feat(core): add policyDir option to createServer for consumer policy overrides#899
Conversation
205fb17 to
b270a09
Compare
📝 WalkthroughWalkthroughAdds a required absolute ChangesConsumer Policy Directory Override
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
andypf
left a comment
There was a problem hiding this comment.
Great Job, please address my comment
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/aurora/src/server/policyEngineLoader.ts`:
- Around line 17-22: The function loadPolicyEngine accepts consumerDir without
verifying it's absolute, which can cause inconsistent resolution; update
loadPolicyEngine to validate consumerDir using path.isAbsolute (or equivalent)
and reject/throw a clear error (or return early) if it's not absolute,
referencing the consumerDir parameter and documenting the requirement consistent
with AuroraServerConfig; ensure the validation occurs before building candidates
(i.e., before path.join) so only absolute paths are used.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 75b03ffa-a60b-4353-b63c-4f424ac5b6b5
📒 Files selected for processing (8)
.changeset/add-consumer-policy-dir.mdpackages/aurora/src/server/Compute/routers/index.tspackages/aurora/src/server/Compute/routers/permissionRouter.tspackages/aurora/src/server/policyEngineLoader.test.tspackages/aurora/src/server/policyEngineLoader.tspackages/aurora/src/server/routers.tspackages/aurora/src/server/server.tspackages/aurora/src/types/index.ts
There was a problem hiding this comment.
Pull request overview
This PR adds a policyDir option to createServer so consumers of @cobaltcore-dev/aurora can provide their own OpenStack policy files that override the built-in bundled policies, threading that configuration through router construction and policy engine loading.
Changes:
- Added
policyDir?: stringtoAuroraServerConfigand threaded it throughcreateServer→buildAppRouter→buildComputeRouters→buildPermissionRouter. - Updated
loadPolicyEngineto resolve policies in precedence order: consumer directory →permission_custom_policies/→permission_policies/. - Extended unit tests for
policyEngineLoaderto cover the consumer policy directory override behavior.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/aurora/src/types/index.ts | Adds the policyDir configuration surface to the public server config type. |
| packages/aurora/src/server/server.ts | Builds the tRPC router per server instance and passes policyDir through. |
| packages/aurora/src/server/routers.ts | Switches from a module-level router export to a buildAppRouter(policyDir?) factory. |
| packages/aurora/src/server/policyEngineLoader.ts | Adds consumer-dir-first resolution for policy file loading. |
| packages/aurora/src/server/policyEngineLoader.test.ts | Adds tests for consumer directory precedence and fallthrough behavior. |
| packages/aurora/src/server/Compute/routers/permissionRouter.ts | Refactors permission router into a factory that accepts policyDir. |
| packages/aurora/src/server/Compute/routers/index.ts | Converts compute routers export into a factory to thread policyDir. |
| .changeset/add-consumer-policy-dir.md | Publishes a minor changeset documenting the new option. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
1757b50 to
093ea49
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/aurora/src/server/policyEngineLoader.ts`:
- Around line 8-14: Update the JSDoc for the function in policyEngineLoader.ts
to reflect that consumerDir is optional: change the wording that currently calls
`consumerDir` "required" to state it is optional and that resolution falls back
to `permission_custom_policies/<fileName>` (legacy) when `consumerDir` is not
provided; specifically update the param description for `consumerDir` and the
resolution order comments to match the actual function signature (the
`consumerDir` parameter) and behavior used in the policy engine loading code.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 55e2e1dd-9fab-4932-a8e9-ffa685405747
⛔ Files ignored due to path filters (2)
apps/dashboard/pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (15)
.changeset/remove-bundled-policy-files.mdapps/dashboard/package.jsonapps/dashboard/src/policies/compute.yamlapps/dashboard/src/policies/image.yamlapps/dashboard/src/server/server.tsapps/dashboard/vite.config.mjspackages/aurora/package.jsonpackages/aurora/src/server/Compute/routers/index.tspackages/aurora/src/server/Compute/routers/permissionRouter.test.tspackages/aurora/src/server/Compute/routers/permissionRouter.tspackages/aurora/src/server/policyEngineLoader.test.tspackages/aurora/src/server/policyEngineLoader.tspackages/aurora/src/server/routers.tspackages/aurora/src/server/server.tspackages/aurora/src/types/index.ts
✅ Files skipped from review due to trivial changes (3)
- apps/dashboard/package.json
- .changeset/remove-bundled-policy-files.md
- packages/aurora/package.json
🚧 Files skipped from review as they are similar to previous changes (4)
- packages/aurora/src/server/server.ts
- packages/aurora/src/server/Compute/routers/index.ts
- packages/aurora/src/server/routers.ts
- packages/aurora/src/types/index.ts
d1f1340 to
7d8b213
Compare
…eager policy loading
…mumReleaseAge policy
…e policy loading chain
7d8b213 to
a20721a
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (1)
packages/aurora/src/server/policyEngineLoader.test.ts (1)
80-88: ⚡ Quick winConsider guarding against -1 indices before comparison.
The test assumes both
consumerIdxandcustomIdxare found (>= 0) before comparing them. If the implementation changes and one path isn't constructed,findIndexreturns-1, which could lead to confusing test results. Adding explicit assertions would make the test more robust.🛡️ Suggested improvement
const calls = mockPath.join.mock.calls.map((c) => c.join("/")) const consumerIdx = calls.findIndex((c) => c.includes("/consumer/dir")) const customIdx = calls.findIndex((c) => c.includes("permission_custom_policies")) + expect(consumerIdx).toBeGreaterThanOrEqual(0) + expect(customIdx).toBeGreaterThanOrEqual(0) expect(consumerIdx).toBeLessThan(customIdx)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/aurora/src/server/policyEngineLoader.test.ts` around lines 80 - 88, The test "should check consumerDir before permission_custom_policies" currently compares consumerIdx and customIdx but doesn't ensure they were found; update the test around loadPolicyEngine(...) to assert that both consumerIdx and customIdx are >= 0 before the toBeLessThan assertion (i.e., add explicit expects that consumerIdx !== -1 and customIdx !== -1 or expect(consumerIdx).toBeGreaterThanOrEqual(0) and likewise for customIdx) so the comparison of the indices (computed from mockPath.join.mock.calls) is only performed when both paths were actually constructed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@packages/aurora/src/server/policyEngineLoader.test.ts`:
- Around line 80-88: The test "should check consumerDir before
permission_custom_policies" currently compares consumerIdx and customIdx but
doesn't ensure they were found; update the test around loadPolicyEngine(...) to
assert that both consumerIdx and customIdx are >= 0 before the toBeLessThan
assertion (i.e., add explicit expects that consumerIdx !== -1 and customIdx !==
-1 or expect(consumerIdx).toBeGreaterThanOrEqual(0) and likewise for customIdx)
so the comparison of the indices (computed from mockPath.join.mock.calls) is
only performed when both paths were actually constructed.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 1501d87b-27d7-4840-aae8-d04d9ac9ab92
⛔ Files ignored due to path filters (2)
apps/dashboard/pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (15)
.changeset/remove-bundled-policy-files.mdapps/dashboard/package.jsonapps/dashboard/src/policies/compute.yamlapps/dashboard/src/policies/image.yamlapps/dashboard/src/server/server.tsapps/dashboard/vite.config.mjspackages/aurora/package.jsonpackages/aurora/src/server/Compute/routers/index.tspackages/aurora/src/server/Compute/routers/permissionRouter.test.tspackages/aurora/src/server/Compute/routers/permissionRouter.tspackages/aurora/src/server/policyEngineLoader.test.tspackages/aurora/src/server/policyEngineLoader.tspackages/aurora/src/server/routers.tspackages/aurora/src/server/server.tspackages/aurora/src/types/index.ts
✅ Files skipped from review due to trivial changes (1)
- .changeset/remove-bundled-policy-files.md
🚧 Files skipped from review as they are similar to previous changes (11)
- apps/dashboard/package.json
- packages/aurora/src/server/Compute/routers/permissionRouter.test.ts
- packages/aurora/src/types/index.ts
- packages/aurora/src/server/Compute/routers/index.ts
- packages/aurora/src/server/routers.ts
- apps/dashboard/vite.config.mjs
- apps/dashboard/src/server/server.ts
- packages/aurora/package.json
- packages/aurora/src/server/server.ts
- packages/aurora/src/server/policyEngineLoader.ts
- packages/aurora/src/server/Compute/routers/permissionRouter.ts
Summary
Allows consumers of the
@cobaltcore-dev/aurorapackage to supply their own OpenStack policy files via apolicyDiroption increateServer. The built-in policy files are removed from the aurora package — each consumer app now owns and ships its own policies.Changes Made
packages/aurorapolicyDir?: stringtoAuroraServerConfigloadPolicyEnginenow resolves:policyDir→permission_custom_policies/(legacy) — throws a clear error if no file is foundbuildPermissionRouter(policyDir?)factory threads the dir through toloadPolicyEngine;getPolicyandcheckSinglePermissionremain module-level with an explicitenginesparameterpermission_policies/directory and frompackage.jsonfilesappRouterexport;AuroraRouternow usesReturnType<typeof buildAppRouter>apps/dashboardsrc/policies/compute.yamlandsrc/policies/image.yaml(moved from the aurora package)vite.config.mjsusesvite-plugin-static-copyto copysrc/policies → dist/policiesat build timeRelated Issues
Testing Instructions
pnpm ipnpm run testpnpm --filter @cobaltcore-dev/dashboard run build— verifydist/policies/containscompute.yamlandimage.yamlChecklist
Summary by CodeRabbit
Breaking Changes
New Features
Configuration
Tests