Preview/extended version of opa-authorizer #2
Description
This version builds on the experimental release (version 0.1.0) and will address (without necessarily implementing everything) the following:
- Permission granularity
Actiongranularity: do we want to distinguish between e.g.AdminandCreate, and between different types of writes (write vs. delete) as is done upstream?- look at granting permissions on the level of cell families, not just tables
- permissions to be distinct between KeyValue and ColumnFamily
- check permissions on each mutation
- Permission coverage
- check ADMIN on each namespace
- read permissions required for checkAnd* methods to prevent probing
- Logging
- review all logging statements to reduce noise
- Other
- investigate ways of tracking changes made to upstream interfaces
- ensure consistency between empty implementation of interface methods (just for logging) and fallback to default impls
- ensure that all functionality is covered by integration tests