bundle: Replace HasPrefix in erasePolicy #3863
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
edpaget
force-pushed
the
ep-fix-has-prefix
branch
from
467ed03 to
f10c74e
Compare
srenatus
changed the title
srenatus
reviewed
Oct 6, 2021
edpaget
force-pushed
the
ep-fix-has-prefix
branch
from
25628ad to
c8f16f2
Compare
srenatus
previously approved these changes
Oct 6, 2021
Using HasPrefix to compare a root path to the path of policy can result in unexpected behaviour when different bundles have similarly named roots. This replaces the HasPrefix comparison with a comparison that treats the paths as directories and checks if the policy path is the same path as the root or a subdirectory of the root path. Signed-off-by: Edward Paget <edward.paget@chime.com> Fixed changes requested by @srenatus Replace custom function with existing one. Signed-off-by: Edward Paget <edward.paget@chime.com>
edpaget
force-pushed
the
ep-fix-has-prefix
branch
from
c8f16f2 to
9314760
Compare
|
All done thanks for the quick responses! |
srenatus
approved these changes
Oct 6, 2021
edpaget
added a commit
to 1debit/opa
that referenced
this pull request
Oct 7, 2021
Using HasPrefix to compare a root path to the path of policy can result in unexpected behaviour when different bundles have similarly named roots. This replaces the HasPrefix comparison with a comparison that treats the paths as directories and checks if the policy path is the same path as the root or a subdirectory of the root path, using an existing helper. Signed-off-by: Edward Paget <edward.paget@chime.com>
dolevf
pushed a commit
to dolevf/opa
that referenced
this pull request
Nov 4, 2021
Using HasPrefix to compare a root path to the path of policy can result in unexpected behaviour when different bundles have similarly named roots. This replaces the HasPrefix comparison with a comparison that treats the paths as directories and checks if the policy path is the same path as the root or a subdirectory of the root path, using an existing helper. Signed-off-by: Edward Paget <edward.paget@chime.com> Signed-off-by: Dolev Farhi <farhi.dolev@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using HasPrefix to compare a root path to the path of policy can result
in unexpected behaviour when different bundles have similarly named
roots.
This replaces the HasPrefix comparison with a comparison that treats the
paths as directories and checks if the policy path is the same path as
the root or a subdirectory of the root path.
Signed-off-by: Edward Paget edward.paget@chime.com
For a full explanation of this fix, I ran into this problem with our OPA deployment where I have bundles that are related to specific events. I have two events which I'll call
event_oneand another calledevent_one_for_the_books. They have policies packaged undercom/example/event_oneandcom/example/event_one_for_the_books. I found that -- depending on the order the bundles were initialized on my OPA node -- policies under the rootcom/example/event_one_for_the_bookswere not present because they were being deleted when theevent_onebundle was initialized.I think there's a good case to be made for my events to not be named such that the name of one is a substring of the other, but policies being overwritten was still surprising.
Also since bundle roots and package names seem to be generally treated as paths, it made sense to me that the comparison should look for equal paths or subdirectories instead of a string prefix.