`	`+ source.SyncLdapGroupsToTeams(usr, su.LdapTeamAdd, su.LdapTeamRemove, orgCache, teamCache)`
`170`	`172`	`}`
`171`	`173`	`}`
`172`	`174`