generated from TrueCloudLab/basic
WIP: Make IsAllow receive client defined overrides #82
No reviewers
TrueCloudLab/storage-services-committers
TrueCloudLab/storage-services-developers
Labels
No Label
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
No Milestone
No project
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: TrueCloudLab/policy-engine#82
Loading…
Reference in New Issue
There is no content yet.
Delete Branch "aarifullin/policy-engine:feat/clientdef_overrides"
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?
ChainRouter
interface:IsAllow
should also receive client defined overrides that are checked after local overrides but before morph chains. Client defined overrides are checked per request.ChainRouter
.cf0e7369b5
to0b24fc0f48
Please check issue from
linter
:0b24fc0f48
tob91348ed80
b91348ed80
toa847f28b01
@ -152,3 +204,3 @@
"Actor": actor2,
})
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqBadActor)
status, ok, _ := s.IsAllowed(chain.Ingress, engine.NewRequestTarget(namespace, container), reqBadActor, engine.NoClientDefined)
It seems to me that many times we need to make changes in the policy-engine, we extend some interface.
Here overrides seem to be more related to storage and not to method.
How about having some "combined overrides storage" instead? So you create
interface { IsAllowed(...) }
with some function taking local override storage + e.g. bearer token and use it.Make IsAllow receive client defined overridesto WIP: Make IsAllow receive client defined overridesStep 1:
From your project repository, check out a new branch and test the changes.Step 2:
Merge the changes and update on Forgejo.