MANTA-5522 Add lib/scope-schema.js as the single source of truth for bucket scope schema#11
MANTA-5522 Add lib/scope-schema.js as the single source of truth for bucket scope schema#11
Conversation
and MahiClient.prototype.scopeRevoke for immediate key deletion. Both are best-effort with warn-level logging on failure. Single source of truth for per-bucket access key scope constants, validation, and pattern matching. Exported via index.js as scopeSchema. Consumed by sdc-cloudapi directly and by manta-buckets-api via local copy. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Match the mahi server endpoint rename. The method name scopeRevoke() is unchanged (JS API, not REST path). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Parse and validate opts.scope using scope-schema before sending to the mahi server. Prevents malformed scope strings from poisoning the Redis cache and corrupting authorization decisions for affected access keys. Null/undefined scope (unrestricted key) is still accepted. AI-generated code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove redundant local require('querystring') that shadowed
the module-level qs variable (JSL warning). Strip trailing
whitespace in client.js. Parenthesize typeof expressions in
scope-schema.js per jsstyle.
AI-generated code.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
cneira
changed the title
danmcd
left a comment
danmcd
left a comment
There was a problem hiding this comment.
Checkpoint, and I shouldn't revisit here until I've completely looked at TritonDataCenter/mahi#30 .
|
|
||
| module.exports = require('./lib/client.js'); | ||
| var client = require('./lib/client.js'); | ||
| var scopeSchema = require('./lib/scope-schema.js'); |
There was a problem hiding this comment.
Is the coordination problem due to the "microservices" nature of current Manta & Triton?
There was a problem hiding this comment.
We need the scope-schema to be in sync between consumers, so we share this here.
travispaul
left a comment
travispaul
left a comment
There was a problem hiding this comment.
Please bump the version in package.json too
| * @param {Object} scope - Scope envelope object | ||
| * @return {Object} {valid, scope, error} | ||
| */ | ||
| function validateScope(scope) { |
There was a problem hiding this comment.
It would be great to have a couple of unit tests for this validator.
There was a problem hiding this comment.
Unit tests added for this function.
danmcd
left a comment
danmcd
left a comment
There was a problem hiding this comment.
Seems okay, but my too-narrow complaint holds here as well. Unsure why Claude emits it like this.
Cover validateScope shape rejection, envelope rejection, per-entry rejection, and success path. Smoke-test isValidBucketPattern, matchBucketPattern, and parseScope.
danmcd
left a comment
danmcd
left a comment
There was a problem hiding this comment.
Still too-few-columns in some cases, I think.
| err: err, | ||
| accesskeyid: accesskeyid | ||
| }, 'scopeRevoke: mahi call failed' + | ||
| ' (non-fatal)'); |
There was a problem hiding this comment.
For example, wouldn't this line and the prior on join together so it looks like:
if (err) {
if (self.http.log) {
self.http.log.warn({
err: err,
accesskeyid: accesskeyid
}, 'scopeRevoke: mahi call failed (non-fatal)');
}
| scope: scopeJson, | ||
| error: null | ||
| }); | ||
| return ({valid: true, scope: scopeJson, error: null}); |
There was a problem hiding this comment.
This one actually makes sense to stay on different lines. SOme of the other ones above are more what I had in mind.
| error: 'scope: permissions[' + i + | ||
| '].bucket: invalid characters' + | ||
| ' or wildcard position' | ||
| '].bucket: invalid characters' + ' or wildcard position' |
There was a problem hiding this comment.
Yeah, stuff like this is what I was talking about.
3 participants
Add a shared bucket scope validation module and two new endpoints for bucket scoped access keys:
cachePush : Push a key directly to mahi/authcache redis cache, the intent is that the newly created access key can be used right away and bypass UFDS replication delay.
scopeRevoke: Does the opposite, it inmediately deletes a key from the redis cache.
Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com