Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for EventPolicy filters #4086

Merged
merged 12 commits into from
Aug 28, 2024
Merged

Support for EventPolicy filters #4086

merged 12 commits into from
Aug 28, 2024

Conversation

creydr
Copy link
Contributor

@creydr creydr commented Aug 27, 2024
edited
Loading

Fixes #4079

Proposed Changes

  • 🎁 Add support for EventPolicy filters
  • 🎁 Add broker e2e test for AuthZ which includes tests for filters

Hint:
e2e tests are added only for Broker yet, as KafkaChannel and KafkaSink don't support it yet (#4038 #4039)). But will be enabled for those resources in #4068

Release Note

Add support for EventPolicy filters

@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. area/control-plane area/data-plane area/test labels Aug 27, 2024
@knative-prow knative-prow bot requested review from aliok and Cali0707 August 27, 2024 15:09
@creydr
Copy link
Contributor Author

creydr commented Aug 27, 2024

/cc @pierDipi

@knative-prow knative-prow bot requested a review from pierDipi August 27, 2024 15:12
@codecov Codecov
Copy link

codecov bot commented Aug 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 48.43%. Comparing base (bae1868) to head (39fb741).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4086      +/-   ##
==========================================
- Coverage   48.44%   48.43%   -0.01%     
==========================================
  Files         244      244              
  Lines       14765    14767       +2     
==========================================
  Hits         7153     7153              
- Misses       6900     6901       +1     
- Partials      712      713       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@creydr creydr force-pushed the support-eventpolicy-filters branch from 3a79845 to e264796 Compare August 27, 2024 17:36
@creydr
Copy link
Contributor Author

creydr commented Aug 27, 2024

/test channel-reconciler-tests-sasl-plain

pierDipi
pierDipi reviewed Aug 28, 2024
View reviewed changes
...receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java
@@ -160,6 +153,8 @@ public void start(final Promise<Void> startPromise) {
}
}

authVerifier.start(vertx);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was expecting that this is somehow returning an error / Future to report when discovery fails, how are we handling that?

pierDipi
pierDipi reviewed Aug 28, 2024
View reviewed changes
...ver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/auth/AuthVerifierImpl.java
}
}

return Future.failedFuture(new AuthorizationException("Not authorized by any EventPolicy"));
if (claimMatchingPolicies.isEmpty()) {
return Future.failedFuture(new AuthorizationException("Not authorized by any EventPolicy"));
Copy link
Member

@pierDipi pierDipi Aug 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could have a static final filed with this generic AuthorizationException and re-use it

pierDipi
pierDipi approved these changes Aug 28, 2024
View reviewed changes
Copy link
Member

@pierDipi pierDipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Left comments mostly as food for thoughts / improvements

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Aug 28, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Aug 28, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: creydr, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@creydr
Copy link
Contributor Author

creydr commented Aug 28, 2024

/retest

@knative-prow knative-prow bot merged commit 241e6a7 into knative-extensions:main Aug 28, 2024
37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pierDipi pierDipi pierDipi approved these changes

@aliok aliok Awaiting requested review from aliok

@Cali0707 Cali0707 Awaiting requested review from Cali0707

Assignees

@pierDipi pierDipi

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane area/data-plane area/test lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support EventPolicies .spec.filters[]
2 participants
@creydr @pierDipi