Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-cedarling): Implement check authorization principals based on the schema for action #10072

Closed
olehbozhok opened this issue Nov 7, 2024 · 2 comments · Fixed by #10126
Closed

feat(jans-cedarling): Implement check authorization principals based on the schema for action #10072

olehbozhok opened this issue Nov 7, 2024 · 2 comments · Fixed by #10126
Assignees
@olehbozhok
Labels
comp-cedarling comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-feature Issue or PR is a new feature request
Milestone
1.1.6

Comments

@olehbozhok
Copy link
Contributor

olehbozhok commented Nov 7, 2024
edited by nynymike
Loading

Is your feature request related to a problem? Please describe.
In cedar-policy schema from agama-lab we have 3 principals Workload, User and Role
Currently, for each request we make authorization check for each principal.

And it is hard coded that each principal use namespace "Jans"

Describe the solution you'd like

  • improve parsing cedar-policy schema and add check if principal can be applied to cedar-policy Action
  • add usage of namespace stored in the policy-store

Additional context
In policy store field name describe namespace in the cedar-policy schema
@olehbozhok olehbozhok self-assigned this Nov 7, 2024
@mo-auto mo-auto added the kind-feature Issue or PR is a new feature request label Nov 7, 2024
@moabu moabu added this to the 1.1.6 milestone Nov 7, 2024
@nynymike
Copy link
Contributor

Rather then making three authz requests, which may have three different diagnostics, is it possible to combine these three queries into one authz request?

@olehbozhok
Copy link
Contributor Author

@nynymike agama-lab already implemented creating cedar-policy schema with 3 possible principals.
To make all checks in one, we need to figure out possible solutions. But looks like we need to implement a principal entity that can hold values of all current principals.

I think it is a huge change and may have impact on demo deadline.

@olehbozhok olehbozhok linked a pull request Nov 12, 2024 that will close this issue
feat(jans-cedarling): Implement check authorization principals based on the schema for action #10126
Merged
6 tasks
@olehbozhok olehbozhok mentioned this issue Nov 12, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@olehbozhok olehbozhok

Labels
comp-cedarling comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
1.1.6
4 participants
@nynymike @olehbozhok @moabu @mo-auto