Cleanup config_entry CanRead/CanWrite code to give detailed error messages #12241
Labels
theme/acls
ACL and token generation
theme/internal-cleanup
Used to identify tech debt, testing improvements, code refactoring, and non-impactful optimization
Comments
markan
added
theme/acls
markan
added a commit
that referenced
this issue
Mar 11, 2022
Currently the config_entry.go subsystem delegates authorization decisions via the ConfigEntry interface CanRead and CanWrite code. Unfortunately this returns a true/false value and loses the details of the source. This is not helpful, especially since it the config subsystem can be more complex to understand, since it covers so many domains. This refactors CanRead/CanWrite to return a structured error message (PermissionDenied or the like) with more details about the reason for denial. Part of #12241 Signed-off-by: Mark Anderson <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the config_entry.go subsystem delegates authorization decisions via the ConfigEntry interface CanRead and CanWrite code. Unfortunately this returns a true/false value and loses the details of the source.
This is not helpful, especially since it the config subsystem can be more complex to understand, since it covers so many domains.
We should refactor CanRead/CanWrite to return a structured error message (PermissionDenied or the like) with more details about the reason for denial.
The text was updated successfully, but these errors were encountered: