Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX][14.0] auth_saml: Add FOR UPDATE NOWAIT clause to SAML provider query #716

Open
wants to merge 1 commit into
base: 14.0
Choose a base branch
from
Open

[FIX][14.0] auth_saml: Add FOR UPDATE NOWAIT clause to SAML provider query #716

wants to merge 1 commit into from
+8 −5

Conversation

Ricardoalso
Copy link

@Ricardoalso Ricardoalso commented Oct 17, 2024
edited
Loading

  • Enhance concurrency handling when fetching SAML provider data
  • Prevent potential deadlocks by using NOWAIT
  • Ensure data consistency during high-traffic scenarios

Previous attempt using the locking mechanisms

self.env.cr.execute(
    "SELECT id FROM auth_saml_provider WHERE id in %s FOR UPDATE",
    (tuple(provider_ids),),
 )

led to increased latency and deadlocks under high load.

We experienced race conditions where two simultaneous login
attempts triggered parallel updates of the idp_metadata, leading to unreleased locks.

The FOR UPDATE NOWAIT clause addresses this issue by:

  1. Acquiring an exclusive lock on the row being updated
  2. Failing fast if the lock cannot be acquired (NOWAIT)
  3. Ensuring that only one transaction can update the idp_metadata at a time

gurneyalex
gurneyalex reviewed Oct 17, 2024
View reviewed changes
Copy link
Member

@gurneyalex gurneyalex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update the commit message:

  • mention the other attempts with the locks, and the issues they caused
  • explain the race condition we checked together this morning with 2 login attempts that will cause 2 updates of the idp_metadata in parallel
  • explain how the fix is preventing this

@Ricardoalso Ricardoalso marked this pull request as draft October 17, 2024 14:53
@Ricardoalso Ricardoalso mentioned this pull request Oct 17, 2024
Open
@Ricardoalso
auth_saml: Add FOR UPDATE NOWAIT clause to SAML provider query
f00a171 
- Enhance concurrency handling when fetching SAML provider data
- Prevent potential deadlocks by using NOWAIT
- Ensure data consistency during high-traffic scenarios

Previous attempt using the locking mechanisms

self.env.cr.execute(
    "SELECT id FROM auth_saml_provider WHERE id in %s FOR UPDATE",
    (tuple(provider_ids),),
 )

led to increased latency and deadlocks under high load.

We experienced race conditions where two simultaneous login
attempts triggered parallel updates of the idp_metadata, leading to unreleased locks.

The FOR UPDATE NOWAIT clause addresses this issue by:
1. Acquiring an exclusive lock on the row being updated
2. Failing fast if the lock cannot be acquired (NOWAIT)
3. Ensuring that only one transaction can update the idp_metadata at a time
@Ricardoalso Ricardoalso marked this pull request as ready for review October 17, 2024 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorvermot victorvermot victorvermot approved these changes

@cyrilmanuel cyrilmanuel cyrilmanuel approved these changes

@gurneyalex gurneyalex gurneyalex approved these changes

Assignees
No one assigned
Labels
approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Ricardoalso @gurneyalex @cyrilmanuel @victorvermot @OCA-git-bot