Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simple decoupled file based policy engine #27

Merged
merged 13 commits into from
Aug 31, 2023
Merged

Simple decoupled file based policy engine #27

merged 13 commits into from
Aug 31, 2023

Conversation

johnandersen777
Copy link

@johnandersen777 johnandersen777 commented Mar 31, 2023
edited
Loading

Simple insert policy based engine based on presence of operation.policy.{insert,denied,failed} files. Currently only for use with use_lro=True. This is a simple way to enable evaluation of claims prior to submission by arbitrary policy engines which watch the workspace (fanotify, inotify, etc.).

Jump to viewing docs

@johnandersen777 johnandersen777 force-pushed the policy_engine branch 8 times, most recently from 3cbfc29 to 7faa017 Compare March 31, 2023 07:25
@johnandersen777 johnandersen777 marked this pull request as ready for review March 31, 2023 07:26
@johnandersen777 johnandersen777 force-pushed the policy_engine branch 4 times, most recently from 7e15387 to 542fea4 Compare March 31, 2023 08:03
@johnandersen777 johnandersen777 marked this pull request as draft March 31, 2023 08:06
@johnandersen777 johnandersen777 force-pushed the policy_engine branch 2 times, most recently from 8ed6f93 to 2787820 Compare March 31, 2023 10:21
@johnandersen777 johnandersen777 marked this pull request as ready for review March 31, 2023 10:21
johnandersen777 pushed a commit to intel/dffml that referenced this pull request Mar 31, 2023
@pdxjohnny
docs: tutorials: rolling alice: architecting alice: transport acquisi…
c499d74 
…tion: Initial sketch

Related: scitt-community/scitt-api-emulator#27
Alice Engineering Comms: 2022-10-17 Engineering Logs: #1406
@johnandersen777 johnandersen777 force-pushed the policy_engine branch 2 times, most recently from a72cdef to adea2b1 Compare April 2, 2023 14:56
@johnandersen777 johnandersen777 force-pushed the policy_engine branch 3 times, most recently from a63447e to efd6b90 Compare April 27, 2023 18:25
@OR13
Copy link
Contributor

OR13 commented Aug 24, 2023

Conflicts exist now, I will merge 1 week after they are resolved unless there are changes requested.

@johnandersen777
Copy link
Author

johnandersen777 commented Aug 25, 2023 via email

SteveLasker
SteveLasker previously approved these changes Aug 26, 2023
View reviewed changes
Copy link
Contributor

@SteveLasker SteveLasker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pdxjohnny
Simple file presence based policy evaluation
f77b512 
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
Document simple decoupled file based policy engine
07a63a3 
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
Tests for simple decoupled file based policy engine
4c386b8 
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
asciicast example simple decoupled file based policy engine for docum…
84efde5 
…entation

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
Implement reason communication associated with policy enforcement
a46d35e 
- Updated simple file based policy engine to align with @darrelmiller review of SCITT architecture documentation
  - His full review can be found at https://mailarchive.ietf.org/arch/msg/scitt/c0t5zLUJtCQ9_Jrf7mykWXSIn94/
- Do not attempt to load policy failed/denied JSON information if present triggering file empty

Signed-off-by: John Andersen <john.s.andersen@intel.com>
@pdxjohnny
docs: registration_policies: Leverage jsonschema for evaluation of claim
ad8aed3 
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
docs: registration_policies: Decode COSE messages payload before JSON…
00087fd 
… load

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
Add jsonschema to dev-requirements.txt
c6fdd26 
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
docs: registration_policies: Add policy_engine.sh wrapper and source …
bd059a8 
…policy from service parameters insertPolicy

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
Add jsonschema to envrionment.yml
f11c771 
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
docs: registration_polices: Convert example from blocklist to allowli…
4742605 
…st per @OR13 review

Related: #1 (review)
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@pdxjohnny
docs: registration_policies: Fix policy_engine.sh wrarper to remove e…
24b8fb2 
…rrantly encode jsonschema validator output into detail string

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@johnandersen777 johnandersen777 dismissed stale reviews from SteveLasker and OR13 via 24b8fb2 August 26, 2023 00:54
@johnandersen777
Copy link
Author

johnandersen777 commented Aug 26, 2023
edited
Loading

Thanks all! I rebased in main. Looks like theres an error in the conda tests will fix asap

OR13
OR13 previously approved these changes Aug 28, 2023
View reviewed changes
SteveLasker
SteveLasker previously approved these changes Aug 28, 2023
View reviewed changes
Copy link
Contributor

@SteveLasker SteveLasker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pdxjohnny
tests: docs: Support for conda test execution via addition of PYTHONPATH
3806008 
To ensure scitt_emulator module can be found

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
@johnandersen777 johnandersen777 dismissed stale reviews from SteveLasker and OR13 via 3806008 August 30, 2023 00:23
@johnandersen777
Copy link
Author

johnandersen777 commented Aug 30, 2023
edited
Loading

The conda CI tests should be fixed now, for some reason it couldn't find the scitt_emulator module when executing the subprocess. Solved by setting PYTHONPATH to ensure to module is importable

@OR13 OR13 merged commit 04b219c into scitt-community:main Aug 31, 2023
3 checks passed
@johnandersen777 johnandersen777 deleted the policy_engine branch August 31, 2023 14:24
@johnandersen777 johnandersen777 mentioned this pull request Oct 16, 2023
Draft
@johnandersen777 johnandersen777 mentioned this pull request Aug 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OR13 OR13 OR13 approved these changes

@SteveLasker SteveLasker SteveLasker left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnandersen777 @OR13 @SteveLasker @pdxjohnny