77 "net/http"
88 "strconv"
99 "strings"
10+ "sync"
1011 "testing"
1112 "time"
1213
@@ -548,6 +549,7 @@ type authCall struct {
548549}
549550
550551type RecordingAuthorizer struct {
552+ sync.RWMutex
551553 Called []authCall
552554 Wrapped rbac.Authorizer
553555}
@@ -569,6 +571,8 @@ func (*RecordingAuthorizer) Pair(action rbac.Action, object rbac.Objecter) Actio
569571}
570572
571573func (r * RecordingAuthorizer ) AllAsserted () error {
574+ r .RLock ()
575+ defer r .RUnlock ()
572576 missed := 0
573577 for _ , c := range r .Called {
574578 if ! c .asserted {
@@ -587,6 +591,8 @@ func (r *RecordingAuthorizer) AllAsserted() error {
587591// It will not assert the same call twice, so if there is a duplicate assertion,
588592// the pair will need to be passed in twice.
589593func (r * RecordingAuthorizer ) UnorderedAssertActor (t * testing.T , actor rbac.Subject , dids ... ActionObjectPair ) {
594+ r .RLock ()
595+ defer r .RUnlock ()
590596 for _ , did := range dids {
591597 found := false
592598 InnerCalledLoop:
@@ -612,6 +618,8 @@ func (r *RecordingAuthorizer) UnorderedAssertActor(t *testing.T, actor rbac.Subj
612618// AssertActor asserts in order. If the order of authz calls does not match,
613619// this will fail.
614620func (r * RecordingAuthorizer ) AssertActor (t * testing.T , actor rbac.Subject , did ... ActionObjectPair ) {
621+ r .RLock ()
622+ defer r .RUnlock ()
615623 ptr := 0
616624 for i , call := range r .Called {
617625 if ptr == len (did ) {
@@ -640,6 +648,8 @@ func (r *RecordingAuthorizer) _AuthorizeSQL(ctx context.Context, subject rbac.Su
640648}
641649
642650func (r * RecordingAuthorizer ) Authorize (ctx context.Context , subject rbac.Subject , action rbac.Action , object rbac.Object ) error {
651+ r .Lock ()
652+ defer r .Unlock ()
643653 r .Called = append (r .Called , authCall {
644654 Actor : subject ,
645655 Action : action ,
@@ -668,32 +678,30 @@ func (r *RecordingAuthorizer) reset() {
668678}
669679
670680type fakePreparedAuthorizer struct {
671- Original * RecordingAuthorizer
672- Subject rbac.Subject
673- Action rbac.Action
674- HardCodedSQLString string
675- HardCodedRegoString string
681+ sync.RWMutex
682+ Original * RecordingAuthorizer
683+ Subject rbac.Subject
684+ Action rbac.Action
685+ HardCodedSQLString string
686+ ShouldCompileToSQL bool
676687}
677688
678689func (f * fakePreparedAuthorizer ) Authorize (ctx context.Context , object rbac.Object ) error {
679- return f .Original ._AuthorizeSQL (ctx , f .Subject , f .Action , object )
690+ f .RLock ()
691+ defer f .RUnlock ()
692+ if f .ShouldCompileToSQL {
693+ return f .Original ._AuthorizeSQL (ctx , f .Subject , f .Action , object )
694+ }
695+ return f .Original .Authorize (ctx , f .Subject , f .Action , object )
680696}
681697
682698// CompileToSQL returns a compiled version of the authorizer that will work for
683699// in memory databases. This fake version will not work against a SQL database.
684- func (fakePreparedAuthorizer ) CompileToSQL (_ context.Context , _ regosql.ConvertConfig ) (string , error ) {
685- return "" , xerrors .New ("not implemented" )
686- }
687-
688- func (f * fakePreparedAuthorizer ) Eval (object rbac.Object ) bool {
689- return f .Original ._AuthorizeSQL (context .Background (), f .Subject , f .Action , object ) == nil
690- }
691-
692- func (f fakePreparedAuthorizer ) RegoString () string {
693- if f .HardCodedRegoString != "" {
694- return f .HardCodedRegoString
695- }
696- panic ("not implemented" )
700+ func (f * fakePreparedAuthorizer ) CompileToSQL (_ context.Context , _ regosql.ConvertConfig ) (string , error ) {
701+ f .Lock ()
702+ f .ShouldCompileToSQL = true
703+ f .Unlock ()
704+ return f .HardCodedSQLString , nil
697705}
698706
699707// LastCall is implemented to support legacy tests.
0 commit comments