NotificationsYou must be signed in to change notification settings
Fork913
Star10k

Commitc9cf780

committed

just pass the authorizer as a whole

1 parent4256a6c commitc9cf780Copy full SHA for c9cf780

File tree

4 files changed

-16

lines changed

coderd
- coderd.go
- files

4 files changed

-16

lines changed

`‎coderd/coderd.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -572,7 +572,7 @@ func New(options Options) API {`
`572`	`572`	`TemplateScheduleStore:options.TemplateScheduleStore,`
`573`	`573`	`UserQuietHoursScheduleStore:options.UserQuietHoursScheduleStore,`
`574`	`574`	`AccessControlStore:options.AccessControlStore,`
`575`		`-FileCache:files.NewFromStore(options.Database,options.PrometheusRegistry,options.Authorizer.Authorize),`
	`575`	`+FileCache:files.NewFromStore(options.Database,options.PrometheusRegistry,options.Authorizer),`
`576`	`576`	`Experiments:experiments,`
`577`	`577`	`WebpushDispatcher:options.WebPushDispatcher,`
`578`	`578`	`healthCheckGroup:&singleflight.Group[string,*healthsdk.HealthcheckReport]{},`

`‎coderd/files/cache.go`

Lines changed: 4 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,11 +19,9 @@ import (`
`19`	`19`	`"github.com/coder/coder/v2/coderd/util/lazy"`
`20`	`20`	`)`
`21`	`21`
`22`		`-typeAuthorizeFilefunc(ctx context.Context,subject rbac.Subject,action policy.Action,object rbac.Object)error`
`23`		`-`
`24`	`22`	`// NewFromStore returns a file cache that will fetch files from the provided`
`25`	`23`	`// database.`
`26`		`-funcNewFromStore(store database.Store,registerer prometheus.Registerer,authzAuthorizeFile)*Cache {`
	`24`	`+funcNewFromStore(store database.Store,registerer prometheus.Registerer,authzrbac.Authorizer)*Cache {`
`27`	`25`	`fetch:=func(ctx context.Context,fileID uuid.UUID) (cacheEntryValue,error) {`
`28`	`26`	`// Make sure the read does not fail due to authorization issues.`
`29`	`27`	`// Authz is checked on the Acquire call, so this is safe.`
`@@ -44,7 +42,7 @@ func NewFromStore(store database.Store, registerer prometheus.Registerer, authz`
`44`	`42`	`returnNew(fetch,registerer,authz)`
`45`	`43`	`}`
`46`	`44`
`47`		`-funcNew(fetchfetcher,registerer prometheus.Registerer,authzAuthorizeFile)*Cache {`
	`45`	`+funcNew(fetchfetcher,registerer prometheus.Registerer,authzrbac.Authorizer)*Cache {`
`48`	`46`	`return (&Cache{`
`49`	`47`	`lock: sync.Mutex{},`
`50`	`48`	`data:make(map[uuid.UUID]*cacheEntry),`
`@@ -111,7 +109,7 @@ type Cache struct {`
`111`	`109`	`lock sync.Mutex`
`112`	`110`	`datamap[uuid.UUID]*cacheEntry`
`113`	`111`	`fetcher`
`114`		`-authzAuthorizeFile`
	`112`	`+authzrbac.Authorizer`
`115`	`113`
`116`	`114`	`// metrics`
`117`	`115`	`cacheMetrics`
`@@ -164,7 +162,7 @@ func (c *Cache) Acquire(ctx context.Context, fileID uuid.UUID) (fs.FS, error) {`
`164`	`162`	`returnnil,dbauthz.ErrNoActor`
`165`	`163`	`}`
`166`	`164`	`// Always check the caller can actually read the file.`
`167`		`-iferr:=c.authz(ctx,subject,policy.ActionRead,it.object);err!=nil {`
	`165`	`+iferr:=c.authz.Authorize(ctx,subject,policy.ActionRead,it.object);err!=nil {`
`168`	`166`	`c.Release(fileID)`
`169`	`167`	`returnnil,err`
`170`	`168`	`}`

`‎coderd/files/cache_internal_test.go`

Lines changed: 3 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,17 +12,12 @@ import (`
`12`	`12`	`"github.com/stretchr/testify/require"`
`13`	`13`	`"golang.org/x/sync/errgroup"`
`14`	`14`
	`15`	`+"github.com/coder/coder/v2/coderd/coderdtest"`
`15`	`16`	`"github.com/coder/coder/v2/coderd/coderdtest/promhelp"`
`16`	`17`	`"github.com/coder/coder/v2/coderd/database/dbauthz"`
`17`		`-"github.com/coder/coder/v2/coderd/rbac"`
`18`		`-"github.com/coder/coder/v2/coderd/rbac/policy"`
`19`	`18`	`"github.com/coder/coder/v2/testutil"`
`20`	`19`	`)`
`21`	`20`
`22`		`-funcauthzAlwaysTrue(_ context.Context,_ rbac.Subject,_ policy.Action,_ rbac.Object)error {`
`23`		`-returnnil`
`24`		`-}`
`25`		`-`
`26`	`21`	`funccachePromMetricName(metricstring)string {`
`27`	`22`	`return"coderd_file_cache_"+metric`
`28`	`23`	`}`
`@@ -42,7 +37,7 @@ func TestConcurrency(t *testing.T) {`
`42`	`37`	`// will be waiting in line, ensuring that no one duplicated a fetch.`
`43`	`38`	`time.Sleep(testutil.IntervalMedium)`
`44`	`39`	`returncacheEntryValue{FS:emptyFS,size:fileSize},nil`
`45`		`-},reg,authzAlwaysTrue)`
	`40`	`+},reg,&coderdtest.FakeAuthorizer{})`
`46`	`41`
`47`	`42`	`batches:=1000`
`48`	`43`	`groups:=make([]*errgroup.Group,0,batches)`
`@@ -94,7 +89,7 @@ func TestRelease(t *testing.T) {`
`94`	`89`	`FS:emptyFS,`
`95`	`90`	`size:fileSize,`
`96`	`91`	`},nil`
`97`		`-},reg,authzAlwaysTrue)`
	`92`	`+},reg,&coderdtest.FakeAuthorizer{})`
`98`	`93`
`99`	`94`	`batches:=100`
`100`	`95`	`ids:=make([]uuid.UUID,0,batches)`

`‎coderd/files/cache_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ func cacheAuthzSetup(t testing.T) (database.Store, files.Cache, *coderdtest.Re`
`109`	`109`
`110`	`110`	`// Dbauthz wrap the db`
`111`	`111`	`db=dbauthz.New(db,rec,logger,coderdtest.AccessControlStorePointer())`
`112`		`-c:=files.NewFromStore(db,reg,rec.Authorize)`
	`112`	`+c:=files.NewFromStore(db,reg,rec)`
`113`	`113`	`returndb,c,rec`
`114`	`114`	`}`
`115`	`115`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc9cf780

File tree

4 files changed

4 files changed

`‎coderd/coderd.go`

`‎coderd/files/cache.go`

`‎coderd/files/cache_internal_test.go`

`‎coderd/files/cache_test.go`

0 commit comments