Skip to content

Commit 4d864b8

Browse files
melegiulsvenseeberg
andcommitted
Add cache for teams and orgs
Cache is populated during external user sync Co-authored-by: Sven Seeberg <[email protected]> Co-authored-by: Giuliano Mele <[email protected]>
1 parent ba93eb0 commit 4d864b8

File tree

3 files changed

+52
-29
lines changed

3 files changed

+52
-29
lines changed

services/auth/source/ldap/source_authenticate.go

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -56,12 +56,14 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
5656
}
5757

5858
if user != nil {
59+
if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
60+
orgCache := make(map[string]*models.User)
61+
teamCache := make(map[string]*models.Team)
62+
source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)
63+
}
5964
if isAttributeSSHPublicKeySet && models.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {
6065
return user, models.RewriteAllPublicKeys()
6166
}
62-
if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
63-
source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove)
64-
}
6567
return user, nil
6668
}
6769

@@ -101,7 +103,9 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
101103
_ = user.UploadAvatar(sr.Avatar)
102104
}
103105
if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
104-
source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove)
106+
orgCache := make(map[string]*models.User)
107+
teamCache := make(map[string]*models.Team)
108+
source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)
105109
}
106110

107111
return user, err

services/auth/source/ldap/source_group_sync.go

Lines changed: 41 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -10,17 +10,22 @@ import (
1010
)
1111

1212
// SyncLdapGroupsToTeams maps LDAP groups to organization and team memberships
13-
func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[string][]string, ldapTeamRemove map[string][]string) {
13+
func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[string][]string, ldapTeamRemove map[string][]string, orgCache map[string]*models.User, teamCache map[string]*models.Team) {
14+
var err error
1415
if source.TeamGroupMapRemoval {
1516
// when the user is not a member of configs LDAP group, remove mapped organizations/teams memberships
16-
removeMappedMemberships(user, ldapTeamRemove)
17+
removeMappedMemberships(user, ldapTeamRemove, orgCache, teamCache)
1718
}
1819
for orgName, teamNames := range ldapTeamAdd {
19-
org, err := models.GetOrgByName(orgName)
20-
if err != nil {
21-
// organization must be created before LDAP group sync
22-
log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
23-
continue
20+
org, ok := orgCache[orgName]
21+
if !ok {
22+
org, err = models.GetOrgByName(orgName)
23+
if err != nil {
24+
// organization must be created before LDAP group sync
25+
log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
26+
continue
27+
}
28+
orgCache[orgName] = org
2429
}
2530
if isMember, err := models.IsOrganizationMember(org.ID, user.ID); !isMember && err == nil {
2631
log.Trace("LDAP group sync: adding user [%s] to organization [%s]", user.Name, org.Name)
@@ -31,18 +36,22 @@ func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[s
3136
}
3237
}
3338
for _, teamName := range teamNames {
34-
team, err := org.GetTeam(teamName)
35-
if err != nil {
36-
// team must be created before LDAP group sync
37-
log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
38-
continue
39+
team, ok := teamCache[orgName+teamName]
40+
if !ok {
41+
team, err = org.GetTeam(teamName)
42+
if err != nil {
43+
// team must be created before LDAP group sync
44+
log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
45+
continue
46+
}
47+
teamCache[orgName+teamName] = team
3948
}
4049
if isMember, err := models.IsTeamMember(org.ID, team.ID, user.ID); !isMember && err == nil {
4150
log.Trace("LDAP group sync: adding user [%s] to team [%s]", user.Name, org.Name)
4251
} else {
4352
continue
4453
}
45-
err = team.AddMember(user.ID)
54+
err := team.AddMember(user.ID)
4655
if err != nil {
4756
log.Error("LDAP group sync: Could not add user to team: %v", err)
4857
}
@@ -53,21 +62,29 @@ func (source *Source) SyncLdapGroupsToTeams(user *models.User, ldapTeamAdd map[s
5362
// remove membership to organizations/teams if user is not member of corresponding LDAP group
5463
// e.g. lets assume user is member of LDAP group "x", but LDAP group team map contains LDAP groups "x" and "y"
5564
// then users membership gets removed for all organizations/teams mapped by LDAP group "y"
56-
func removeMappedMemberships(user *models.User, ldapTeamRemove map[string][]string) {
65+
func removeMappedMemberships(user *models.User, ldapTeamRemove map[string][]string, orgCache map[string]*models.User, teamCache map[string]*models.Team) {
66+
var err error
5767
for orgName, teamNames := range ldapTeamRemove {
58-
org, err := models.GetOrgByName(orgName)
59-
if err != nil {
60-
// organization must be created before LDAP group sync
61-
log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
62-
continue
63-
}
64-
for _, teamName := range teamNames {
65-
team, err := org.GetTeam(teamName)
68+
org, ok := orgCache[orgName]
69+
if !ok {
70+
org, err = models.GetOrgByName(orgName)
6671
if err != nil {
67-
// team must must be created before LDAP group sync
68-
log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
72+
// organization must be created before LDAP group sync
73+
log.Debug("LDAP group sync: Could not find organisation %s: %v", orgName, err)
6974
continue
7075
}
76+
orgCache[orgName] = org
77+
}
78+
for _, teamName := range teamNames {
79+
team, ok := teamCache[orgName+teamName]
80+
if !ok {
81+
team, err = org.GetTeam(teamName)
82+
if err != nil {
83+
// team must must be created before LDAP group sync
84+
log.Debug("LDAP group sync: Could not find team %s: %v", teamName, err)
85+
continue
86+
}
87+
}
7188
if isMember, err := models.IsTeamMember(org.ID, team.ID, user.ID); isMember && err == nil {
7289
log.Trace("LDAP group sync: removing user [%s] from team [%s]", user.Name, org.Name)
7390
} else {

services/auth/source/ldap/source_sync.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,8 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
5858
})
5959

6060
userPos := 0
61+
orgCache := make(map[string]*models.User)
62+
teamCache := make(map[string]*models.Team)
6163

6264
for _, su := range sr {
6365
select {
@@ -166,7 +168,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
166168
}
167169
// Synchronize LDAP groups with organization and team memberships
168170
if source.TeamGroupMapEnabled || source.TeamGroupMapRemoval {
169-
source.SyncLdapGroupsToTeams(usr, su.LdapTeamAdd, su.LdapTeamRemove)
171+
source.SyncLdapGroupsToTeams(usr, su.LdapTeamAdd, su.LdapTeamRemove, orgCache, teamCache)
170172
}
171173
}
172174

0 commit comments

Comments
 (0)