kmesh icon indicating copy to clipboard operation
kmesh copied to clipboard
verified publisher icon kmesh-net

[WIP] do rbac in xdp prog

Open supercharge-xsy opened this issue 1 year ago • 1 comments

What type of PR is this? It's a continuation of the previous modification(https://github.com/kmesh-net/kmesh/pull/680)

What this PR does / why we need it:

Which issue(s) this PR fixes: Fixes #655

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

supercharge-xsy avatar Aug 10 '24 07:08 supercharge-xsy

/retest

supercharge-xsy avatar Aug 20 '24 09:08 supercharge-xsy

/retest

supercharge-xsy avatar Aug 20 '24 09:08 supercharge-xsy

Codecov Report

Attention: Patch coverage is 29.05405% with 105 lines in your changes missing coverage. Please review.

Project coverage is 52.80%. Comparing base (9bef054) to head (4c6d933). Report is 74 commits behind head on main.

Files with missing lines Patch % Lines
pkg/cache/v2/maps/authz.go 0.00% 43 Missing :warning:
pkg/controller/workload/workload_processor.go 24.07% 40 Missing and 1 partial :warning:
pkg/bpf/bpf_kmesh_l4_workload.go 53.57% 7 Missing and 6 partials :warning:
pkg/controller/workload/bpfcache/auth_policy.go 33.33% 6 Missing :warning:
pkg/controller/workload/bpfcache/fake_map.go 81.81% 1 Missing and 1 partial :warning:
Files with missing lines Coverage Δ
pkg/auth/policy_store.go 68.33% <ø> (ø)
pkg/bpf/bpf_kmesh_workload.go 60.82% <100.00%> (+0.37%) :arrow_up:
pkg/controller/workload/bpfcache/fake_map.go 83.05% <81.81%> (-0.29%) :arrow_down:
pkg/controller/workload/bpfcache/auth_policy.go 33.33% <33.33%> (ø)
pkg/bpf/bpf_kmesh_l4_workload.go 38.37% <53.57%> (+7.33%) :arrow_up:
pkg/controller/workload/workload_processor.go 62.81% <24.07%> (-5.99%) :arrow_down:
pkg/cache/v2/maps/authz.go 0.00% <0.00%> (ø)

... and 9 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update b7ebf49...4c6d933. Read the comment docs.

codecov[bot] avatar Aug 24 '24 08:08 codecov[bot]

@tacslon @nlgwcy

supercharge-xsy avatar Aug 24 '24 08:08 supercharge-xsy

Overall LGTM. Looks a little heavy to support only dst port match

yeah, The first pr involves policy-level parsing. This part can be reused when other match-type is added later.

supercharge-xsy avatar Aug 28 '24 08:08 supercharge-xsy

@tacslon @weli-l any other comment ?

supercharge-xsy avatar Aug 29 '24 13:08 supercharge-xsy

/lgtm

tacslon avatar Aug 30 '24 03:08 tacslon

/lgtm

weli-l avatar Aug 30 '24 03:08 weli-l

@nlgwcy @hzxuzhonghu can this pr be merged?

supercharge-xsy avatar Aug 30 '24 07:08 supercharge-xsy

Need to take a last look

hzxuzhonghu avatar Aug 30 '24 08:08 hzxuzhonghu

It is better to add some design documents for understanding.

nlgwcy avatar Aug 31 '24 13:08 nlgwcy

/retest

supercharge-xsy avatar Sep 04 '24 03:09 supercharge-xsy

@nlgwcy @hzxuzhonghu

supercharge-xsy avatar Sep 04 '24 09:09 supercharge-xsy

/lgtm /approve

nlgwcy avatar Sep 07 '24 04:09 nlgwcy

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hzxuzhonghu, nlgwcy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • ~~OWNERS~~ [hzxuzhonghu,nlgwcy]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

kmesh-bot avatar Sep 07 '24 04:09 kmesh-bot

can we add a e2e case for it now

hzxuzhonghu avatar Sep 09 '24 01:09 hzxuzhonghu