Metadata caching

[guicassolato]

Adds caching options for external metadata.

• In-memory caching (this PR)
  • Based on allegro/bigcache coocood/freecache
  • Uses eko/gocache (adapter)
• Cache extension to Redis (next)

Cache size per metadata config can be set at the level of the Authorino instance, by injecting the environment variable METADATA_CACHE_SIZE (in megabytes).

Verification steps

Build and deploy based on this branch:

make local-setup
kubectl -n authorino port-forward deployment/envoy 8000:8000 &

Apply the AuthConfig:

kubectl -n authorino apply -f -<<EOF
apiVersion: authorino.kuadrant.io/v1beta1
kind: AuthConfig
metadata:
  name: talker-api-protection
spec:
  hosts:
  - talker-api-authorino.127.0.0.1.nip.io
  identity:
  - name: anonymous
    anonymous: {}
  metadata:
  - name: talker-api
    http:
      endpoint: http://talker-api.authorino.svc.cluster.local:3000/metadata/{context.request.http.path}
      method: GET
    cache:
      key:
        valueFrom: { authJSON: context.request.http.path }
      ttl: 60
  response:
  - name: x-authz-data
    json:
      properties:
      - name: cache-id
        valueFrom: { authJSON: auth.metadata.talker-api.uuid }
EOF

Send requests:

1. To /hello

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/hello
# […]
#  "X-Authz-Data": "{\"cache-id\":\"92c111cd-a10f-4e86-8bf0-e0cd646c6f79\"}",
# […]

2. To a different path

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/goodbye
# […]
#  "X-Authz-Data": "{\"cache-id\":\"37fce386-1ee8-40a7-aed1-bf8a208f283c\"}",
# […]

3. To /hello again before the cache entry expires (60 seconds from the first request sent to this path)

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/hello
# […]
#  "X-Authz-Data": "{\"cache-id\":\"92c111cd-a10f-4e86-8bf0-e0cd646c6f79\"}",  <=== same cache-id as before
# […]

4. To /hello again after the cache entry expires (60 seconds from the first request sent to this path)

curl http://talker-api-authorino.127.0.0.1.nip.io:8000/hello
# […]
#  "X-Authz-Data": "{\"cache-id\":\"e708a3a6-5caf-4028-ab5c-573ad9be7188\"}",  <=== different cache-id
# […]

---

Closes #21

[guicassolato]

A couple things with allegro/bigcache that I'm not very happy with:

1. The GetWithTTL function always returns ttl = 0 (same with dgraph-io/ristretto) → it is not possible to evict a cache entry on access; we need to setup a goroutine that takes care of evictions in a loop
2. There's no safe way to check if the goroutine in charge of evictions is active, and force-closing it can panic

The above does not happen when using coocood/freecache.

[jjaferson]

I left a few suggestion but the code looks good, great work @guicassolato

[jjaferson]

Should this be configured via the authorino operator?

[guicassolato]

Yes, we need to open an issue for that. However, let's make sure it's for the EVALUATOR_CACHE_SIZE env var from #247, instead of this one.

[jjaferson]

Same here, do we need the else statement?

[guicassolato]

This one we actually do need... or valueAsBytes needs to be declared in the scope.