synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-18 14:17:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: only trace rbac.Filter (#4177)

Browse Source
This commit is contained in:
Colin Adler
2022-09-23 15:21:56 -05:00
committed by GitHub
parent 95aea104c7
commit 15b9a59786
2 changed files with 0 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
coderd/rbac/authz.go
View File

@ -131,9 +131,6 @@ func (a RegoAuthorizer) ByRoleName(ctx context.Context, subjectID string, roleNa
// Authorize allows passing in custom Roles. // Authorize allows passing in custom Roles.
// This is really helpful for unit testing, as we can create custom roles to exercise edge cases. // This is really helpful for unit testing, as we can create custom roles to exercise edge cases.
func (a RegoAuthorizer) Authorize(ctx context.Context, subjectID string, roles []Role, scope Role, action Action, object Object) error { func (a RegoAuthorizer) Authorize(ctx context.Context, subjectID string, roles []Role, scope Role, action Action, object Object) error {
ctx, span := tracing.StartSpan(ctx)
defer span.End()
input := map[string]interface{}{ input := map[string]interface{}{
"subject": authSubject{ "subject": authSubject{
ID: subjectID, ID: subjectID,
@ -179,9 +176,6 @@ func (a RegoAuthorizer) Authorize(ctx context.Context, subjectID string, roles [
// Prepare will partially execute the rego policy leaving the object fields unknown (except for the type). // Prepare will partially execute the rego policy leaving the object fields unknown (except for the type).
// This will vastly speed up performance if batch authorization on the same type of objects is needed. // This will vastly speed up performance if batch authorization on the same type of objects is needed.
func (RegoAuthorizer) Prepare(ctx context.Context, subjectID string, roles []Role, scope Role, action Action, objectType string) (*PartialAuthorizer, error) { func (RegoAuthorizer) Prepare(ctx context.Context, subjectID string, roles []Role, scope Role, action Action, objectType string) (*PartialAuthorizer, error) {
ctx, span := tracing.StartSpan(ctx)
defer span.End()
auth, err := newPartialAuthorizer(ctx, subjectID, roles, scope, action, objectType) auth, err := newPartialAuthorizer(ctx, subjectID, roles, scope, action, objectType)
if err != nil { if err != nil {
return nil, xerrors.Errorf("new partial authorizer: %w", err) return nil, xerrors.Errorf("new partial authorizer: %w", err)
@ -191,9 +185,6 @@ func (RegoAuthorizer) Prepare(ctx context.Context, subjectID string, roles []Rol
} }
func (a RegoAuthorizer) PrepareByRoleName(ctx context.Context, subjectID string, roleNames []string, scope Scope, action Action, objectType string) (PreparedAuthorized, error) { func (a RegoAuthorizer) PrepareByRoleName(ctx context.Context, subjectID string, roleNames []string, scope Scope, action Action, objectType string) (PreparedAuthorized, error) {
ctx, span := tracing.StartSpan(ctx)
defer span.End()
roles, err := RolesByNames(roleNames) roles, err := RolesByNames(roleNames)
if err != nil { if err != nil {
return nil, err return nil, err

3
coderd/rbac/partial.go
View File

@ -28,9 +28,6 @@ type PartialAuthorizer struct {
var _ PreparedAuthorized = (*PartialAuthorizer)(nil) var _ PreparedAuthorized = (*PartialAuthorizer)(nil)
func (pa *PartialAuthorizer) Authorize(ctx context.Context, object Object) error { func (pa *PartialAuthorizer) Authorize(ctx context.Context, object Object) error {
ctx, span := tracing.StartSpan(ctx)
defer span.End()
if pa.alwaysTrue { if pa.alwaysTrue {
return nil return nil
} }