Skip to content

fix: fix PG coordinator context and RBAC subject #8223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 27, 2023
Merged

fix: fix PG coordinator context and RBAC subject #8223

merged 1 commit into from
Jun 27, 2023

Conversation

spikecurtis
Copy link
Contributor

Fixes two integration issues in the PG Coordinator noticed during system/scale testing:

  1. use the API context for the coordinator, so that it will stay alive for the lifetime of the API
  2. set the RBAC subject so that it has authorization to modify TailnetCoordinator resources and no others

@spikecurtis
fix PG coordinator context and RBAC subject
a082900 
Signed-off-by: Spike Curtis <spike@coder.com>
@spikecurtis spikecurtis requested review from Emyrk and mtojek June 27, 2023 09:52
mtojek
mtojek approved these changes Jun 27, 2023
View reviewed changes
Copy link
Member

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

enterprise/coderd/coderd.go
@@ -417,7 +417,7 @@ func (api *API) updateEntitlements(ctx context.Context) error {
if enabled {
var haCoordinator agpltailnet.Coordinator
if api.AGPL.Experiments.Enabled(codersdk.ExperimentTailnetPGCoordinator) {
haCoordinator, err = tailnet.NewPGCoord(ctx, api.Logger, api.Pubsub, api.Database)
haCoordinator, err = tailnet.NewPGCoord(api.ctx, api.Logger, api.Pubsub, api.Database)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: oh, I thought that this is the same context passed down

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think so, but this is a much easier way to be sure.

enterprise/tailnet/pgcoord.go
@@ -82,7 +84,21 @@ type pgCoord struct {
// NewPGCoord creates a high-availability coordinator that stores state in the PostgreSQL database and
// receives notifications of updates via the pubsub.
func NewPGCoord(ctx context.Context, logger slog.Logger, ps pubsub.Pubsub, store database.Store) (agpl.Coordinator, error) {
ctx, cancel := context.WithCancel(ctx)
ctx, cancel := context.WithCancel(dbauthz.As(ctx, rbac.Subject{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect that you learned about the need for RBAC context the hard way...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I intellectually knew it, in as much as I helped with the design of dbauthz, but then just forgot when the time came.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be safer if we can adopt any additional linter to spot these places. cc @johnstcn

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is more easily caught by an integration test than a linter.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very difficult to spot with a linter, because the subject could be added to the context anywhere along the stack down to the actual DB call.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, the current ruleguard linter we use doesn't have the capacity to do that kind of context analysis I don't think.

Testing should pick this stuff up pretty quick since it should always fail if you don't add a subject context.

@spikecurtis spikecurtis enabled auto-merge (squash) June 27, 2023 10:10
@spikecurtis spikecurtis merged commit 7943a5b into main Jun 27, 2023
@spikecurtis spikecurtis deleted the spike/pg-coordinator-rbac-context branch June 27, 2023 10:14
@github-actions github-actions bot locked and limited conversation to collaborators Jun 27, 2023
johnstcn
johnstcn reviewed Jun 27, 2023
View reviewed changes
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@johnstcn johnstcn johnstcn left review comments

@mtojek mtojek mtojek approved these changes

@Emyrk Emyrk Awaiting requested review from Emyrk

Assignees

@spikecurtis spikecurtis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@spikecurtis @johnstcn @Emyrk @mtojek