Conversation
Signed-off-by: aerosouund <aerosound161@gmail.com>
| evaluation: | ||
| mode: HTTP | ||
| validations: | ||
| - expression: > |
There was a problem hiding this comment.
As we reusing the same API (definition) an expression has to return a boolean value, right?
There was a problem hiding this comment.
If you're referring to the fact that CEL expressions need to return a bool then no. It has to return a http.response type or null. To avoid the conflict, the envoy plugin (or whatever will handle HTTP authorization) will not handle policies that don't have evaluation.mode: HTTP. Likewise, kyverno won't handle policies that have this enabled
There was a problem hiding this comment.
and in which sense is it a validation when you returning/building a response object rather then do a validation? This also means that you can not reuse the existing VPOL engine?
There was a problem hiding this comment.
Yeah exactly, there's another compiler implementation in the envoy plugin built for those use cases and thats what i am targeting. The plugin also recently added support for VPOL. It is validation in the sense that i am returning a response to a after (validating) a request
Signed-off-by: aerosouund <aerosound161@gmail.com>
2 participants
No description provided.