fork of https://github.com/sourcegraph/zoekt
tenant: introduce systemtenant (#863)
Some tasks, such as loading shards, require priviledged access on startup. Here I introduce systemtenant which we can use for these kinds of things.
This is motivated by bug where the symbol sidebar in multi-tenant node wouldn't work because ranked shards were not loaded correctly which in turn caused SelectRepoSet to return 0 shards always.
Test plan:
added unit test
manual testing: symbol sidebar works now
author
Stefan Hengl
committer
GitHub
date
(Nov 21, 2024, 4:04 PM +0100)
commit
7af9f842
7af9f842568cf8e164cc82561394aa2939f03348
parent
c4b0bc47
c4b0bc47a729d20883c7dfe8b126062c87fe8777
+51
-5
+2
-2
eval.go
+2
-2
eval.go
···
231
231
232
232
// 🚨 SECURITY: Skip documents that don't belong to the tenant. This check is
233
233
// necessary to prevent leaking data across tenants.
234
-
if !tenant.EqualsID(ctx, repoMetadata.TenantID) {
234
+
if !tenant.HasAccess(ctx, repoMetadata.TenantID) {
235
235
continue
236
236
}
237
237
···
624
624
}
625
625
// 🚨 SECURITY: Skip documents that don't belong to the tenant. This check is
626
626
// necessary to prevent leaking data across tenants.
627
-
if !tenant.EqualsID(ctx, d.repoMetaData[i].TenantID) {
627
+
if !tenant.HasAccess(ctx, d.repoMetaData[i].TenantID) {
628
628
continue
629
629
}
630
630
rle := &d.repoListEntry[i]
+7
-2
internal/tenant/query.go
+7
-2
internal/tenant/query.go
···
2
2
3
3
import (
4
4
"context"
5
+
6
+
"github.com/sourcegraph/zoekt/internal/tenant/systemtenant"
5
7
)
6
8
7
-
// EqualsID returns true if the tenant ID in the context matches the
9
+
// HasAccess returns true if the tenant ID in the context matches the
8
10
// given ID. If tenant enforcement is disabled, it always returns true.
9
-
func EqualsID(ctx context.Context, id int) bool {
11
+
func HasAccess(ctx context.Context, id int) bool {
10
12
if !EnforceTenant() {
13
+
return true
14
+
}
15
+
if systemtenant.Is(ctx) {
11
16
return true
12
17
}
13
18
t, err := FromContext(ctx)
+22
internal/tenant/systemtenant/systemtenant.go
+22
internal/tenant/systemtenant/systemtenant.go
···
1
+
// Package systemtenant exports UnsafeCtx which allows to access shards across
2
+
// all tenants. This must only be used for tasks that are not request specific.
3
+
package systemtenant
4
+
5
+
import (
6
+
"context"
7
+
)
8
+
9
+
type contextKey int
10
+
11
+
const systemTenantKey contextKey = iota
12
+
13
+
// UnsafeCtx is a context that allows queries across all tenants. Don't use this
14
+
// for user requests.
15
+
var UnsafeCtx = context.WithValue(context.Background(), systemTenantKey, systemTenantKey)
16
+
17
+
// Is returns true if the context has been marked to allow queries across all
18
+
// tenants.
19
+
func Is(ctx context.Context) bool {
20
+
_, ok := ctx.Value(systemTenantKey).(contextKey)
21
+
return ok
22
+
}
+15
internal/tenant/systemtenant/systemtenant_test.go
+15
internal/tenant/systemtenant/systemtenant_test.go
+5
-1
shards/shards.go
+5
-1
shards/shards.go
···
35
35
"go.uber.org/atomic"
36
36
37
37
"github.com/sourcegraph/zoekt"
38
+
"github.com/sourcegraph/zoekt/internal/tenant/systemtenant"
38
39
"github.com/sourcegraph/zoekt/query"
39
40
"github.com/sourcegraph/zoekt/trace"
40
41
)
···
1072
1073
1073
1074
func mkRankedShard(s zoekt.Searcher) *rankedShard {
1074
1075
q := query.Const{Value: true}
1075
-
result, err := s.List(context.Background(), &q, nil)
1076
+
// We need to use UnsafeCtx here, otherwise we cannot return a proper
1077
+
// rankedShard. On the user request path we use selectRepoSet which relies on
1078
+
// rankedShard.repos being set.
1079
+
result, err := s.List(systemtenant.UnsafeCtx, &q, nil)
1076
1080
if err != nil {
1077
1081
log.Printf("mkRankedShard(%s): failed to cache repository list: %v", s, err)
1078
1082
return &rankedShard{Searcher: s}