[NEW] Request Module Interface to perform Search ACL check

[allenss-amazon]

The problem/use-case that the feature addresses

Currently, the Search module performs an ACL check for each FT.SEARCH and FT.AGGREGATE. Currently this is implemented as a VM_Call to fetch the ACL string for the current user. That string is parsed and then applied against the list of key prefixes for each defined index. This process is quite expensive and substantially reduces the performance of VSS.

Description of the feature

The search module maintains a list of key-prefixes for each index that's defined. It's proposed that there be a module interface that can be used to validate access by the current user to the relevant range of the keyspace.

A potential API would be:

bool ValkeyModule_CheckACLPrefix(ValkeyModule_Context *ctx,, const char *prefix, size_t length, int flags);

Returns True -> Allowed. False -> Disallowed.

Parameters:
ctx  -> current context
prefix -> Pointer to prefix string.
length -> number of bytes in string.
flags -> Flags for access checks: Flags are combinations of the usual access flags:
   VALKEYMODULE_CMD_KEY_ACCESS
   VALKEYMODULE_CMD_KEY_UPDATE
   VALKEYMODULE_CMD_KEY_INSERT
   VALKEYMODULE_CMD_KEY_DELETE

Miscellaneous semantics.

1. A 0-byte length implies all keys.
2. The prefix is guaranteed to not have a slot-tag.

Alternatives you've considered

None.

Additional information