Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schema Support #2

Open
tpaulus opened this issue Mar 8, 2024 · 1 comment
Open

Schema Support #2

tpaulus opened this issue Mar 8, 2024 · 1 comment

Comments

@tpaulus
Copy link

tpaulus commented Mar 8, 2024

cedar-go does not have parity, as noted in the README, with cedar-rust with regard to loading and including the schema in authorization requests. It would be nice to see cedar-go have support for this, as it enables additional use cases, such as the one below.

Use Case:
In order to express Action Hierarchy, where a Role contains one or more actions, a cedar schema needs to be loaded and used in the evaluation of policies. For example, the following schema allows policies to permit the SuperAdmin action, and have the PARC reference BillingAdmin and the outcome be Allow.

{
  "Role": {
    "entityTypes": {},
    "actions": {
      "SuperAdmin": {
        "appliesTo": {
          "principalTypes": [],
          "resourceTypes": []
        }
      },
      "MinimalAccountAccess": {
        "memberOf": [
          {
            "id": "SuperAdmin"
          }
        ],
        "appliesTo": {
          "principalTypes": [],
          "resourceTypes": []
        }
      },
      "Admin": {
        "memberOf": [
          {
            "id": "SuperAdmin"
          }
        ],
        "appliesTo": {
          "principalTypes": [],
          "resourceTypes": []
        }
      },
      "AdminReadOnly": {
        "memberOf": [
          {
            "id": "Admin"
          }
        ],
        "appliesTo": {
          "principalTypes": [],
          "resourceTypes": []
        }
      },
      "BillingAdmin": {
        "memberOf": [
          {
            "id": "Admin"
          }
        ],
        "appliesTo": {
          "principalTypes": [],
          "resourceTypes": []
        }
      },
      "BillingAdminReadOnly": {
        "memberOf": [
          {
            "id": "BillingAdmin"
          },
          {
            "id": "AdminReadOnly"
          }
        ],
        "appliesTo": {
          "principalTypes": [],
          "resourceTypes": []
        }
      }
    }
  }
}
@jmccarthy
Copy link
Collaborator

Hi @tpaulus - we'll leave this issue open and update it once we know more about the timeline for Schema support

@caiorcferreira caiorcferreira mentioned this issue Jun 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmccarthy @tpaulus