Skip to content

fix: update diamond access policy #1431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ZohebShaikh merged 7 commits into from
Mar 11, 2026
Merged

fix: update diamond access policy #1431

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
bb6c1f0
Update diamond access policy
ZohebShaikh Mar 3, 2026
fcad91e
Update authz policy
ZohebShaikh Mar 4, 2026
52115e6
Update policy
ZohebShaikh Mar 4, 2026
4821940
Use elif
ZohebShaikh Mar 6, 2026
fa4e37f
Merge branch 'main' into postgres-changes
ZohebShaikh Mar 6, 2026
30e966c
update diamond policy bundle
ZohebShaikh Mar 11, 2026
bc68d2a
Merge branch 'main' into postgres-changes
ZohebShaikh Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion tests/system_tests/services/opa_config/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ services:
bundles:
diamond-policies:
service: ghcr
resource: ghcr.io/diamondlightsource/authz-policy:0.0.20
Comment thread
ZohebShaikh marked this conversation as resolved.
resource: ghcr.io/zohebshaikh/authz-policy:0.2.7
polling:
min_delay_seconds: 30
max_delay_seconds: 120
14 changes: 7 additions & 7 deletions tests/system_tests/services/tiled_config/dls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ def __init__(
provider: str | None = None,
):
self._token_audience = token_audience
self._type_adapter = TypeAdapter(DiamondAccessBlob)
self._type_adapter = TypeAdapter(DiamondAccessBlob | int)

super().__init__(
authorization_provider=authorization_provider,
Expand All @@ -80,7 +80,7 @@ async def init_node(
decision = await self._get_external_decision(
self._create_node,
self.build_input(principal, authn_access_tags, authn_scopes, access_blob),
ResultHolder[int],
ResultHolder[str],
)
if decision and decision.result is not None:
return (True, {"tags": [decision.result]})
Expand Down Expand Up @@ -131,11 +131,11 @@ def build_input(
and "tags" in access_blob
and len(access_blob["tags"]) > 0
):
if isinstance(tags := access_blob["tags"][0], str):
blob = self._type_adapter.validate_json(tags)
blob = self._type_adapter.validate_json(access_blob["tags"][0])
if isinstance(blob, DiamondAccessBlob):
_input.update(blob.model_dump())
elif isinstance(tags, int):
_input["session"] = str(tags)
elif isinstance(blob, int):
_input["session"] = str(blob)

return json.dumps({"input": _input})

Expand All @@ -151,7 +151,7 @@ async def filters(
tags = await self._get_external_decision(
self._user_tags,
self.build_input(principal, authn_access_tags, authn_scopes),
ResultHolder[list[int | str]],
ResultHolder[list[str]],
)
if tags is not None:
if tags.result == ["*"]:
Expand Down