https://authzed.com logo
Powered by
#zanzibar
Title
# zanzibar
c

celrenheit

11/09/2022, 1:19 PM
Hello, I am wondering how to design a usecase based around feature flags for apikeys. Typically, if we have superadmin users who can create apikeys and each apikey can have a list of feature hierarchy that can be enabled. For exemple:
Copy code
apikeyA can access:
  REST api (all sub-features)
  GRPC api (just subset)
    feature foo
    feature bar
apikeyB can access:
  REST api (just a subset)
    baz
  GRPC api (all)
How would you model something like this using spicedb/zanzibar ?
v

vroldanbet

11/09/2022, 1:23 PM
Hi, I think it could be modelled as follows:
Copy code
definition Key {

}

definition API {
  relation featureA: Key
  relation featureB: Key
  relation allFeatures: Key
  
  permission canAllFeatures: allFeatures + (feature & featureB)
  permission canFeatureA: canAllFeatures + featureA
  permission canFeatureB: canAllFeatures + featureB
}
c

celrenheit

11/09/2022, 1:28 PM
I see
following your example a relationship that looks like: 
API/Rest#featureA@Key:123
means apikey 
123
has access to 
featureA
in the 
Rest
api, right ?
v

vroldanbet

11/09/2022, 4:02 PM
correct!
it would be actually 
API:Rest#featureA@Key:123
c

celrenheit

11/09/2022, 4:18 PM
indeed
2 Views
Powered by