Skip to content

authz: protect GET for Projects (and prepare for more)#618

Merged
davepacheco merged 2 commits into
mainfrom
authz-work
Jan 24, 2022
Merged

authz: protect GET for Projects (and prepare for more)#618
davepacheco merged 2 commits into
mainfrom
authz-work

Conversation

@davepacheco

@davepacheco davepacheco commented Jan 22, 2022

Copy link
Copy Markdown
Collaborator

This change does a few things:

  • adds authz checks for the "GET Project" API endpoint
  • refactors the Project fetch/lookup functions, exactly analogously to what I did under add authz checks for top-level Organization endpoints #592 for Organizations. This lays groundwork for protecting the rest of the project-level API endpoints as well as the endpoints for Instances, Disks, VPCs, etc.
  • renames organization_lookup_id() (which was created in add authz checks for top-level Organization endpoints #592) to organization_lookup_path() for consistency with project_lookup_path(). The idea here is that for every resource we'll eventually have a $resource_lookup_path() function that takes the (API) path of names that identify it. For example:
    • organization_lookup_path(organization_name) (in this change, renamed from organization_lookup_id)
    • project_lookup_path(organization_name, project_name) (new in this change, this simplifies a bunch of call sites in nexus.rs)
    • disk_lookup_path(organization_name, project_name, disk_name) (future change)
    • etc
  • rewraps some comments and string literals that were over 80 columns

This is all a lot simpler than it sounds. Most of the changes are pretty mechanical.

Hopefully those examples explain why I called these *_lookup_path, and why I renamed the Organization lookup function to match, even though it only has one name in its argument list.

I'm trying to keep these PRs small and manageable. As a result, this is still an intermediate state. There will be more cleanup to be done as I get to the more deeply-nested endpoints. (As an example: in functions like Nexus::project_update_vpc, we used to first look up the Organization id, then the Project id, then the Vpc id. Now we use the new DataStore::project_lookup_path to directly fetch the project id, then we do a separate lookup for the Vpc id. In a follow on change I expect this to be simplified further using a new DataStore::vpc_lookup_path.)

david-crespo
david-crespo reviewed Jan 22, 2022
View reviewed changes
Comment thread nexus/src/nexus.rs
.await?
.id();
self.db_datastore.project_fetch(&organization_id, project_name).await
.1)

@david-crespo david-crespo Jan 22, 2022

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The .1 here feels a little opaque. One alternative would be to use a struct instead of a tuple for the lookup result (so here you would do .model or something), but maybe that's too heavy.

david-crespo
david-crespo approved these changes Jan 22, 2022
View reviewed changes

@david-crespo david-crespo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! The lookup_path concept makes sense to me. (I might have called it lookup_by_path though 🙂)

@davepacheco davepacheco merged commit 6c742ea into main Jan 24, 2022
@davepacheco davepacheco deleted the authz-work branch January 24, 2022 16:44
leftwo pushed a commit that referenced this pull request Jan 28, 2024
Update crucible and propolis versions
301f95e 
Crucible changes
Remove a superfluous copy during write serialization (#1087)
Update to progenitor v0.5.0, pull in required Omicron updates (#1115)
Update usdt to v0.5.0 (#1116)
Do not panic on reinitialize of a downstairs client. (#1114)
Bump (tracing-)opentelemetry(-jaeger) (#1113)
Make the Guest -> Upstairs queue fully async (#1086)
Switch to per-block ownership (#1107)
Handle timeout in the client IO task (#1109)
Enforce buffer alignment (#1106)
Block size buffers (#1105)
New dtrace probes and a counter struct in the Upstairs. (#1104)
Implement read decryption offloading (#1089)
Remove Arc + Mutex from Buffer (#1094)
Comment cleanup and rename of DsState::Repair -> Reconcile (#1102)
do not panic the dynamometer for OOB writes (#1101)
Allow dsc to start the downstairs in read-only mode. (#1098)
Use the omicron-zone-package methods for topo sorting (#1099)
Package with topological sorting (#1097)
Fix clippy lints in dsc (#1095)

Propolis changes:
PHD: demote artifact store logs to DEBUG, enable DEBUG on CI (#626)
PHD: fix missing newlines in serial.log (#622)
PHD: fix run_shell_command with multiline commands (#621)
PHD: fix `--artifact-directory` not doing anything (#618)
Update h2 dependency
Update Crucible (and Omicron) dependencies
PHD: refactor guest serial console handling (#615)
phd: add basic "migration-from-base" tests + machinery (#609)
phd: Ensure min disk size fits read-only parents (#611)
phd: automatically fetch `crucible-downstairs` from Buildomat (#604)
Mitigate behavior from illumos#16183
PHD: add guest adapter for WS2022 (#607)
phd: include error cause chain in failure output (#606)
add QEMU pvpanic ISA device (#596)
Add crucible-mem backend
Make crucible opt parsing more terse in standalone
@leftwo leftwo mentioned this pull request Jan 28, 2024
Merged
leftwo added a commit that referenced this pull request Jan 29, 2024
@leftwo
Update crucible and propolis versions (#4912)
45df2e6 
Crucible changes
Remove a superfluous copy during write serialization (#1087) Update to
progenitor v0.5.0, pull in required Omicron updates (#1115) Update usdt
to v0.5.0 (#1116)
Do not panic on reinitialize of a downstairs client. (#1114) Bump
(tracing-)opentelemetry(-jaeger) (#1113)
Make the Guest -> Upstairs queue fully async (#1086) Switch to per-block
ownership (#1107)
Handle timeout in the client IO task (#1109)
Enforce buffer alignment (#1106)
Block size buffers (#1105)
New dtrace probes and a counter struct in the Upstairs. (#1104)
Implement read decryption offloading (#1089)
Remove Arc + Mutex from Buffer (#1094)
Comment cleanup and rename of DsState::Repair -> Reconcile (#1102) do
not panic the dynamometer for OOB writes (#1101) Allow dsc to start the
downstairs in read-only mode. (#1098) Use the omicron-zone-package
methods for topo sorting (#1099) Package with topological sorting
(#1097)
Fix clippy lints in dsc (#1095)

Propolis changes:
PHD: demote artifact store logs to DEBUG, enable DEBUG on CI (#626) 
PHD: fix missing newlines in serial.log (#622)
PHD: fix run_shell_command with multiline commands (#621) 
PHD: fix `--artifact-directory` not doing anything (#618) Update h2
dependency
Update Crucible (and Omicron) dependencies
PHD: refactor guest serial console handling (#615) 
phd: add basic "migration-from-base" tests + machinery (#609) 
phd: Ensure min disk size fits read-only parents (#611) 
phd: automatically fetch `crucible-downstairs` from Buildomat (#604)
Mitigate behavior from illumos#16183
PHD: add guest adapter for WS2022 (#607)
phd: include error cause chain in failure output (#606) add QEMU pvpanic
ISA device (#596)
Add crucible-mem backend
Make crucible opt parsing more terse in standalone

Co-authored-by: Alan Hanson <alan@oxide.computer>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@david-crespo david-crespo david-crespo approved these changes

@teisenbe teisenbe Awaiting requested review from teisenbe

@smklein smklein Awaiting requested review from smklein

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davepacheco @david-crespo