Don't initialise a new Authorizer each query

query/query_executor.go

@@ -68,7 +68,7 @@ func ErrMaxConcurrentQueriesLimitExceeded(n, limit int) error {
 	return fmt.Errorf("max-concurrent-queries limit exceeded(%d, %d)", n, limit)
 }
 
-// Authorizer reports whether certain operations are authorized.
+// Authorizer determines if certain operations are authorized.
 type Authorizer interface {
 	// AuthorizeDatabase indicates whether the given Privilege is authorized on the database with the given name.
 	AuthorizeDatabase(p influxql.Privilege, name string) bool
@@ -85,22 +85,26 @@ type Authorizer interface {
 
 // OpenAuthorizer is the Authorizer used when authorization is disabled.
 // It allows all operations.
-type OpenAuthorizer struct{}
+type openAuthorizer struct{}
 
-var _ Authorizer = OpenAuthorizer{}
+// OpenAuthorizer can be shared by all goroutines.
+var OpenAuthorizer = openAuthorizer{}
 
 // AuthorizeDatabase returns true to allow any operation on a database.
-func (_ OpenAuthorizer) AuthorizeDatabase(influxql.Privilege, string) bool { return true }
+func (a openAuthorizer) AuthorizeDatabase(influxql.Privilege, string) bool { return true }
 
-func (_ OpenAuthorizer) AuthorizeSeriesRead(database string, measurement []byte, tags models.Tags) bool {
+// AuthorizeSeriesRead allows accesss to any series.
+func (a openAuthorizer) AuthorizeSeriesRead(database string, measurement []byte, tags models.Tags) bool {
 	return true
 }
 
-func (_ OpenAuthorizer) AuthorizeSeriesWrite(database string, measurement []byte, tags models.Tags) bool {
+// AuthorizeSeriesWrite allows accesss to any series.
+func (a openAuthorizer) AuthorizeSeriesWrite(database string, measurement []byte, tags models.Tags) bool {
 	return true
 }
 
-func (_ OpenAuthorizer) AuthorizeQuery(_ string, _ *influxql.Query) error { return nil }
+// AuthorizeSeriesRead allows any query to execute.
+func (a openAuthorizer) AuthorizeQuery(_ string, _ *influxql.Query) error { return nil }
 
 // ExecutionOptions contains the options for executing a query.
 type ExecutionOptions struct {

services/httpd/handler.go

@@ -418,7 +418,7 @@ func (h *Handler) serveQuery(w http.ResponseWriter, r *http.Request, user meta.U
 		opts.Authorizer = user
 	} else {
 		// Auth is disabled, so allow everything.
-		opts.Authorizer = query.OpenAuthorizer{}
+		opts.Authorizer = query.OpenAuthorizer
 	}
 
 	// Make sure if the client disconnects we signal the query to abort
@@ -960,7 +960,7 @@ func (h *Handler) servePromRead(w http.ResponseWriter, r *http.Request, user met
 		opts.Authorizer = user
 	} else {
 		// Auth is disabled, so allow everything.
-		opts.Authorizer = query.OpenAuthorizer{}
+		opts.Authorizer = query.OpenAuthorizer
 	}
 
 	// Make sure if the client disconnects we signal the query to abort

services/storage/series_cursor.go

@@ -55,7 +55,7 @@ type indexSeriesCursor struct {
 func newIndexSeriesCursor(ctx context.Context, req *ReadRequest, shards []*tsdb.Shard) (*indexSeriesCursor, error) {
 	opt := query.IteratorOptions{
 		Aux:        []influxql.VarRef{{Val: "key"}},
-		Authorizer: query.OpenAuthorizer{},
+		Authorizer: query.OpenAuthorizer,
 		Ordered:    true,
 	}
 	p := &indexSeriesCursor{row: seriesRow{shards: shards}}