broker,service,team,quota: propagate context

api/app.go

@@ -305,15 +305,15 @@ type inputApp struct {
 	PlanOverride appTypes.PlanOverride
 }
 
-func autoTeamOwner(t auth.Token, perm *permission.PermissionScheme) (string, error) {
+func autoTeamOwner(ctx stdContext.Context, t auth.Token, perm *permission.PermissionScheme) (string, error) {
 	team, err := permission.TeamForPermission(t, perm)
 	if err == nil {
 		return team, nil
 	}
 	if err != permission.ErrTooManyTeams {
 		return "", err
 	}
-	teams, listErr := servicemanager.Team.List()
+	teams, listErr := servicemanager.Team.List(ctx)
 	if listErr != nil {
 		return "", listErr
 	}
@@ -356,7 +356,7 @@ func createApp(w http.ResponseWriter, r *http.Request, t auth.Token) (err error)
 	tags, _ := InputValues(r, "tag")
 	a.Tags = append(a.Tags, tags...) // for compatibility
 	if a.TeamOwner == "" {
-		a.TeamOwner, err = autoTeamOwner(t, permission.PermAppCreate)
+		a.TeamOwner, err = autoTeamOwner(ctx, t, permission.PermAppCreate)
 		if err != nil {
 			return err
 		}
@@ -766,6 +766,7 @@ func setNodeStatus(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 //   404: App or team not found
 //   409: Grant already exists
 func grantAppAccess(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
+	ctx := r.Context()
 	appName := r.URL.Query().Get(":app")
 	teamName := r.URL.Query().Get(":team")
 	a, err := getAppFromContext(appName, r)
@@ -789,7 +790,7 @@ func grantAppAccess(w http.ResponseWriter, r *http.Request, t auth.Token) (err e
 		return err
 	}
 	defer func() { evt.Done(err) }()
-	team, err := servicemanager.Team.FindByName(teamName)
+	team, err := servicemanager.Team.FindByName(ctx, teamName)
 	if err != nil {
 		return &errors.HTTP{Code: http.StatusNotFound, Message: "Team not found"}
 	}
@@ -809,6 +810,7 @@ func grantAppAccess(w http.ResponseWriter, r *http.Request, t auth.Token) (err e
 //   403: Forbidden
 //   404: App or team not found
 func revokeAppAccess(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
+	ctx := r.Context()
 	appName := r.URL.Query().Get(":app")
 	teamName := r.URL.Query().Get(":team")
 	a, err := getAppFromContext(appName, r)
@@ -832,7 +834,7 @@ func revokeAppAccess(w http.ResponseWriter, r *http.Request, t auth.Token) (err
 		return err
 	}
 	defer func() { evt.Done(err) }()
-	team, err := servicemanager.Team.FindByName(teamName)
+	team, err := servicemanager.Team.FindByName(ctx, teamName)
 	if err != nil || team == nil {
 		return &errors.HTTP{Code: http.StatusNotFound, Message: "Team not found"}
 	}
@@ -1285,7 +1287,7 @@ func getServiceInstance(ctx stdContext.Context, serviceName, instanceName, appNa
 		return nil, nil, err
 	}
 	defer conn.Close()
-	instance, err := getServiceInstanceOrError(serviceName, instanceName)
+	instance, err := getServiceInstanceOrError(ctx, serviceName, instanceName)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -1426,7 +1428,7 @@ func unbindServiceInstance(w http.ResponseWriter, r *http.Request, t auth.Token)
 		return permission.ErrUnauthorized
 	}
 	if force {
-		s, errGet := service.Get(instance.ServiceName)
+		s, errGet := service.Get(ctx, instance.ServiceName)
 		if errGet != nil {
 			return errGet
 		}

api/auth.go

@@ -266,7 +266,7 @@ func updateTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 	if !allowed {
 		return permission.ErrUnauthorized
 	}
-	_, err := servicemanager.Team.FindByName(name)
+	_, err := servicemanager.Team.FindByName(ctx, name)
 	if err != nil {
 		if err == authTypes.ErrTeamNotFound {
 			return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
@@ -285,13 +285,13 @@ func updateTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 	}
 	defer func() { evt.Done(err) }()
 	if changeRequest.NewName == "" {
-		return servicemanager.Team.Update(name, changeRequest.Tags)
+		return servicemanager.Team.Update(ctx, name, changeRequest.Tags)
 	}
 	u, err := t.User()
 	if err != nil {
 		return err
 	}
-	err = servicemanager.Team.Create(changeRequest.NewName, changeRequest.Tags, u)
+	err = servicemanager.Team.Create(ctx, changeRequest.NewName, changeRequest.Tags, u)
 	if err != nil {
 		return err
 	}
@@ -300,7 +300,7 @@ func updateTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 		if err == nil {
 			return
 		}
-		rollbackErr := servicemanager.Team.Remove(changeRequest.NewName)
+		rollbackErr := servicemanager.Team.Remove(ctx, changeRequest.NewName)
 		if rollbackErr != nil {
 			log.Errorf("error rolling back team creation from %v to %v", name, changeRequest.NewName)
 		}
@@ -319,7 +319,7 @@ func updateTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 		}
 		toRollback = append(toRollback, fn)
 	}
-	return servicemanager.Team.Remove(name)
+	return servicemanager.Team.Remove(ctx, name)
 }
 
 // title: team create
@@ -332,6 +332,7 @@ func updateTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 //   401: Unauthorized
 //   409: Team already exists
 func createTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
+	ctx := r.Context()
 	allowed := permission.Check(t, permission.PermTeamCreate)
 	if !allowed {
 		return permission.ErrUnauthorized
@@ -357,7 +358,7 @@ func createTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 	if err != nil {
 		return err
 	}
-	err = servicemanager.Team.Create(team.Name, team.Tags, u)
+	err = servicemanager.Team.Create(ctx, team.Name, team.Tags, u)
 	switch err {
 	case authTypes.ErrInvalidTeamName:
 		return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
@@ -379,6 +380,7 @@ func createTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 //   403: Forbidden
 //   404: Not found
 func removeTeam(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
+	ctx := r.Context()
 	name := r.URL.Query().Get(":name")
 	allowed := permission.Check(t, permission.PermTeamDelete,
 		permission.Context(permTypes.CtxTeam, name),
@@ -397,7 +399,7 @@ func removeTeam(w http.ResponseWriter, r *http.Request, t auth.Token) (err error
 		return err
 	}
 	defer func() { evt.Done(err) }()
-	err = servicemanager.Team.Remove(name)
+	err = servicemanager.Team.Remove(ctx, name)
 	if err != nil {
 		if _, ok := err.(*authTypes.ErrTeamStillUsed); ok {
 			msg := fmt.Sprintf("This team cannot be removed because there are still references to it:\n%s", err)
@@ -420,8 +422,9 @@ func removeTeam(w http.ResponseWriter, r *http.Request, t auth.Token) (err error
 //   204: No content
 //   401: Unauthorized
 func teamList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
+	ctx := r.Context()
 	permsForTeam := permission.PermissionRegistry.PermissionsWithContextType(permTypes.CtxTeam)
-	teams, err := servicemanager.Team.List()
+	teams, err := servicemanager.Team.List(ctx)
 	if err != nil {
 		return err
 	}
@@ -472,7 +475,7 @@ func teamList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 func teamInfo(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 	ctx := r.Context()
 	teamName := r.URL.Query().Get(":name")
-	team, err := servicemanager.Team.FindByName(teamName)
+	team, err := servicemanager.Team.FindByName(ctx, teamName)
 	if err != nil {
 		return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
 	}

api/middleware.go

@@ -45,7 +45,7 @@ func validate(token string, r *http.Request) (auth.Token, error) {
 	if err != nil {
 		t, err = auth.APIAuth(token)
 		if err != nil {
-			t, err = servicemanager.TeamToken.Authenticate(token)
+			t, err = servicemanager.TeamToken.Authenticate(r.Context(), token)
 			if err != nil {
 				return nil, err
 			}

api/middleware_test.go

@@ -5,6 +5,7 @@
 package api
 
 import (
+	stdContext "context"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -266,7 +267,7 @@ func (s *S) TestAuthTokenMiddlewareWithAPIToken(c *check.C) {
 }
 
 func (s *S) TestAuthTokenMiddlewareWithTeamToken(c *check.C) {
-	token, err := servicemanager.TeamToken.Create(authTypes.TeamTokenCreateArgs{
+	token, err := servicemanager.TeamToken.Create(stdContext.TODO(), authTypes.TeamTokenCreateArgs{
 		Team: s.team.Name,
 	}, s.token)
 	c.Assert(err, check.IsNil)

api/permission.go

@@ -697,6 +697,7 @@ func roleUpdate(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 //   401: Unauthorized
 //   404: Role or team token not found
 func assignRoleToToken(w http.ResponseWriter, r *http.Request, t auth.Token) error {
+	ctx := r.Context()
 	if !permission.Check(t, permission.PermRoleUpdateAssign) {
 		return permission.ErrUnauthorized
 	}
@@ -718,7 +719,7 @@ func assignRoleToToken(w http.ResponseWriter, r *http.Request, t auth.Token) err
 	if err != nil {
 		return err
 	}
-	err = servicemanager.TeamToken.AddRole(tokenID, roleName, contextValue)
+	err = servicemanager.TeamToken.AddRole(ctx, tokenID, roleName, contextValue)
 	if err == authTypes.ErrTeamTokenNotFound {
 		w.WriteHeader(http.StatusNotFound)
 		return nil
@@ -735,6 +736,7 @@ func assignRoleToToken(w http.ResponseWriter, r *http.Request, t auth.Token) err
 //   401: Unauthorized
 //   404: Role or team token not found
 func dissociateRoleFromToken(w http.ResponseWriter, r *http.Request, t auth.Token) error {
+	ctx := r.Context()
 	if !permission.Check(t, permission.PermRoleUpdateDissociate) {
 		return permission.ErrUnauthorized
 	}
@@ -756,7 +758,7 @@ func dissociateRoleFromToken(w http.ResponseWriter, r *http.Request, t auth.Toke
 	if err != nil {
 		return err
 	}
-	err = servicemanager.TeamToken.RemoveRole(tokenID, roleName, contextValue)
+	err = servicemanager.TeamToken.RemoveRole(ctx, tokenID, roleName, contextValue)
 	if err == authTypes.ErrTeamTokenNotFound {
 		w.WriteHeader(http.StatusNotFound)
 		return nil

api/permission_test.go

@@ -1012,7 +1012,7 @@ func (s *S) TestRoleUpdateSingleField(c *check.C) {
 func (s *S) TestAssignRoleToTeamToken(c *check.C) {
 	_, err := permission.NewRole("newrole", "app", "")
 	c.Assert(err, check.IsNil)
-	teamToken, err := servicemanager.TeamToken.Create(authTypes.TeamTokenCreateArgs{
+	teamToken, err := servicemanager.TeamToken.Create(context.TODO(), authTypes.TeamTokenCreateArgs{
 		Team: s.team.Name,
 	}, s.token)
 	c.Assert(err, check.IsNil)
@@ -1032,7 +1032,7 @@ func (s *S) TestAssignRoleToTeamToken(c *check.C) {
 	server := RunServer(true)
 	server.ServeHTTP(recorder, req)
 	c.Assert(recorder.Code, check.Equals, http.StatusOK)
-	t, err := servicemanager.TeamToken.FindByTokenID(teamToken.TokenID)
+	t, err := servicemanager.TeamToken.FindByTokenID(context.TODO(), teamToken.TokenID)
 	c.Assert(err, check.IsNil)
 	c.Assert(t.Roles, check.DeepEquals, []authTypes.RoleInstance{
 		{Name: "newrole", ContextValue: "myapp"},
@@ -1050,7 +1050,7 @@ func (s *S) TestAssignRoleToTeamToken(c *check.C) {
 }
 
 func (s *S) TestAssignRoleToTeamTokenRoleNotFound(c *check.C) {
-	teamToken, err := servicemanager.TeamToken.Create(authTypes.TeamTokenCreateArgs{
+	teamToken, err := servicemanager.TeamToken.Create(context.TODO(), authTypes.TeamTokenCreateArgs{
 		Team: s.team.Name,
 	}, s.token)
 	c.Assert(err, check.IsNil)
@@ -1086,7 +1086,7 @@ func (s *S) TestAssignRoleToTeamTokenRoleNotFound(c *check.C) {
 func (s *S) TestAssignRoleToTeamTokenNotAuthorized(c *check.C) {
 	_, err := permission.NewRole("newrole", "app", "")
 	c.Assert(err, check.IsNil)
-	teamToken, err := servicemanager.TeamToken.Create(authTypes.TeamTokenCreateArgs{
+	teamToken, err := servicemanager.TeamToken.Create(context.TODO(), authTypes.TeamTokenCreateArgs{
 		Team: s.team.Name,
 	}, s.token)
 	c.Assert(err, check.IsNil)
@@ -1109,11 +1109,11 @@ func (s *S) TestAssignRoleToTeamTokenNotAuthorized(c *check.C) {
 func (s *S) TestDissociateRoleFromTeamToken(c *check.C) {
 	_, err := permission.NewRole("newrole", "app", "")
 	c.Assert(err, check.IsNil)
-	teamToken, err := servicemanager.TeamToken.Create(authTypes.TeamTokenCreateArgs{
+	teamToken, err := servicemanager.TeamToken.Create(context.TODO(), authTypes.TeamTokenCreateArgs{
 		Team: s.team.Name,
 	}, s.token)
 	c.Assert(err, check.IsNil)
-	err = servicemanager.TeamToken.AddRole(teamToken.TokenID, "newrole", "myapp")
+	err = servicemanager.TeamToken.AddRole(context.TODO(), teamToken.TokenID, "newrole", "myapp")
 	c.Assert(err, check.IsNil)
 	req, err := http.NewRequest(http.MethodDelete,
 		fmt.Sprintf("/1.6/roles/newrole/token/%s?context=myapp", teamToken.TokenID),
@@ -1132,7 +1132,7 @@ func (s *S) TestDissociateRoleFromTeamToken(c *check.C) {
 	server := RunServer(true)
 	server.ServeHTTP(recorder, req)
 	c.Assert(recorder.Code, check.Equals, http.StatusOK)
-	t, err := servicemanager.TeamToken.FindByTokenID(teamToken.TokenID)
+	t, err := servicemanager.TeamToken.FindByTokenID(context.TODO(), teamToken.TokenID)
 	c.Assert(err, check.IsNil)
 	c.Assert(t.Roles, check.HasLen, 0)
 	c.Assert(eventtest.EventDesc{
@@ -1150,11 +1150,11 @@ func (s *S) TestDissociateRoleFromTeamToken(c *check.C) {
 func (s *S) TestDissociateRoleFromTeamTokenRoleNotFound(c *check.C) {
 	_, err := permission.NewRole("newrole", "app", "")
 	c.Assert(err, check.IsNil)
-	teamToken, err := servicemanager.TeamToken.Create(authTypes.TeamTokenCreateArgs{
+	teamToken, err := servicemanager.TeamToken.Create(context.TODO(), authTypes.TeamTokenCreateArgs{
 		Team: s.team.Name,
 	}, s.token)
 	c.Assert(err, check.IsNil)
-	err = servicemanager.TeamToken.AddRole(teamToken.TokenID, "newrole", "myapp")
+	err = servicemanager.TeamToken.AddRole(context.TODO(), teamToken.TokenID, "newrole", "myapp")
 	c.Assert(err, check.IsNil)
 	req, err := http.NewRequest(http.MethodDelete,
 		fmt.Sprintf("/1.6/roles/rolenotfound/token/%s?context=myapp", teamToken.TokenID),
@@ -1173,7 +1173,7 @@ func (s *S) TestDissociateRoleFromTeamTokenRoleNotFound(c *check.C) {
 	server := RunServer(true)
 	server.ServeHTTP(recorder, req)
 	c.Assert(recorder.Code, check.Equals, http.StatusNotFound)
-	t, err := servicemanager.TeamToken.FindByTokenID(teamToken.TokenID)
+	t, err := servicemanager.TeamToken.FindByTokenID(context.TODO(), teamToken.TokenID)
 	c.Assert(err, check.IsNil)
 	c.Assert(t.Roles, check.HasLen, 1)
 	c.Assert(eventtest.EventDesc{
@@ -1192,11 +1192,11 @@ func (s *S) TestDissociateRoleFromTeamTokenRoleNotFound(c *check.C) {
 func (s *S) TestDissociateRoleFromTeamTokenNotAuthorized(c *check.C) {
 	_, err := permission.NewRole("newrole", "app", "")
 	c.Assert(err, check.IsNil)
-	teamToken, err := servicemanager.TeamToken.Create(authTypes.TeamTokenCreateArgs{
+	teamToken, err := servicemanager.TeamToken.Create(context.TODO(), authTypes.TeamTokenCreateArgs{
 		Team: s.team.Name,
 	}, s.token)
 	c.Assert(err, check.IsNil)
-	err = servicemanager.TeamToken.AddRole(teamToken.TokenID, "newrole", "myapp")
+	err = servicemanager.TeamToken.AddRole(context.TODO(), teamToken.TokenID, "newrole", "myapp")
 	c.Assert(err, check.IsNil)
 	req, err := http.NewRequest(http.MethodDelete,
 		fmt.Sprintf("/1.6/roles/rolenotfound/token/%s?context=myapp", teamToken.TokenID),
@@ -1213,7 +1213,7 @@ func (s *S) TestDissociateRoleFromTeamTokenNotAuthorized(c *check.C) {
 	server.ServeHTTP(recorder, req)
 	c.Assert(recorder.Code, check.Equals, http.StatusForbidden)
 	c.Assert(recorder.Body.String(), check.Equals, "You don't have permission to do this action\n")
-	t, err := servicemanager.TeamToken.FindByTokenID(teamToken.TokenID)
+	t, err := servicemanager.TeamToken.FindByTokenID(context.TODO(), teamToken.TokenID)
 	c.Assert(err, check.IsNil)
 	c.Assert(t.Roles, check.HasLen, 1)
 }

api/quota.go

@@ -58,6 +58,7 @@ func getUserQuota(w http.ResponseWriter, r *http.Request, t auth.Token) error {
 //   403: Limit lower than allocated value
 //   404: User not found
 func changeUserQuota(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
+	ctx := r.Context()
 	email := r.URL.Query().Get(":email")
 	allowed := permission.Check(t, permission.PermUserUpdateQuota)
 	if !allowed {
@@ -90,7 +91,7 @@ func changeUserQuota(w http.ResponseWriter, r *http.Request, t auth.Token) (err
 			Message: "Invalid limit",
 		}
 	}
-	err = servicemanager.UserQuota.SetLimit(user, limit)
+	err = servicemanager.UserQuota.SetLimit(ctx, user, limit)
 	if err == quota.ErrLimitLowerThanAllocated {
 		return &errors.HTTP{
 			Code:    http.StatusForbidden,