steve/pkg/stores/proxy/watch_refresh.go

package proxy

import (
	"context"
	"time"

	"github.com/rancher/apiserver/pkg/types"
	"github.com/rancher/steve/pkg/accesscontrol"
	"k8s.io/apiserver/pkg/endpoints/request"
)

// WatchRefresh implements types.Store with awareness of changes to the requester's access.
type WatchRefresh struct {
	types.Store
	asl accesscontrol.AccessSetLookup
}

// NewWatchRefresh returns a new store with awareness of changes to the requester's access.
func NewWatchRefresh(s types.Store, asl accesscontrol.AccessSetLookup) *WatchRefresh {
	return &WatchRefresh{
		Store: s,
		asl:   asl,
	}
}

// Watch performs a watch request which halts if the user's access level changes.
func (w *WatchRefresh) Watch(apiOp *types.APIRequest, schema *types.APISchema, wr types.WatchRequest) (chan types.APIEvent, error) {
	user, ok := request.UserFrom(apiOp.Context())
	if !ok {
		return w.Store.Watch(apiOp, schema, wr)
	}

	as := w.asl.AccessFor(user)
	ctx, cancel := context.WithCancel(apiOp.Context())
	apiOp = apiOp.WithContext(ctx)

	go func() {
		for {
			select {
			case <-ctx.Done():
				return
			case <-time.After(2 * time.Second):
			}

			newAs := w.asl.AccessFor(user)
			if as.ID != newAs.ID {
				// RBAC changed
				cancel()
				return
			}
		}
	}()

	return w.Store.Watch(apiOp, schema, wr)
}
Full dynamic RBAC and pagination 2020-02-10 17:18:20 +00:00			`package proxy`

			`import (`
			`"context"`
			`"time"`

Shuffle around code and use rancher/apiserver 2020-06-12 04:50:59 +00:00			`"github.com/rancher/apiserver/pkg/types"`
Full dynamic RBAC and pagination 2020-02-10 17:18:20 +00:00			`"github.com/rancher/steve/pkg/accesscontrol"`
			`"k8s.io/apiserver/pkg/endpoints/request"`
			`)`

docs: Add docs for partition and proxy store 2022-10-14 23:17:32 +00:00			`// WatchRefresh implements types.Store with awareness of changes to the requester's access.`
Full dynamic RBAC and pagination 2020-02-10 17:18:20 +00:00			`type WatchRefresh struct {`
			`types.Store`
			`asl accesscontrol.AccessSetLookup`
			`}`

SQLite backed cache (#223) This uses SQLite-backed informers provided by Lasso with https://github.com/rancher/lasso/pull/65 to implement Steve API (/v1/) functionality. This new functionality is available behind a feature flag to be specified at Steve startup See https://confluence.suse.com/pages/viewpage.action?pageId=1359086083 Co-authored-by: Ricardo Weir <ricardo.weir@suse.com> Co-authored-by: Michael Bolot <michael.bolot@suse.com> Co-authored-by: Silvio Moioli <silvio@moioli.net> Signed-off-by: Silvio Moioli <silvio@moioli.net> 2024-06-05 14:17:12 +00:00			`// NewWatchRefresh returns a new store with awareness of changes to the requester's access.`
			`func NewWatchRefresh(s types.Store, asl accesscontrol.AccessSetLookup) *WatchRefresh {`
			`return &WatchRefresh{`
			`Store: s,`
			`asl: asl,`
			`}`
			`}`

docs: Add docs for partition and proxy store 2022-10-14 23:17:32 +00:00			`// Watch performs a watch request which halts if the user's access level changes.`
Full dynamic RBAC and pagination 2020-02-10 17:18:20 +00:00			`func (w WatchRefresh) Watch(apiOp types.APIRequest, schema *types.APISchema, wr types.WatchRequest) (chan types.APIEvent, error) {`
			`user, ok := request.UserFrom(apiOp.Context())`
			`if !ok {`
			`return w.Store.Watch(apiOp, schema, wr)`
			`}`

			`as := w.asl.AccessFor(user)`
			`ctx, cancel := context.WithCancel(apiOp.Context())`
			`apiOp = apiOp.WithContext(ctx)`

			`go func() {`
			`for {`
			`select {`
			`case <-ctx.Done():`
			`return`
Cleanup schema change reporting 2021-08-09 23:47:09 +00:00			`case <-time.After(2 * time.Second):`
Full dynamic RBAC and pagination 2020-02-10 17:18:20 +00:00			`}`

			`newAs := w.asl.AccessFor(user)`
			`if as.ID != newAs.ID {`
			`// RBAC changed`
			`cancel()`
			`return`
			`}`
			`}`
			`}()`

			`return w.Store.Watch(apiOp, schema, wr)`
			`}`