Skip to content

Include display names in resource policy response #1207

@david-crespo

Description

@david-crespo

As discussed at 6/10 control plane huddle, I am hacking in the user name on the project access page (screenshot below) by fetching all the users and effectively doing the join client side. The upshot of the discussion at huddle was that because

  • The total number of users is potentially quite large
  • Requesting full users just to get the names will send down a lot of stuff we don't need (not to mention a lot of users we don't need)
  • A policy is much more limited in size and likely only mentions a small subset of users

It probably makes sense to do a proper join server-side and include the names in the policy response.

Another significant point I didn't think of at the huddle is that permissions will be handled through role assignment to groups at least as often as to individual users, if not way more often, and in that case we would have to fetch group info in addition to user info. To me this further increases the cost of handling this on the client, and strengthens the case for including human-readable display names for all role-assignable entities referred to in a policy.

image

Alternatives

One alternative is to keep fetching all users. But we can expect the total number of users to exceed our max page size of 1000. As mentioned above there will also be group names to fetch.

Another option could be to have a bulk user fetch endpoint that takes a comma-separated list of user IDs, but you only know what users to fetch after you've seen the policy, so the requests have to happen sequentially. Plus whether it's a bulk fetch specific users or fetch all, we're querying the users table either way — it doesn't seem clearly better than doing it as a real join.

Metadata

Metadata

Assignees

No one assigned

    Labels

    customerFor any bug reports or feature requests tied to customer requests

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions