chore: set api bns as full read principals

dfinity · Oct 20, 2024 · 44215b4 · 44215b4
1 parent 3a2611d
commit 44215b4
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 15 deletions.
diff --git a/rs/boundary_node/rate_limits/api/src/lib.rs b/rs/boundary_node/rate_limits/api/src/lib.rs
@@ -1,6 +1,6 @@
 use candid::CandidType;
-use serde::{Deserialize, Serialize};
 use candid::Principal;
+use serde::{Deserialize, Serialize};
 pub type Version = u64;
 pub type Timestamp = u64;
 pub type RuleId = String;
@@ -74,4 +74,3 @@ pub struct GetApiBoundaryNodeIdsRequest {}
 pub struct ApiBoundaryNodeIdRecord {
     pub id: Option<Principal>,
 }
-
diff --git a/rs/boundary_node/rate_limits/canister/access_control.rs b/rs/boundary_node/rate_limits/canister/access_control.rs
@@ -1,5 +1,7 @@
 use candid::Principal;
 
+use crate::storage::API_BOUNDARY_NODE_PRINCIPALS;
+
 const FULL_ACCESS_ID: &str = "2vxsx-fae";
 const FULL_READ_ID: &str = "2vxsx-fae";
 
@@ -31,14 +33,20 @@ impl AccessLevelResolver {
 impl ResolveAccessLevel for AccessLevelResolver {
     fn get_access_level(&self) -> AccessLevel {
         let full_access_principal = Principal::from_text(FULL_ACCESS_ID).unwrap();
-        let full_read_principal = Principal::from_text(FULL_READ_ID).unwrap();
 
-        if self.caller_id == full_access_principal {
-            return AccessLevel::FullAccess;
-        } else if self.caller_id == full_read_principal {
-            return AccessLevel::FullRead;
-        }
+        API_BOUNDARY_NODE_PRINCIPALS.with(|cell| {
+            let mut full_read_principals = cell.borrow_mut();
+            // TODO: this is just for testing, remove later
+            let full_read_id = Principal::from_text(FULL_READ_ID).unwrap();
+            let _ = full_read_principals.insert(full_read_id);
+
+            if self.caller_id == full_access_principal {
+                return AccessLevel::FullAccess;
+            } else if full_read_principals.contains(&self.caller_id) {
+                return AccessLevel::FullRead;
+            }
 
-        AccessLevel::RestrictedRead
+            AccessLevel::RestrictedRead
+        })
     }
 }
diff --git a/rs/boundary_node/rate_limits/canister/canister.rs b/rs/boundary_node/rate_limits/canister/canister.rs
@@ -103,11 +103,8 @@ fn periodically_fetch_api_boundary_nodes_set(interval: Duration) {
                 {
                     Ok((Ok(api_bns_count),)) => {
                         API_BOUNDARY_NODE_PRINCIPALS.with(|cell| {
-                            *cell.borrow_mut() = HashSet::from_iter(
-                                api_bns_count
-                                    .into_iter()
-                                    .filter_map(|n| n.id)
-                            )
+                            *cell.borrow_mut() =
+                                HashSet::from_iter(api_bns_count.into_iter().filter_map(|n| n.id))
                         });
                     }
                     Ok((Err(err),)) => {
@@ -122,4 +119,4 @@ fn periodically_fetch_api_boundary_nodes_set(interval: Duration) {
             }
         });
     });
-}
+}