Hi,
In 2.0 release, when ACLs are enabled, all pages including dashboard are very slow to load. I noticed same behavior in 1.8 release as well.
Just to compare, the load time of interactive sessions page with
ACLs disabled - 984ms
ACLs enabled - 34.71s
Is this the expected behavior?
here’s the code we’re currently using.
acls:
- adapter: "group"
groups:
- "ood_users"
type: "whitelist"
If simply restricting by group membership, I would recommend omitting the cluster config ACLs and instead apply file permissions to the cluster config file itself (so chmod 750 and chgrp ood_users). Long term I think we want to discourage people from using that feature since it deviates from the approach we take with authorization for everything else in OnDemand - using file permissions.
That said, it sounds like a bug. I opened Cluster config ACLs feature is slow · Issue #923 · OSC/ondemand · GitHub to track it.
That’s right, the best practice is to maintain file ACLs on the cluster.d/my_cluster.yml which are likely much faster than any ruby code (because we never read the file!).