Open yukinying opened 4 years ago
It looks like config-validator uses ancestry_path internally and converts "ancestors" to a path if it's provided - however, I think this would make the expected structure more clear to users and it would be easier to change now than later.
https://github.com/forseti-security/config-validator/blob/87b4ae546420814b2a6766a1b4569278f5e1627e/api/validator.proto#L44
I have also verified that CAI now do not return ancestry_path. Instead it returns ancestors, which is a list of strings instead of a single string. For example,
I think this will make the logic on generating ancestry be easier.