admin/milvus
1
0
Fork 0
mirror of https://gitee.com/milvus-io/milvus.git synced 2025-12-06 17:18:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
milvus/internal/proxy/privilege/result_cache.go
congqixia f5f053f1d2
enhance: Refactor privilege management by extracting privilege cache into separate package (#44762) 
Related to #44761

This commit refactors the privilege management system in the proxy
component by:

1. **Separation of Concerns**: Extracts privilege-related functionality
from MetaCache into a dedicated `internal/proxy/privilege` package,
improving code organization and maintainability.

2. **New Package Structure**: Creates `internal/proxy/privilege/` with:
   - `cache.go`: Core privilege cache implementation (PrivilegeCache)
   - `result_cache.go`: Privilege enforcement result caching
   - `model.go`: Casbin model and policy enforcement functions
   - `meta_cache_adapter.go`: Casbin adapter for MetaCache integration
   - Corresponding test files and mock implementations

3. **MetaCache Simplification**: Removes privilege and credential
management methods from MetaCache interface and implementation:
   - Removed: GetCredentialInfo, RemoveCredential, UpdateCredential
- Removed: GetPrivilegeInfo, GetUserRole, RefreshPolicyInfo,
InitPolicyInfo
   - Deleted: meta_cache_adapter.go, privilege_cache.go and their tests

4. **Updated References**: Updates all callsites to use the new
privilegeCache global:
- Authentication interceptor now uses privilegeCache for password
verification
- Credential cache operations (InvalidateCredentialCache,
UpdateCredentialCache, UpdateCredential) now use privilegeCache
- Policy refresh operations (RefreshPolicyInfoCache) now use
privilegeCache
- Privilege interceptor uses new privilege.GetEnforcer() and privilege
result cache

5. **Improved API**: Renames cache functions for clarity:
   - GetPrivilegeCache → GetResultCache
   - SetPrivilegeCache → SetResultCache
   - CleanPrivilegeCache → CleanResultCache

This refactoring makes the codebase more modular, separates privilege
management concerns from general metadata caching, and provides a
clearer API for privilege enforcement operations.

---------

Signed-off-by: Congqi Xia <congqi.xia@zilliz.com>
2025-10-13 11:15:58 +08:00

87 lines
2.3 KiB
Go
Raw Permalink Blame History

// Licensed to the LF AI & Data foundation under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package privilege
import (
"fmt"
"sync"
"go.uber.org/atomic"
"github.com/milvus-io/milvus/pkg/v2/util/typeutil"
)
var (
priCacheInitOnce sync.Once
priCacheMut sync.RWMutex
priCache *resultCache
ver atomic.Int64
)
func getPriCache() *resultCache {
priCacheMut.RLock()
c := priCache
priCacheMut.RUnlock()
if c == nil {
priCacheInitOnce.Do(func() {
priCacheMut.Lock()
defer priCacheMut.Unlock()
priCache = &resultCache{
version: ver.Inc(),
values: typeutil.ConcurrentMap[string, bool]{},
}
})
priCacheMut.RLock()
defer priCacheMut.RUnlock()
c = priCache
}
return c
}
func CleanPrivilegeCache() {
priCacheMut.Lock()
defer priCacheMut.Unlock()
priCache = &resultCache{
version: ver.Inc(),
values: typeutil.ConcurrentMap[string, bool]{},
}
}
func GetResultCache(roleName, object, objectPrivilege string) (isPermit, cached bool, version int64) {
key := fmt.Sprintf("%s_%s_%s", roleName, object, objectPrivilege)
c := getPriCache()
isPermit, cached = c.values.Get(key)
return isPermit, cached, c.version
}
func SetResultCache(roleName, object, objectPrivilege string, isPermit bool, version int64) {
key := fmt.Sprintf("%s_%s_%s", roleName, object, objectPrivilege)
c := getPriCache()
if c.version == version {
c.values.Insert(key, isPermit)
}
}
// PrivilegeCache is a cache for privilege enforce result
// version provides version control when any policy updates
type resultCache struct {
values typeutil.ConcurrentMap[string, bool]
version int64
}
Reference in New Issue View Git Blame Copy Permalink