Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acl: Add support for globbing namespaces #4982

Merged
merged 4 commits into from
Dec 19, 2018
Merged

acl: Add support for globbing namespaces #4982

merged 4 commits into from
Dec 19, 2018

Conversation

endocrimes
Copy link
Contributor

This adds basic support for globbing namespaces in acl
definitions.

For concrete definitions, we merge all of the defined policies at load time, and
perform a simple lookup later on. If an exact match of a concrete
definition is found, we do not attempt to resolve globs.

For glob definitions, we merge definitions of exact replicas of a glob.

When loading a policy for a glob defintion, we choose the glob that has
the closest match to the namespace we are resolving for. We define the
closest match as the one with the smallest character difference
between the glob and the namespace we are matching.

@endocrimes
acl: Add support for globbing namespaces
36d1045 
This commit adds basic support for globbing namespaces in acl
definitions.

For concrete definitions, we merge all of the defined policies at load time, and
perform a simple lookup later on. If an exact match of a concrete
definition is found, we do not attempt to resolve globs.

For glob definitions, we merge definitions of exact replicas of a glob.

When loading a policy for a glob defintion, we choose the glob that has
the closest match to the namespace we are resolving for. We define the
closest match as the one with the _smallest character difference_
between the glob and the namespace we are matching.
dadgar
dadgar requested changes Dec 11, 2018
View reviewed changes
acl/acl.go Outdated Show resolved Hide resolved
acl/acl.go Outdated Show resolved Hide resolved
acl/acl_test.go Outdated Show resolved Hide resolved
acl/acl_test.go Show resolved Hide resolved
acl/acl.go Show resolved Hide resolved
dadgar
dadgar approved these changes Dec 19, 2018
View reviewed changes
Copy link
Contributor

@dadgar dadgar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after small doc cleanups

website/source/guides/security/acl.html.markdown Show resolved Hide resolved
website/source/guides/security/acl.html.markdown Outdated Show resolved Hide resolved
website/source/guides/security/acl.html.markdown Outdated Show resolved Hide resolved
website/source/guides/security/acl.html.markdown Outdated Show resolved Hide resolved
@dadgar
Copy link
Contributor

dadgar commented Dec 19, 2018

Don't forget to add to changelog

@endocrimes endocrimes merged commit 0ca8b23 into master Dec 19, 2018
@endocrimes endocrimes deleted the f-acls-glob-ns branch December 19, 2018 11:49
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Omar-Khawaja Omar-Khawaja Omar-Khawaja left review comments

@dadgar dadgar dadgar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@endocrimes @dadgar @Omar-Khawaja