Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Don't initialise a new Authorizer each query

pull/9127/head
Edd Robinson 2017-11-14 11:52:19 +00:00
parent aa99a56bf1
commit c098081c7d
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
query/query_executor.go
View File

@ -68,7 +68,7 @@ func ErrMaxConcurrentQueriesLimitExceeded(n, limit int) error {
return fmt.Errorf("max-concurrent-queries limit exceeded(%d, %d)", n, limit)
}
// Authorizer reports whether certain operations are authorized.
// Authorizer determines if certain operations are authorized.
type Authorizer interface {
// AuthorizeDatabase indicates whether the given Privilege is authorized on the database with the given name.
AuthorizeDatabase(p influxql.Privilege, name string) bool
@ -85,22 +85,26 @@ type Authorizer interface {
// OpenAuthorizer is the Authorizer used when authorization is disabled.
// It allows all operations.
type OpenAuthorizer struct{}
type openAuthorizer struct{}
var _ Authorizer = OpenAuthorizer{}
// OpenAuthorizer can be shared by all goroutines.
var OpenAuthorizer = openAuthorizer{}
// AuthorizeDatabase returns true to allow any operation on a database.
func (_ OpenAuthorizer) AuthorizeDatabase(influxql.Privilege, string) bool { return true }
func (a openAuthorizer) AuthorizeDatabase(influxql.Privilege, string) bool { return true }
func (_ OpenAuthorizer) AuthorizeSeriesRead(database string, measurement []byte, tags models.Tags) bool {
// AuthorizeSeriesRead allows accesss to any series.
func (a openAuthorizer) AuthorizeSeriesRead(database string, measurement []byte, tags models.Tags) bool {
return true
}
func (_ OpenAuthorizer) AuthorizeSeriesWrite(database string, measurement []byte, tags models.Tags) bool {
// AuthorizeSeriesWrite allows accesss to any series.
func (a openAuthorizer) AuthorizeSeriesWrite(database string, measurement []byte, tags models.Tags) bool {
return true
}
func (_ OpenAuthorizer) AuthorizeQuery(_ string, _ *influxql.Query) error { return nil }
// AuthorizeSeriesRead allows any query to execute.
func (a openAuthorizer) AuthorizeQuery(_ string, _ *influxql.Query) error { return nil }
// ExecutionOptions contains the options for executing a query.
type ExecutionOptions struct {

4
services/httpd/handler.go
View File

@ -418,7 +418,7 @@ func (h *Handler) serveQuery(w http.ResponseWriter, r *http.Request, user meta.U
opts.Authorizer = user
} else {
// Auth is disabled, so allow everything.
opts.Authorizer = query.OpenAuthorizer{}
opts.Authorizer = query.OpenAuthorizer
}
// Make sure if the client disconnects we signal the query to abort
@ -960,7 +960,7 @@ func (h *Handler) servePromRead(w http.ResponseWriter, r *http.Request, user met
opts.Authorizer = user
} else {
// Auth is disabled, so allow everything.
opts.Authorizer = query.OpenAuthorizer{}
opts.Authorizer = query.OpenAuthorizer
}
// Make sure if the client disconnects we signal the query to abort

2
services/storage/series_cursor.go
View File

@ -55,7 +55,7 @@ type indexSeriesCursor struct {
func newIndexSeriesCursor(ctx context.Context, req *ReadRequest, shards []*tsdb.Shard) (*indexSeriesCursor, error) {
opt := query.IteratorOptions{
Aux: []influxql.VarRef{{Val: "key"}},
Authorizer: query.OpenAuthorizer{},
Authorizer: query.OpenAuthorizer,
Ordered: true,
}
p := &indexSeriesCursor{row: seriesRow{shards: shards}}