security icon indicating copy to clipboard operation
security copied to clipboard
verified publisher icon opensearch-project

[FEATURE] Endpoint to purge cache entries for specific users

Open leongshengmin opened this issue 2 years ago • 4 comments

Is your feature request related to a problem? As a user's backend roles may change, the user's restRoleCache entries may become stale. We want to invalidate stale cache items without affecting other users' cached entries. Currently there's only a single endpoint to invalidate user authentication caches DELETE _opendistro/_security/api/cache but this invalidates the entire cache rather than individual cache entries and so there may be many cache misses when doing that.

What solution would you like? Additional endpoint to invalidate user authentication caches on a per user level.

What alternatives have you considered? Cache TTL plugins.security.cache.ttl_minutes was considered but if a user's backend role changes prior to the expiration of cached entry then cached entry will be stale.

Do you have any additional context? Add any other context or screenshots about the feature request here.

leongshengmin avatar Jun 01 '23 07:06 leongshengmin

[Triage] Hi @leongshengmin, thank you for filing this issue. This sounds like a great idea for a feature. I will mark this issue as help wanted to indicate we are happy to review any PRs towards addressing this issue.

stephen-crawford avatar Jun 05 '23 19:06 stephen-crawford

working on this

dlin2028 avatar Nov 12 '23 04:11 dlin2028

Since this issue is almost done but has not been able to be worked on in a while, is it fine if I finish up what @dlin2028 is doing?

prabhask5 avatar Jul 15 '24 22:07 prabhask5

Go ahead, I'm not working on it anymore. Lmk if you have any questions

dlin2028 avatar Jul 15 '24 23:07 dlin2028

completed in https://github.com/opensearch-project/security/pull/5337

shikharj05 avatar Jul 15 '25 01:07 shikharj05