Add local file-based access-control rule support.#329
Open
ZhidongPeng wants to merge 4 commits intoAzure:devfrom
Open
Add local file-based access-control rule support.#329ZhidongPeng wants to merge 4 commits intoAzure:devfrom
ZhidongPeng wants to merge 4 commits intoAzure:devfrom
Conversation
Collaborator
ZhidongPeng
commented
Mar 18, 2026
ZhidongPeng
commented
- Added base64 = "0.22" dependency
- Introduces a new local_rules module that
- Added rules_dir: PathBuf field to KeyKeeper struct and refactored update_access_control_rules() to accept state tracker, call resolve_effective_rules() for WireServer/IMDS/HostGA, and handle local-rule-merged effective rules
ZhidongPeng
commented
Mar 19, 2026
Collaborator
Author
ZhidongPeng
left a comment
ZhidongPeng
left a comment
There was a problem hiding this comment.
PR Review ??? Add local file-based access-control rule support
Thanks for the PR. Overall the design is clean: base64-encoded rule-id descriptors, fail-closed on parse errors, and file-state tracking across polls are all solid patterns.
Below are inline comments ranging from a potential behavioral regression to minor nits. Please take a look.
| let local_rules_file = rules_dir.join(target.file_name()); | ||
| let current_file_state = get_local_rule_file_state(&local_rules_file); | ||
| let file_state_changed = tracker.file_state != current_file_state; | ||
|
|
Collaborator
Author
There was a problem hiding this comment.
[Minor] There is a small TOCTOU window between checking get_local_rule_file_state (metadata/mtime) and actually reading the file later (line 351). The file could be modified or deleted in between. The retry logic in read_local_rules_file partly mitigates this, but in the worst case:
get_local_rule_file_stateseesPresent(T1)- File is deleted
read_local_rules_filefails all retries ??? fail-closed (correct behavior)
So the retry + fail-closed combination makes this safe in practice. Just wanted to flag it for awareness.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.