这是indexloc提供的服务,不要输入任何密码
Skip to content

Expand Group providers to allow for paginated lookup of subgroups #22372

New issue
New issue
Closed
#22700
Closed
Expand Group providers to allow for paginated lookup of subgroups#22372
#22700
Labels
area/storageIndicates an issue that touches storage (change in data layout or data manipulation)kind/enhancementCategorizes a PR related to an enhancement
Milestone
23.0.0
@alice-wondered

Description

@alice-wondered
alice-wondered
opened on Aug 10, 2023

Description

At present, subgroup lookups are not done directly through the storage layer by utilizing the GroupLookupProvider, GroupProvider, and corresponding implementations (e.g. JpaRealmProvider) and are instead supported on the GroupModel object only.

By expanding the storage layer's ability to interact with, lookup, and paginate results for subgroups, the door is opened to make tangible improvements to performance on the backend at scale. Notably, the ability to limit the amount of subgroups that are returned from the database and then loaded into memory

This eliminates the need to discard groups from the stream later as seen here:

keycloak/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/GroupsResource.java

Lines 94 to 105 in 1d444ff

public final Stream<GroupRepresentation> subgroups(@QueryParam("id") final String groupId, @QueryParam("search")
@DefaultValue("") final String search, @QueryParam("first") @DefaultValue("0") int first, @QueryParam("max") @DefaultValue("10") int max) {
GroupPermissionEvaluator groupsEvaluator = auth.groups();
groupsEvaluator.requireList();
GroupModel group = realm.getGroupById(groupId);
if (group == null) {
return Stream.empty();
}
return group.getSubGroupsStream().filter(g -> g.getName().contains(search))
.map(g -> GroupUtils.toGroupHierarchy(groupsEvaluator, g, search, false, true)).skip(first).limit(max);
}

as well as the amount of subgroups that are then consequently returned to the client at once.

Discussion

No response

Motivation

Red Hat is running into scenarios where groups operating at scale is becoming necessary (future multi-tenancy efforts being one scenario). Additionally, issues have been popping up from time to time where scalability is becoming an issue. Groups is one place that we have identified but could be used in the future as a template for how to ensure other keycloak resources scale well

Details

Some work has been done here but needs final touches, squashing, and a PR

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/storageIndicates an issue that touches storage (change in data layout or data manipulation)kind/enhancementCategorizes a PR related to an enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions