auth: Move permissions cache instance to service
Instead of a single sharded service shared all by all instances of `auth::service`, it makes more sense for each instance of `auth::service` to own its own instance of the permissions cache.
This commit is contained in:
Jesse Haber-Kucharsky
@@ -83,10 +83,6 @@ class permissions_cache final {
|
||||
public:
|
||||
explicit permissions_cache(const permissions_cache_config&, service&, logging::logger&);
|
||||
|
||||
future<> start() {
|
||||
return make_ready_future<>();
|
||||
}
|
||||
|
||||
future <> stop() {
|
||||
return _cache.stop();
|
||||
}
|
||||
|
||||
@@ -86,8 +86,6 @@ private:
|
||||
void on_drop_view(const sstring& ks_name, const sstring& view_name) override {}
|
||||
};
|
||||
|
||||
static sharded<permissions_cache> sharded_permissions_cache{};
|
||||
|
||||
static db::consistency_level consistency_for_user(const sstring& name) {
|
||||
if (name == meta::DEFAULT_SUPERUSER_NAME) {
|
||||
return db::consistency_level::QUORUM;
|
||||
@@ -133,7 +131,8 @@ service::service(
|
||||
std::unique_ptr<authorizer> z,
|
||||
std::unique_ptr<authenticator> a,
|
||||
std::unique_ptr<role_manager> r)
|
||||
: _cache_config(std::move(c))
|
||||
: _permissions_cache_config(std::move(c))
|
||||
, _permissions_cache(nullptr)
|
||||
, _qp(qp)
|
||||
, _migration_manager(mm)
|
||||
, _authorizer(std::move(z))
|
||||
@@ -143,12 +142,12 @@ service::service(
|
||||
}
|
||||
|
||||
service::service(
|
||||
permissions_cache_config cache_config,
|
||||
permissions_cache_config c,
|
||||
cql3::query_processor& qp,
|
||||
::service::migration_manager& mm,
|
||||
const service_config& sc)
|
||||
: service(
|
||||
std::move(cache_config),
|
||||
std::move(c),
|
||||
qp,
|
||||
mm,
|
||||
create_object<authorizer>(sc.authorizer_java_name, qp, mm),
|
||||
@@ -243,19 +242,20 @@ future<> service::start() {
|
||||
return _role_manager->start();
|
||||
}).then([this] {
|
||||
return when_all_succeed(_authorizer->start(), _authenticator->start());
|
||||
}).then([this] {
|
||||
_permissions_cache = std::make_unique<permissions_cache>(_permissions_cache_config, *this, log);
|
||||
}).then([this] {
|
||||
return once_among_shards([this] {
|
||||
_migration_manager.register_listener(_migration_listener.get());
|
||||
return sharded_permissions_cache.start(std::ref(_cache_config), std::ref(*this), std::ref(log));
|
||||
return make_ready_future<>();
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
future<> service::stop() {
|
||||
return once_among_shards([this] {
|
||||
_delayed.cancel_all();
|
||||
return sharded_permissions_cache.stop();
|
||||
}).then([this] {
|
||||
_delayed.cancel_all();
|
||||
|
||||
return _permissions_cache->stop().then([this] {
|
||||
return when_all_succeed(_role_manager->stop(), _authorizer->stop(), _authenticator->stop());
|
||||
});
|
||||
}
|
||||
@@ -338,7 +338,7 @@ future<> service::delete_user(const sstring& name) {
|
||||
}
|
||||
|
||||
future<permission_set> service::get_permissions(::shared_ptr<authenticated_user> u, resource r) const {
|
||||
return sharded_permissions_cache.local().get(std::move(u), std::move(r));
|
||||
return _permissions_cache->get(std::move(u), std::move(r));
|
||||
}
|
||||
|
||||
future<bool> service::role_has_superuser(stdx::string_view role_name) const {
|
||||
|
||||
@@ -68,7 +68,8 @@ struct service_config final {
|
||||
/// builds on their functionality with caching and abstractions for common operations.
|
||||
///
|
||||
class service final {
|
||||
permissions_cache_config _cache_config;
|
||||
permissions_cache_config _permissions_cache_config;
|
||||
std::unique_ptr<permissions_cache> _permissions_cache;
|
||||
|
||||
cql3::query_processor& _qp;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user