WIP: ACLs #4013
Draft
WIP: ACLs #4013
+3,877
−3,184
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Don't do other best practices yet. Those will be in upcoming commits. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Also use const for the GList iterator and the xml_acl_t variable. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
If the "else"/"docpriv->acls == NULL" block was executed, then target was set to NULL, which meant we wouldn't do anything else before returning true. Also drop some redundancies: * The dropped trace message doesn't seem very helpul. * pcmk__xml_copy() is guaranteed to return non-NULL if its second argument is non-NULL. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Nothing in the loop can set it to NULL. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Only element nodes have attributes. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
nrwahl2
force-pushed
the
nrwahl2-acls
branch
4 times, most recently
from
5b2ccd1 to
b35c6bd
Compare
Call pcmk__xe_remove_matching_attrs(), which is made for this purpose. Write a simple match function to ensure we only remove non-ID attributes. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
And rename pcmk__apply_acl() to pcmk__apply_acls(). Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
The pcmk__if_tracing() block makes sense but it feels like premature optimization and makes the code harder to read. I'm not worried about the overhead of allocating and freeing a small GString each time we apply an ACL. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Also rename a variable and drop a trace message that seems unhelpful. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
We drop a trace log in order to do this. To get the number of matches from pcmk__xpath_foreach_result(), we'd have to pass a struct as user data to hold both the ACL itself and the match count. That doesn't seem worth the trouble. We still have the trace message after applying an ACL to a particular match. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
And rename to pcmk__unpack_acls(). In general, we assume that an XML node has a non-NULL doc and that its doc has a non-NULL _private field. If we ever want to start checking that (in case a node somehow originated outside of pcmk__xe_create()), we should do it more broadly. The two callers already ensure that target is not NULL. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
It is possible that these values won't get used, but fetching and setting them is pretty lightweight. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Or at least try to clarify it a bit, by returning early if not target or group. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Use the second argument of pcmk__xe_first_child() and pcmk__xe_next() to specify what type of element to get (PCMK_XE_ACL_ROLE). Also unindent a block with pcmk__trace() in it, and use pcmk__xe_id(). Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
An acl_permission element's ID is currently used only for logging. So we can be permissive and allow this. It seems that our usual approach to things that the schema doesn't allow is to continue processing them if it's possible (for example, if it doesn't result in a broken reference). So warn here. For missing or invalid "kind" attribute, we have to ignore the element, so set a config error. It doesn't look as if we're very consistent about when we set warnings vs. errors, so I'm just doing what feels like it makes the most sense. We could just as well call all of these warnings or call all of these errors. Also, log the parent type and ID parenthetically for errors other than missing ID. If we proceeded with unpacking an acl_permission element without an ID, we want any further log messages to have some identifying information about where or what the acl_permission element is. It doesn't hurt to log this even if the acl_permission's ID is set. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
So that it's beneath its helpers. No code changes otherwise. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Further improvements are coming. For now, we have a recursive call and a new (temporary) forward declaration of parse_acl_entry(). Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This involves removing some const qualifiers, because pcmk__xpath_search() takes a non-const xmlDoc. Our convention is to use a non-const pointer argument whenever we use one of the argument's fields (in this case, the doc field) as a non- const. At first, this feels like a use case for pcmk__xe_resolve_idref(), but that function would need to be extended in at least two ways: * It would need to match a PCMK_XA_ID attribute instead of a PCMK_XA_ID_REF attribute. * It would need to match a referenced element whose type differs from that of the referencing element (PCMK_XE_ACL_ROLE vs. PCMK_XE_ROLE). Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
And rename to unpack_acl_target(). We could simplify further, except that we've been allowing <acl_target> and <acl_group> elements to contain <acl_permission> elements and unpacking them in violation of the schema. I've marked this as "fix" to add to the change log, because it does change behavior: if <role> elements are nested within <acl_role> elements, they will now be ignored. They should never have been configured in the first place. Thus far, I have made an effort to maintain backward compatibility even for configurations that the schema doesn't allow. I have not done so here. A workaround would risk an infinite loop of following references, and trying to prevent that is not worth the trouble. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
To replace pcmk_acl_required(). Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
It's in utils.c, not acl.c. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
nrwahl2
force-pushed
the
nrwahl2-acls
branch
from
5dddf87 to
61ac8e0
Compare
I really doubt that any performance savings we may be getting are enough to justify the readability cost of (a) defining and testing this function and (b) calling it before each call to pcmk__xml_escape(). Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Nothing uses this yet. Also assert on NULL fn in other XML foreach functions. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
It only has one caller, and its checks (non-NULL argument and tracking flag set) will always pass in that caller. So we end up with two lines of code, which are straightforward to pull into mark_child_created(). Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
We'll use it in an upcoming commit that splits XML change-tracking/committing into a separate file. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
We'll use it in an upcoming commit that splits XML change-tracking/committing into a separate file. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
I wanted to call it xml_change.c. This code is much more about
calculating and committing changes than about tracking them. However, we
already have patchset{,_display}.c, which deals with XML changes in its
own way. I'm trying to introduce as little confusion as possible. I went
with tracking based on the flag name pcmk__xf_tracking.
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
It takes up more space and is slightly less efficient than the corresponding series of pcmk__xe_set() calls. I don't see an advantage for readability or performance, so we might as well drop it. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
It's the same as pcmk__output_xml_create_parent() when is_list is true, and it's the same as pcmk__output_create_xml_node() when is_list is false. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
I don't think the variadic argument helps readability much. It avoids the need to store the result in an xmlNode * variable in the caller, which can save a line. But it requires an extra line for the NULL terminator, and it requires indenting each line much farther, which is one reason we have so many temp variables. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
I don't think the variadic argument helps readability much. It avoids the need to store the result in an xmlNode * variable in the caller, which can save a line. But it requires an extra line for the NULL terminator, and it requires indenting each line much farther, which is one reason we have so many temp variables. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Use pcmk__xe_set_int() instead. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Nothing calls it anymore. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.