mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
chore: Reduce the amount of bytes allocated for Filter (#4209)
Reuse parsed data structure for subsequent queries
This commit is contained in:
@ -5,6 +5,7 @@ import (
|
||||
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/open-policy-agent/opa/ast"
|
||||
"github.com/open-policy-agent/opa/rego"
|
||||
|
||||
"github.com/coder/coder/coderd/tracing"
|
||||
@ -32,6 +33,18 @@ func (pa *PartialAuthorizer) Authorize(ctx context.Context, object Object) error
|
||||
return nil
|
||||
}
|
||||
|
||||
// No queries means always false
|
||||
if len(pa.preparedQueries) == 0 {
|
||||
return ForbiddenWithInternal(xerrors.Errorf("policy disallows request"), pa.input, nil)
|
||||
}
|
||||
|
||||
parsed, err := ast.InterfaceToValue(map[string]interface{}{
|
||||
"object": object,
|
||||
})
|
||||
if err != nil {
|
||||
return xerrors.Errorf("parse object: %w", err)
|
||||
}
|
||||
|
||||
// How to interpret the results of the partial queries.
|
||||
// We have a list of queries that are along the lines of:
|
||||
// `input.object.org_owner = ""; "me" = input.object.owner`
|
||||
@ -45,9 +58,7 @@ func (pa *PartialAuthorizer) Authorize(ctx context.Context, object Object) error
|
||||
EachQueryLoop:
|
||||
for _, q := range pa.preparedQueries {
|
||||
// We need to eval each query with the newly known fields.
|
||||
results, err := q.Eval(ctx, rego.EvalInput(map[string]interface{}{
|
||||
"object": object,
|
||||
}))
|
||||
results, err := q.Eval(ctx, rego.EvalParsedInput(parsed))
|
||||
if err != nil {
|
||||
continue EachQueryLoop
|
||||
}
|
||||
|
Reference in New Issue
Block a user