Skip unneeded resolve role #22597
Skip unneeded resolve role #22597
Conversation
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
mpalmi
force-pushed
the
skip-unneeded-resolve-role
branch
from
4e79120
to
8c16ca5
Compare
mpalmi
force-pushed
the
skip-unneeded-resolve-role
branch
2 times, most recently
from
771d162
to
0f2ab8e
Compare
|
Build Results: |
mpalmi
force-pushed
the
skip-unneeded-resolve-role
branch
from
c1d2a77
to
e59b252
Compare
| // ns would have been made non-empty during insertion. Use non-empty | ||
| // value during query as well. | ||
| if req.NamespacePath == "" { | ||
| req.NamespacePath = "root" |
There was a problem hiding this comment.
Is this used anywhere upstream? We are changing the request downstream and I am wondering what effect could it have for the upstream caller?
There was a problem hiding this comment.
Good thought. Note that this is specifically for the quotas.Request, so I don't think it will have any outside impacts (this is just used internally to query memdb). This is consistent with the way its done for other queries if you look at queryQuota.
| // If this is not a role-based quota, we still need to associate the | ||
| // login role with this lease for later lease-count quotas to be | ||
| // accurate. | ||
| if reqRole == nil && resp.Auth.TokenType != logical.TokenTypeBatch { |
There was a problem hiding this comment.
Is this how we determine if a request generates a lease? just make sure it's not a batch token?
There was a problem hiding this comment.
Yes, for login requests. In general it's more complicated.
This PR skips
ResolveRoleOperationcalls for requests if the namespace/mount doesn't have role-based quotas.We later perform the operation on-demand for lease creation if it has not already been done.