- edited description
This plugin is a bad citizen of Jira and Bitbucket
Issue #421
new
Our Jira server and Bitbucket server instances are being bombarded by requests. Upon investigation, users report to us that they just started using this plugin.
There are a few key problems:
- This plugin seems to use basic auth for every request. A high number of basic auths wastes I/O on the database and wastes cycles on the LDAP server. It can also cause problems for the Jira server during the user deletion portion of an active directory sync as all logins are queued and Jira can crash if there are enough queued). A solution would be to use sessions instead of basic auth.
- For Jira, the plugin calls the same issues a large number of times, which is a much more expensive traffic pattern than a typical user would. One user hit /rest/api/2/search 57 times in an hour, as well as some individual issues 13 times. Can this be optimized to only take action when the user asks for it? I don’t really expect that the user ran 57 searches within the client or loaded an issue 13 times, but maybe they did.
- In Bitbucket, within a 20 minute period, a user’s plugin called /rest/api/1.0/repos 6000 times.
I asked the user about it, and he said the following:
I honestly don’t know what is going on with that many requests. I have an extension on VS code that I downloaded a while back that might be doing this (https://marketplace.visualstudio.com/items?itemName=Atlassian.atlascode)… let me disable it and hopefully that was it.
I did make several pull requests and new branches during that time period, but I don’t recall pulling down a repo more than twice per project (5).
This makes the number of calls from the plugin seemingly explicable.
Given this activity, as an administrator, I would like to immediately ban this plugin from my environment, but I seem to have no way of doing so. In lieu of that, it would be nice to see the plugin become a better citizen. If all of my users used this plugin, I’m pretty confident I would be dead in the water from a performance/load perspective.
Comments (6)
-
reporter
-
reporter
- edited description
-
Account Deactivated
Hi Jason,
Thanks for your feedback. We have received a few requests to make the extension more performant and are investigating various solutions. We are also investigating ways to give Jira admins more control over allowing/denying specific external extensions.
In the mean time, please make sure your users are using the latest version of the extension and have auto-updates turned on as we have recently added some caching of various requests and will continue to do so in future releases. Also, in the extension settings refresh intervals can be adjusted for both Bitbucket and Jira; perhaps making refreshes less frequent could reduce the number of requests.
-
The 6000 requests in 20 minutes is very concerning. Were all these requets from a single user or were there multiple people using the extension?
-
Also, while the UI doesn’t make is as clear as it should be, auto-refresh can be disabled. If the refresh interval is set to 0 minutes auto-refresh is disabled. This can be done under the settings for the extension which can be found by clicking the gear icon in any of the Atlassian extension sidebar items or selecting “Atlassian: Open Settings” from the VS Code command palette.
-
In the Jira tab
-
Jira Issues Explorer
- Refresh interval
-
-
In the Bitbucket tab
-
Pull Requests Explorer
- Refresh explorer every
-
-
-
reporter
Sorry for the delay. For the 6000 requests, it was from a single user, which I found hard to understand as well.
Thanks for the info about auto-refresh. I will certainly inform users of that option.
Maybe sessions can be a future improvement to reduce auth load.
- Log in to comment