Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RequestReply: Add CESQL function #8360

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

d3akhtar
Copy link

@d3akhtar d3akhtar commented Dec 1, 2024

Fixes #8318

Proposed Changes

  • Added correlation ID filter that creates a user-defined CESQL function, then returns a CESQL filter
  • Added tests for correlation ID filter

Pre-review Checklist

  • At least 80% unit test coverage
  • E2E tests for any new behavior
  • Docs PR for any user-facing impact
  • Spec PR for any new API feature
  • Conformance test for any change to the spec

Release Note

Added CESQL user function to validate correlation ID

Docs

Copy link

linux-foundation-easycla bot commented Dec 1, 2024

CLA Signed


The committers listed above are authorized under a signed CLA.

Copy link

knative-prow bot commented Dec 1, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: d3akhtar
Once this PR has been reviewed and has the lgtm label, please assign lionelvillard for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Copy link

knative-prow bot commented Dec 1, 2024

Welcome @d3akhtar! It looks like this is your first PR to knative/eventing 🎉

Copy link

knative-prow bot commented Dec 1, 2024

Hi @d3akhtar. Thanks for your PR.

I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@knative-prow knative-prow bot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 1, 2024
@knative-prow knative-prow bot requested review from creydr and matzew December 1, 2024 19:54
@Cali0707
Copy link
Member

Cali0707 commented Dec 1, 2024

/ok-to-test

@knative-prow knative-prow bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 1, 2024
Copy link
Member

@Cali0707 Cali0707 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great start @d3akhtar ! I left a few initial review comments, but since we worked on it together hopefully @pierDipi or @creydr can take a closer look as well

/cc @pierDipi @creydr

return false, errors.New("correlationId Format: <original id>:<base64/hex encoded encrypted id>")
}

slice := strings.Split(correlationId, ":")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the split here, do we need to consider that : may be a part of the id itself? Is there a need for this to be configurable? cc @pierDipi @creydr

Comment on lines +94 to +119
key, keyFieldExists := secret.Data["key"]
algorithm, algorithmFieldExists := secret.Data["algorithm"]

if keyFieldExists && algorithmFieldExists && secretNamesToTry[secret.Name] {
var decryptionFunc func(originalId string, encryptedIdBytes []byte, key []byte) (bool, error)
switch strings.ToUpper(string(algorithm)) {
case "AES", "AES-ECB":
decryptionFunc = compareWithAES
case "DES":
decryptionFunc = compareWithDES
case "3DES", "TRIPLEDES":
decryptionFunc = compareWithTripleDES
case "RC4":
decryptionFunc = compareWithRC4
default:
return false, errors.New("cipher algorithm not supported")
}

res, err := decryptionFunc(originalId, encryptedIdBytes, key)
if err != nil {
return false, err
}
if res {
return true, nil
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might split this out into its own function

},
)

ceruntime.AddFunction(correlationIdFilterFunction)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might add this to the runtime somewhere else, since this will be called to make a new CESQL expression as well. The function is doing a bit too much. There should be 2 functions:

  1. Make and add the CESQL function
  2. Parse the CESQL expression into a filter

Comment on lines +132 to +144
// Assuming .kube/config is in the home directory
basePath, _ := os.UserHomeDir()
defaultKubeConfigPath := path.Join(basePath, ".kube", "config")

// Set up k8s client to get secrets
config, err := clientcmd.BuildConfigFromFlags("", defaultKubeConfigPath)
if err != nil {
return nil, err
}
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, err
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is done for you, you can import

kubeclient "knative.dev/pkg/client/injection/kube/client"
and use it similarly to get the kube config

if err != nil {
return nil, err
}
secrets, err := clientset.CoreV1().Secrets("default").List(context.Background(), metav1.ListOptions{})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably need to configure:

  1. which namespace to look up secrets in
  2. which secret names to get

@knative-prow knative-prow bot requested a review from pierDipi December 1, 2024 20:12
Copy link

knative-prow bot commented Dec 1, 2024

@d3akhtar: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
unit-tests_eventing_main 16053ce link true /test unit-tests
reconciler-tests_eventing_main 16053ce link true /test reconciler-tests

Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

RequestReply: Add CESQL function
2 participants