-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy wrapper RegoRules for the UserInfoFetcher #558
Comments
My suggestion on how to do this: Have a ready-to-go (or slightly templated) |
In the trino tests we have the UIF call here https://github.com/stackabletech/trino-operator/blob/0a1545ff371190b8d237f994bba4266fc962f774/tests/templates/kuttl/opa-authorization/trino_policies.rego#L291 and wrap it into extra_groups in the the permissions here https://github.com/stackabletech/trino-operator/blob/0a1545ff371190b8d237f994bba4266fc962f774/tests/templates/kuttl/opa-authorization/trino_rules/actual_permissions.rego#L43. We could extract that into its own rego (util) file and be imported by other policies? |
I would suggest it being a specific rego file, rather than a generic util file, because:
Some suggestions on what the end-user rego imports could look like: import utils.uif
import utils.authorization
import stackable.uif
import stackable.authorization Edit: #580 goes with |
As a user of the UIF I would like to simply use RegoRules to use the UIF, instead of having to do the HTTP calls myself.
The rules and how to use them need to be documented and a decision needs to be created.
The text was updated successfully, but these errors were encountered: