Skip to content

add kms performance parameters #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ramonpetgrave64 merged 9 commits into from
Oct 20, 2023
Merged

add kms performance parameters #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
30d70d2
add max_connection_pool parameter
ramonpetgrave64 Oct 6, 2023
65c3f07
0.6.1.dev2
ramonpetgrave64 Oct 6, 2023
1d069ed
Update pull_request.yml
ramonpetgrave64 Oct 9, 2023
62a2821
Merge branch 'master' into ramonpetgrave64-max-connection-pool
ramonpetgrave64 Oct 10, 2023
ba4213b
Update setup.py
ramonpetgrave64 Oct 10, 2023
cc720a6
add default 1s timemouts
ramonpetgrave64 Oct 16, 2023
dbbd7a5
0.6.2
ramonpetgrave64 Oct 19, 2023
1a6e174
boto defaults
ramonpetgrave64 Oct 19, 2023
0f50807
docs
ramonpetgrave64 Oct 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,18 @@ validator.decrypt_token(username, token)
Note: 'to', 'from', and 'user_type' keys are not allowed to be set in
extra_context.

## Performance Tuning

With the [boto defaults](https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html), the AWS KMS client used in `KMSTokenValidator` may not be performant under higher loads, due to latency when communicating with AWS KMS. Try tuning these parameters below with the given starting points.

```python
...
max_pool_connections=100,
connect_timeout=1,
read_timeout=1,
...
```

## Reporting security vulnerabilities

If you've found a vulnerability or a potential vulnerability in kmsauth
Expand Down
13 changes: 11 additions & 2 deletions kmsauth/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ def __init__(
endpoint_url=None,
token_cache_size=4096,
stats=None,
max_pool_connections=None,
connect_timeout=None,
read_timeout=None,
):
"""Create a KMSTokenValidator object.

Copy link

@alejandroroiz alejandroroiz Oct 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably also document these new parameters

Copy link
Contributor Author

@ramonpetgrave64 ramonpetgrave64 Oct 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added

Expand Down Expand Up @@ -107,13 +110,19 @@ def __init__(
aws_access_key_id=self.aws_creds['AccessKeyId'],
aws_secret_access_key=self.aws_creds['SecretAccessKey'],
aws_session_token=self.aws_creds['SessionToken'],
endpoint_url=endpoint_url
endpoint_url=endpoint_url,
max_pool_connections=max_pool_connections,
connect_timeout=connect_timeout,
read_timeout=read_timeout,
)
else:
self.kms_client = kmsauth.services.get_boto_client(
'kms',
region=self.region,
endpoint_url=endpoint_url
endpoint_url=endpoint_url,
max_pool_connections=max_pool_connections,
connect_timeout=connect_timeout,
read_timeout=read_timeout,
)
if extra_context is None:
self.extra_context = {}
Expand Down
13 changes: 11 additions & 2 deletions kmsauth/services.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
"""Module for accessing boto3 clients, resources and sessions."""

import boto3
import botocore
import logging

CLIENT_CACHE = {}
Expand All @@ -13,7 +14,10 @@ def get_boto_client(
aws_access_key_id=None,
aws_secret_access_key=None,
aws_session_token=None,
endpoint_url=None
endpoint_url=None,
max_pool_connections=None,
connect_timeout=None,
read_timeout=None,
):
"""Get a boto3 client connection."""
cache_key = '{0}:{1}:{2}:{3}'.format(
Expand All @@ -37,7 +41,12 @@ def get_boto_client(

CLIENT_CACHE[cache_key] = session.client(
client,
endpoint_url=endpoint_url
endpoint_url=endpoint_url,
config=botocore.config.Config(
max_pool_connections=max_pool_connections,
connect_timeout=connect_timeout,
read_timeout=read_timeout,
)
)
return CLIENT_CACHE[cache_key]

Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

from setuptools import setup, find_packages

VERSION = "0.6.1"
VERSION = "0.6.2"

requirements = [
# Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK)
Expand Down