Follow-up from "Add Postman API specification mode to API fuzzing CI configuration page"
The following discussion from !55601 (merged) should be addressed:
-
@10io started a discussion: (+2 comments) For my understanding:
Is there a plan to cache this file somehow?
From what I read, each time a GraphQL query is done in the related field, we will get this file too.
-
@10io said: It depends on how
PROFILES_DEFINITION_FILE
is created and changed. Can it be changed by the UI? Is it a fixed file internal to GitLab or can this file be set up by self-managed users?Depending on the usage, there are multiple ways to cache this file:
- from simply fetch it once and cache it in redis
- to have a background worker that will fetch the file and cache it somewhere. It could be even be in the database in the file is small enough.
I think in general, we should avoid web request within web requests. There are cases where it's not possible but here it might be.
Also, keep in mind that in GraphQL you can query multiple resources at in a single query.
query { a: project(fullPath: "10io/ptcs") { apiFuzzingCiConfiguration { scanProfiles { name } } } b: project(fullPath: "10io/lfs") { apiFuzzingCiConfiguration { scanProfiles { name } } } c: project(fullPath: "10io/gl_pru") { apiFuzzingCiConfiguration { scanProfiles { name } } } }
I checked what happens locally and yes, we trigger
Gitlab::HTTP.try_get
three times for the query above. So basically, we have an+1
situation with an http call.I think this is outside of this MR as this problem was already in the original code (
ee/app/models/security/api_fuzzing/ci_configuration.rb
). Still, I think it's worth opening an issue to investigate if we could remove or mitigate that http call.