Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix BYO custom access policy flow #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sandeep-paliwal merged 3 commits into from
Oct 1, 2021
Merged

Fix BYO custom access policy flow #97

sandeep-paliwal merged 3 commits into from
Oct 1, 2021

Conversation

@sandeep-paliwal
Copy link
Contributor

@sandeep-paliwal sandeep-paliwal commented Sep 13, 2021

Fixes adobe/aio-tvm#46
Added check for presence of custom policies in case of BYO credentials.
If custom policies are detected init will throw error reporting the same.
Added policy prefix to easily detect policies created by aio-lib-files

TODO - add and fix existing unit tests

Description

Related Issue

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@sandeep-paliwal
Added check for presence of custom policies in case of BYO credentials.
0dd89ea 
If custom policies are detected init will throw error reporting the same.
Added policy prefix to easily detect policies created by aio-lib-files
moritzraho
moritzraho reviewed Sep 13, 2021
View reviewed changes
lib/impl/AzureBlobFiles.js Outdated
const signedIdentifiers = aclObj.elements[0]
if (signedIdentifiers.elements) {
if (signedIdentifiers.elements.length > 1) {
this._hasCustomAccessPolicies = true // flag to mark presense of custom policies
Copy link
Member

@moritzraho moritzraho Sep 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can't we throw here already instead of keeping an extra field ?

@moritzraho
Copy link
Member

moritzraho commented Sep 13, 2021

also missing unit tests

moritzraho
moritzraho reviewed Sep 13, 2021
View reviewed changes
lib/impl/AzureBlobFiles.js Outdated
return false
} else {
// if its uuidv4 type of identifier then consider it as non custom, this is to support any already created policies by aio-lib-flies
const testUUIDv4 = /^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$/gi
Copy link
Member

@moritzraho moritzraho Sep 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should only use that condition to avoid weird corner cases with old vs new ids

Meaning isCustom equals true only and only if it's not a uuidv4 and ditch the aio-lib-files prefix

Copy link
Contributor Author

@sandeep-paliwal sandeep-paliwal Sep 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel it will be good if we add the prefix, that clearly helps to differentiate between any policy lib creates vs anything else. The current two conditions of prefix check and uuidv4 format should cover any cases relevant to our usecase.

Copy link
Contributor Author

@sandeep-paliwal sandeep-paliwal Sep 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On second thought maybe since we are enforcing a single policy we won't really need a prefix to differenciate. Will remove the logic to add it.

@sandeep-paliwal
Remove uuid prefix
ec69908 
Simplify custom policy check
Add unit tests
@codecov
Copy link

codecov bot commented Sep 14, 2021
edited
Loading

Codecov Report

Merging #97 (de20570) into master (d34c5a1) will not change coverage.
The diff coverage is 100.00%.

❗ Current head de20570 differs from pull request most recent head 9713186. Consider uploading reports for the commit 9713186 to get more accurate results
Impacted file tree graph

@@            Coverage Diff            @@
##            master       #97   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          546       557   +11     
  Branches        95        98    +3     
=========================================
+ Hits           546       557   +11
Impacted Files Coverage Δ
lib/FilesError.js 100.00% <100.00%> (ø)
lib/impl/AzureBlobFiles.js 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d34c5a1...9713186. Read the comment docs.

@moritzraho moritzraho mentioned this pull request Sep 20, 2021
Closed
@sandeep-paliwal sandeep-paliwal merged commit 324adfa into master Oct 1, 2021
@meryllblanchet meryllblanchet deleted the byo_custom_policy_error branch October 1, 2021 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moritzraho moritzraho moritzraho approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Custom access policy for BYO Container is not supported

3 participants

@sandeep-paliwal @moritzraho