Authorization - fully implemented registry part #133
Conversation
| @@ -26,12 +28,30 @@ export class FileSystemResourceRepository implements ResourceRepository { | |||
| await fs.writeFile(this.pathToFile, JSON.stringify(rg)); | |||
| } | |||
|
|
|||
| async writePolicy(filename: string, compiledRego: Buffer): Promise<void> { | |||
There was a problem hiding this comment.
I think that compileRego adds a bit of dependency here to opa and it's too specific, maybe it should abstract as a regular resource and add attachment support? (maybe with path conventions, or getAttachment or something)
There was a problem hiding this comment.
I agree about compiledRego, it was an oversight on my part, I will rename it to something more generic.
Regarding the policy, it is already a regular resource that is saved in the resources file as part of the resource group. This function only writes the attachment (compiled rego in the case of opa) and is generic, so it can work as attachment for other types as well (poor variable naming aside).
After explaining it now I realize the function name itself (writePolicy) is also bad since it doesn't write the policy itself (which is written with the regular update function) but only the attachment. I will rename the function itself as well.
Do you still think other changes are required here other than renaming the compiledRego variable to something like content and the writePolicy function to something like writePolicyAttachment?
As a note, the attachment itself is stored with a name convention based on the metadata of namespace and name, there is no explicit link to it in the policy resource
tomeresk
force-pushed
the
authorization-registry
branch
2 times, most recently
from
700c2bc
to
3f561e3
Compare
services/src/registry.ts
Outdated
| @@ -144,8 +222,36 @@ async function fetchAndValidate(updates: Partial<ResourceGroup>): Promise<Resour | |||
| return newRg; | |||
| } | |||
|
|
|||
| type tempLocalPolicyAttachment = {metadata: ResourceMetadataInput; path: string; type: PolicyType}; | |||
There was a problem hiding this comment.
This being camelCased is driving me insane I keep thinking it's a variable
There was a problem hiding this comment.
I can make the change, the standard for type naming is Pascal case?
This includes: Create/update policy resource Attachments support for policy resource (with support for writing the attachment to both s3 and fs repositories) Opa policy type implementation, including compiling rego code to wasm and adding that to the policy as an attachment
tomeresk
force-pushed
the
authorization-registry
branch
from
3f561e3
to
b9e62c0
Compare
This includes: Create/update policy resource Attachments support for policy resource (with support for writing the attachment to both s3 and fs repositories) Opa policy type implementation, including compiling rego code to wasm and adding that to the policy as an attachment
* Authorization - fully implemented registry part (#133) This includes: Create/update policy resource Attachments support for policy resource (with support for writing the attachment to both s3 and fs repositories) Opa policy type implementation, including compiling rego code to wasm and adding that to the policy as an attachment * Authorization gateway - basic features (#138) implemented full flow with basic features Implement local policy attachment caching for all resource repositories * Add policy definitions and attachments to request context, change pol… (#141) * Add policy definitions and attachments to request context, change policy executor to use them from context instead of directly from repo * PR comments * allow jwt in param injection (policy authorization can use it through args) (#144) * Support for policy query (#143) * Policy directive - accept only a single policy (#146) * change policy directive to accept only a single policy * Refactored PolicyExecutor API to only expose static methods Co-authored-by: Tomer Eskenazi <tomeresk@gmail.com>
This includes: Create/update policy resource Attachments support for policy resource (with support for writing the attachment to both s3 and fs repositories) Opa policy type implementation, including compiling rego code to wasm and adding that to the policy as an attachment
This includes: