A random question / thought, we currently use Typescript to generate strongly-typed permission strings. When authoring policies, is there a way to make those strings available to Cerbos? Is JSON Schema the best direction there?
Steve High (NTWRK)
12/12/2022, 4:02 PM
I have an example in Go that does just that...I imagine the typescript variant wouldnt be too much different since the implementation is just bitmasks
i'd be happy to share that if you'd like
12/12/2022, 4:42 PM
Happy to take a look at anything you're willing to share!
@Steve High (NTWRK) I'm seeing now that Principal schemas are really only used to validate requests, have you found a way to make them useful in editing of policies?
Essentially I have an attribute on the principal that can be one or more strongly typed strings in a union, and I'd love to make that available to people writing policies. Not sure if that's feasible atm?
Some way to extend the available policy schema would go a long way
12/17/2022, 10:07 AM
That's an interesting idea. The difficult bit here is that during policy editing, the principal/resource attributes are not really YAML fields that can be described with a schema. They are part of the CEL expression, which is essentially a string as far as any editor is concerned. We do want to be able to validate those expressions too but it'll probably take us a little while longer to come up with a good enough solution that works for everybody.