Slow load times when using ACLs


In 2.0 release, when ACLs are enabled, all pages including dashboard are very slow to load. I noticed same behavior in 1.8 release as well.

Just to compare, the load time of interactive sessions page with
ACLs disabled - 984ms
ACLs enabled - 34.71s

Is this the expected behavior?

here’s the code we’re currently using.

    - adapter: "group"
        - "ood_users"
      type: "whitelist"

If simply restricting by group membership, I would recommend omitting the cluster config ACLs and instead apply file permissions to the cluster config file itself (so chmod 750 and chgrp ood_users). Long term I think we want to discourage people from using that feature since it deviates from the approach we take with authorization for everything else in OnDemand - using file permissions.

That said, it sounds like a bug. I opened Cluster config ACLs feature is slow · Issue #923 · OSC/ondemand · GitHub to track it.

That’s right, the best practice is to maintain file ACLs on the cluster.d/my_cluster.yml which are likely much faster than any ruby code (because we never read the file!).