Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add denied details to errors on server authorization #3269

Merged
merged 5 commits into from
Aug 1, 2022
Merged

Add denied details to errors on server authorization #3269

merged 5 commits into from
Aug 1, 2022

Conversation

MarcosDY
Copy link
Collaborator

Add denied details to PermissionDenied errors generated from Authorization process.
It allows agent to reattest when agent entry is removed

Which issue this PR fixes
fixes #3268

@MarcosDY
Add reason to opa error message
77351f3 
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
@MarcosDY
add tests
479c37e 
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
azdagron
azdagron reviewed Jul 25, 2022
View reviewed changes
Copy link
Member

@azdagron azdagron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @MarcosDY ! I just have one small comment. Thanks for the targeted fix and unit tests!

pkg/server/api/middleware/authorization_opa.go Outdated
return ctx, false, err
}
return ctx, false, nil
return ctx, false, err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can refactor isAgent to no longer return a bool...

@MarcosDY
Add banc + evict IT
69a813b 
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
@MarcosDY
update middleware authorizaition_opa isAgent function to no longer re…
f56c1b2 
…turn a boolean

Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
azdagron
azdagron approved these changes Jul 29, 2022
View reviewed changes
Copy link
Member

@azdagron azdagron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @MarcosDY !

@MarcosDY MarcosDY merged commit 1b9b13e into spiffe:main Aug 1, 2022
@MarcosDY MarcosDY deleted the error-details branch August 1, 2022 13:55
@azdagron azdagron added this to the 1.4.0 milestone Aug 1, 2022
stevend-uber pushed a commit to stevend-uber/spire that referenced this pull request Oct 16, 2023
@MarcosDY @stevend-uber
Add denied details to errors on server authorization (spiffe#3269)
07b838a 
Add authentication error reason to opa error message

Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azdagron azdagron azdagron approved these changes

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo amartinezfayo is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.

Server api errors no longer provides error details
2 participants
@MarcosDY @azdagron