Sourcepolicy #3332
Merged
Sourcepolicy #3332
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cpuguy83
force-pushed
the
sourcepolicy
branch
3 times, most recently
from
e8f8a03
to
4e308ac
Compare
tonistiigi
reviewed
Nov 29, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
6 times, most recently
from
1ad024c
to
43e8ffb
Compare
|
Marking this ready, looks like it's gonna be all 💚 |
cpuguy83
force-pushed
the
sourcepolicy
branch
from
43e8ffb
to
c196502
Compare
jedevc
reviewed
Nov 30, 2022
AkihiroSuda
reviewed
Nov 30, 2022
AkihiroSuda
reviewed
Nov 30, 2022
solver/llbsolver/solver.go
Outdated
| @@ -125,7 +129,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge { | |||
| return s.bridge(b) | |||
| } | |||
|
|
|||
| func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, post []Processor) (_ *client.SolveResponse, err error) { | |||
| func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, post []Processor, srcPol *sourcepolicypb.Policy) (_ *client.SolveResponse, err error) { | |||
There was a problem hiding this comment.
The SolverResponse should contain a (boolean?) value that indicates whether the policy was consumed or not
There was a problem hiding this comment.
Consumed in what way? Policy applied to sources?
There was a problem hiding this comment.
I think a boolean here is not very useful except for just 1-off testing cases.
Probably it would be best to look at the build metadata to see what sources were actually used... maybe we could add something to trace policy usage in that metadata, but this will require a bit more effort.
AkihiroSuda
reviewed
Nov 30, 2022
AkihiroSuda
reviewed
Nov 30, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
3 times, most recently
from
f491e5f
to
9502353
Compare
|
This is updated with suggestions. |
cpuguy83
force-pushed
the
sourcepolicy
branch
2 times, most recently
from
32a6668
to
2bce7d0
Compare
jedevc
reviewed
Dec 5, 2022
tonistiigi
reviewed
Dec 8, 2022
tonistiigi
reviewed
Dec 13, 2022
tonistiigi
reviewed
Dec 13, 2022
tonistiigi
reviewed
Dec 13, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
2 times, most recently
from
87725f9
to
385f4f0
Compare
tonistiigi
reviewed
Dec 13, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
from
385f4f0
to
aeca4e1
Compare
Alternative to PR 2816 ("dockerfile: support Dockerfile.pin for pinning sources")
This version is implemented on the llbsolver side and agnostic to the LLB frontends.
See `solver/llbsolver/vertex.go:loadLLB()`.
See `docs/build-repro.md` for the usage.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This defines a better type for wildcard matching as well as a more appropritate package (contributed by Akihiro) for doing wildcard matching. Also some improvements to caching state such as compiled regexes. Co-authored-by: Akihiro Suda <suda.kyoto@gmail.com> Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This makes destination more symetrical with sources. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Allows frontends to pass in a list of policies in the solve request. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
These were just there while figuring out how things would work and are not needed now. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Per our discussion on github, each policy should be evaluated on it's own. ie. an "allow" in one policy should be able to change to a "deny" in another policy. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This makes it so a deny is always a deny regardless of if it was allowed in a prior rule. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This turns the closure into a proper recursive funciton. It also ensures there isn't a chance of infinite recursion due to changes to op inputs. Signed-off-by: Brian Goff <cpuguy83@gmail.com> fix
Updates the field names for source policies to be a little less confusing: `Source` -> `Selector`, `Destination` -> `Updates`. Also collapse `Type` into the `Identifier` which matches how the rest of buildkit works and greatly simplifies matching.. and generally makes it so the policy engine doesn't need to care about schemes. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
tonistiigi
force-pushed
the
sourcepolicy
branch
from
aeca4e1
to
c40f30e
Compare
tonistiigi
approved these changes
Dec 13, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add source policy in LLB as described in #2943 (comment)
Replaces #2943
Closes #2943