TrueCloudLab/policy-engine
20
0
Fork 11
generated from TrueCloudLab/basic
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

WIP: Make IsAllow receive client defined overrides #82

Closed
aarifullin wants to merge 1 commit from aarifullin/policy-engine:feat/clientdef_overrides into master
pull from: aarifullin/policy-engine:feat/clientdef_overrides
merge into: TrueCloudLab:master
Conversation 2 Commits 1 Files changed 6 +140 -29
aarifullin commented 2024-06-28 11:42:31 +00:00
Member
Copy link
  • Change ChainRouter interface: IsAllow should also receive client defined overrides that are checked after local overrides but before morph chains. Client defined overrides are checked per request.
  • Fix code that uses ChainRouter.
  • Fix unit-tests.
* Change `ChainRouter` interface: `IsAllow` should also receive client defined overrides that are checked after local overrides but before morph chains. Client defined overrides are checked per request. * Fix code that uses `ChainRouter`. * Fix unit-tests.
aarifullin force-pushed feat/clientdef_overrides from cf0e7369b5 to 0b24fc0f48 2024-06-28 11:43:34 +00:00 Compare
aarifullin requested review from storage-services-committers 2024-06-28 11:43:44 +00:00
aarifullin requested review from storage-services-developers 2024-06-28 11:43:49 +00:00
aarifullin requested review from storage-core-committers 2024-06-28 11:45:10 +00:00
aarifullin requested review from storage-core-developers 2024-06-28 11:45:25 +00:00
acid-ant commented 2024-06-28 11:51:02 +00:00
Member
Copy link

Please check issue from linter:

pkg/engine/interface.go:15:46  revive  var-declaration: should drop = nil from declaration of var NoClientDefined; it is the zero value
make: *** [Makefile:54: lint] Error 1
Please check issue from `linter`: ``` pkg/engine/interface.go:15:46 revive var-declaration: should drop = nil from declaration of var NoClientDefined; it is the zero value make: *** [Makefile:54: lint] Error 1 ```
👍 1
aarifullin force-pushed feat/clientdef_overrides from 0b24fc0f48 to b91348ed80 2024-06-28 12:06:48 +00:00 Compare
aarifullin force-pushed feat/clientdef_overrides from b91348ed80 to a847f28b01 2024-06-28 12:48:15 +00:00 Compare
dstepanov-yadro approved these changes 2024-06-28 14:47:26 +00:00
acid-ant approved these changes 2024-06-28 18:36:07 +00:00
achuprov approved these changes 2024-07-01 07:22:42 +00:00
fyrchik reviewed 2024-07-01 07:31:09 +00:00
pkg/engine/inmemory/inmemory_test.go
@ -152,3 +204,3 @@
"Actor": actor2,
})
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqBadActor)
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqBadActor, engine.NoClientDefined)
fyrchik commented 2024-07-01 07:31:05 +00:00
Owner
Copy link

It seems to me that many times we need to make changes in the policy-engine, we extend some interface.
Here overrides seem to be more related to storage and not to method.
How about having some "combined overrides storage" instead? So you create interface { IsAllowed(...) } with some function taking local override storage + e.g. bearer token and use it.

It seems to me that many times we need to make changes in the policy-engine, we extend some interface. Here overrides seem to be more related to storage and not to method. How about having some "combined overrides storage" instead? So you create `interface { IsAllowed(...) }` with some function taking local override storage + e.g. bearer token and use it.
👍 1
aarifullin changed title from Make IsAllow receive client defined overrides to WIP: Make IsAllow receive client defined overrides 2024-07-01 08:24:51 +00:00
aarifullin commented 2024-07-09 12:16:36 +00:00
Author
Member
Copy link

This was successfully implemented on frostfs-storage side

This was successfully implemented on frostfs-storage side
aarifullin closed this pull request 2024-07-09 12:16:36 +00:00
All checks were successful
DCO action / DCO (pull_request) Successful in 1m30s
Details
Tests and linters / Tests (1.21) (pull_request) Successful in 1m21s
Details
Tests and linters / Tests (1.20) (pull_request) Successful in 1m33s
Details
Tests and linters / Staticcheck (pull_request) Successful in 1m29s
Details
Tests and linters / Tests with -race (pull_request) Successful in 1m47s
Details
Tests and linters / Lint (pull_request) Successful in 2m22s
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
dstepanov-yadro
acid-ant
achuprov
TrueCloudLab/storage-services-committers
TrueCloudLab/storage-services-developers
Labels
Clear labels
  
Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  
blocked

The issue or PR is blocked by something

  
bug

Something is not working

  
config

Configuration format update or breaking change

  
discussion

Talking about something in order to reach a decision or to exchange ideas

  
documentation

Documentation related

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
go

Language features adoption

  
help wanted

Extra attention is needed

  
internal

   
invalid

Something is wrong

  
kludge

This is a kludge and we know it

  
observability

Related to metrics, tracing and logs

  
perfomance

Perfomance related

  
question

More information is needed

  
refactoring

Refactoring

  
wontfix

This won't be fixed

No labels
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/policy-engine#82
No description provided.
Delete branch "aarifullin/policy-engine:feat/clientdef_overrides"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?