Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Permissions API #90

Open
nicolerenee opened this issue May 8, 2023 · 0 comments
Open

Initial Permissions API #90

nicolerenee opened this issue May 8, 2023 · 0 comments
Assignees
@fishnix

Comments

@nicolerenee
Copy link
Member

The initial permissions API needs to allow us to check if a user has access to a specific resource.

Ideally we would have the ability to provide multiple access checks that can all be validated with a single API call.

Something similar to:

r.authClient.CheckPermissions(
 	authzclient.Check{Subject: actor.ID, Action: "loadBalancerCreate", On: input.TenantID},
 	authzclient.Check{Subject: input.TenantID, Action: "enabled", On: input.LocationID},
 	authzclient.Check{Subject: input.TenantID, Action: "enabled", On: input.ProviderID},
 	authzclient.Check{Subject: input.TenantID, Action: "enabled", On: config.ResourceProvider.Name},
 	authzclient.Check{Subject: config.ResourceProvider.Name, Action: "enabled", On: input.LocationID},
)

Permissions API had an additional process that runs which watches the NATS queue for change events and when one is seen it should automatically update the permissions database with the changes. For example an event comes through that Tenant-100 was created as a subtenant of Tenant-10. Tenant-100 should be created in the permissions spicedb.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fishnix fishnix

Labels
None yet
Projects
Infratographer Foundation Roadmap
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fishnix @nicolerenee