Atabey Heydarli
04/19/2023, 2:09 PMCERBOS_CLIENT = CerbosClient(host="<http://192.168.1.192:3593>", request_retries=10)
sessionList=crud.session.get_active_by_owner_sub(db=db, owner_id=user_id)
if sessionList:
principal = Principal(
user_id,
roles=roles, # type: ignore
policy_version="20210210",
)
resource = Resource(
sessionList[0].id.__str__(), # type: ignore
sessionList[0].__tablename__,
attr=jsonable_encoder(sessionList[0]),
)
action = "read"
allowed = CERBOS_CLIENT.is_allowed(action, principal, resource)
if not allowed:
raise HTTPException(
status_code=403, detail="Unauthorized"
)
And these are the logs of last two requests, last one took around 16 seconds:
{"log.level":"info","@timestamp":"2023-04-19T14:08:32.043Z","log.logger":"cerbos.grpc","message":"Handled request","grpc.start_time":"2023-04-19T14:08:32Z","system":"grpc","span.kind":"server","grpc.service":"cerbos.svc.v1.CerbosService","grpc.method":"CheckResources","peer.address":"127.0.0.1:44744","http":{"x_forwarded_for":["172.23.0.1"],"x_forwarded_host":["192.168.1.192:3593"]},"cerbos":{"call_id":"01GYCXGWSBJR2P1WZ4HMZTG58W"},"grpc.code":"OK","grpc.time_ms":0.182}
{"log.level":"info","@timestamp":"2023-04-19T14:08:48.494Z","log.logger":"cerbos.grpc","message":"Handled request","grpc.start_time":"2023-04-19T14:08:48Z","system":"grpc","span.kind":"server","grpc.service":"cerbos.svc.v1.CerbosService","grpc.method":"CheckResources","http":{"x_forwarded_for":["172.23.0.1"],"x_forwarded_host":["192.168.1.192:3593"]},"cerbos":{"call_id":"01GYCXHCVEJM0PE5Z3SB002T7B"},"peer.address":"127.0.0.1:44744","grpc.code":"OK","grpc.time_ms":0.291}
Charith (Cerbos)
04/19/2023, 3:40 PMgrpc_time_ms
). So that suggests the problem is elsewhere in the request chain. Do you have a proxy or a load balancer in front of Cerbos? How many instances are you running and were they healthy during the times that you noticed these spikes?Atabey Heydarli
04/21/2023, 2:39 PMCharith (Cerbos)
04/21/2023, 2:58 PM