Explicitly use the alloc op context for dpd nat updates #4654
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I think there's a test failure here. If anyone feels like getting this over the line, please, be my guest. |
|
@jmpesp I appreciate you! |
smklein
reviewed
Dec 11, 2023
smklein
approved these changes
Dec 11, 2023
|
I updated to used the recommended approach (which I just realized was also done in other places). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was an issue in main where deleting an instance failed w/ a 403. Digging in further it looked like the 403 was coming from the instance delete saga, specifically the
InstanceDeleteNatstep that was added in #4610. It turns out that calledinstance_delete_dpd_configwhich calledboundary_switcheswith the normal opcontext. Boundary switches callslist_switch_ports_with_uplinksand that requires fleet level permissions.The fix here was to pass the
opcontext_allocwhich gives higher level permissions down theboundary_switchescall chain.I believe that we should ultimately try to figure out some way to encode our authz state into the type system such that you can't just pass down a generic opcontext. I'm not exactly sure how we would do that, but it seems worth pursuing.