Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin API to dynamically set policy data #4115

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Admin API to dynamically set policy data #4115

wants to merge 6 commits into from

Conversation

sandhose
Copy link
Member

@sandhose sandhose commented Feb 25, 2025
edited
Loading

Fixes #3993

This adds a way to dynamically set the policy data through an admin API call.
This data is then stored in the database, and merged with the policy data from the configuration file.
Note that it merges both objects, concatenates arrays, overridding any values with the ones from the dynamic data.

We keep an history in the database of the policy data, so that when looking at the logs, we can look which 'version' of the policy data was used during policy evaluation.

When setting the policy data through the API, it validates it and will refuse anything that it can't load in the WASM module. It will immediately load it in the current instance; other instances load it regularly (every minute) from the database, so there is maximum a 1 minute lag between the admin API being called and it being effective on all workers.

@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Feb 25, 2025
edited
Loading

Deploying matrix-authentication-service-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: b663c4f
Status: ✅  Deploy successful!
Preview URL: https://af7bb881.matrix-authentication-service-docs.pages.dev
Branch Preview URL: https://quenting-dynamic-policy-data.matrix-authentication-service-docs.pages.dev

View logs

@sandhose sandhose added A-Admin-API Related to the admin API A-Policy Related the policy engine T-Enhancement New feature of request labels Feb 25, 2025
@sandhose sandhose force-pushed the quenting/dynamic-policy-data branch from 15a4828 to c8a33f0 Compare February 25, 2025 16:00
@sandhose sandhose added the Z-Build-Workflow Add this label to trigger a build workflow for this pull request label Feb 26, 2025
@github-actions github-actions bot removed the Z-Build-Workflow Add this label to trigger a build workflow for this pull request label Feb 26, 2025
@github-actions GitHub Actions
Copy link
Contributor

A build for this PR at commit 6eca7b1 has been created through the Z-Build-Workflow label by sandhose.

Docker image is available at:

  • ghcr.io/element-hq/matrix-authentication-service:pr-4115
  • ghcr.io/element-hq/matrix-authentication-service:sha-6eca7b1

Pre-built binaries are available through the workflow run artifacts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A-Admin-API Related to the admin API A-Policy Related the policy engine T-Enhancement New feature of request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dynamic data for policy engine
1 participant
@sandhose