New issue
Advanced search Search tips

Issue 795063 link

Starred by 1 user

Issue metadata

Status: Untriaged
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature



Sign in to add a comment

Add a notion of "deprecated group" to chrome-infra-auth

Project Member Reported by vadimsh@chromium.org, Dec 14 2017

Issue description

It's a boolean flag on a group that gets propagated to all services that use AuthDB.

If a service uses such deprecated group during ACL lookup, it spits out an ominous warning in logs. Bonus points if it also dials back to chrome-infra-auth and reports that the group was used.

The idea is to have at least some visibility into whether it is safe delete a group or not.
 
WDYT about tsmon or BQ integration? This way we don't need to dial back. We may be able to go w/o a deprecated field, though it could be useful to warn potential new users of a group that we are trying to delete.
By tsmon you mean introduce a counter "used_in_lookups" with metric field "group"? That's a good idea. Two concerns:
  * I'm slightly worried about performance, tsmon metric implementation is kind of slow if metrics are updated from tight loops (and group look up code is pretty tight).
  * For infrequently used groups we may miss single monitoring blip. It can get eaten by retention policies before we notice it.

I think BQ in a form of eventmon is too heavy for this (we'll have to vendor a lot of libraries everywhere, then maintain ACLs and consistently use BQ table schema across all apps). Dialing back is simpler.
Status: Available (was: Untriaged)
Project Member

Comment 4 by sheriffbot@chromium.org, Jan 3

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment