Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid calling CreateIfNotExists for Feature Flags #10258

Merged
merged 1 commit into from
Nov 11, 2024
Merged

Avoid calling CreateIfNotExists for Feature Flags #10258

merged 1 commit into from
Nov 11, 2024

Conversation

advay26
Copy link
Member

@advay26 advay26 commented Nov 9, 2024
edited
Loading

Feature flags were calling CreateIfNotExists to get the container reference for the FF container ('content'). This container already exists, so we don't need to write anything, but the CreateIfNotExists call meant that we would need to have read-write permissions enabled regardless, and jobs/services using this path would need the MSI to be over-provisioned (eg. SearchService)

I've made changes so we avoid that call for Feature Flags. I've tested it for the SearchService and it worked, but I haven't tested anything else. Let me know if there's anything else I should try to test.

Related to/Part of https://github.com/NuGet/Engineering/issues/5439

@advay26 advay26 changed the base branch from main to dev November 9, 2024 00:50
@advay26 advay26 mentioned this pull request Nov 9, 2024
Closed
@advay26 advay26 marked this pull request as ready for review November 9, 2024 02:15
@advay26 advay26 requested a review from a team as a code owner November 9, 2024 02:15
@erdembayar
Copy link
Contributor

Please add related issue link in desc.

erdembayar
erdembayar reviewed Nov 10, 2024
View reviewed changes
src/NuGetGallery.Core/Services/CloudBlobCoreFileStorageService.cs
@@ -598,7 +601,11 @@ private string GetCacheControl(string folderName)
private async Task<ICloudBlobContainer> PrepareContainer(string folderName, bool isPublic)
{
var container = _client.GetContainerReference(folderName);
await container.CreateIfNotExistAsync(isPublic);

if (_initializeContainer)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the actual effect of this? Is it for improving performance by avoiding over the wire call?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or was it throwing an exception?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because of the CreateIfNotExists call, we were forced to provide 'read-write' permissions to jobs to access Feature Flag storage, even though they only needed 'read' access for these blobs. With this change, those jobs can go back to having just 'read' permissions assigned to them.

@advay26 advay26 requested a review from agr November 11, 2024 19:29
@advay26 advay26 merged commit 2fdec88 into dev Nov 11, 2024
4 checks passed
@advay26 advay26 deleted the advay26-ff branch November 12, 2024 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agr agr agr approved these changes

@erdembayar erdembayar erdembayar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@advay26 @erdembayar @agr