Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorizer API improvements #255

Merged
merged 2 commits into from
Dec 5, 2024
Merged

Authorizer API improvements #255

merged 2 commits into from
Dec 5, 2024

Conversation

divarvel
Copy link
Collaborator

@divarvel divarvel commented Dec 3, 2024
edited
Loading

Based on tests with a private project:

  • impl Debug for Authorizer
  • allow constructing an Authorizer even if datalog evaluation fails

the second part is the biggest change, it makes running evaluation actually lazy (authorize and query functions ensure that evaluation is run). This allows constructing an Authorizer even if datalog evaluation fails. This is especially useful to take snapshots of failed datalog evaluations.

TODO

  • consider keeping track of failed evaluations (eg by replacing Option<Duration> with NotStarted | Success(Duration) | Failed(Duration) ) => maybe in a next version, this would require further changes to the snapshot data structure
  • have a look at snapshot roundtrips => i have found an issue with Authorizer::from_snapshot(), but this will require extra work, in a separate PR

@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Dec 3, 2024
edited
Loading

CodSpeed Performance Report

Merging #255 will not alter performance

Comparing authorizer-debug (0328663) with v5 (3bd7a7b)

Summary

✅ 12 untouched benchmarks

divarvel
divarvel commented Dec 4, 2024
View reviewed changes
biscuit-auth/src/token/authorizer.rs Outdated
}

impl Authorizer {
pub fn run(&mut self) -> Result<Duration, error::Token> {
match self.execution_time {
Some(execution_time) => Ok(execution_time), // TODO should `run` be idempotent or raise an error if called twice?
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

run being idempotent makes it really easy to lazily trigger evaluation in either authorize or query, so it is very important to have this ability. maybe as an internal function if we really want to make sure run triggers evaluation or fails if it can’t?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep it's good that this is idempotent

@divarvel
Authorizer: don’t run the authorizer right after building it.
0328663 
This allows taking a snapshot of the authorizer even if the datalog evaluation fails.
@divarvel divarvel merged commit c8057ce into v5 Dec 5, 2024
4 of 5 checks passed
@divarvel divarvel deleted the authorizer-debug branch December 5, 2024 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Geal Geal Geal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@divarvel @Geal