rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-07-16 07:56:23 +00:00
Code Issues Projects Releases Wiki Activity

refactor(accesscontrol): use interface for AccessStore cache (#290)

Browse Source
This commit is contained in:
Alejandro Ruiz 2024-10-09 10:21:29 +02:00 committed by GitHub
parent 5c1a56204d
commit 484ce1c9e9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/accesscontrol/access_store.go
View File

@ -9,6 +9,7 @@ import (
"time" "time"
v1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/rbac/v1" v1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/rbac/v1"
"golang.org/x/sync/singleflight"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/util/cache" "k8s.io/apimachinery/pkg/util/cache"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
@ -43,6 +44,7 @@ type AccessStore struct {
groupsPolicyRules policyRules groupsPolicyRules policyRules
roles roleRevisions roles roleRevisions
cache accessStoreCache cache accessStoreCache
concurrentAccessFor *singleflight.Group
} }
type roleKey struct { type roleKey struct {
@ -55,6 +57,7 @@ func NewAccessStore(ctx context.Context, cacheResults bool, rbac v1.Interface) *
usersPolicyRules: newPolicyRuleIndex(true, rbac), usersPolicyRules: newPolicyRuleIndex(true, rbac),
groupsPolicyRules: newPolicyRuleIndex(false, rbac), groupsPolicyRules: newPolicyRuleIndex(false, rbac),
roles: newRoleRevision(ctx, rbac), roles: newRoleRevision(ctx, rbac),
concurrentAccessFor: new(singleflight.Group),
} }
if cacheResults { if cacheResults {
as.cache = cache.NewLRUExpireCache(50) as.cache = cache.NewLRUExpireCache(50)
@ -69,16 +72,19 @@ func (l *AccessStore) AccessFor(user user.Info) *AccessSet {
cacheKey := l.CacheKey(user) cacheKey := l.CacheKey(user)
res, _, _ := l.concurrentAccessFor.Do(cacheKey, func() (interface{}, error) {
if val, ok := l.cache.Get(cacheKey); ok { if val, ok := l.cache.Get(cacheKey); ok {
as, _ := val.(*AccessSet) as, _ := val.(*AccessSet)
return as return as, nil
} }
result := l.newAccessSet(user) result := l.newAccessSet(user)
result.ID = cacheKey result.ID = cacheKey
l.cache.Add(cacheKey, result, 24*time.Hour) l.cache.Add(cacheKey, result, 24*time.Hour)
return result return result, nil
})
return res.(*AccessSet)
} }
func (l *AccessStore) newAccessSet(user user.Info) *AccessSet { func (l *AccessStore) newAccessSet(user user.Info) *AccessSet {

4
pkg/accesscontrol/access_store_test.go
View File

@ -7,6 +7,7 @@ import (
"testing" "testing"
"time" "time"
"golang.org/x/sync/singleflight"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
@ -197,6 +198,7 @@ func TestAccessStore_AccessFor(t *testing.T) {
} }
asCache := cache.NewLRUExpireCache(10) asCache := cache.NewLRUExpireCache(10)
store := &AccessStore{ store := &AccessStore{
concurrentAccessFor: new(singleflight.Group),
usersPolicyRules: &policyRulesMock{ usersPolicyRules: &policyRulesMock{
getRBFunc: func(s string) []*rbacv1.RoleBinding { getRBFunc: func(s string) []*rbacv1.RoleBinding {
return []*rbacv1.RoleBinding{ return []*rbacv1.RoleBinding{
@ -301,10 +303,10 @@ func (c *spyCache) observeAdd(k interface{}) {
} }
func TestAccessStore_AccessFor_concurrent(t *testing.T) { func TestAccessStore_AccessFor_concurrent(t *testing.T) {
t.Skipf("TODO - Add a fix for this test")
testUser := &user.DefaultInfo{Name: "test-user"} testUser := &user.DefaultInfo{Name: "test-user"}
asCache := &spyCache{accessStoreCache: cache.NewLRUExpireCache(100)} asCache := &spyCache{accessStoreCache: cache.NewLRUExpireCache(100)}
store := &AccessStore{ store := &AccessStore{
concurrentAccessFor: new(singleflight.Group),
roles: roleRevisionsMock(func(ns, name string) string { roles: roleRevisionsMock(func(ns, name string) string {
return fmt.Sprintf("%s%srev", ns, name) return fmt.Sprintf("%s%srev", ns, name)
}), }),