mirror of
https://github.com/sourcegraph/sourcegraph.git
synced 2026-02-06 20:31:48 +00:00
c917330d6b
This is a register call that is easy to forget. When forgotten, all queries against the repo store will block forever. In addition, this adds a hard-dependency on conf to every services startup, plus a busy loop. With multi-tenant, this will not work great because authz providers would be a global, and we instead want most things to be ephemeral so they're per-provider. This is a step toward that, but doesn't yet remove the providers global variable. Good news, it turns out that we don't actually need to register the providers in every service! The reason they were required was to check if zero providers are configured, or if authzbypass mode is enabled. Authz bypass mode is usually ON, except when there are problems with the authz providers, meaning some authz providers might not be able to sync permissions. Bypassing of permissions is only ever happening if there are ALSO zero providers configured. So this is basically an optimization for the case where an instance has zero authz configured so that the SQL queries are a bit simpler. This also helps in tests because with bypass mode on and no providers configured, authz enforcement is effectively off in the repo store. This makes it so that in tests we need to do slightly more work, but also makes for a more realistic test vs at runtime setup. Also, it's highly recommended to use mocks for DB wherever possible in more high-level components to keep tests fast. To never have a scenario where we accidentally mess up here and enable bypass mode erroneously, this PR drops that entirely. Authz is always enforced, but when a code host connection is unrestricted (i.e., will not spawn a provider) the repos are still visible, so this should be no change over before. ## Test plan The stack starts and works, and all CI tests are still passing. Code review should help as well. |
||
|---|---|---|
| .. | ||
| gitops | ||
| helpers | ||
| images | ||
| integration/executors | ||
| internal | ||
| runtype | ||
| scripts | ||
| trivy | ||
| annotate-cloud-ephemeral.sh | ||
| asdf-install.sh | ||
| bazel-build-sg.sh | ||
| bazel-configure.sh | ||
| bazel-gomodtidy.sh | ||
| bazel-prechecks-apply.sh | ||
| bazel-prechecks.sh | ||
| bazel.sh | ||
| BUILD.bazel | ||
| CODENOTIFY | ||
| create-client-artifact.sh | ||
| docker-publish.sh | ||
| gen-metadata-annotation.sh | ||
| gen-pipeline.go | ||
| gen-pipeline.sh | ||
| glossary.md | ||
| msp_deploy.sh | ||
| OWNERS | ||
| parallel_run.sh | ||
| pnpm-build.sh | ||
| pnpm-install-with-retry.sh | ||
| pnpm-run.sh | ||
| pnpm-web-integration.sh | ||
| push_all.sh | ||
| README.md | ||
| reset-test-db.sh | ||
| semgrep-scan.sh | ||
Buildkite Pipeline for sourcegraph/sourcegraph
We dynamically generate our CI pipeline for Buildkite based on the output of gen-pipeline.go. To learn more, refer to the continuous integration docs.