Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12166

Searching for a user in a user picker dialogue times out when trying to add a branch permission.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 8.8.0
    • 6.0.0, 6.1.0, 6.0.1, 6.2.0, 6.0.2, 6.1.1, 6.0.3, 6.1.2, 6.0.4, 6.1.3, 6.3.0, 6.0.5, 6.1.4, 6.2.1, 6.0.6, 6.1.5, 6.2.2, 6.3.1, 6.4.0, 6.2.3, 6.3.2, 6.5.0, 6.0.7, 6.1.6, 6.2.4, 6.3.3, 6.4.1, 6.6.0, 6.3.4, 6.4.2, 6.5.1, 6.1.7, 6.0.8, 6.0.9, 6.2.5, 6.5.2, 6.0.10, 6.1.8, 6.2.6, 6.3.5, 6.4.3, 6.7.0, 6.6.1, 6.6.2, 6.7.1, 6.7.2, 6.8.0, 6.8.1, 6.9.0, 6.10.0, 6.0.11, 6.1.9, 6.2.7, 6.3.6, 6.4.4, 6.5.3, 6.6.3, 6.7.3, 6.8.2, 6.9.1, 6.10.1
    • Crowd, Repository - Branch Permissions

      Issue Summary

      If users, groups and membership caches are cold or have insufficient size (a required size for membership cache can be well into 500 000 entries mark for decent directory sizes), it is virtually impossible to add a branch permission as UI times out while the application checks all the found users for required permissions.

      Steps to Reproduce

      1. Star a LDAP server
      2. Import the users and groups from that dataset: tree.ldif.zip
      3. Synchronise Bitbucket with that LDAP server.
      4. Create a project
      5. Create a repository
      6. Add write permissions for groups: group.2132849, group.2137710, group.2138629, group.8126700
      7. Go to "Branch permission"
      8. Click "Add permission"
      9. Start typing (manually typing, no copy-pasting): cn 203 (full username - cn 2034568)

      Expected Results

      User presented with a list of user which names start with "cn 203"

      Actual Results

      Timeout after one minute.

      Workaround

      For provided dataset bumping permission cache, group permission cache, user cache, group cache is inefficient if nested groups are enabled. Disabling nested groups makes permissions caches relatively effective.

      For nested groups case, for provided dataset, cache.query.groupMemberships.max had to be set into value well above 100 000 (I had it at 500 000).

      The root cause of the issue is that it takes a query per-user-per-permission check to get the groups user belongs to (even more if nested groups are enabled).

      See also jProfiler snapshot: another-users-ang-groups-failure.jps

        1. another-users-ang-groups-failure.jps
          3.18 MB
        2. request-latency.png
          request-latency.png
          286 kB
        3. tree.ldif.zip
          9.35 MB

              ysun Yingran Sun
              aermolenko Tony Miller
              Votes:
              12 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: