https://authzed.com logo
Title
m

masd1

01/30/2023, 11:04 AM
this page shows an example @dguhr-rh https://authzed.com/docs/reference/caveats#schema
d

dguhr-rh

01/30/2023, 11:08 AM
thanks @masd1 - jftr: i am particularly interested if we have access to actual values from the input request, like OPA does for example... here's an actual example where I think caveats could be a way to go to model these attribute filters: https://github.com/RedHatInsights/playbook-dispatcher#authorization (i know you could also model the whole intent otherwise, but let's just assume I want to use caveats for this).
oh i see, one would need to fill the actual CheckPermissions request with a
Context
field when I see this correctly 🙂
v

vroldanbet

01/30/2023, 11:23 AM
Correct, caveat context is provided as part of
CheckPermissionRequest
,
LookupResourcesRequest
and
LookupSubjectsRequest
it's based on
structpb
package with google, which allows us to define maps to be provided on request time
d

dguhr-rh

01/30/2023, 11:26 AM
yep, understood. great to know that you thought of lookupresources and lookupsubjects, too, as that might enable what I have in my mind. Will come up with an example of the use case above shortly i hope 🙂