Skip to content

Commit 6c33d4b

Browse files
committed
docs(rfc): remove interceptor modifies flag
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
1 parent 511f9d8 commit 6c33d4b

1 file changed

Lines changed: 10 additions & 8 deletions

File tree

rfc/0010-gateway-interceptors/README.md

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -280,9 +280,8 @@ message InterceptorBinding {
280280
repeated GatewayInterceptorPhase phases = 2;
281281
repeated string rpcs = 3;
282282
int32 order = 4;
283-
bool modifies = 5;
284-
string on_error = 6;
285-
InterceptorSelector selector = 7;
283+
string on_error = 5;
284+
InterceptorSelector selector = 6;
286285
}
287286
288287
message InterceptorSelector {
@@ -299,6 +298,9 @@ allows expansion.
299298

300299
Empty selector fields match all values. A gateway override can narrow a
301300
service-declared selector, such as limiting a binding to a specific RPC.
301+
Patch capability is derived from the selected phase, not from a separate binding
302+
flag. A binding in `pre_request` or `modify_operation` may return zero or more
303+
patches. A binding in `validate` or `post_commit` must not return patches.
302304

303305
Gateway config example for a remote policy provider:
304306

@@ -326,8 +328,9 @@ bindings run by this deterministic ordering:
326328
3. gateway interceptor service name.
327329
4. binding ID.
328330

329-
The gateway rejects gateway interceptor configuration that creates ambiguous
330-
modification order for the same field if that can be detected statically.
331+
Patches are applied in binding execution order. Invalid patches, conflicting
332+
patches, or patches returned from a non-modification phase are invalid gateway
333+
interceptor results.
331334

332335
### Failure policy
333336

@@ -350,7 +353,8 @@ service-level gateway config, then applies any binding override.
350353

351354
Defaults:
352355

353-
- Modifying and validating bindings default to `fail_closed`.
356+
- `pre_request`, `modify_operation`, and `validate` bindings default to
357+
`fail_closed`.
354358
- `post_commit` bindings default to `ignore`.
355359

356360
The gateway enforces a timeout and response size limit for every gateway
@@ -398,14 +402,12 @@ InterceptorManifest {
398402
id: "sandbox-policy-default"
399403
phases: [GATEWAY_INTERCEPTOR_PHASE_MODIFY_OPERATION]
400404
rpcs: ["openshell.v1.OpenShell/CreateSandbox"]
401-
modifies: true
402405
on_error: "fail_closed"
403406
},
404407
{
405408
id: "policy-authority"
406409
phases: [GATEWAY_INTERCEPTOR_PHASE_VALIDATE]
407410
rpcs: ["openshell.v1.OpenShell/UpdateConfig"]
408-
modifies: false
409411
on_error: "fail_closed"
410412
}
411413
]

0 commit comments

Comments
 (0)