Full consistency

alecmerdler · alecmerdler · commit d9e1aadfa86e · 2023-11-15T18:43:17.000-05:00
Fixes "read-after-write" race condition caused by Rakis creating
a Kubernetes 'Secret' and then immediately updating it. In the
future, the consistency should be configurable and allow the
use of ZedTokens with 'AtLeastAsFresh' consistency.
diff --git a/pkg/authz/check.go b/pkg/authz/check.go
@@ -29,7 +29,7 @@ func runAllMatchingChecks(ctx context.Context, matchingRules []*rules.RunnableRu
 				}
 				req := &v1.CheckPermissionRequest{
 					Consistency: &v1.Consistency{
-						Requirement: &v1.Consistency_MinimizeLatency{MinimizeLatency: true},
+						Requirement: &v1.Consistency_FullyConsistent{FullyConsistent: true},
 					},
 					Resource: &v1.ObjectReference{
 						ObjectType: rel.ResourceType,
diff --git a/pkg/authz/filter.go b/pkg/authz/filter.go
@@ -80,7 +80,7 @@ func filterList(ctx context.Context, client v1.PermissionsServiceClient, filter
 
 		req := &v1.LookupResourcesRequest{
 			Consistency: &v1.Consistency{
-				Requirement: &v1.Consistency_MinimizeLatency{MinimizeLatency: true},
+				Requirement: &v1.Consistency_FullyConsistent{FullyConsistent: true},
 			},
 			ResourceObjectType: filter.Rel.ResourceType,
 			Permission:         filter.Rel.ResourceRelation,

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func runAllMatchingChecks(ctx context.Context, matchingRules []*rules.RunnableRu`
`29`	`29`	`}`
`30`	`30`	`req := &v1.CheckPermissionRequest{`
`31`	`31`	`Consistency: &v1.Consistency{`
`32`		`- Requirement: &v1.Consistency_MinimizeLatency{MinimizeLatency: true},`
	`32`	`+ Requirement: &v1.Consistency_FullyConsistent{FullyConsistent: true},`
`33`	`33`	`},`
`34`	`34`	`Resource: &v1.ObjectReference{`
`35`	`35`	`ObjectType: rel.ResourceType,`