metalbear-co · meowjesty · Dec 25, 2024 · Dec 25, 2024 · Dec 25, 2024 · Dec 25, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/mirrord/layer/src/detour.rs b/mirrord/layer/src/detour.rs
@@ -215,6 +215,10 @@ pub(crate) enum Bypass {
     /// Useful for operations that are version gated, and we want to bypass when the protocol
     /// doesn't support them.
     NotImplemented,
+
+    /// File `open` (any `open`-ish operation) was forced to be local, instead of remote, most
+    /// likely due to an operator fs policy.
+    OpenLocal,
 }
 
 impl Bypass {

diff --git a/mirrord/layer/src/error.rs b/mirrord/layer/src/error.rs
@@ -248,6 +248,7 @@ impl From<HookError> for i64 {
             HookError::BincodeEncode(_) => libc::EINVAL,
             HookError::ResponseError(response_fail) => match response_fail {
                 ResponseError::IdsExhausted(_) => libc::ENOMEM,
+                ResponseError::OpenLocal => libc::ENOENT,
                 ResponseError::NotFound(_) => libc::ENOENT,
                 ResponseError::NotDirectory(_) => libc::ENOTDIR,
                 ResponseError::NotFile(_) => libc::EISDIR,

diff --git a/mirrord/layer/src/file/ops.rs b/mirrord/layer/src/file/ops.rs
@@ -206,7 +206,12 @@ pub(crate) fn open(path: Detour<PathBuf>, open_options: OpenOptionsInternal) ->
 
     ensure_not_ignored!(path, open_options.is_write());
 
-    let OpenFileResponse { fd: remote_fd } = RemoteFile::remote_open(path.clone(), open_options)?;
+    let OpenFileResponse { fd: remote_fd } = RemoteFile::remote_open(path.clone(), open_options)
+        .or_else(|fail| match fail {
+            // The operator has a policy that matches this `path` as local-only.
+            HookError::ResponseError(ResponseError::OpenLocal) => Detour::Bypass(Bypass::OpenLocal),
+            other => Detour::Error(other),
+        })?;
 
     // TODO: Need a way to say "open a directory", right now `is_dir` always returns false.
     // This requires having a fake directory name (`/fake`, for example), instead of just converting

diff --git a/mirrord/operator/src/crd/policy.rs b/mirrord/operator/src/crd/policy.rs
@@ -58,6 +58,11 @@ pub struct MirrordPolicySpec {
     /// target.
     #[serde(default)]
     pub env: EnvPolicy,
+
+    /// Overrides fs ops behaviour, granting control over them to the operator policy, instead of
+    /// the user config.
+    #[serde(default)]
+    pub fs: FsPolicy,
 }
 
 /// Custom cluster-wide resource for policies that limit what mirrord features users can use.
@@ -90,6 +95,11 @@ pub struct MirrordClusterPolicySpec {
     /// target.
     #[serde(default)]
     pub env: EnvPolicy,
+
+    /// Overrides fs ops behaviour, granting control over them to the operator policy, instead of
+    /// the user config.
+    #[serde(default)]
+    pub fs: FsPolicy,
 }
 
 /// Policy for controlling environment variables access from mirrord instances.
@@ -104,9 +114,37 @@ pub struct EnvPolicy {
     /// Variable names can be matched using `*` and `?` where `?` matches exactly one occurrence of
     /// any character and `*` matches arbitrary many (including zero) occurrences of any character,
     /// e.g. `DATABASE_*` will match `DATABASE_URL` and `DATABASE_PORT`.
+    #[serde(default)]
     pub exclude: HashSet<String>,
 }
 
+/// File operations policy that mimics the mirrord fs config.
+///
+/// Allows the operator control over remote file ops behaviour, overriding what the user has set in
+/// their mirrord config file, if it matches something in one of the lists (regex sets) of this
+/// struct.
+#[derive(Clone, Default, Debug, Deserialize, Eq, PartialEq, Serialize, JsonSchema)]
+#[serde(rename_all = "kebab-case")]
+pub struct FsPolicy {
+    /// The file can only be opened in read-only mode, otherwise the operator returns an IO error.
+    #[serde(default)]
+    pub read_only: HashSet<String>,
+
+    /// The file may be opened in read-write mode.
+    #[serde(default)]
+    pub read_write: HashSet<String>,
+
+    /// The file cannot be opened in the remote target.
+    ///
+    /// `open` calls that match this are forced to be opened in the local user's machine.
+    #[serde(default)]
+    pub local: HashSet<String>,
+
+    /// Any file that matches this returns a file not found error from the operator.
+    #[serde(default)]
+    pub not_found: HashSet<String>,
+}
+
 #[test]
 fn check_one_api_group() {
     use kube::Resource;

diff --git a/mirrord/protocol/Cargo.toml b/mirrord/protocol/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "mirrord-protocol"
-version = "1.13.2"
+version = "1.13.3"
 authors.workspace = true
 description.workspace = true
 documentation.workspace = true

diff --git a/mirrord/protocol/src/error.rs b/mirrord/protocol/src/error.rs
@@ -67,6 +67,9 @@ pub enum ResponseError {
 
     #[error("Failed stripping path with `{0}`!")]
     StripPrefix(String),
+
+    #[error("File has to be opened locally!")]
+    OpenLocal,
 }
 
 impl From<StripPrefixError> for ResponseError {

diff --git a/mirrord/protocol/src/file.rs b/mirrord/protocol/src/file.rs
@@ -25,6 +25,9 @@ pub static READDIR_BATCH_VERSION: LazyLock<VersionReq> =
 pub static MKDIR_VERSION: LazyLock<VersionReq> =
     LazyLock::new(|| ">=1.13.0".parse().expect("Bad Identifier"));
 
+pub static OPEN_LOCAL_VERSION: LazyLock<VersionReq> =
+    LazyLock::new(|| ">=1.13.3".parse().expect("Bad Identifier"));
+
 /// Internal version of Metadata across operating system (macOS, Linux)
 /// Only mutual attributes
 #[derive(Encode, Decode, Debug, PartialEq, Clone, Copy, Eq, Default)]

diff --git a/tests/src/operator/policies.rs b/tests/src/operator/policies.rs
@@ -128,6 +128,7 @@ fn block_steal_without_qualifiers() -> PolicyTestCase {
                 selector: None,
                 block: vec![BlockedFeature::Steal],
                 env: Default::default(),
+                fs: Default::default(),
             },
         ),
         service_b_can_steal: No,
@@ -147,6 +148,7 @@ fn block_steal_with_path_pattern() -> PolicyTestCase {
                 selector: None,
                 block: vec![BlockedFeature::Steal],
                 env: Default::default(),
+                fs: Default::default(),
             },
         ),
         service_b_can_steal: EvenWithoutFilter,
@@ -166,6 +168,7 @@ fn block_unfiltered_steal_with_path_pattern() -> PolicyTestCase {
                 selector: None,
                 block: vec![BlockedFeature::StealWithoutFilter],
                 env: Default::default(),
+                fs: Default::default(),
             },
         ),
         service_b_can_steal: EvenWithoutFilter,
@@ -185,6 +188,7 @@ fn block_unfiltered_steal_with_deployment_path_pattern() -> PolicyTestCase {
                 selector: None,
                 block: vec![BlockedFeature::StealWithoutFilter],
                 env: Default::default(),
+                fs: Default::default(),
             },
         ),
         service_a_can_steal: OnlyWithFilter,
@@ -210,6 +214,7 @@ fn block_steal_with_label_selector() -> PolicyTestCase {
                 }),
                 block: vec![BlockedFeature::Steal],
                 env: Default::default(),
+                fs: Default::default(),
             },
         ),
         service_b_can_steal: EvenWithoutFilter,
@@ -236,6 +241,7 @@ fn block_steal_with_unmatching_policy() -> PolicyTestCase {
                 }),
                 block: vec![BlockedFeature::Steal],
                 env: Default::default(),
+                fs: Default::default(),
             },
         ),
         service_b_can_steal: EvenWithoutFilter,
@@ -377,6 +383,7 @@ pub async fn create_cluster_policy_and_try_to_mirror(
                 selector: None,
                 block: vec![BlockedFeature::Mirror],
                 env: Default::default(),
+                fs: Default::default(),
             },
         ),
     )