Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow audit policy to be loaded from any byte source #68632

Merged
merged 1 commit into from
Oct 11, 2018
Merged

allow audit policy to be loaded from any byte source #68632

merged 1 commit into from
Oct 11, 2018

Conversation

deads2k
Copy link
Contributor

@deads2k deads2k commented Sep 13, 2018

Refactor the config loading mechanism for audit policy to allow any byte source to be used. The location is still kept as a hint in the error message, but can be set to anything. A URL or resource path for instance.

@kubernetes/sig-api-machinery-pr-reviews

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver labels Sep 13, 2018
liggitt
liggitt reviewed Sep 13, 2018
View reviewed changes
staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go Outdated
}
glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, filePath)
glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, location)
Copy link
Member

@liggitt liggitt Sep 13, 2018
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

omit "file"? (same comment for other messages)

@fedebongio
Copy link
Contributor

/assign @lavalamp

lavalamp
lavalamp reviewed Sep 13, 2018
View reviewed changes
staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go Outdated
return LoadPolicyFromBytes(policyDef, filePath)
}

func LoadPolicyFromBytes(policyDef []byte, location string) (*auditinternal.Policy, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

location doesn't make much sense in this function signature. The caller should append the location to the error message IMO.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

location doesn't make much sense in this function signature. The caller should append the location to the error message IMO.

Wrapping errors in golang loses the type of the original error for error type checks. I could wrap it like that here, but generally that's a really bad thing for a library to do.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

go2 looks to be fixing this: https://go.googlesource.com/proposal/+/master/design/go2draft.md

At the moment you have to make a custom error type if you want to preserve the internal error, which is super annoying.

@deads2k
Copy link
Contributor Author

deads2k commented Sep 14, 2018

comments addressed.

@lavalamp I updated to wrap the error since these errors are not identifiable, but I think we should be careful about applying an error wrapping pattern in library methods.

@deads2k
Copy link
Contributor Author

deads2k commented Sep 14, 2018

/retest

@deads2k
Copy link
Contributor Author

deads2k commented Oct 9, 2018

bump

@liggitt
Copy link
Member

liggitt commented Oct 9, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 9, 2018
@deads2k deads2k added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Oct 11, 2018
@k8s-ci-robot k8s-ci-robot removed the needs-kind Indicates a PR lacks a `kind/foo` label and requires one. label Oct 11, 2018
@lavalamp
Copy link
Member

/approve
/retest

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, lavalamp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 89c3fd5 into kubernetes:master Oct 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lavalamp lavalamp lavalamp left review comments

@liggitt liggitt liggitt left review comments

@CaoShuFeng CaoShuFeng Awaiting requested review from CaoShuFeng

Assignees

@lavalamp lavalamp

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@deads2k @fedebongio @liggitt @lavalamp @k8s-ci-robot