This message was deleted.
# opals
Slackbot
06/13/2023, 1:57 PMThis message was deleted.
a
Amy Bertken
06/13/2023, 1:57 PM Copy code
permit(
principal in Role::"photographer",
action in [Action::"read", Action::"create"],
resource in ResourceType::"photos"
);
permit(
principal in Role::"photographer",
action in [Action::"read",Action::"create",Action::"update"],
resource in ResourceType::"solutions"
);.policyr
Raz Co
06/13/2023, 2:02 PMHey Amy,
We’re looking forward to seeing how you explore OPAL + Cedar permit
I’m taking a look on your specific use case and i’ll get back to you ASAP.
g
Gabriel L. Manor
06/13/2023, 2:02 PMHey, @Amy Bertken, I'm the creator of this repo, happy to see people getting around with it ☺️
Unfortunately, at this point OPAL supports only in one policy per file
👍 1
Gabriel L. Manor
06/13/2023, 2:03 PM@Shaul Kremer and @Omer Zuarets can you expand on our roadmap around it? Can we open (or we already opened) an issue to add support in multiple policies in one file?
o
Omer Zuarets
06/13/2023, 2:27 PMHey,
We currently have the one policy per file limitation,
This is because in cedar, each permit / forbid policy has its own ID, in cedar-agent we use the file path as the policy id for the policy, these concepts currently conflicts with each other.
We’ll open an issue for that and have discussion on how to solve it, but unfortunately this is currently not supported
👍 1
Omer Zuarets
06/13/2023, 3:03 PMWe are thinking about this solution:
when creating a file with multiple policies the ids will be the the offset of the policy in the file prefixed with the file path, for example,
If you have a file called
my_policy.cedar Copy code
permit(
principal in Role::"photographer",
action in [Action::"read", Action::"create"],
resource in ResourceType::"photos"
);
permit(
principal in Role::"photographer",
action in [Action::"read",Action::"create",Action::"update"],
resource in ResourceType::"solutions"
);my_policy.cedar:0my_policy.cedar:1:a
Amy Bertken
06/13/2023, 3:22 PMThat makes sense to me! I like the
:💜 1