In 2.0 release, when ACLs are enabled, all pages including dashboard are very slow to load. I noticed same behavior in 1.8 release as well.
Just to compare, the load time of interactive sessions page with
ACLs disabled -
ACLs enabled -
Is this the expected behavior?
here’s the code we’re currently using.
- adapter: "group"
If simply restricting by group membership, I would recommend omitting the cluster config ACLs and instead apply file permissions to the cluster config file itself (so
chmod 750 and
chgrp ood_users). Long term I think we want to discourage people from using that feature since it deviates from the approach we take with authorization for everything else in OnDemand - using file permissions.
That said, it sounds like a bug. I opened Cluster config ACLs feature is slow · Issue #923 · OSC/ondemand · GitHub to track it.
That’s right, the best practice is to maintain file ACLs on the
cluster.d/my_cluster.yml which are likely much faster than any ruby code (because we never read the file!).