Address the following TODO:
|
// TODO(nvanbenschoten): add some form of access control here. Tenants |
|
// should only be able to subscribe to certain patterns, such as: |
|
// - "node:.*" |
|
// - "system-db:zones/1/tenants" |
|
// |
|
// Note that the SystemConfig pattern here doesn't refer to a real key. |
|
// Instead, it's keying into the single SystemConfig gossip key. That's |
|
// necessary to avoid leaking privileged information to callers, but it |
|
// means that we have a little more work to do in order to destructure |
|
// and filter system config updates. Luckily, SystemConfigDeltaFilter |
|
// supports a "keyPrefix" that should help here. We'll also want to use |
|
// RegisterSystemConfigChannel for any SystemConfig patterns. |
|
// |
|
// UPDATE: the SystemConfig pattern story is even more complicated |
|
// because of ZoneConfig inheritance/recursion. We'll also need to |
|
// return the default zone config. In that case, it probably makes sense |
|
// to perform the filtering here (based on whether a tenant marker is |
|
// present in the ctx) without baking it into the protocol itself. So |
|
// the request will simply specify "system-db" but we'll only return the |
|
// subset of key/values that the tenant is allowed to / needs to see. |