Skip to content

Initial Permissions API #90

New issue
New issue
Open
Open
Initial Permissions API#90
Assignees
fishnix
@nicolerenee

Description

@nicolerenee
nicolerenee
opened on May 8, 2023

The initial permissions API needs to allow us to check if a user has access to a specific resource.

Ideally we would have the ability to provide multiple access checks that can all be validated with a single API call.

Something similar to:

r.authClient.CheckPermissions(
 	authzclient.Check{Subject: actor.ID, Action: "loadBalancerCreate", On: input.TenantID},
 	authzclient.Check{Subject: input.TenantID, Action: "enabled", On: input.LocationID},
 	authzclient.Check{Subject: input.TenantID, Action: "enabled", On: input.ProviderID},
 	authzclient.Check{Subject: input.TenantID, Action: "enabled", On: config.ResourceProvider.Name},
 	authzclient.Check{Subject: config.ResourceProvider.Name, Action: "enabled", On: input.LocationID},
)

Permissions API had an additional process that runs which watches the NATS queue for change events and when one is seen it should automatically update the permissions database with the changes. For example an event comes through that Tenant-100 was created as a subtenant of Tenant-10. Tenant-100 should be created in the permissions spicedb.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

Infratographer Foundation Roadmap

Status

In Progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions