-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow audit policy to be loaded from any byte source #68632
Conversation
} | ||
glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, filePath) | ||
glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, location) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
omit "file"? (same comment for other messages)
/assign @lavalamp |
return LoadPolicyFromBytes(policyDef, filePath) | ||
} | ||
|
||
func LoadPolicyFromBytes(policyDef []byte, location string) (*auditinternal.Policy, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
location doesn't make much sense in this function signature. The caller should append the location to the error message IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
location doesn't make much sense in this function signature. The caller should append the location to the error message IMO.
Wrapping errors in golang loses the type of the original error for error type checks. I could wrap it like that here, but generally that's a really bad thing for a library to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
go2 looks to be fixing this: https://go.googlesource.com/proposal/+/master/design/go2draft.md
At the moment you have to make a custom error type if you want to preserve the internal error, which is super annoying.
56d23cc
to
5d46ff4
Compare
comments addressed. @lavalamp I updated to wrap the error since these errors are not identifiable, but I think we should be careful about applying an error wrapping pattern in library methods. |
/retest |
bump |
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, lavalamp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Refactor the config loading mechanism for audit policy to allow any byte source to be used. The location is still kept as a hint in the error message, but can be set to anything. A URL or resource path for instance.
@kubernetes/sig-api-machinery-pr-reviews