From 8df1c7119422c6920e0c162cdf3ed68c826174f5 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Fri, 22 Nov 2024 15:38:02 -0800 Subject: [PATCH] Revert "Move auth metrics reporting to a background task" This reverts commit 2d0ea937069a8fe98371a5c19f74b030f0488c11. The problem will be fixed in the next release of Safir in the underlying metrics code by backgrounding the write inside the metrics layer. --- changelog.d/20241122_105538_rra_DM_47716.md | 3 -- src/gafaelfawr/handlers/ingress.py | 53 ++++++--------------- 2 files changed, 15 insertions(+), 41 deletions(-) delete mode 100644 changelog.d/20241122_105538_rra_DM_47716.md diff --git a/changelog.d/20241122_105538_rra_DM_47716.md b/changelog.d/20241122_105538_rra_DM_47716.md deleted file mode 100644 index d5bb2d7e..00000000 --- a/changelog.d/20241122_105538_rra_DM_47716.md +++ /dev/null @@ -1,3 +0,0 @@ -### Bug fixes - -- Move metrics reporting for hot-path authentication events to a background task so that it happens in parallel with the HTTP response. diff --git a/src/gafaelfawr/handlers/ingress.py b/src/gafaelfawr/handlers/ingress.py index 8c25bd38..4bcf8f10 100644 --- a/src/gafaelfawr/handlers/ingress.py +++ b/src/gafaelfawr/handlers/ingress.py @@ -12,15 +12,8 @@ from datetime import timedelta from typing import Annotated -from fastapi import ( - APIRouter, - BackgroundTasks, - Depends, - Header, - HTTPException, - Query, - Response, -) +import sentry_sdk +from fastapi import APIRouter, Depends, Header, HTTPException, Query, Response from safir.datetime import current_datetime from safir.models import ErrorModel from safir.slack.webhook import SlackRouteErrorHandler @@ -34,7 +27,7 @@ from ..constants import MINIMUM_LIFETIME from ..dependencies.auth import AuthenticateRead from ..dependencies.context import RequestContext, context_dependency -from ..events import AuthBotEvent, AuthUserEvent, FrontendEvents +from ..events import AuthBotEvent, AuthUserEvent from ..exceptions import ( ExternalUserInfoError, InsufficientScopeError, @@ -312,30 +305,6 @@ async def authenticate_with_type( return await authenticate(context=context) -async def publish_auth_event( - events: FrontendEvents, auth_config: AuthConfig, token_data: TokenData -) -> None: - """Publish metrics events for a successful authentication. - - Parameters - ---------- - events - Event manager. - auth_config - Requested authentication parameters. - token_data - Successful authentication data. - """ - username = token_data.username - service = auth_config.service - if is_bot_user(token_data.username): - bot_event = AuthBotEvent(username=username, service=service) - await events.auth_bot.publish(bot_event) - else: - user_event = AuthUserEvent(username=username, service=service) - await events.auth_user.publish(user_event) - - @router.get( "/ingress/auth", description="Meant to be used as an NGINX auth_request handler", @@ -353,7 +322,6 @@ async def get_auth( token_data: Annotated[TokenData, Depends(authenticate_with_type)], context: Annotated[RequestContext, Depends(context_dependency)], response: Response, - background_tasks: BackgroundTasks, ) -> dict[str, str]: check_lifetime(context, auth_config, token_data) @@ -392,9 +360,18 @@ async def get_auth( headers = await build_success_headers(context, auth_config, token_data) for key, value in headers: response.headers.append(key, value) - background_tasks.add_task( - publish_auth_event, context.events, auth_config, token_data - ) + + # Send a metric event for the authentication. + with sentry_sdk.start_span(name="events.publish"): + username = token_data.username + service = auth_config.service + if is_bot_user(username): + bot_event = AuthBotEvent(username=username, service=service) + await context.events.auth_bot.publish(bot_event) + else: + user_event = AuthUserEvent(username=username, service=service) + await context.events.auth_user.publish(user_event) + return {"status": "ok"}