chore: Reduce the amount of bytes allocated for Filter (#4209)

Reuse parsed data structure for subsequent queries
2025-07-09 11:45:56 +00:00 · 2022-09-26 15:16:46 -04:00
parent 48c0b59447
commit 2f0d30d7b5
1 changed files with 14 additions and 3 deletions
--- a/coderd/rbac/partial.go
+++ b/coderd/rbac/partial.go
@ -5,6 +5,7 @@ import (

 	"golang.org/x/xerrors"

+	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/rego"

 	"github.com/coder/coder/coderd/tracing"
@ -32,6 +33,18 @@ func (pa *PartialAuthorizer) Authorize(ctx context.Context, object Object) error
 		return nil
 	}

+	// No queries means always false
+	if len(pa.preparedQueries) == 0 {
+		return ForbiddenWithInternal(xerrors.Errorf("policy disallows request"), pa.input, nil)
+	}
+
+	parsed, err := ast.InterfaceToValue(map[string]interface{}{
+		"object": object,
+	})
+	if err != nil {
+		return xerrors.Errorf("parse object: %w", err)
+	}
+
 	// How to interpret the results of the partial queries.
 	// We have a list of queries that are along the lines of:
 	// 	`input.object.org_owner = ""; "me" = input.object.owner`
@ -45,9 +58,7 @@ func (pa *PartialAuthorizer) Authorize(ctx context.Context, object Object) error
 EachQueryLoop:
 	for _, q := range pa.preparedQueries {
 		// We need to eval each query with the newly known fields.
-		results, err := q.Eval(ctx, rego.EvalInput(map[string]interface{}{
-			"object": object,
-		}))
+		results, err := q.Eval(ctx, rego.EvalParsedInput(parsed))
 		if err != nil {
 			continue EachQueryLoop
 		}