Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cosmos] Refactoring how the resource type and link are passed down to the auth policy #1861

Merged
merged 7 commits into from
Oct 25, 2024

Conversation

analogrelay
Copy link
Member

In working on some stuff related to "offers" and throughput, I noticed that the way we were inferring the resource "link" when generating the payload to be signed for key-based auth wasn't going to work for offers since they use a specific format of link. So, I decided to do some refactoring here to make it so the values for generating signatures are passed in to the policy (through the context) rather than inferred. The resource type was already being passed in, so I added a new type to represent the resource link (it'll need some special case stuff for offers, but this way that can be centralized there) and updated the authorization policy to use that value when generating the signature.

The value we put in the context is ResourceLink, which wraps up:

  • The parent resource link
  • The resource type
  • The child item id, if any (a missing ID implies that the resource in question is a "feed")

The ResourceLink type also handles URL encoding to ensure that URL-unsafe characters are encoded before the URL and signature are generated. I've included APIs to allow you to build child feed/item links out of parent links.

Copy link
Member

@heaths heaths left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on context it doesn't look like your builder-like struct is being publicly exported, but I'd still recommend following conventions for uniformity throughout the code base. If that is correct, I see nothing blocking.

@analogrelay analogrelay merged commit 6a7faef into Azure:main Oct 25, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants