From bfd49023a1f012757f2123f7410e7f8b803d584f Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Date: Tue, 12 Apr 2016 14:14:15 +0900
Subject: [PATCH 1/2] auth: sort key permissions of role struct for effective
 searching

---
 auth/store.go | 37 +++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/auth/store.go b/auth/store.go
index 2fe4eadd1..ac1f94871 100644
--- a/auth/store.go
+++ b/auth/store.go
@@ -15,6 +15,7 @@
 package auth
 
 import (
+	"bytes"
 	"errors"
 	"sort"
 	"strings"
@@ -245,6 +246,20 @@ func (as *authStore) RoleAdd(r *pb.AuthRoleAddRequest) (*pb.AuthRoleAddResponse,
 	return &pb.AuthRoleAddResponse{}, nil
 }
 
+type permSlice []*authpb.Permission
+
+func (perms permSlice) Len() int {
+	return len(perms)
+}
+
+func (perms permSlice) Less(i, j int) bool {
+	return bytes.Compare(perms[i].Key, perms[j].Key) < 0
+}
+
+func (perms permSlice) Swap(i, j int) {
+	perms[i], perms[j] = perms[j], perms[i]
+}
+
 func (as *authStore) RoleGrant(r *pb.AuthRoleGrantRequest) (*pb.AuthRoleGrantResponse, error) {
 	tx := as.be.BatchTx()
 	tx.Lock()
@@ -262,13 +277,22 @@ func (as *authStore) RoleGrant(r *pb.AuthRoleGrantRequest) (*pb.AuthRoleGrantRes
 		return nil, err
 	}
 
-	if !updateExistingPermission(role.KeyPermission, string(r.Perm.Key), r.Perm.PermType) {
+	idx := sort.Search(len(role.KeyPermission), func(i int) bool {
+		return bytes.Compare(role.KeyPermission[i].Key, []byte(r.Perm.Key)) >= 0
+	})
+
+	if bytes.Equal(role.KeyPermission[idx].Key, r.Perm.Key) {
+		// update existing permission
+		role.KeyPermission[idx].PermType = r.Perm.PermType
+	} else {
+		// append new permission to the role
 		newPerm := &authpb.Permission{
 			Key:      []byte(r.Perm.Key),
 			PermType: r.Perm.PermType,
 		}
 
 		role.KeyPermission = append(role.KeyPermission, newPerm)
+		sort.Sort(permSlice(role.KeyPermission))
 	}
 
 	marshaledRole, merr := role.Marshal()
@@ -284,17 +308,6 @@ func (as *authStore) RoleGrant(r *pb.AuthRoleGrantRequest) (*pb.AuthRoleGrantRes
 	return &pb.AuthRoleGrantResponse{}, nil
 }
 
-func updateExistingPermission(perms []*authpb.Permission, key string, newPerm authpb.Permission_Type) bool {
-	for _, perm := range perms {
-		if strings.Compare(string(perm.Key), key) == 0 {
-			perm.PermType = newPerm
-			return true
-		}
-	}
-
-	return false
-}
-
 func NewAuthStore(be backend.Backend) *authStore {
 	tx := be.BatchTx()
 	tx.Lock()

From 0b4749ea655fc27a44ab67d7cff4d8e977c576d1 Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Date: Tue, 12 Apr 2016 14:14:53 +0900
Subject: [PATCH 2/2] auth: remove needless logging during creating a new user

---
 auth/store.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/auth/store.go b/auth/store.go
index ac1f94871..1fe01fce2 100644
--- a/auth/store.go
+++ b/auth/store.go
@@ -91,8 +91,6 @@ func (as *authStore) Recover(be backend.Backend) {
 }
 
 func (as *authStore) UserAdd(r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error) {
-	plog.Noticef("adding a new user: %s", r.Name)
-
 	hashed, err := bcrypt.GenerateFromPassword([]byte(r.Password), bcrypt.DefaultCost)
 	if err != nil {
 		plog.Errorf("failed to hash password: %s", err)