Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make requesting user available in context #4352

Merged
merged 2 commits into from
Feb 13, 2015
Merged

Make requesting user available in context #4352

merged 2 commits into from
Feb 13, 2015

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Feb 11, 2015

This PR does the following:

  • Remove the map of requests to users
  • Add a map of requests to contexts
  • Initializes a context containing the user as the first step of an authenticated request
  • Pass the requestToContext map into resthandler
  • Modify resthandler to use the context already associated with the request if one exists

This feels gorpy, but I can't think of a better way to let resthandler have requesting user info without a global request-to-context (or user) map. Open to suggestions for cleaner ways to accomplish this.

@smarterclayton @erictune

@smarterclayton smarterclayton self-assigned this Feb 11, 2015
@smarterclayton
Copy link
Contributor

@erictune FYI as well - this establishes user as part of context, which allows subordinate calls to tie a request back to a user.

liggitt
liggitt reviewed Feb 11, 2015
View reviewed changes
pkg/api/requestcontext.go
return nil
}

func (c *requestContextMap) set(req *http.Request, context Context) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is me trying to prevent the world from monkeying with the internal map

@smarterclayton
Copy link
Contributor

In my head there are three steps that happen during every request:

  1. An initial context is established in a global map (req -> context)
  2. A user is authenticated
  3. A user is authorized

2 and 3 are subordinate to 1. Code below 3 should have the api.Context available and try to pass it down, and generally should not have to modify the api.Context (other than through the standard mechanism of scoping it and passing it to a child).

@liggitt
Copy link
Member Author

liggitt commented Feb 11, 2015

@derekwaynecarr FYI

smarterclayton
smarterclayton reviewed Feb 12, 2015
View reviewed changes
pkg/api/requestcontext.go
"sync"
)

type RequestContextMapper interface {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Godoc

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Describe who should be allowed to call update and what the risks are

@smarterclayton
Copy link
Contributor

Minor comments, LGTM otherwise. In order to use context as its intended we would have needed to do this anyway.

@smarterclayton
Copy link
Contributor

The only person who should update would be the authenticator or the tracer (my other WIP). Everyone else should be passing context down.

@liggitt
Copy link
Member Author

liggitt commented Feb 12, 2015

updated:

  • addressed comments
  • added godoc
  • renamed set to init
  • made sure an initial context will only get set once
  • made sure remove is only paired with the first successful init
  • fail early in NewRequestContextFilter if an unknown mapper type is given

@smarterclayton smarterclayton mentioned this pull request Feb 12, 2015
Closed
@liggitt liggitt force-pushed the user_context branch 2 times, most recently from 68df92c to 91de76c Compare February 12, 2015 18:30
@liggitt
Copy link
Member Author

liggitt commented Feb 12, 2015

rebased, added a ContextFunc for api_installer to use

smarterclayton
smarterclayton reviewed Feb 12, 2015
View reviewed changes
pkg/master/master.go
@@ -367,8 +372,10 @@ func logStackOnRecover(panicReason interface{}, httpWriter http.ResponseWriter)

// init initializes master.
func (m *Master) init(c *Config) {
var userContexts = handlers.NewUserRequestContext()
var authenticator = c.Authenticator
var err error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would probably move this out.

@liggitt
Copy link
Member Author

liggitt commented Feb 13, 2015

rebased and comments addressed

@smarterclayton
Copy link
Contributor

This LGTM but want @erictune's signoff

smarterclayton added a commit that referenced this pull request Feb 13, 2015
@smarterclayton
Merge pull request #4352 from liggitt/user_context
4b56424 
Make requesting user available in context
@smarterclayton smarterclayton merged commit 4b56424 into kubernetes:master Feb 13, 2015
@smarterclayton
Copy link
Contributor

Got impatient, will take feedback from master :)

@liggitt liggitt deleted the user_context branch February 13, 2015 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@smarterclayton smarterclayton

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@liggitt @smarterclayton