-
Notifications
You must be signed in to change notification settings - Fork 590
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parallel Reconciler: Create EventPolicies for Parallel #7984
Comments
/assign |
Hey @swastik959, are there anything I can help you with regarding understanding this issue? |
@swastik959 All the prerequisite for this issue has been met, and it is ready to be worked on. |
Are there anything I could help you with? @swastik959 If you're still working on this issue, please let me know within the next 24 hours. We understand that plans and priorities can change, and if you're no longer able to continue with this task, that's completely okay! In case I don't hear back from you in the next 24 hours, I'll unassign the issue from you. Of course, if you'd like to continue working on it later, you can always reassign it to yourself if it is still available. |
@rahulii: Thanks for reaching out! As we didn't see any progress on this, I think you can take this over if you want! |
hey @Leo6Leo , here
this is Channel0, as per above diagram, correct ? |
@rahulii Hey Rahul, yes you are correct, |
Similar to a Sequence, the Parallel implementation uses Channels under the hood. This means that the Parallel
breaks down to something like
Therefor we need to make sure we have the correct EventPolicies in place to not block requests to the underlying channel. So the Parallel reconciler should behave as described:
authentication-oidc
feature flag is set toenabled
:Channel1
:.spec.ref
: pointing toChannel1
.spec.from
: OIDC identity ofSubscription1
. This means.spec.from
is aref
toSubscription1
Channel2
:.spec.ref
: pointing toChannel2
.spec.from
: OIDC identity ofSubscription3
. This means.spec.from
is aref
toSubscription3
Channel0
:Channel0
represents the input channel of the Parallel and we would not be aware of the allowed subs. But as soon as an EventPolicy for the Parallel is in place, the Parallel reconciler would also create an EventPolicy for its input channel (Channel0
here) with the allowed subjects from the EventPolicy targeting the Parallel.authentication-oidc
feature flag is set todisabled
:authentication-oidc
wasenabled
(e.g. by filtering on EventPolicies which have an owner reference to a Parallel)Prerequisites:
EventPolicy
type #7971.status.policies
#7979Additional context:
Additional hints for new contributors before starting with this issue:
Draft
status, the issue is subject to change and thus should not be started to be worked on/assign
). Please be aware that we might unassign you, if we don't see any progress from your side to give other contributors also a chance to work on this issue.The text was updated successfully, but these errors were encountered: