ego icon indicating copy to clipboard operation
ego copied to clipboard
verified publisher icon overture-stack

Implement Read-Only mode for HA

Open rtisma opened this issue 5 years ago • 0 comments

Problem

Currently, ego is designed to have a single PRIMARY instance, which is not highly-available (HA). In order to make EGO HA in any environment using the Postgres streaming replication feature, a SECONDARY EGO instance must be deployed with the database in read-only mode

During read-only mode, the application cannot write to the database. In order for EGO to be useable in read-only mode, a user must, at the very least, be able to obtain their user JWT (i.e logging in). When an EXISTING user logs in, the only thing written to the database is their lastLoginDate.

Solution

  • add a ROFilter to the FilterChain that returns METHOD NOT SUPPORTED 405 error for any POST, DELETE or PUT operation and is enabled only when readOnlyModeEnabled=true. Only login related methods will be allowed.
  • when readOnlyModeEnabled=true, the lastLogin feature is disabled, so when a user logs in, that date does not get recorded
  • refresh tokens will also be disabled.

Exit Criteria

  • enable readonly mode in QA, and test via the UI that a user can login, but is not able to create, delete or update entities.

rtisma avatar Sep 24 '20 20:09 rtisma