chore: named callbacks ADR #676

cmwylie19 · 2024-03-21T16:17:51Z

Description

Pepr is a system of callbacks that produce logs. The callbacks are anonymous, so debugging which log comes from which callback can be confusing unless you manually write a name in the log message from within the callback. This consideration needs an ADR.

Related Issue

Fixes #675

Relates to #

Type of change

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Other (security config, docs update, etc)

Checklist before merging

Test, docs, adr added or updated as needed
Contributor Guide Steps followed

Signed-off-by: Case Wylie <cmwylie19@defenseunicorns.com>

jeff-mccoy · 2024-03-21T16:24:11Z

Could you show a compete example of what this would look like?

Signed-off-by: Case Wylie <cmwylie19@defenseunicorns.com>

btlghrants · 2024-03-21T18:19:08Z

adr/0008-named-callbacks.md

@@ -0,0 +1,55 @@
+# 7: LogAs Function in Capability Class "Named Callbacks"


"LogAs" seems kinda limited to me. 🤔

We talked about this being a general purpose feature that could / would (essentially) carry a label for any given callback around throughout the Pepr system, right? As it stands, the only place we're currently showing callback function names is in the log messages but that's not all we think can / will be done with this IMO, and I'd like to try to avoid handicapping ourselves by giving it an overly limiting name.

What would you say to naming this something that hinted at a more general usage? Something like:

Alias()

Designation()

Handle()

or maybe simply, As()

All of those give a good sense of what we want this new func to be thought of as without necessarily limiting it to logs.

Interesting prospect here, not opposed by any means. Where else other than logs do you see this name being used?

We like Alias because a user who has not read the docs is most likely to interpret this as a name.

Pepr Sync

adr/0008-named-callbacks.md

@btlghrants

Added suggestion by @btlghrants Co-authored-by: Barrett <81570928+btlghrants@users.noreply.github.com>

committing suggestion Co-authored-by: Barrett <81570928+btlghrants@users.noreply.github.com>

Co-authored-by: Barrett <81570928+btlghrants@users.noreply.github.com>

adr/0008-named-callbacks.md

cmwylie19 · 2024-06-05T19:37:02Z

Was chatting with @brandtkeller about a Lula use-case where they need to validate that certain policies exist and it seems like this could be a useful mechanism to tell a compliance tool what a binding is responsible for.

When(a.Pod)
  .IsCreatedOrUpdated()
  .Validate(po => {
  // reject is running as root, or is privileged, etc
   })
  .Alias("reject:pods:runAsRoot:privileged:runAsGroup<10:allowPrivilegeEscalation")

going to go ahead and get this prioritized because the Lula team needs it.

cmwylie19 · 2024-06-05T20:04:26Z

We need to verify that we are able to inject the name of the .Alias into logs of the callback function.

If it were possible it would need to be done with the Log object

const Log = pino({
  transport,
  timestamp: pinoTimeFunction,
});

and import that into the mutate processor and set

Log.prefix = the bindings alias

chore: named callbacks ADR

6aa556b

Signed-off-by: Case Wylie <cmwylie19@defenseunicorns.com>

cmwylie19 requested review from jeff-mccoy, btlghrants and schaeferka as code owners March 21, 2024 16:17

chore: add example

815991b

Signed-off-by: Case Wylie <cmwylie19@defenseunicorns.com>

btlghrants reviewed Mar 21, 2024

View reviewed changes

cmwylie19 and others added 3 commits March 21, 2024 16:19

Update adr/0008-named-callbacks.md

8aed6f7

Added suggestion by @btlghrants Co-authored-by: Barrett <81570928+btlghrants@users.noreply.github.com>

Update adr/0008-named-callbacks.md

6854b41

committing suggestion Co-authored-by: Barrett <81570928+btlghrants@users.noreply.github.com>

Update adr/0008-named-callbacks.md

51a2576

Co-authored-by: Barrett <81570928+btlghrants@users.noreply.github.com>

cmwylie19 commented Mar 22, 2024

View reviewed changes