Is there an existing issue for this?
What happened?
AMO, and therefore Cinder, have a requirement that there must not be more than one enforcement action for a policy-entity combination. If there is, processing would silently fail (quoting @eviljeff: "there is a log in Cinder of all webhook activity, and it'd be marked as 4xx there, but no-one is routinely monitoring that"). The invisible failure is problematic.
At the same time, this requirement itself is implicit and invisible as well. Cinder will allow such conflicts to be created when changing a policy. There also is no policy list view (or otherwise) that would show or hint at that issue. There isn't even a way to see policy+entity -> enforcement action, not even a view to see the policy-entity mappings. Therefore we lack a method of preventing, detecting or auditing this issue.
The impact of that to happen is significant: Enforcement would be recorded in Cinder (I presume), but not recorded on AMO and also not actually carried out, resulting in not just de-synced information but actual moderation decisions not being applied, without anybody noticing.
What did you expect to happen?
I am not sure what exactly is feasible here.
Ideally we'd prevent a user from being able to make changes that would result in ambiguous enforcement action mappings. At least we need a way to detect it immediately when a user does it and raise very visible alerts and notifications. We also need to figure out what we'd do with decisions in that state. Can we hold them in some way, or potentially deny them...or something else?
┆Issue is synchronized with this Jira Task
Is there an existing issue for this?
What happened?
AMO, and therefore Cinder, have a requirement that there must not be more than one enforcement action for a policy-entity combination. If there is, processing would silently fail (quoting @eviljeff: "there is a log in Cinder of all webhook activity, and it'd be marked as 4xx there, but no-one is routinely monitoring that"). The invisible failure is problematic.
At the same time, this requirement itself is implicit and invisible as well. Cinder will allow such conflicts to be created when changing a policy. There also is no policy list view (or otherwise) that would show or hint at that issue. There isn't even a way to see policy+entity -> enforcement action, not even a view to see the policy-entity mappings. Therefore we lack a method of preventing, detecting or auditing this issue.
The impact of that to happen is significant: Enforcement would be recorded in Cinder (I presume), but not recorded on AMO and also not actually carried out, resulting in not just de-synced information but actual moderation decisions not being applied, without anybody noticing.
What did you expect to happen?
I am not sure what exactly is feasible here.
Ideally we'd prevent a user from being able to make changes that would result in ambiguous enforcement action mappings. At least we need a way to detect it immediately when a user does it and raise very visible alerts and notifications. We also need to figure out what we'd do with decisions in that state. Can we hold them in some way, or potentially deny them...or something else?
┆Issue is synchronized with this Jira Task