rename EqualsID, simplify systemtenant

sourcegraph · Nov 21, 2024 · 934161c · 934161c
1 parent 46af1c2
commit 934161c
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 25 deletions.
diff --git a/eval.go b/eval.go
@@ -231,7 +231,7 @@ nextFileMatch:
 
 			// 🚨 SECURITY: Skip documents that don't belong to the tenant. This check is
 			// necessary to prevent leaking data across tenants.
-			if !tenant.EqualsID(ctx, repoMetadata.TenantID) {
+			if !tenant.HasAccess(ctx, repoMetadata.TenantID) {
 				continue
 			}
 
@@ -624,7 +624,7 @@ func (d *indexData) List(ctx context.Context, q query.Q, opts *ListOptions) (rl
 		}
 		// 🚨 SECURITY: Skip documents that don't belong to the tenant. This check is
 		// necessary to prevent leaking data across tenants.
-		if !tenant.EqualsID(ctx, d.repoMetaData[i].TenantID) {
+		if !tenant.HasAccess(ctx, d.repoMetaData[i].TenantID) {
 			continue
 		}
 		rle := &d.repoListEntry[i]

diff --git a/internal/tenant/query.go b/internal/tenant/query.go
@@ -6,9 +6,9 @@ import (
 	"github.com/sourcegraph/zoekt/internal/tenant/systemtenant"
 )
 
-// EqualsID returns true if the tenant ID in the context matches the
+// HasAccess returns true if the tenant ID in the context matches the
 // given ID. If tenant enforcement is disabled, it always returns true.
-func EqualsID(ctx context.Context, id int) bool {
+func HasAccess(ctx context.Context, id int) bool {
 	if !EnforceTenant() {
 		return true
 	}

diff --git a/internal/tenant/systemtenant/systemtenant.go b/internal/tenant/systemtenant/systemtenant.go
@@ -5,25 +5,15 @@ package systemtenant
 
 import (
 	"context"
-	"fmt"
-
-	"github.com/sourcegraph/zoekt/internal/tenant/internal/tenanttype"
 )
 
 type contextKey int
 
 const systemTenantKey contextKey = iota
 
-// With marks a ctx to be allowed to access shards across all tenants. This MUST
-// NOT BE USED on the user request path.
-func With(ctx context.Context) (context.Context, error) {
-	// We don't want to allow setting the system tenant on a context that already
-	// has a user tenant set.
-	if _, ok := tenanttype.GetTenant(ctx); ok {
-		return nil, fmt.Errorf("tenant context already set")
-	}
-	return context.WithValue(ctx, systemTenantKey, systemTenantKey), nil
-}
+// Ctx is a context that allows queries across all tenants. This must only be
+// used for tasks that are not user request specific.
+var Ctx = context.WithValue(context.Background(), systemTenantKey, systemTenantKey)
 
 // Is returns true if the context has been marked to allow queries across all
 // tenants.

diff --git a/internal/tenant/systemtenant/systemtenant_test.go b/internal/tenant/systemtenant/systemtenant_test.go
@@ -11,7 +11,5 @@ func TestSystemtenantRoundtrip(t *testing.T) {
 	if Is(context.Background()) {
 		t.Fatal()
 	}
-	ctx, err := With(context.Background())
-	require.NoError(t, err)
-	require.True(t, Is(ctx))
+	require.True(t, Is(Ctx))
 }
diff --git a/shards/shards.go b/shards/shards.go
@@ -1065,11 +1065,7 @@ func (s *shardedSearcher) getLoaded() loaded {
 
 func mkRankedShard(s zoekt.Searcher) *rankedShard {
 	q := query.Const{Value: true}
-	ctx, err := systemtenant.With(context.Background())
-	if err != nil {
-		return &rankedShard{Searcher: s}
-	}
-	result, err := s.List(ctx, &q, nil)
+	result, err := s.List(systemtenant.Ctx, &q, nil)
 	if err != nil {
 		return &rankedShard{Searcher: s}
 	}