Add allow list #373
Merged
Add allow list #373
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can one of the admins verify this patch? |
lucasgarfield
commented
Jun 1, 2022
lucasgarfield
commented
Jun 1, 2022
lucasgarfield
force-pushed
the
allow-list
branch
3 times, most recently
from
fa15d2b
to
3c14ebc
Compare
ondrejbudai
requested changes
Jun 2, 2022
There was a problem hiding this comment.
This is awesome! I like that it's documented and fully functional (hopefully, no test coverage, I will get to this later).
I put my observations inline, my main thoughts are: reading the file must be elsewhere and we should make sure that this doesn't add much burden when defining new distros (therefore I proposed restricted distributions and globs in the allow list). Otherwise, these are just minor Go things that you didn't know.
The other big missing thing is testing - we should try to cover everything as much as possible, unit testing is fine.
Anyway, thanks for your work, and I'm happy to discuss everything in more depth if needed. :)
lucasgarfield
force-pushed
the
allow-list
branch
2 times, most recently
from
7a687a2
to
96e4497
Compare
ondrejbudai
reviewed
Jun 20, 2022
ondrejbudai
reviewed
Jun 20, 2022
lucasgarfield
force-pushed
the
allow-list
branch
2 times, most recently
from
29617b3
to
2912116
Compare
lucasgarfield
force-pushed
the
allow-list
branch
from
2912116
to
325d438
Compare
ondrejbudai
reviewed
Jun 23, 2022
lucasgarfield
force-pushed
the
allow-list
branch
2 times, most recently
from
7370eb7
to
f39a2b9
Compare
Adds an allow list for distributions that verifies that a compose request's distribution is valid for the requesting account. Validation is done using the account's orgId, which is cross referenced against an allow list file pointed to by the ALLOW_FILE environment variable. If no ALLOW_FILE environment variable is set, then an empty allow list is used as a default value.
lucasgarfield
force-pushed
the
allow-list
branch
from
f39a2b9
to
7d41e0c
Compare
ondrejbudai
approved these changes
Jun 29, 2022
ondrejbudai
approved these changes
Jun 29, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds an allow list for distributions that verifies that a compose
request's distribution is valid for the requesting account. Validation
is done using the account's orgId, which is cross referenced against an
allow list file pointed to by the ALLOW_FILE environment variable. If no
ALLOW_FILE environment variable is set, a set of fallback default values
is used.