Basic scriptlet-based authorizer #188
Comments
|
@stgraber I would be interested to work on this. |
|
Sounds good! |
stgraber
added
Documentation
|
I would be happy to test on this. I guess such a script hook would open for much more scenarios to use incus as remote image server having something like a voter script which could then access external services like ldap or db to block or allow access. Are you thinking of a shell script or a Go construct? |
|
We're looking at using a scriptlet which is already a technology we use for our scheduler. This uses go-starlark from Google. |
|
Unassigning due to lack of activity. |
|
Im interested in working on this issue, can I be assigned to it please? |
|
Probably best to tackle last in the current batch of stuff assigned to you as that's a bit trickier than the others. But #652 should help you get familiar with some of that stuff already. This will need a new kind of scriptlet be defined in The basic infrastructure you can do with:
|
|
@christina-zh hello, do you still intend to work on this one or should I clear the assignee? |
|
hi @stgraber , our group might not have the time to continue working on this issue. You could clear the assignee. Thank you for your help! |
|
Hi! I’d like to work on this. |
|
There you go! |
We now have OpenFGA for fine grained access control, but not everyone needs to run a full authorization server and for simpler cases, it could be very useful to have a basic built-in option that can still be very flexible.
I'm thinking of a new
authorization.scriptletserver config key which takes a scriplet that would then be called with some user context, object context and action and have the ability to allow or deny the request.The text was updated successfully, but these errors were encountered: