feat: dump authorizationPolicy#1222
Conversation
|
Welcome @yp969803! It looks like this is your first PR to kmesh-net/kmesh 🎉 |
|
@hzxuzhonghu @LiZhenCheng9527 can you review the PR |
pkg/status/api.go
Outdated
| Namespace string `json:"namespace"` | ||
| Scope string `json:"scope"` | ||
| Action string `json:"action"` | ||
| Rules []string `json:"rules"` |
There was a problem hiding this comment.
rules are complex structure, we can use the original definition
pkg/status/status_server.go
Outdated
| @@ -460,7 +459,7 @@ type WorkloadDump struct { | |||
| Workloads []*Workload | |||
| Services []*Service | |||
| // TODO: add authorization | |||
| "kmesh.net/kmesh/api/v2/workloadapi/security" | ||
| ) | ||
|
|
||
| type PolicyCache interface { |
There was a problem hiding this comment.
we do have a policyStore in pkg/auth/policy_store.go, can we share with it
|
@hzxuzhonghu can you review i have done the changes ! |
hzxuzhonghu
left a comment
There was a problem hiding this comment.
Generally LG
Can you add ut tests for it
|
@hzxuzhonghu added unit test |
pkg/status/status_server_test.go
Outdated
| fakeWorkloadCache.AddOrUpdateWorkload(w1) | ||
| fakeServiceCache.AddOrUpdateService(svc) | ||
| fakeAuth := auth.NewRbac(fakeWorkloadCache) | ||
| fakeAuth.UpdatePolicy(policy) |
There was a problem hiding this comment.
YOu still need to update the GoldenFile
|
@hzxuzhonghu updated the golden file, can u review ! |
Codecov ReportAttention: Patch coverage is
Continue to review full report in Codecov by Sentry.
|
|
/retest |
|
@hzxuzhonghu all tests have passed, it can be merged now ! |
|
You still have some commits are unsign-off. https://github.com/kmesh-net/kmesh/runs/37606226574 |
There was a problem hiding this comment.
PR Overview
This PR adds support for dumping authorization policies along with workloads and services in the status dump endpoint. Key changes include:
- Introducing a new AuthorizationPolicy type and its conversion function in pkg/status/api.go.
- Adding list functions in pkg/auth/policy_store.go and pkg/auth/rbac.go to retrieve the policies.
- Updating tests and the status server to include the authorization policies in the workload dump.
Reviewed Changes
| File | Description |
|---|---|
| pkg/status/api.go | Adds the AuthorizationPolicy struct and a corresponding conversion function. |
| pkg/auth/policy_store.go | Adds a list() function for returning a copied list of all policies. |
| pkg/status/status_server_test.go | Updates tests to validate dumping of authorization policies. |
| pkg/auth/rbac.go | Adds PoliciesList to expose the policies from the policy store. |
| pkg/status/status_server.go | Modifies the workload dump to include converted authorization policies. |
| pkg/controller/workload/workload_processor.go | Minor change ensuring policy updates are properly propagated. |
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Signed-off-by: Yash Patel <yp969803@gmail.com>
Signed-off-by: Yash Patel <yp969803@gmail.com>
|
@LiZhenCheng9527 added signoff message |
|
/retest |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hzxuzhonghu, LiZhenCheng9527 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind enhancement
What this PR does / why we need it:
support authorizationPolicy dump
Which issue(s) this PR fixes:
Fixes #214
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
No