mkulke
commented
4 months ago we are facing the bombs deployed before
😅, it's been confusing to debug why some policies would fail, but it should soon be covered by some tests hopefully, as I stumbled over this while refining some tests. It's probably a good idea to verify such input expectations earlier on the api level.
The underlying kbs code expects a string in a specific b64 encoding. The client will fail to set certain policies if standard b64 encoding is used.
Not sure what the reasoning behind the b64 encoding of a policy body is, but it is very deep into the call graph in the the policy engines' implementation, so it's reasonable to change it at the client, I think.