Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: add ACL role state schema and functionality. #13955

Merged
merged 2 commits into from
Aug 9, 2022
Merged

core: add ACL role state schema and functionality. #13955

merged 2 commits into from
Aug 9, 2022

Conversation

jrasell
Copy link
Member

@jrasell jrasell commented Aug 2, 2022

This commit includes the new state schema for ACL roles along with
state interaction functions for CRUD actions.

The change also includes snapshot persist and restore
functionality and the addition of FSM messages for Raft updates
which will come via RPC endpoints.

related: #13120
targets: feature branch

@jrasell jrasell added this to the 1.4.0 milestone Aug 2, 2022
@jrasell jrasell requested review from schmichael and shoenig August 2, 2022 08:44
@jrasell jrasell self-assigned this Aug 2, 2022
shoenig
shoenig approved these changes Aug 2, 2022
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; just the question on having an ID for policies

nomad/state/schema.go Outdated Show resolved Hide resolved
@jrasell jrasell force-pushed the f-gh-13120-acl-role-core-state branch from 44bc65e to 9107b63 Compare August 3, 2022 14:46
@jrasell jrasell force-pushed the f-gh-13120-acl-role-core-state branch from 9107b63 to 7ee6f9a Compare August 3, 2022 14:56
@jrasell jrasell force-pushed the f-gh-13120-acl-role-core-state branch from 7ee6f9a to 9f24ae3 Compare August 3, 2022 15:09
@jrasell
core: add ACL role state schema and functionality.
7a1e05f 
This commit includes the new state schema for ACL roles along with
state interaction functions for CRUD actions.

The change also includes snapshot persist and restore
functionality and the addition of FSM messages for Raft updates
which will come via RPC endpoints.
@jrasell jrasell force-pushed the f-gh-13120-acl-role-core-state branch from 9f24ae3 to 7a1e05f Compare August 3, 2022 15:24
@jrasell jrasell requested a review from shoenig August 4, 2022 07:18
shoenig
shoenig approved these changes Aug 8, 2022
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Just the random thoughts that can be ignored

nomad/state/state_store_acl.go
Comment on lines +83 to +88
// Ensure the role hash is not zero to provide defense in depth. This
// should be done outside the state store, so we do not spend time here
// and thus Raft, when it, can be avoided.
if len(role.Hash) == 0 {
role.SetHash()
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just rambling, but I wish in retrospect the objects that have these Hash values were made from constructors or a factory or something - enforcing the hash to be set on creation rather than by hand

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a good shout. I will merge this PR as is to unblock some additional PR that are lined up, but will look into this approach as a follow up item.

nomad/state/state_store_acl.go Outdated Show resolved Hide resolved
nomad/state/state_store_acl.go Outdated Show resolved Hide resolved
nomad/structs/acl.go
Comment on lines +275 to +277
if len(a.Hash) == 0 {
a.SetHash()
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More rambling: one thing we could do is split SetHash into

  • SetHash - only set the hash if the length is zero
  • ResetHash always sets the hash to updated values

And that way we can avoid wrapping calls to SetHash with the length check in all the places where we do that

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the approach and with the above i'll take a look into this as a follow up to enhance the hash setting and raise a followup to look into similar for other structs.

@jrasell jrasell merged commit d6a9c14 into f-gh-13120-sso-umbrella Aug 9, 2022
@jrasell jrasell deleted the f-gh-13120-acl-role-core-state branch August 9, 2022 07:33
@github-actions
Copy link

github-actions bot commented Dec 8, 2022

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shoenig shoenig shoenig approved these changes

@schmichael schmichael Awaiting requested review from schmichael

Assignees

@jrasell jrasell

Labels
None yet
Projects
None yet
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jrasell @shoenig