flowmade-one/aether
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Issue #20] Add wildcard namespace subscriptions #52

Merged
HugoNijhuis merged 1 commits from issue-20-wildcard-namespace-subscriptions into main 2026-01-10 18:26:29 +00:00
Conversation 1 Commits 1 Files Changed 5 +807 -62
HugoNijhuis commented 2026-01-10 18:24:40 +00:00
Owner
Copy Link

Summary

Add support for NATS-style wildcard patterns in namespace subscriptions, enabling cross-namespace event handling for logging, monitoring, and auditing use cases.

Changes

  • Add pattern.go with MatchNamespacePattern and IsWildcardPattern functions
  • Update EventBus to handle wildcard subscribers separately from exact-match subscribers
  • Update NATSEventBus to leverage NATS native wildcard support for cross-node broadcasting
  • Add comprehensive tests for pattern matching (pattern_test.go) and EventBus wildcards (eventbus_test.go)
  • Document security implications throughout the codebase

Pattern Syntax

Following NATS subject matching conventions:

  • * matches exactly one token (dot-separated)
  • > matches one or more tokens (only at the end of a pattern)

Examples:

  • prod.* matches prod.tenant, prod.orders
  • prod.> matches prod.tenant, prod.tenant.orders
  • > matches all namespaces (catch-all)

Security Considerations

Wildcard subscriptions bypass namespace isolation. This is documented with warnings in:

  • EventBroadcaster interface
  • EventBus struct and Subscribe method
  • NATSEventBus struct and Subscribe method
  • MatchNamespacePattern function

Closes #20

## Summary Add support for NATS-style wildcard patterns in namespace subscriptions, enabling cross-namespace event handling for logging, monitoring, and auditing use cases. ## Changes - Add `pattern.go` with `MatchNamespacePattern` and `IsWildcardPattern` functions - Update `EventBus` to handle wildcard subscribers separately from exact-match subscribers - Update `NATSEventBus` to leverage NATS native wildcard support for cross-node broadcasting - Add comprehensive tests for pattern matching (`pattern_test.go`) and EventBus wildcards (`eventbus_test.go`) - Document security implications throughout the codebase ## Pattern Syntax Following NATS subject matching conventions: - `*` matches exactly one token (dot-separated) - `>` matches one or more tokens (only at the end of a pattern) Examples: - `prod.*` matches `prod.tenant`, `prod.orders` - `prod.>` matches `prod.tenant`, `prod.tenant.orders` - `>` matches all namespaces (catch-all) ## Security Considerations Wildcard subscriptions bypass namespace isolation. This is documented with warnings in: - `EventBroadcaster` interface - `EventBus` struct and `Subscribe` method - `NATSEventBus` struct and `Subscribe` method - `MatchNamespacePattern` function Closes #20
HugoNijhuis added 1 commit 2026-01-10 18:24:41 +00:00
Add wildcard namespace subscriptions
All checks were successful
CI / build (pull_request) Successful in 18s
Details
CI / build (push) Successful in 16s
Details
adead7e980 
Support NATS-style wildcard patterns ("*" and ">") for subscribing
to events across multiple namespaces. This enables cross-cutting
concerns like logging, monitoring, and auditing without requiring
separate subscriptions for each namespace.

- Add pattern.go with MatchNamespacePattern and IsWildcardPattern
- Update EventBus to track wildcard subscribers separately
- Update NATSEventBus to use NATS native wildcard support
- Add comprehensive tests for pattern matching and EventBus wildcards
- Document security implications in all relevant code comments

Closes #20

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
HugoNijhuis commented 2026-01-10 18:26:25 +00:00
Author
Owner
Copy Link

AI Code Review

This is an automated review generated by the code-reviewer agent.

Summary

This PR adds NATS-style wildcard pattern support for namespace subscriptions, enabling cross-namespace event handling for logging, monitoring, and auditing. The implementation is well-structured with comprehensive test coverage and appropriate security documentation.

Findings

Code Quality

  • Excellent separation of concerns: The new subscription struct and split between exactSubscribers and wildcardSubscribers is clean and maintainable
  • Clear pattern matching logic: The recursive matchTokens function in pattern.go is easy to follow
  • Good documentation: Extensive godoc comments with examples and security warnings throughout
  • Consistent naming: Pattern vs namespace distinction is clear in all function signatures
  • Minor observation: In nats_eventbus.go line ~799, the deliverToWildcardSubscribers function directly accesses neb.EventBus.wildcardSubscribers. While this works with embedding, it creates tight coupling. Consider adding a method to EventBus for this, though not blocking.

Potential Bugs

  • Channel closure in Unsubscribe: The channel is closed in Unsubscribe, but if the same channel is passed twice, the second call will panic on double-close. Current usage appears safe, but worth noting.
  • No validation of > placement: The pattern matching allows > anywhere in the pattern string during parsing (e.g., prod.>.tenant would be split into tokens). However, the matching logic only handles > correctly when it's the last pattern token. Consider adding validation in Subscribe to reject invalid patterns like prod.>.tenant early.

Security Concerns

  • Well-documented security implications: Every relevant interface and struct has clear warnings about wildcard subscriptions bypassing namespace isolation
  • No security vulnerabilities identified: Pattern matching doesn't allow injection or unexpected behavior
  • Good security hygiene: Documentation consistently emphasizes restricting wildcard access to trusted components

Style Notes

  • Consistent with codebase: Follows existing patterns and Go conventions
  • Test naming: Test names are descriptive and follow Go best practices
  • Formatting: Clean, properly indented, no style issues

Test Coverage

  • Comprehensive pattern matching tests: 23 test cases covering exact matches, wildcards, edge cases, and combinations
  • EventBus integration tests: 13 tests covering exact subscriptions, wildcard subscriptions, unsubscribe, isolation, concurrency, and non-blocking behavior
  • Performance consideration: Includes benchmarks for pattern matching
  • Excellent coverage: Tests cover happy paths, edge cases, error conditions, and concurrent operations
  • One gap: No integration test for NATSEventBus wildcard behavior across nodes. The local EventBus tests are thorough, but validating NATS subject wildcard integration would strengthen confidence.

Verdict

LGTM with minor suggestions

This is a solid implementation with excellent test coverage and thorough documentation. The pattern matching is correct, the EventBus refactoring maintains backward compatibility, and the security implications are well-documented. The minor observations about > validation and cross-node integration testing are suggestions for future improvement, not blockers.

The code is ready to merge.

## AI Code Review > This is an automated review generated by the code-reviewer agent. ### Summary This PR adds NATS-style wildcard pattern support for namespace subscriptions, enabling cross-namespace event handling for logging, monitoring, and auditing. The implementation is well-structured with comprehensive test coverage and appropriate security documentation. ### Findings #### Code Quality - **Excellent separation of concerns**: The new `subscription` struct and split between `exactSubscribers` and `wildcardSubscribers` is clean and maintainable - **Clear pattern matching logic**: The recursive `matchTokens` function in `pattern.go` is easy to follow - **Good documentation**: Extensive godoc comments with examples and security warnings throughout - **Consistent naming**: Pattern vs namespace distinction is clear in all function signatures - **Minor observation**: In `nats_eventbus.go` line ~799, the `deliverToWildcardSubscribers` function directly accesses `neb.EventBus.wildcardSubscribers`. While this works with embedding, it creates tight coupling. Consider adding a method to EventBus for this, though not blocking. #### Potential Bugs - **Channel closure in Unsubscribe**: The channel is closed in `Unsubscribe`, but if the same channel is passed twice, the second call will panic on double-close. Current usage appears safe, but worth noting. - **No validation of `>` placement**: The pattern matching allows `>` anywhere in the pattern string during parsing (e.g., `prod.>.tenant` would be split into tokens). However, the matching logic only handles `>` correctly when it's the last pattern token. Consider adding validation in `Subscribe` to reject invalid patterns like `prod.>.tenant` early. #### Security Concerns - **Well-documented security implications**: Every relevant interface and struct has clear warnings about wildcard subscriptions bypassing namespace isolation - **No security vulnerabilities identified**: Pattern matching doesn't allow injection or unexpected behavior - **Good security hygiene**: Documentation consistently emphasizes restricting wildcard access to trusted components #### Style Notes - **Consistent with codebase**: Follows existing patterns and Go conventions - **Test naming**: Test names are descriptive and follow Go best practices - **Formatting**: Clean, properly indented, no style issues #### Test Coverage - **Comprehensive pattern matching tests**: 23 test cases covering exact matches, wildcards, edge cases, and combinations - **EventBus integration tests**: 13 tests covering exact subscriptions, wildcard subscriptions, unsubscribe, isolation, concurrency, and non-blocking behavior - **Performance consideration**: Includes benchmarks for pattern matching - **Excellent coverage**: Tests cover happy paths, edge cases, error conditions, and concurrent operations - **One gap**: No integration test for `NATSEventBus` wildcard behavior across nodes. The local EventBus tests are thorough, but validating NATS subject wildcard integration would strengthen confidence. ### Verdict **LGTM with minor suggestions** This is a solid implementation with excellent test coverage and thorough documentation. The pattern matching is correct, the EventBus refactoring maintains backward compatibility, and the security implications are well-documented. The minor observations about `>` validation and cross-node integration testing are suggestions for future improvement, not blockers. The code is ready to merge.
HugoNijhuis merged commit adead7e980 into main 2026-01-10 18:26:29 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
risk/high
risk/low
risk/medium
value/critical
value/high
value/low
value/medium
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
HugoNijhuis fluxcd-bot renovate-bot
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: flowmade-one/aether#52
Delete Branch "issue-20-wildcard-namespace-subscriptions"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?