You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the authz spec, it is mentioned that the pushed policy becomes active immediately as below:
Because the policy uploaded during the gNSI.authz.Rotate() call becomes active
immediately, the gNSI.authz.Probe() can be used to check if the uploaded
policy provides the expected response without attempting performing the
(potentially destructive) RPC in question while the gNSI.authz.Rotate() is
still active (the stream is opened and the Finalize message has not been sent
yet.
This is fine for Probe() RPC because it has to be tested before finalize.
When the Rotate() is in progress (After upload and before finalize) what is the expectation for the below two use case:
A real RPC such as /gnmi.gNMI/Get or /gnmi.gNMI/Subscribe. Should this be authorized based on the newly pushed sandbox policy (which has not yet received finalize maybe because the test phase is taking time) or the current active policy. Is the "Step 3 (optional): Test/Validation by the client." performed only using Probe() RPC or does the controller fires the actual RPC also to perform the test?
What should Get() RPC return in this intermediate state? Unlike pathz, the GetRequest does not take the PolicyInstance parameter.
The text was updated successfully, but these errors were encountered:
IMO, the new policy becomes active, period. Probe() is simply a way to test the policy without executing the RPC in the Probe; ie: /gnmi.gNMI/Subscribe would be tested against policy but not executed.
It sounds like the intention was:
"Rotate applies a new policy immediately, the rotator should test with probe() messages to see that their intended result is live, and finalize() when that's done"
Because 'live immediately', I expect that new rpcs between the start of Rotate() and Finalize() would be evaluated under the newly placed policy. If the policy failes Probe() tests (for instance) or there are signals to the rotator that: "Hey, half my RPCs are failing? wut?" the rotator may choose to not Finalize() and disconnect forcing the previous policy to take up the active role.
In summary:
In the intermittent state, all of them(Probe(), real RPC and Get()) behave as per the new policy even though Finalize is not yet issued. This is in line with the spec which mentions "active immediately".
In the authz spec, it is mentioned that the pushed policy becomes active immediately as below:
This is fine for Probe() RPC because it has to be tested before finalize.
When the Rotate() is in progress (After upload and before finalize) what is the expectation for the below two use case:
The text was updated successfully, but these errors were encountered: