[WIP] add support for file level auditing / metrics management that frontend can use#91
[WIP] add support for file level auditing / metrics management that frontend can use#91matthewpeterkort wants to merge 14 commits into
Conversation
✅ Deploy Preview for drs-server ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 42a6b9c958
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| obj.scopeAmbiguous = ambiguous | ||
| obj.inferredScope = resource | ||
| if known { | ||
| obj.scope = scopes[resource][0] |
There was a problem hiding this comment.
Guard missing scope targets before indexing
When a record already has exactly one controlled_access project but that project has no bucket scope returned by loadScopeTargets, inferRecordResource still returns known=true; indexing scopes[resource][0] then panics with index out of range and aborts the whole audit/apply run. Treat this as an unknown or non-canonical scope unless a target exists.
Useful? React with 👍 / 👎.
| if err != nil { | ||
| return err | ||
| } | ||
| if authz.HasMethodAccess(ctx, methods[0], []string{"/programs", "/data_file"}) || authz.HasAnyMethodAccess(ctx, []string{resource}, methods...) { |
There was a problem hiding this comment.
Require delete access for apply
When the apply route calls this helper with read, delete, HasAnyMethodAccess succeeds if the caller has only one of those methods, so a read-only project user can enter the apply path and receive a 200 dry-run/delete plan instead of being rejected up front. Require the destructive method explicitly (and read separately if needed) before calling Apply.
Useful? React with 👍 / 👎.
| if sawMissing { | ||
| return StorageProbeStatusMissing, "storage object not found" |
There was a problem hiding this comment.
Preserve probe errors when some URLs are missing
For records with multiple access URLs, this returns missing as soon as any URL was not found, even if another URL returned a credential/permission/provider error. In that mixed case the record is later treated as a stale duplicate or stale orphan and can be deleted, although one storage location was never successfully verified; return error whenever any non-not-found probe failed.
Useful? React with 👍 / 👎.
…et name in the same storage url
what has started as a metrics PR has turned into a cleanup PR.
file path based metrics don't make sense to go here, since the system revolves around github paths,
so this functionality is added to Gecko instead.