Added support for policy data deletion

[maurice-freitag]

Fixes Issue

Closes #430, partially closes #46

Changes proposed

• validate data updates serverside (check for allowed save_method)
• use clientSession.request() instead of defaulting to clientSession.put()
• added support for http DELETE updating policy data in opa
• added data updated REST API examples to docs

Check List (Check all the applicable boxes)

• My code follows the code style of this project. - not sure, are there recommended extensions for VS Code?
• My change requires changes to the documentation.
• I have updated the documentation accordingly.
• All new and existing tests passed.
• This PR does not contain plagiarized content.
• The title of my pull request is a short description of the requested changes.

Screenshots

Note to reviewers

[netlify]

✅ Deploy Preview for opal-docs ready!

Name	Link
🔨 Latest commit	c346bf3
🔍 Latest deploy log	https://app.netlify.com/sites/opal-docs/deploys/64423a25c6d6e30008409740
😎 Deploy Preview	https://deploy-preview-447--opal-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[roekatz]

Hi @maurice-freitag ,
Thanks for that great, much needed contribution !
I do have couple of concerns - detailed in my comments.
LMK if you think you can fix those :)

[roekatz]

or if static data is embedded in entry

[roekatz]

Hmm... validation is good although I'm not sure that's the right spot.
Clients can get entries also from external_source_url.
I think the best way would be to make those validations in DataSourceEntry's own initialization (and catching the potential exceptions in the proper places)

[roekatz]

You already have "PUT" as the default method in set_policy_data,
So it might be better to not pass it at all when it's none and let each policy store (there would be other stores in OPAL soon) have its own defaults.

[roekatz]

I don't really like giving "DELETE" a special care here.
url can be None and handler would just not fetch anything, So I feel like being explicit here overall makes the code less readable.

[roekatz]

Again, I don't think I like the special handling of "DELETE".
I don't think it makes sense to split it to different methods here - PolicyStoreClient might need to have different implementations for different methods but that's not the concern of this part.

I know this method have become too big and messy over time, but we should fix it in some other way (or possibly in another PR, I thought about separating all the fetching & http status codes handling to another method called enrich_entries which fetches urls, and could do other stuff in the future).

Moreover, as a result of your separation of handle_delete_data from handle_new_data:

1. path normalization isn't happening for "DELETE".
2. reports are not collected for "DELETE".
3. reports collected for other entries are not reported.

In short - I think you should basically let this code handle DELETE entries like any other entry (maybe should make DataFetcher.handle_url not log an error when both url & data are None, or if you have the time implement that enrich_entries which proxies handle_urls but not letting through entries of that kind)

[roekatz]

Just figured out we have a similar but old and unmerged PR by @orishavit: #314
@maurice-freitag See if that helps you.

[orweis]

@maurice-freitag are you still on to finish this PR ?

[maurice-freitag]

@maurice-freitag are you still on to finish this PR ?

Yes, I'll probably get to it this week, however I suspect #314 might do the trick. I'll have a look at it and abandon this PR if appropriate.

[maurice-freitag]

@orweis @roekatz #314 looks a lot more elegant to me. I'm unsure about the JSON Patch stuff, I would have imagined it to be a lot more complicated than it looks. I haven't tested it but @orishavit 's solution looks preferable to mine (sadly 😅) .