Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the performance of IDP update operation #6025

Merged
merged 8 commits into from
Jan 6, 2025
Merged

Improve the performance of IDP update operation #6025

merged 8 commits into from
Jan 6, 2025

Conversation

DilshanSenarath
Copy link
Contributor

@DilshanSenarath DilshanSenarath commented Oct 14, 2024
edited
Loading

Purpose

Previously, when an IDP update was performed, we had configured listeners doPreUpdateIdp and doPostUpdateIdp to update connected applications. However, the issue arose when more than 1000 applications were connected to an IDP. In these listeners, we iterated over all the service providers one by one, checking if the IDP/Authenticator update (such as disabling) was valid. If the default authenticator was changed, and the federated authentication flow used this IDP, the listener would automatically update the authenticator mapping in the SP_FEDERATED_IDP table. This process was very expensive, triggering over 18,000 SQL queries even for a small IDP/Authenticator update.

In this PR, I've enhanced the IDP update performance by removing the blind iteration through all connected SPs. Instead, I've introduced a SQL statement that checks whether a service provider refers to the IDP ,Authenticator or Outbound Connector, and if so, it prevents the IDP or Authenticator from being disabled. Another improvement is that we now retrieve the SP resource ID list based on the AUTH_TYPE="federated" and only iterate through the affected service provider list to update the database.

Performance Improvement (~2000 Connected Apps)

Operation Previous Time Improved Time
IDP Update 1 min 15 sec 200 ms
Authenticator Update 1 min 15 sec 200 ms
Outbound Connector Update 1 min 15 sec 200 ms
[Edge Case] Change Default Authenticator (Here all the SPs are referring the IDP as AUTH_TYPE="federated") [1] 1 min 15 sec 1 min

Related Issue

[1] -
image

Tested Scenarios - https://docs.google.com/document/d/1EuwbFXqLA1JHy6tcX_klbp0Fxbs_QiPBJKWUb30loOg/edit?usp=sharing

@codecov Codecov
Copy link

codecov bot commented Oct 14, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 54.13534% with 61 lines in your changes missing coverage. Please review.

Project coverage is 28.53%. Comparing base (9dbc3dd) to head (e961c33).
Report is 117 commits behind head on master.

Files with missing lines Patch % Lines
.../org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java 0.00% 31 Missing ⚠️
...g/wso2/carbon/idp/mgt/IdentityProviderManager.java 0.00% 8 Missing ⚠️
...stener/ApplicationIdentityProviderMgtListener.java 88.00% 0 Missing and 6 partials ⚠️
...y/application/mgt/dao/impl/ApplicationDAOImpl.java 83.33% 5 Missing ⚠️
.../main/java/org/wso2/carbon/idp/mgt/IdpManager.java 0.00% 3 Missing ⚠️
.../wso2/carbon/idp/mgt/dao/CacheBackedIdPMgtDAO.java 0.00% 3 Missing ⚠️
...n/identity/application/mgt/dao/ApplicationDAO.java 0.00% 2 Missing ⚠️
...g/wso2/carbon/idp/mgt/dao/IdPManagementFacade.java 0.00% 2 Missing ⚠️
...lication/mgt/dao/impl/FileBasedApplicationDAO.java 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##             master    #6025       +/-   ##
=============================================
- Coverage     45.67%   28.53%   -17.15%     
+ Complexity    14056     7035     -7021     
=============================================
  Files          1632     1483      -149     
  Lines        100532    89312    -11220     
  Branches      17629    13155     -4474     
=============================================
- Hits          45918    25485    -20433     
- Misses        47925    60401    +12476     
+ Partials       6689     3426     -3263
Flag Coverage Δ
conformance-fapi ?
conformance-oidc ?
integration ?
unit 28.53% <54.13%> (+0.23%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copilot
Copilot AI reviewed Nov 5, 2024
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 5 out of 11 changed files in this pull request and generated 1 suggestion.

Files not reviewed (6)
  • components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationMgtDBQueries.java: Evaluated as low risk
  • components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java: Evaluated as low risk
  • components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/CacheBackedApplicationDAO.java: Evaluated as low risk
  • components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java: Evaluated as low risk
  • components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/CacheBackedIdPMgtDAO.java: Evaluated as low risk
  • components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdpManager.java: Evaluated as low risk
Comments skipped due to low confidence (1)

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java:6605

  • [nitpick] The error message could be more descriptive by including the tenant domain. Suggestion: 'Failed to update local and outbound config of application: ' + applicationId + ' in tenant domain: ' + tenantDomain
throw new IdentityApplicationManagementException("Failed to update local and outbound config of application: " + applicationId, e);

....mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java Outdated Show resolved Hide resolved
@DilshanSenarath DilshanSenarath marked this pull request as draft December 16, 2024 10:50
@DilshanSenarath DilshanSenarath marked this pull request as ready for review December 20, 2024 04:20
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/12429400432

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/12429400432
Status: failure

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/12431156777

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/12431156777
Status: failure

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/12441877083

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/12441877083
Status: success

jenkins-is-staging
jenkins-is-staging approved these changes Dec 21, 2024
View reviewed changes
Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/12441877083

@DilshanSenarath DilshanSenarath merged commit 4e10313 into wso2:master Jan 6, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@SujanSanjula96 SujanSanjula96 SujanSanjula96 approved these changes

@jenkins-is-staging jenkins-is-staging jenkins-is-staging approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DilshanSenarath @jenkins-is-staging @SujanSanjula96