internal/eval: remove the inCache

We don't currently have a benchmark that's telling us that we need this cache. In fact, several of our benchmarks show that for large, shallow entity graphs, the inCache actually slows down authorizations and batch evaluations because of all the extra allocation that goes on to build the map.

For deep entity graphs, such a cache might be useful, but I think instead that we'll try to put such a cache in the entity graph itself by keeping track of the transitive closure of every entity's parents. That way, the cache will be effective across multiple authorizations.

Signed-off-by: Patrick Jakubowski <[email protected]>

authorize.go

@@ -19,13 +19,13 @@ const (
 // IsAuthorized uses the combination of the PolicySet and Entities to determine
 // if the given Request to determine Decision and Diagnostic.
 func (p PolicySet) IsAuthorized(entityMap Entities, req Request) (Decision, Diagnostic) {
-	c := eval.InitEnv(&eval.Env{
+	env := eval.Env{
 		Entities:  entityMap,
 		Principal: req.Principal,
 		Action:    req.Action,
 		Resource:  req.Resource,
 		Context:   req.Context,
-	})
+	}
 	var diag Diagnostic
 	var forbids []DiagnosticReason
 	var permits []DiagnosticReason
@@ -35,7 +35,7 @@ func (p PolicySet) IsAuthorized(entityMap Entities, req Request) (Decision, Diag
 	// - For permit, all permits must be run to collect annotations
 	// - For forbid, forbids must be run to collect annotations
 	for id, po := range p.policies {
-		result, err := po.eval.Eval(c)
+		result, err := po.eval.Eval(env)
 		if err != nil {
 			diag.Errors = append(diag.Errors, DiagnosticError{PolicyID: id, Position: po.Position(), Message: err.Error()})
 			continue

internal/eval/compile.go

@@ -11,7 +11,7 @@ type BoolEvaler struct {
 	eval Evaler
 }
 
-func (e *BoolEvaler) Eval(env *Env) (types.Boolean, error) {
+func (e *BoolEvaler) Eval(env Env) (types.Boolean, error) {
 	v, err := e.eval.Eval(env)
 	if err != nil {
 		return false, err