Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add filters to event policy #8122

Merged
merged 11 commits into from
Aug 16, 2024
Merged

Add filters to event policy #8122

merged 11 commits into from
Aug 16, 2024

Conversation

Cali0707
Copy link
Member

Fixes #8114

Proposed Changes

  • Add filters to the eventpolicy types and CRD
  • Update the auth package to correctly handle the filters with the subjects

Pre-review Checklist

  • At least 80% unit test coverage
  • E2E tests for any new behavior
  • Docs PR for any user-facing impact
  • Spec PR for any new API feature
  • Conformance test for any change to the spec

Release Note

EventPolicy resources now support using SubscriptionsAPI filters at ingress.

Docs

@knative-prow knative-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 31, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Jul 31, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Cali0707

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 31, 2024
@knative-prow-robot knative-prow-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 10, 2024
@knative-prow-robot knative-prow-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 12, 2024
@Cali0707 Cali0707 changed the title WIP: Add filters to event policy Add filters to event policy Aug 12, 2024
@knative-prow knative-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 12, 2024
@Cali0707
Copy link
Member Author

/cc @creydr

@knative-prow knative-prow bot requested a review from creydr August 12, 2024 14:08
@codecov Codecov
Copy link

codecov bot commented Aug 12, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 8.23529% with 78 lines in your changes missing coverage. Please review.

Please upload report for BASE (main@1123cfa). Learn more about missing BASE report.
Report is 2 commits behind head on main.

Files Patch % Lines
pkg/eventfilter/subscriptionsapi/create.go 0.00% 44 Missing ⚠️
pkg/auth/token_verifier.go 0.00% 29 Missing ⚠️
pkg/broker/filter/filter_handler.go 0.00% 3 Missing ⚠️
pkg/auth/event_policy.go 71.42% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #8122   +/-   ##
=======================================
  Coverage        ?   67.51%           
=======================================
  Files           ?      371           
  Lines           ?    17974           
  Branches        ?        0           
=======================================
  Hits            ?    12136           
  Misses          ?     5066           
  Partials        ?      772

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Cali0707
Copy link
Member Author

@creydr could you TAL at this?

creydr
creydr reviewed Aug 14, 2024
View reviewed changes
Copy link
Member

@creydr creydr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Cali0707 for working on this. Left some comments.

And maybe you can think about updating the authz e2e "conformance" tests, with a test for this 🤷

pkg/auth/event_policy.go Show resolved Hide resolved
pkg/auth/event_policy.go Outdated
if strings.EqualFold(s, sub) {
return true
}
func SubjectAndFiltersPass(ctx context.Context, sub string, allowedSubsWithFilters []filtersBySubjects, event *cloudevents.Event, logger *zap.SugaredLogger) bool {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure, what I am missing here, but isn't the API for filters for the whole EventPolicy and not aligned to some subjects instead of like here "filters by subjects"?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah ok. According to https://github.com/knative/eventing/pull/8122/files#diff-5a45b6a786dbd89c11dc49f5d111d8b06700e9770b13a1f37d4896c3625f5a20R148 it seems to be more a "filters and subjects"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the way I was thinking about it is if the subject matches the .from subjects, then the event is matched against the filters for that policy. I agree the name isn't great here, I was having a hard time finding a good one

pkg/auth/token_verifier.go Show resolved Hide resolved
pkg/auth/token_verifier.go Outdated Show resolved Hide resolved
pkg/auth/token_verifier.go Outdated Show resolved Hide resolved
pkg/eventfilter/subscriptionsapi/create.go Show resolved Hide resolved
@knative-prow knative-prow bot added the area/test-and-release Test infrastructure, tests or release label Aug 14, 2024
@Cali0707
Copy link
Member Author

/cc @creydr

@knative-prow knative-prow bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 14, 2024
@knative-prow knative-prow bot requested a review from creydr August 14, 2024 19:29
@Cali0707
Copy link
Member Author

@creydr I fixed the failing conformance test, could you re-check when you have a minute?

creydr
creydr reviewed Aug 16, 2024
View reviewed changes
Copy link
Member

@creydr creydr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome. Thanks for working on this 👍

/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Aug 16, 2024
@knative-prow knative-prow bot merged commit 2b92299 into knative:main Aug 16, 2024
35 of 36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@creydr creydr creydr left review comments

@lionelvillard lionelvillard Awaiting requested review from lionelvillard

@matzew matzew Awaiting requested review from matzew

Assignees

@creydr creydr

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test-and-release Test infrastructure, tests or release lgtm Indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support filters in EventPolicy resources
3 participants
@Cali0707 @creydr @knative-prow-robot