authz: protect VPC router endpoints#775
Merged
Merged
Conversation
davepacheco
commented
Mar 16, 2022
| let system_router_id = Uuid::new_v4(); | ||
| let default_route_id = Uuid::new_v4(); | ||
| let default_subnet_id = Uuid::new_v4(); | ||
|
|
Collaborator
Author
There was a problem hiding this comment.
Note: prior to this change, we actually created the system router for the VPC in the database before the VPC itself. This change creates the VPC first. Both seem invalid in that each creates a record in the database that refers to another record that doesn't exist (usually for a brief period). I didn't think this was any worse, and it made the authz implementation simpler (because we assume the VPC exists in order to do an authz check on creating a router inside it).
There are already multiple TODOs in this function to use sagas or a transaction instead.
71 tasks
bnaecker
approved these changes
Mar 16, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change protects the API endpoints for CRUD for VPC Routers.
Like the other VPC endpoints I've done so far (VPCs, VPC Subnets), I'm changing "PUT" to return 200 rather than 204 for consistency with the rest of the API.
oxapi_demo does not have any commands for working with routers so that's missing from this change.