Skip to content

Commit

Permalink
refactor: improved tracking of the origin of a policy rule throughout…
Browse files Browse the repository at this point in the history
… merges

Signed-off-by: Guilherme Cassolato <[email protected]>
  • Loading branch information
guicassolato committed Oct 29, 2024
1 parent b32a441 commit e92b91d
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 13 deletions.
38 changes: 28 additions & 10 deletions api/v1/merge_strategies.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,13 +69,11 @@ func AtomicDefaultsMergeStrategy(source, target machinery.Policy) machinery.Poli
return source
}

mergeableTargetPolicy := target.(MergeablePolicy)

if !mergeableTargetPolicy.Empty() {
return mergeableTargetPolicy.DeepCopyObject().(machinery.Policy)
if mergeableTarget := target.(MergeablePolicy); !mergeableTarget.Empty() {
return copyMergeablePolicy(mergeableTarget)
}

return source.(MergeablePolicy).DeepCopyObject().(machinery.Policy)
return copyMergeablePolicy(source.(MergeablePolicy))
}

var _ machinery.MergeStrategy = AtomicDefaultsMergeStrategy
Expand All @@ -86,7 +84,7 @@ func AtomicOverridesMergeStrategy(source, _ machinery.Policy) machinery.Policy {
if source == nil {
return nil
}
return source.(MergeablePolicy).DeepCopyObject().(machinery.Policy)
return copyMergeablePolicy(source.(MergeablePolicy))
}

var _ machinery.MergeStrategy = AtomicOverridesMergeStrategy
Expand All @@ -105,12 +103,16 @@ func PolicyRuleDefaultsMergeStrategy(source, target machinery.Policy) machinery.
targetMergeablePolicy := target.(MergeablePolicy)

// copy rules from the target
rules := targetMergeablePolicy.Rules()
rules := lo.MapValues(targetMergeablePolicy.Rules(), mapRuleWithSourceFunc(target))

Check warning on line 106 in api/v1/merge_strategies.go

View check run for this annotation

Codecov / codecov/patch

api/v1/merge_strategies.go#L106

Added line #L106 was not covered by tests

// add extra rules from the source
for ruleID, rule := range sourceMergeablePolicy.Rules() {
if _, ok := targetMergeablePolicy.Rules()[ruleID]; !ok {
rules[ruleID] = rule.WithSource(source.GetLocator())
origin := rule.GetSource()
if origin == "" {
origin = source.GetLocator()

Check warning on line 113 in api/v1/merge_strategies.go

View check run for this annotation

Codecov / codecov/patch

api/v1/merge_strategies.go#L111-L113

Added lines #L111 - L113 were not covered by tests
}
rules[ruleID] = rule.WithSource(origin)

Check warning on line 115 in api/v1/merge_strategies.go

View check run for this annotation

Codecov / codecov/patch

api/v1/merge_strategies.go#L115

Added line #L115 was not covered by tests
}
}

Expand All @@ -129,12 +131,16 @@ func PolicyRuleOverridesMergeStrategy(source, target machinery.Policy) machinery
targetMergeablePolicy := target.(MergeablePolicy)

// copy rules from the source
rules := sourceMergeablePolicy.Rules()
rules := lo.MapValues(sourceMergeablePolicy.Rules(), mapRuleWithSourceFunc(source))

Check warning on line 134 in api/v1/merge_strategies.go

View check run for this annotation

Codecov / codecov/patch

api/v1/merge_strategies.go#L134

Added line #L134 was not covered by tests

// add extra rules from the target
for ruleID, rule := range targetMergeablePolicy.Rules() {
if _, ok := sourceMergeablePolicy.Rules()[ruleID]; !ok {
rules[ruleID] = rule
origin := rule.GetSource()
if origin == "" {
origin = target.GetLocator()
}
rules[ruleID] = rule.WithSource(origin)

Check warning on line 143 in api/v1/merge_strategies.go

View check run for this annotation

Codecov / codecov/patch

api/v1/merge_strategies.go#L139-L143

Added lines #L139 - L143 were not covered by tests
}
}

Expand Down Expand Up @@ -206,3 +212,15 @@ func PathID(path []machinery.Targetable) string {
return strings.TrimPrefix(k8stypes.NamespacedName{Namespace: t.GetNamespace(), Name: t.GetName()}.String(), string(k8stypes.Separator))
}), "|")
}

func mapRuleWithSourceFunc(source machinery.Policy) func(MergeableRule, string) MergeableRule {
return func(rule MergeableRule, _ string) MergeableRule {
return rule.WithSource(source.GetLocator())
}
}

func copyMergeablePolicy(policy MergeablePolicy) MergeablePolicy {
dup := policy.DeepCopyObject().(MergeablePolicy)
dup.SetRules(lo.MapValues(dup.Rules(), mapRuleWithSourceFunc(policy)))
return dup
}
5 changes: 5 additions & 0 deletions api/v1beta3/authpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,11 @@ func (p *AuthPolicy) Rules() map[string]kuadrantv1.MergeableRule {
}

func (p *AuthPolicy) SetRules(rules map[string]kuadrantv1.MergeableRule) {
// clear all rules of the policy before setting new ones
p.Spec.Proper().NamedPatterns = nil
p.Spec.Proper().Conditions = nil
p.Spec.Proper().AuthScheme = nil

ensureNamedPatterns := func() {
if p.Spec.Proper().NamedPatterns == nil {
p.Spec.Proper().NamedPatterns = make(map[string]MergeablePatternExpressions)
Expand Down
5 changes: 4 additions & 1 deletion api/v1beta3/ratelimitpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,10 @@ func (p *RateLimitPolicy) Rules() map[string]kuadrantv1.MergeableRule {
}

func (p *RateLimitPolicy) SetRules(rules map[string]kuadrantv1.MergeableRule) {
if len(rules) > 0 && p.Spec.Proper().Limits == nil {
// clear all rules of the policy before setting new ones
p.Spec.Proper().Limits = nil

if len(rules) > 0 {
p.Spec.Proper().Limits = make(map[string]Limit)
}

Expand Down
2 changes: 1 addition & 1 deletion controllers/auth_policy_status_updater.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ func (r *AuthPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1beta3.Auth
for _, policyRuleKey := range policyRuleKeys {
if effectivePolicyRule, ok := effectivePolicyRules[policyRuleKey]; !ok || (ok && effectivePolicyRule.GetSource() != policy.GetLocator()) { // policy rule has been overridden by another policy
var overriddenBy string
if ok { // TODO(guicassolato): !ok → we cannot tell which policy is overriding the rule, this information is lost when the policy rule is dropped during an atomic override
if ok {
overriddenBy = effectivePolicyRule.GetSource()
}
overridingPolicies[policyRuleKey] = append(overridingPolicies[policyRuleKey], overriddenBy)
Expand Down
2 changes: 1 addition & 1 deletion controllers/ratelimit_policy_status_updater.go
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ func (r *RateLimitPolicyStatusUpdater) enforcedCondition(policy *kuadrantv1beta3
for _, policyRuleKey := range policyRuleKeys {
if effectivePolicyRule, ok := effectivePolicyRules[policyRuleKey]; !ok || (ok && effectivePolicyRule.GetSource() != policy.GetLocator()) { // policy rule has been overridden by another policy
var overriddenBy string
if ok { // TODO(guicassolato): !ok → we cannot tell which policy is overriding the rule, this information is lost when the policy rule is dropped during an atomic override
if ok {
overriddenBy = effectivePolicyRule.GetSource()
}
overridingPolicies[policyRuleKey] = append(overridingPolicies[policyRuleKey], overriddenBy)
Expand Down

0 comments on commit e92b91d

Please sign in to comment.