artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 15:12:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
02a08981d0
sourcegraph/cmd/syntactic-code-intel-worker
History
Erik Seliger c917330d6b
authz: Drop requirement for installing authz providers in every service (#63743) 
This is a register call that is easy to forget. When forgotten, all queries against the repo store will block forever.

In addition, this adds a hard-dependency on conf to every services startup, plus a busy loop. With multi-tenant, this will not work great because authz providers would be a global, and we instead want most things to be ephemeral so they're per-provider. This is a step toward that, but doesn't yet remove the providers global variable.

Good news, it turns out that we don't actually need to register the providers in every service! The reason they were required was to check if zero providers are configured, or if authzbypass mode is enabled.

Authz bypass mode is usually ON, except when there are problems with the authz providers, meaning some authz providers might not be able to sync permissions. Bypassing of permissions is only ever happening if there are ALSO zero providers configured.

So this is basically an optimization for the case where an instance has zero authz configured so that the SQL queries are a bit simpler. This also helps in tests because with bypass mode on and no providers configured, authz enforcement is effectively off in the repo store.
This makes it so that in tests we need to do slightly more work, but also makes for a more realistic test vs at runtime setup. Also, it's highly recommended to use mocks for DB wherever possible in more high-level components to keep tests fast.

To never have a scenario where we accidentally mess up here and enable bypass mode erroneously, this PR drops that entirely. Authz is always enforced, but when a code host connection is unrestricted (i.e., will not spawn a provider) the repos are still visible, so this should be no change over before.

## Test plan

The stack starts and works, and all CI tests are still passing. Code review should help as well.
2024-07-31 01:23:34 +02:00
..
shared authz: Drop requirement for installing authz providers in every service (#63743) 2024-07-31 01:23:34 +02:00
BUILD.bazel bazel: transcribe test ownership to bazel tags (#62664) 2024-05-16 15:51:16 +01:00
CODENOTIFY Batch indexing: syntactic codeintel worker scaffolding (#59747) 2024-01-24 13:04:20 +00:00
image_test.yaml highlighter: Rename scip-treesitter-cli -> scip-syntax (#60077) 2024-02-05 13:15:09 +01:00
main.go Batch indexing: syntactic codeintel worker scaffolding (#59747) 2024-01-24 13:04:20 +00:00
README.md Batch indexing: syntactic codeintel worker scaffolding (#59747) 2024-01-24 13:04:20 +00:00

README.md

Syntactic code intel worker

🚧 WORK IN PROGRESS 🚧

Stateless service that handles generating SCIP data for codebases using Tree-sitter for powering syntax-based code navigation.

Design docs (Sourcegraph internal)