go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/redisconn/admin.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/redisconn/admin.go (about)

     1  // Copyright 2021 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package redisconn
    16  
    17  import (
    18  	"context"
    19  
    20  	"github.com/gomodule/redigo/redis"
    21  	"google.golang.org/grpc/codes"
    22  	"google.golang.org/grpc/status"
    23  	"google.golang.org/protobuf/types/known/emptypb"
    24  
    25  	"go.chromium.org/luci/common/logging"
    26  
    27  	"go.chromium.org/luci/server/auth"
    28  	"go.chromium.org/luci/server/redisconn/adminpb"
    29  )
    30  
    31  const adminGroup = "administrators"
    32  
    33  type adminServer struct {
    34  	adminpb.UnimplementedAdminServer
    35  
    36  	pool *redis.Pool
    37  }
    38  
    39  func (srv *adminServer) do(ctx context.Context, cmd string, args ...any) (any, error) {
    40  	switch admin, err := auth.IsMember(ctx, adminGroup); {
    41  	case err != nil:
    42  		logging.Errorf(ctx, "Failed to check ACL: %s", err)
    43  		return nil, status.Errorf(codes.Internal, "failed to check ACL")
    44  	case !admin:
    45  		return nil, status.Errorf(codes.PermissionDenied, "not an admin")
    46  	}
    47  
    48  	logging.Warningf(ctx, "Redis admin: %q is calling %q", auth.CurrentIdentity(ctx), cmd)
    49  
    50  	conn, err := srv.pool.GetContext(ctx)
    51  	if err != nil {
    52  		return nil, status.Errorf(codes.Internal, "failed to get redis connection: %s", err)
    53  	}
    54  	defer conn.Close()
    55  
    56  	reply, err := conn.Do(cmd, args...)
    57  	if err != nil {
    58  		return nil, status.Errorf(codes.InvalidArgument, "%q command failed: %s", cmd, err)
    59  	}
    60  	return reply, nil
    61  }
    62  
    63  func (srv *adminServer) FlushAll(ctx context.Context, req *adminpb.FlushAllRequest) (*emptypb.Empty, error) {
    64  	var err error
    65  	if req.Async {
    66  		_, err = srv.do(ctx, "FLUSHALL", "ASYNC")
    67  	} else {
    68  		_, err = srv.do(ctx, "FLUSHALL")
    69  	}
    70  	if err != nil {
    71  		return nil, err
    72  	}
    73  	return &emptypb.Empty{}, nil
    74  }