You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue #4144 introduces an AuthZen-compatible PDP integration for evaluating scopes when scope_policy: "dynamic" is configured. If the PDP endpoint becomes unavailable, every token request will wait for the full timeout before returning 503.
Problem
Without a circuit breaker, a down PDP causes all dynamic-policy token requests to hang for the timeout duration. This degrades the node's responsiveness even though the outcome (503) is already known after the first few failures.
Proposal
Add a circuit breaker to the AuthZen HTTP client so that after N consecutive failures, subsequent requests fail immediately until a probe request succeeds. This gives bounded, fast failure instead of repeated timeout waits.
Context
Issue #4144 introduces an AuthZen-compatible PDP integration for evaluating scopes when
scope_policy: "dynamic"is configured. If the PDP endpoint becomes unavailable, every token request will wait for the full timeout before returning 503.Problem
Without a circuit breaker, a down PDP causes all dynamic-policy token requests to hang for the timeout duration. This degrades the node's responsiveness even though the outcome (503) is already known after the first few failures.
Proposal
Add a circuit breaker to the AuthZen HTTP client so that after N consecutive failures, subsequent requests fail immediately until a probe request succeeds. This gives bounded, fast failure instead of repeated timeout waits.
Considerations
Related