Skip to content

fix: deny-all permission and discover goroutine recovery#42

Merged
caiwl merged 1 commit into
masterfrom
caiwl/bugs/misc-hardening
Jun 24, 2026
Merged

fix: deny-all permission and discover goroutine recovery#42
caiwl merged 1 commit into
masterfrom
caiwl/bugs/misc-hardening

Conversation

@caiwl

@caiwl caiwl commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🤖 Generated with Claude Code

@caiwl @claude
fix: deny-all permission and discover cleanup goroutine recovery
37c00a9 
1. calculatePermissions: a deny permission with empty resource, empty
   expression, AND empty actions means 'deny every action on every
   resource'. The old code built an empty (non-nil) action map that never
   matched, so GetAllGrantedPermissions wrongly reported permissions the
   user did not have. Now it returns no permissions, matching IsAllowed's
   matchResourceAction semantics. Added a test case.

2. etcd discover SaveDiscoverRequest: the fire-and-forget DeleteRequests
   cleanup goroutine had no panic recovery; a panic (e.g. nil client during
   shutdown) would crash the process. Added defer/recover.

Co-Authored-By: Claude <noreply@anthropic.com>
@caiwl caiwl merged commit bc021b7 into master Jun 24, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@caiwl