This message was deleted Permit #opal

Join Slack

This message was deleted.

# opal

Slackbot

04/12/2023, 5:33 AM

This message was deleted.

Or Weis

04/12/2023, 7:09 AM

Hi @Maurice Brand-Freitag are you asking about OPAL or #C02RTML2WNN? OPA and OPAL have no concept of users or tenants. Still when triggering a data update you can override the value of an entire key. Also you can perform a PATCH operation, which does have the ability to mutate the existing value instead of just overriding it.

Maurice Brand-Freitag

04/12/2023, 7:24 AM

Hi, sorry, let me clarify. I'm talking about OPAL. The example is data in the format OPA uses to evaluate our policies, i.e.

data.tenants["tenantA"].users["userA"]

. When changes to policy relevant data happen we call the data update API on the OPAL server. This works fine when updating data incrementally, question is, if there is a way to remove data from OPA. Using PATCH would still leave the empty user within the data set.

Or Weis

04/12/2023, 7:31 AM

All good :) I believe a PATCH call with a remove operation on

data/tenants/tenantA/users/userA

would produce the right outcome https://www.rfc-editor.org/rfc/rfc6902#section-4.2

Or Weis

04/12/2023, 7:34 AM

You can use a custom data-fetcher to return the right PATCH command. That being said I guess it wouldn't hurt to more natively support patch commands or even specificly delete as part of a data update. If interested, can you open a GitHub issue for this?

Maurice Brand-Freitag

04/12/2023, 7:36 AM

Will do, thanks 👍

Maurice Brand-Freitag

04/12/2023, 7:55 AM

https://github.com/permitio/opal/issues/430

Or Weis

04/12/2023, 8:04 AM

Thank you. I've added a comment on the issue as well. If you could do a PR, that would be great, I could review and approve it.

3 Views

Open in Slack

Previous Next