Consumer roles list page is very slow #1459
Comments
|
Thanks for raising this concern @zsaltys - I believe @SofiaSazonova had worked on a similar issue where fetching the managed policy status for many consumption roles when requesting share access (PR) I would think we can re-use a similar approach where we load all of the role information besides this additional fields which is resolved via boto3 call and likely causing the long runtime That information can be run afterwards via separate API call or on displayed on demand via some mechanism Please let us know if there is any particular expected behavior(s) you had in mind other than faster runtimes? |
|
@noah-paige I would say we should check if role has policy attached async in background ECS jobs and allow user to refresh a status if they need to.. Another option is to load it asynchronously from the list. Meaning we render the consumer roles list FIRST ... and then we show spinning circle that we're pulling information to figure out if the policy is attached.. I think maybe the second option would be my preferred one as it's going to show the truth just a bit slower... |
### Feature or Bugfix - Feature ### Detail - Updates the process of modifying the IAM policies after approve / revoke to add / delete resources and also split the policies into chunks - Updates the managed IAM policies to have indexes at the end - Contains backward compatibility and other additional checks to make sure correct policies are created and older policies are deleted - Contains a UI update to address this issue - #1459 ### Relates - #884 - #1459 ### Tests - Inviting / removing team to an environment ✅ - Adding/ Removing consumption role to an environment ✅ - Creating / revoking a share with consumption role for S3 bucket with bucketpolicy sharing ✅ - Creating / revoking a share with environment team for S3 bucket with bucketpolicy sharing ✅ - Creating / revoking a share with consumption role for S3 access point ✅ - Creating / revoking a share with environment team for S3 access point ✅ - Creating a share with requestors IAM policy being on the brink of policy length limits and checking if new indexed policy is getting created ✅ - Revoking a share with requestors IAM policy being on the brink of policy length limits and checking if extra policies are deleted ✅ - Checking if all consumption roles are loaded quickly on the environment teams UI asynchronously ✅ - Check if requestor’s receive emails when an IAM role is about to reach the managed policy attachment limit ( Email Notification Changes ) - Migrating Shares from old to new policy management. via share validator and share verifier ( Share verifier successfully mentions error message and Share re-applier successfully converts policies to indexed managed policies ) ✅ - Creating new environment and deleting an environment ✅ ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? No - Is the input sanitized? - What precautions are you taking before deserializing the data you consume? - Is injection prevented by parametrizing queries? - Have you ensured no `eval` or similar functions are used? - Does this PR introduce any functionality or component that requires authorization? No - How have you ensured it respects the existing AuthN/AuthZ mechanisms? - Are you logging failed auth attempts? - Are you using or adding any cryptographic features? No - Do you use a standard proven implementations? - Are the used keys controlled by the customer? Where are they stored?No - Are you introducing any new policies/roles/users? **yes** - Have you used the least-privilege principle? How? **yes** By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>
We have about 15 total IAM roles on a single environment, 9 of them are data.all managed. The list loads very slowly about 13 seconds or so. I would like the roles to load much faster maybe 2-3 seconds tops and ideally less.
The text was updated successfully, but these errors were encountered: