Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: refactor request models to include scope #3104

Merged
merged 6 commits into from
May 22, 2024
Merged

chore: refactor request models to include scope #3104

merged 6 commits into from
May 22, 2024

Conversation

markphelps
Copy link
Collaborator

@markphelps markphelps commented May 21, 2024
edited

  • adds scope to request model to aide in authz, as we will be 'scoping' authz policies to be at the namespace, flag, segment, and token levels. ie we wont support policies where you can update a flag but not a variant since variants are 'nested' under flags
  • if no scope is present, then we will fallback to the subject for authz
  • move past tense logic for audit events into the part of code that creates audit events
  • get rid of un-needed audit event custom marshaller
  • adds namespaced interface to requestor as we'll need to be able to get the namespace of the request for future RBAC support

I initially was going to have the Request also know how to 'create' it's own audit event, however I realized this wasn't really possible since the majority of audit events include the entire object / structure after the response has already been constructed, which we wont have at 'request time'

@markphelps
chore: refactor request models to include scope
32e5686 
Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com>
@markphelps markphelps requested a review from a team as a code owner May 21, 2024 18:39
@markphelps markphelps requested a review from GeorgeMac May 21, 2024 18:39
@markphelps
chore: fix engine_test
90e776a
@markphelps
chore: make scope optional and use subject if not provided
574f261
@markphelps
chore: fix executor_test
2605802 
Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com>
@markphelps
chore: fix log sink test
19e6e7b 
Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com>
GeorgeMac
GeorgeMac approved these changes May 22, 2024
View reviewed changes
Copy link
Contributor

@GeorgeMac GeorgeMac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I am going to merge it in so I can make the changes to the policy language on this.

@GeorgeMac GeorgeMac merged commit 8a04470 into authz May 22, 2024
24 of 25 checks passed
@GeorgeMac GeorgeMac deleted the authz-request-refactor branch May 22, 2024 08:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GeorgeMac GeorgeMac GeorgeMac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@markphelps @GeorgeMac