-
Notifications
You must be signed in to change notification settings - Fork 601
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add filters to event policy #8122
Add filters to event policy #8122
Conversation
Signed-off-by: Calum Murray <[email protected]>
Signed-off-by: Calum Murray <[email protected]>
Signed-off-by: Calum Murray <[email protected]>
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Cali0707 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Calum Murray <[email protected]>
Signed-off-by: Calum Murray <[email protected]>
/cc @creydr |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #8122 +/- ##
=======================================
Coverage ? 67.51%
=======================================
Files ? 371
Lines ? 17974
Branches ? 0
=======================================
Hits ? 12136
Misses ? 5066
Partials ? 772 ☔ View full report in Codecov by Sentry. |
@creydr could you TAL at this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @Cali0707 for working on this. Left some comments.
And maybe you can think about updating the authz e2e "conformance" tests, with a test for this 🤷
pkg/auth/event_policy.go
Outdated
if strings.EqualFold(s, sub) { | ||
return true | ||
} | ||
func SubjectAndFiltersPass(ctx context.Context, sub string, allowedSubsWithFilters []filtersBySubjects, event *cloudevents.Event, logger *zap.SugaredLogger) bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure, what I am missing here, but isn't the API for filters for the whole EventPolicy and not aligned to some subjects instead of like here "filters by subjects"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah ok. According to https://github.com/knative/eventing/pull/8122/files#diff-5a45b6a786dbd89c11dc49f5d111d8b06700e9770b13a1f37d4896c3625f5a20R148 it seems to be more a "filters and subjects"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, the way I was thinking about it is if the subject matches the .from
subjects, then the event is matched against the filters for that policy. I agree the name isn't great here, I was having a hard time finding a good one
Signed-off-by: Calum Murray <[email protected]>
/cc @creydr |
Signed-off-by: Calum Murray <[email protected]>
a7a0f57
to
213c77a
Compare
Signed-off-by: Calum Murray <[email protected]>
Signed-off-by: Calum Murray <[email protected]>
Signed-off-by: Calum Murray <[email protected]>
@creydr I fixed the failing conformance test, could you re-check when you have a minute? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome. Thanks for working on this 👍
/lgtm
Fixes #8114
Proposed Changes
Pre-review Checklist
Release Note
Docs