Skip to content

Commit 38d67f1

Browse files
committed
security/acl: move get_resource_type body to acl.cc
acl.h's consteval get_resource_type<T>() referenced pandaproxy::schema_registry and kafka types inside its body, forcing every consumer of security/acl.h to transitively pull both modules through security's public API. Move the body into acl.cc with explicit instantiations for the six known types, matching the existing get_allowed_operations<T>() pattern in the same file. Drop consteval since all call sites use the function in runtime contexts. Move schema_registry:types and kafka/protocol from security's deps to implementation_deps. Rebuild fan-out on a types.h content-hash bump of //src/v/pandaproxy/schema_registry/...: before: 347 CppCompile actions, 382.6s wall after: 71 CppCompile actions, 88.9s wall delta: -276 actions (-79.5%), -294s (-76.8%)
1 parent 50739e2 commit 38d67f1

File tree

5 files changed

+36
-22
lines changed

5 files changed

+36
-22
lines changed

src/v/security/BUILD

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,8 @@ redpanda_cc_library(
130130
"types.h",
131131
],
132132
implementation_deps = [
133+
"//src/v/kafka/protocol",
134+
"//src/v/pandaproxy/schema_registry:types",
133135
"//src/v/random:secure_random",
134136
"//src/v/thirdparty/krb5",
135137
"@abseil-cpp//absl/strings",
@@ -146,12 +148,10 @@ redpanda_cc_library(
146148
"//src/v/hashing:secure",
147149
"//src/v/http",
148150
"//src/v/json",
149-
"//src/v/kafka/protocol",
150151
"//src/v/metrics",
151152
"//src/v/model",
152153
"//src/v/net",
153154
"//src/v/net:types",
154-
"//src/v/pandaproxy/schema_registry:types",
155155
"//src/v/reflection:adl",
156156
"//src/v/security/audit:types",
157157
"//src/v/serde",

src/v/security/acl.cc

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
#include "absl/container/flat_hash_map.h"
1414
#include "absl/container/node_hash_map.h"
15+
#include "kafka/protocol/types.h"
1516
#include "pandaproxy/schema_registry/types.h"
1617
#include "security/acl_store.h"
1718
#include "security/logger.h"
@@ -832,6 +833,36 @@ void acl_binding_filter::testing_serde_full_read_v2(
832833
*this = acl_binding_filter{res._pattern, res._acl};
833834
}
834835

836+
template<typename T>
837+
resource_type get_resource_type() {
838+
if constexpr (std::is_same_v<T, model::topic>) {
839+
return resource_type::topic;
840+
} else if constexpr (std::is_same_v<T, kafka::group_id>) {
841+
return resource_type::group;
842+
} else if constexpr (std::is_same_v<T, acl_cluster_name>) {
843+
return resource_type::cluster;
844+
} else if constexpr (std::is_same_v<T, kafka::transactional_id>) {
845+
return resource_type::transactional_id;
846+
} else if constexpr (
847+
std::is_same_v<T, pandaproxy::schema_registry::context_subject>) {
848+
return resource_type::sr_subject;
849+
} else if constexpr (
850+
std::is_same_v<T, pandaproxy::schema_registry::registry_resource>) {
851+
return resource_type::sr_registry;
852+
} else {
853+
static_assert(base::unsupported_type<T>::value, "Unsupported type");
854+
}
855+
}
856+
857+
template resource_type get_resource_type<model::topic>();
858+
template resource_type get_resource_type<kafka::group_id>();
859+
template resource_type get_resource_type<acl_cluster_name>();
860+
template resource_type get_resource_type<kafka::transactional_id>();
861+
template resource_type
862+
get_resource_type<pandaproxy::schema_registry::context_subject>();
863+
template resource_type
864+
get_resource_type<pandaproxy::schema_registry::registry_resource>();
865+
835866
template<typename T>
836867
const std::vector<acl_operation>& get_allowed_operations() {
837868
static const std::vector<acl_operation> topic_resource_ops{

src/v/security/acl.h

Lines changed: 1 addition & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,7 @@
1313
#include "absl/container/flat_hash_set.h"
1414
#include "base/seastarx.h"
1515
#include "base/type_traits.h"
16-
#include "kafka/protocol/types.h"
1716
#include "model/fundamental.h"
18-
#include "pandaproxy/schema_registry/types.h"
1917
#include "security/audit/schemas/types.h"
2018
#include "serde/envelope.h"
2119
#include "serde/rw/enum.h"
@@ -102,24 +100,7 @@ std::optional<resource_type>
102100
from_string_view<resource_type>(std::string_view str);
103101

104102
template<typename T>
105-
consteval resource_type get_resource_type() {
106-
namespace ppsr = pandaproxy::schema_registry;
107-
if constexpr (std::is_same_v<T, model::topic>) {
108-
return resource_type::topic;
109-
} else if constexpr (std::is_same_v<T, kafka::group_id>) {
110-
return resource_type::group;
111-
} else if constexpr (std::is_same_v<T, security::acl_cluster_name>) {
112-
return resource_type::cluster;
113-
} else if constexpr (std::is_same_v<T, kafka::transactional_id>) {
114-
return resource_type::transactional_id;
115-
} else if constexpr (std::is_same_v<T, ppsr::context_subject>) {
116-
return resource_type::sr_subject;
117-
} else if constexpr (std::is_same_v<T, ppsr::registry_resource>) {
118-
return resource_type::sr_registry;
119-
} else {
120-
static_assert(base::unsupported_type<T>::value, "Unsupported type");
121-
}
122-
}
103+
resource_type get_resource_type();
123104

124105
/*
125106
* A pattern rule for matching ACL resource names.

src/v/security/tests/BUILD

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ redpanda_cc_gtest(
7575
],
7676
deps = [
7777
"//src/v/config",
78+
"//src/v/kafka/protocol",
7879
"//src/v/pandaproxy/schema_registry:types",
7980
"//src/v/random:generators",
8081
"//src/v/security",

src/v/security/tests/authorizer_test.cc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
// by the Apache License, Version 2.0
99
#include "absl/container/flat_hash_set.h"
1010
#include "config/mock_property.h"
11+
#include "kafka/protocol/types.h"
1112
#include "pandaproxy/schema_registry/types.h"
1213
#include "random/generators.h"
1314
#include "security/acl.h"

0 commit comments

Comments
 (0)