fix(rpc/flipt): implement Requester for evaluation data snapshot #3439

GeorgeMac · 2024-09-07T11:41:58Z

This is proposal for the open PR #3438

It changes the solution so that we actually request specific permissions when attempting to fetch evaluation snapshot data.
In order to enforce some level of authz and not leak entire namespace contents this way.

Signed-off-by: George MacRorie <me@georgemac.com>

codecov · 2024-09-07T11:53:00Z

Codecov Report

Attention: Patch coverage is 88.46154% with 6 lines in your changes missing coverage. Please review.

Project coverage is 64.69%. Comparing base (138218a) to head (8b69df4).
Report is 1 commits behind head on authz-eval-fixes.

Files with missing lines	Patch %	Lines
internal/server/middleware/grpc/middleware.go	85.36%	5 Missing and 1 partial ⚠️

Additional details and impacted files

@@                 Coverage Diff                  @@
##           authz-eval-fixes    #3439      +/-   ##
====================================================
+ Coverage             64.66%   64.69%   +0.02%     
====================================================
  Files                   174      174              
  Lines                 13920    13919       -1     
====================================================
+ Hits                   9002     9005       +3     
+ Misses                 4227     4225       -2     
+ Partials                691      689       -2

Flag	Coverage Δ
unittests	`64.69% <88.46%> (+0.02%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

* fix: disable authz for all evaluation endpoints Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: refactor authz test a bit Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: add missing test Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * fix(rpc/flipt): implement Requester for evaluation data snapshot (#3439) * chore: fix lint error Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> * chore: try to fix snapshot IT Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> --------- Signed-off-by: Mark Phelps <209477+markphelps@users.noreply.github.com> Co-authored-by: George <me@georgemac.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

GeorgeMac added 2 commits September 7, 2024 12:39

feat(authz): support types returning multiple permission requests

70aaf09

Signed-off-by: George MacRorie <me@georgemac.com>

fix(rpc/flipt): implement Requester for evaluation data snapshot

9bc86ec

Signed-off-by: George MacRorie <me@georgemac.com>

GeorgeMac requested a review from a team as a code owner September 7, 2024 11:41

GeorgeMac force-pushed the gm/authz-eval-fixes branch from f1c9864 to 8e642bb Compare September 7, 2024 11:43

fix(server/eval/data): dont skip authorization

8b69df4

Signed-off-by: George MacRorie <me@georgemac.com>

GeorgeMac force-pushed the gm/authz-eval-fixes branch from 8e642bb to 8b69df4 Compare September 7, 2024 11:43

markphelps approved these changes Sep 7, 2024

View reviewed changes

markphelps merged commit d3cfc18 into authz-eval-fixes Sep 7, 2024
58 of 61 checks passed

markphelps deleted the gm/authz-eval-fixes branch September 7, 2024 16:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(rpc/flipt): implement Requester for evaluation data snapshot #3439

fix(rpc/flipt): implement Requester for evaluation data snapshot #3439

GeorgeMac commented Sep 7, 2024

codecov bot commented Sep 7, 2024 •

edited

Loading

fix(rpc/flipt): implement Requester for evaluation data snapshot #3439

fix(rpc/flipt): implement Requester for evaluation data snapshot #3439

Conversation

GeorgeMac commented Sep 7, 2024

codecov bot commented Sep 7, 2024 • edited Loading

Codecov Report

codecov bot commented Sep 7, 2024 •

edited

Loading