Skip to content

Add ValkeyModule_ACLCheckCommandPermissionsForCurrentUser API #2690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: unstable
Choose a base branch
from
Draft

Add ValkeyModule_ACLCheckCommandPermissionsForCurrentUser API #2690

wants to merge 8 commits into from
+78 −19

Conversation

@rjd15372
Copy link
Member

@rjd15372 rjd15372 commented Oct 6, 2025

Introduces a new module API function that allows modules to check if a command can be executed by the current module context user according to ACL rules.

This function provides a convenient wrapper around the existing ValkeyModule_ACLCheckCommandPermissions API by automatically using the user associated with the module context, eliminating the need for modules to manually retrieve the user.

This addition simplifies ACL permission checking for modules that need to validate commands against the current context user.

@rjd15372
Add ValkeyModule_ACLCheckCommandPermissionsForContextUser API
ac171ad 
Introduces a new module API function that allows modules to check if a command
can be executed by the current module context user according to ACL rules.

This function provides a convenient wrapper around the existing
`ValkeyModule_ACLCheckCommandPermissions` API by automatically using the user
associated with the module context, eliminating the need for modules to
manually retrieve the user.

This addition simplifies ACL permission checking for modules that need to
validate commands against the current context user.

Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
@rjd15372 rjd15372 requested a review from zuiderkwast October 6, 2025 12:14
@codecov
Copy link

codecov bot commented Oct 6, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 7.69231% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.54%. Comparing base (0646749) to head (f65208b).
⚠️ Report is 37 commits behind head on unstable.

Files with missing lines Patch % Lines
src/module.c 7.69% 12 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##           unstable    #2690      +/-   ##
============================================
+ Coverage     72.18%   72.54%   +0.35%     
============================================
  Files           128      128              
  Lines         71037    71254     +217     
============================================
+ Hits          51277    51690     +413     
+ Misses        19760    19564     -196
Files with missing lines Coverage Δ
src/module.c 9.77% <7.69%> (-0.01%) ⬇️

... and 20 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dvkashapov
Copy link

Awesome! Definitely useful in terms of #2309 :)

@rjd15372
Use new API in existing module test
71ce27c 
Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
@zuiderkwast zuiderkwast added the major-decision-pending Major decision pending by TSC team label Oct 6, 2025
zuiderkwast
zuiderkwast reviewed Oct 6, 2025
View reviewed changes
Copy link
Contributor

@zuiderkwast zuiderkwast left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a convenience function equivalent (modulo minor details) to this code:

    ValkeyModuleString *username = ValkeyModule_GetCurrentUserName(ctx);
    ValkeyModuleUser *user = ValkeyModule_GetModuleUserFromUserName(username);
    return ValkeyModule_ACLCheckCommandPermissions(user, argv, argc);

Is this correct? If it's already possible to do this from a module, then why add this? Performance or just convenience?

@rjd15372
Copy link
Member Author

rjd15372 commented Oct 7, 2025
edited by zuiderkwast
Loading

This looks like a convenience function equivalent (modulo minor details) to this code:

    ValkeyModuleString *username = ValkeyModule_GetCurrentUserName(ctx);
    ValkeyModuleUser *user = ValkeyModule_GetModuleUserFromUserName(username);
    return ValkeyModule_ACLCheckCommandPermissions(user, argv, argc);

Is this correct? If it's already possible to do this from a module, then why add this? Performance or just convenience?

It's correct, but the ValkeyModule_GetModuleUserFromUserName function allocates memory, which will introduce a performance penalty in the lua code that calls commands.
Therefore, it's not just for convenience, it's mainly about performance.

@rjd15372
remove nonsensical condition
5111bd4 
Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
zuiderkwast
zuiderkwast reviewed Oct 7, 2025
View reviewed changes
Copy link
Contributor

@zuiderkwast zuiderkwast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a convenience function equivalent (modulo minor details) to this code:

    ValkeyModuleString *username = ValkeyModule_GetCurrentUserName(ctx);
    ValkeyModuleUser *user = ValkeyModule_GetModuleUserFromUserName(username);
    return ValkeyModule_ACLCheckCommandPermissions(user, argv, argc);

Is this correct? If it's already possible to do this from a module, then why add this? Performance or just convenience?

It's correct, but the ValkeyModule_GetModuleUserFromUserName function allocates memory, which will introduce a performance penalty in the lua code that calls commands. Therefore, it's not just for convenience, it's mainly about performance.

OK, good to know.

Maybe it's not a bottleneck but temporary allocations like this are always annoying. It's a sign of a suboptimal API, I suppose.

@rjd15372
Rename to VM_ACLCheckCommandPermissionsForCurrentUser
8238124 
Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
zuiderkwast
zuiderkwast approved these changes Oct 7, 2025
View reviewed changes
@zuiderkwast zuiderkwast changed the title Add ValkeyModule_ACLCheckCommandPermissionsForContextUser API Add ValkeyModule_ACLCheckCommandPermissionsForCurrentUser API Oct 7, 2025
@rjd15372
fix formatting
cfc47a6 
Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
ranshid
ranshid reviewed Oct 8, 2025
View reviewed changes
@rjd15372
change logic to error out when no user is in context
0273be0 
Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
@rjd15372
error improvement
ac071e6 
Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
zuiderkwast
zuiderkwast reviewed Oct 8, 2025
View reviewed changes
zuiderkwast
zuiderkwast reviewed Oct 8, 2025
View reviewed changes
src/module.c
Comment on lines 10009 to 10015
if (ctx == NULL) {
errno = EINVAL;
return VALKEYMODULE_ERR;
} else if (ctx->user == NULL && (ctx->client == NULL || ctx->client->user == NULL)) {
errno = ENOTSUP;
return VALKEYMODULE_ERR;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM

@rjd15372
fix wrong include
f65208b 
Signed-off-by: Ricardo Dias <ricardo.dias@percona.com>
madolson
madolson reviewed Oct 8, 2025
View reviewed changes
src/module.c
Comment on lines +10022 to +10025
ValkeyModuleUser user = {
.user = ctx->client->user,
.free_user = 0,
};
Copy link
Member

@madolson madolson Oct 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This entire API is because we're trying to bypass the allocation and do it on the stack here. When the API was written, we cared more about abstraction then performance. If we think performance is so critical, I would rather just ditch the abstraction and directly return the user from the module APIs.

Glancing through the code I don't see any incompatibility with that.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you proposing to make ValkeyModuleUser a type alias to user?

In that case we would probably need to add a field in the user struct to distinguish between users created by modules, and users created in the core.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case we would probably need to add a field in the user struct to distinguish between users created by modules, and users created in the core.

Yes. We don't expect a large number of users, so adding an extra field should be safe. I think we even have a bit field we could use if we wanted to avoid adding any memory at all.

@madolson madolson marked this pull request as draft October 27, 2025 14:35
@rjd15372 rjd15372 removed this from Valkey 9.1 Oct 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@enjoy-binbin enjoy-binbin enjoy-binbin left review comments

@madolson madolson madolson left review comments

@zuiderkwast zuiderkwast zuiderkwast approved these changes

@ranshid ranshid ranshid approved these changes

Assignees

@rjd15372 rjd15372

Labels

major-decision-pending Major decision pending by TSC team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@rjd15372 @dvkashapov @zuiderkwast @enjoy-binbin @madolson @ranshid