Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch check dispatch to use the new MembershipSet #855

Merged
merged 2 commits into from
Sep 30, 2022
Merged

Switch check dispatch to use the new MembershipSet #855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3c67dda
Reorganize the dispatch check protos a bit in preparation for using M…
josephschorr Sep 29, 2022
7b8c29c
Switch check dispatching to use the new MembershipSet
josephschorr Sep 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 3 additions & 6 deletions internal/dispatch/caching/caching.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"sync"
"testing"

"golang.org/x/exp/maps"

"github.com/dustin/go-humanize"
"github.com/prometheus/client_golang/prometheus"
"github.com/rs/zerolog/log"
Expand Down Expand Up @@ -253,12 +255,7 @@ func (cd *Dispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCheckRe

// If debugging is requested, clone and add the req and the response to the trace.
clone := cachedResult.response.CloneVT()
results := make(map[string]*v1.CheckDebugTrace_ResourceCheckResult, len(cachedResult.response.ResultsByResourceId))
for resourceID, result := range cachedResult.response.ResultsByResourceId {
results[resourceID] = &v1.CheckDebugTrace_ResourceCheckResult{
HasPermission: result.Membership == v1.DispatchCheckResponse_MEMBER,
}
}
results := maps.Clone(cachedResult.response.ResultsByResourceId)

clone.Metadata.DebugInfo = &v1.DebugInformation{
Check: &v1.CheckDebugTrace{
Expand Down
6 changes: 3 additions & 3 deletions internal/dispatch/caching/cachingdispatch_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,9 @@ func TestMaxDepthCaching(t *testing.T) {
DepthRemaining: step.depthRemaining,
},
}).Return(&v1.DispatchCheckResponse{
ResultsByResourceId: map[string]*v1.DispatchCheckResponse_ResourceCheckResult{
ResultsByResourceId: map[string]*v1.ResourceCheckResult{
parsed.ObjectId: {
Membership: v1.DispatchCheckResponse_MEMBER,
Membership: v1.ResourceCheckResult_MEMBER,
},
},
Metadata: &v1.ResponseMeta{
Expand Down Expand Up @@ -133,7 +133,7 @@ func TestMaxDepthCaching(t *testing.T) {
},
})
require.NoError(err)
require.Equal(v1.DispatchCheckResponse_MEMBER, resp.ResultsByResourceId[parsed.ObjectId].Membership)
require.Equal(v1.ResourceCheckResult_MEMBER, resp.ResultsByResourceId[parsed.ObjectId].Membership)

// We have to sleep a while to let the cache converge:
// https://github.com/dgraph-io/ristretto/blob/01b9f37dd0fd453225e042d6f3a27cd14f252cd0/cache_test.go#L17
Expand Down
3 changes: 2 additions & 1 deletion internal/dispatch/debug.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,9 @@ func convertCheckTrace(ct *dispatch.CheckDebugTrace) []*v1.CheckDebugTrace {
subRelation = ""
}

// TODO(jschorr): Support caveats here
result := v1.CheckDebugTrace_PERMISSIONSHIP_NO_PERMISSION
if found, ok := ct.Results[resourceID]; ok && found.HasPermission {
if found, ok := ct.Results[resourceID]; ok && found.Membership == dispatch.ResourceCheckResult_MEMBER {
result = v1.CheckDebugTrace_PERMISSIONSHIP_HAS_PERMISSION
}

Expand Down
4 changes: 2 additions & 2 deletions internal/dispatch/graph/check_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ func TestSimpleCheck(t *testing.T) {

isMember := false
if found, ok := checkResult.ResultsByResourceId[tc.objectID]; ok {
isMember = found.Membership == v1.DispatchCheckResponse_MEMBER
isMember = found.Membership == v1.ResourceCheckResult_MEMBER
}

require.Equal(expected.isMember, isMember, "For object %s in %v: ", tc.objectID, checkResult.ResultsByResourceId)
Expand Down Expand Up @@ -271,7 +271,7 @@ func TestCheckMetadata(t *testing.T) {

isMember := false
if found, ok := checkResult.ResultsByResourceId[tc.objectID]; ok {
isMember = found.Membership == v1.DispatchCheckResponse_MEMBER
isMember = found.Membership == v1.ResourceCheckResult_MEMBER
}

require.Equal(expected.isMember, isMember)
Expand Down
2 changes: 1 addition & 1 deletion internal/dispatch/graph/lookupsubjects_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ func TestSimpleLookupSubjects(t *testing.T) {
})

require.NoError(err)
require.Equal(v1.DispatchCheckResponse_MEMBER, checkResult.ResultsByResourceId[tc.resourceID].Membership)
require.Equal(v1.ResourceCheckResult_MEMBER, checkResult.ResultsByResourceId[tc.resourceID].Membership)
}
})
}
Expand Down
Loading