mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
chore: Optimize rego policy input allocations (#6135)
* chore: Optimize rego policy evaluation allocations Manually convert to ast.Value instead of using generic json.Marshal conversion. * Add a unit test that prevents regressions of rego input The optimized input is always compared to the normal json marshal parser.
This commit is contained in:
@ -14,20 +14,25 @@ type UnauthorizedError struct {
|
||||
// internal is the internal error that should never be shown to the client.
|
||||
// It is only for debugging purposes.
|
||||
internal error
|
||||
input map[string]interface{}
|
||||
output rego.ResultSet
|
||||
|
||||
// These fields are for debugging purposes.
|
||||
subject Subject
|
||||
action Action
|
||||
// Note only the object type is set for partial execution.
|
||||
object Object
|
||||
|
||||
output rego.ResultSet
|
||||
}
|
||||
|
||||
// ForbiddenWithInternal creates a new error that will return a simple
|
||||
// "forbidden" to the client, logging internally the more detailed message
|
||||
// provided.
|
||||
func ForbiddenWithInternal(internal error, input map[string]interface{}, output rego.ResultSet) *UnauthorizedError {
|
||||
if input == nil {
|
||||
input = map[string]interface{}{}
|
||||
}
|
||||
func ForbiddenWithInternal(internal error, subject Subject, action Action, object Object, output rego.ResultSet) *UnauthorizedError {
|
||||
return &UnauthorizedError{
|
||||
internal: internal,
|
||||
input: input,
|
||||
subject: subject,
|
||||
action: action,
|
||||
object: object,
|
||||
output: output,
|
||||
}
|
||||
}
|
||||
@ -43,7 +48,11 @@ func (e *UnauthorizedError) Internal() error {
|
||||
}
|
||||
|
||||
func (e *UnauthorizedError) Input() map[string]interface{} {
|
||||
return e.input
|
||||
return map[string]interface{}{
|
||||
"subject": e.subject,
|
||||
"action": e.action,
|
||||
"object": e.object,
|
||||
}
|
||||
}
|
||||
|
||||
// Output contains the results of the Rego query for debugging.
|
||||
|
Reference in New Issue
Block a user