ccl/sqlproxyccl: avoid tenant lookups if we know the type of connection

jaylim-crl · jaylim-crl · commit 8d6e4c917876 · 2023-08-03T08:07:22.000-04:00
Previously, we were performing a tenant lookup call before checking on the
type of connection. This can be unnecessary (e.g. doing a lookup call for the
private endpoints ACL, even if we knew that the connection was a public one).
This commit addresses that.

Release note: None

Epic: none
diff --git a/pkg/ccl/sqlproxyccl/acl/cidr_ranges.go b/pkg/ccl/sqlproxyccl/acl/cidr_ranges.go
@@ -28,16 +28,16 @@ var _ AccessController = &CIDRRanges{}
 
 // CheckConnection implements the AccessController interface.
 func (p *CIDRRanges) CheckConnection(ctx context.Context, conn ConnectionTags) error {
-	tenantObj, err := p.LookupTenantFn(ctx, conn.TenantID)
-	if err != nil {
-		return err
-	}
-
 	// Private connections. This ACL is only responsible for public CIDR ranges.
 	if conn.EndpointID != "" {
 		return nil
 	}
 
+	tenantObj, err := p.LookupTenantFn(ctx, conn.TenantID)
+	if err != nil {
+		return err
+	}
+
 	// Cluster allows public connections, so we'll check allowed CIDR ranges.
 	if tenantObj.AllowPublicConn() {
 		ip := net.ParseIP(conn.IP)
diff --git a/pkg/ccl/sqlproxyccl/acl/private_endpoints.go b/pkg/ccl/sqlproxyccl/acl/private_endpoints.go
@@ -37,16 +37,16 @@ var _ AccessController = &PrivateEndpoints{}
 
 // CheckConnection implements the AccessController interface.
 func (p *PrivateEndpoints) CheckConnection(ctx context.Context, conn ConnectionTags) error {
-	tenantObj, err := p.LookupTenantFn(ctx, conn.TenantID)
-	if err != nil {
-		return err
-	}
-
 	// Public connections. This ACL is only responsible for private endpoints.
 	if conn.EndpointID == "" {
 		return nil
 	}
 
+	tenantObj, err := p.LookupTenantFn(ctx, conn.TenantID)
+	if err != nil {
+		return err
+	}
+
 	// Cluster allows private connections, so we'll check allowed endpoints.
 	if tenantObj.AllowPrivateConn() {
 		for _, endpoints := range tenantObj.AllowedPrivateEndpoints {
diff --git a/pkg/ccl/sqlproxyccl/acl/private_endpoints_test.go b/pkg/ccl/sqlproxyccl/acl/private_endpoints_test.go
@@ -41,7 +41,7 @@ func TestPrivateEndpoints(t *testing.T) {
 				return nil, errors.New("foo")
 			},
 		}
-		err := p.CheckConnection(ctx, makeConn(""))
+		err := p.CheckConnection(ctx, makeConn("foo"))
 		require.EqualError(t, err, "foo")
 	})
 

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func TestPrivateEndpoints(t *testing.T) {`
`41`	`41`	`return nil, errors.New("foo")`
`42`	`42`	`},`
`43`	`43`	`}`
`44`		`- err := p.CheckConnection(ctx, makeConn(""))`
	`44`	`+ err := p.CheckConnection(ctx, makeConn("foo"))`
`45`	`45`	`require.EqualError(t, err, "foo")`
`46`	`46`	`})`
`47`	`47`