Implement a WebAssembly content policy in the server. #121
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit implements a content policy in the server that incrementally validates that content uploaded to the server is valid WebAssembly. Currently the policy is not exposed via the CLI, but the integration tests use the policy to expect that all content should be WebAssembly. We may want to expose enabling some policies via the CLI in the future, but for now this should allow for consumers of the `warg-server` crate to enable policies for custom server implementations.
This commit updates the error message for rejecting a record to include the content digest when the rejection is due to content policy.
esoterra
reviewed
May 25, 2023
This commit updates `PackageError` (and related error enums) so that there is a more generic `Rejection` variant that will encapsulate any reason (content policy, record policy, etc) the record might have been rejected by the server.
peterhuene
force-pushed
the
content-policy
branch
from
46b8382 to
7a2994a
Compare
esoterra
reviewed
May 26, 2023
|
I think there will need to be more work in the future to generalize kinds of policies and where they hook in, but that doesn't need to be part of this PR. LGTM other than one remaining comment. |
esoterra
approved these changes
May 26, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements a content policy in the server that incrementally validates that content uploaded to the server is valid WebAssembly.
Currently the policy is not exposed via the CLI, but the integration tests use the policy to expect that all content should be WebAssembly.
We may want to expose enabling some policies via the CLI in the future, but for now this should allow for consumers of the
warg-servercrate to enable policies for custom server implementations.