Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ft/utapi auth #153

Merged
merged 2 commits into from
Sep 17, 2016
Merged

Ft/utapi auth #153

merged 2 commits into from
Sep 17, 2016

Conversation

LaurenSpiegel
Copy link
Contributor

These changes are needed to enable authorization checks for utapi requests.

@LaurenSpiegel LaurenSpiegel force-pushed the ft/utapiAuth branch 2 times, most recently from 9b61383 to 3f2856e Compare September 6, 2016 22:01
@LaurenSpiegel LaurenSpiegel mentioned this pull request Sep 6, 2016
Merged
@rahulreddy
Copy link
Collaborator

👍

1 similar comment
@nicolas2bert
Copy link
Contributor

👍

@alexandre-merle
Copy link
Contributor

LGTM 👍

@koolfunky
Copy link

👍

ghost
ghost suggested changes Sep 15, 2016
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a few concerns here and there, as well as some questions.

lib/policyEvaluator/RequestContext.js
@@ -35,27 +35,44 @@ function _findAction(service, method) {
if (service === 's3') {
return _actionMap[method];
}
if (service === 'utapi') {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

else if would make more sense. Or a switch statement.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be expanding at some point so I want to be clear which service is being used. When we get beyond 3 items, we can organize with an object or map structure.

lib/policyEvaluator/RequestContext.js
}
return 'arn:aws:s3:::';
}
if (service === 'utapi') {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here regarding else.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

lib/policyEvaluator/RequestContext.js
// arn:scality:utapi:::resourcetype/resource
// (possible resource types are buckets, accounts or users)
if (specificResource) {
return `arn:scality:utapi:::${generalResource}/${specificResource}`;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is plain duplication if we look a few lines above. Can we get rid of that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to keep the different services separate at least for now.

package.json
@@ -1,6 +1,6 @@
{
"name": "arsenal",
"version": "1.1.0",
"version": "1.1.0-utapi",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really wanted?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's in a drop me commit to make sure integration was picking up the right version.

tests/unit/policyEvaluator.js
@@ -1112,6 +1112,24 @@ describe('policyEvaluator', () => {
});
});

describe('policyEvaluator for utapi', () => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only two tests for utapi?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the wildcards, variables, conditions and operators are not different for utapi so no need to replicate the prior tests.

@LaurenSpiegel LaurenSpiegel force-pushed the ft/utapiAuth branch 2 times, most recently from bf28f35 to eafbdcd Compare September 17, 2016 02:35
@LaurenSpiegel LaurenSpiegel merged commit f2f00f4 into master Sep 17, 2016
@LaurenSpiegel LaurenSpiegel deleted the ft/utapiAuth branch September 17, 2016 02:38
@ghost ghost mentioned this pull request Sep 21, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@LaurenSpiegel @rahulreddy @nicolas2bert @alexandre-merle @koolfunky