zenoh unifies data in motion, data in-use, data at rest and computations. It carefully blends traditional pub/sub with geo-distributed storages, queries and computations, while retaining a level of time and space efficiency that is well beyond any of the mainstream stacks.
Within each subject, a cartesian product is performed to produce the (interface, cert_common_name, username) combinations. Each combination is a logical AND between its components, and different combinations within the same subject in the subjects list represent a logical OR between them.
Rules are declared seperately, and applied to these subject logical combinations in the policy list. Unique identifiers (id fields) are used to represent the subjects and rules in the policy entries.
This PR reworks the ACL config to support boolean combinations of subjects. An examples of the new config format is the following:
Within each subject, a cartesian product is performed to produce the
(interface, cert_common_name, username)
combinations. Each combination is a logicalAND
between its components, and different combinations within the same subject in thesubjects
list represent a logicalOR
between them.Rules are declared seperately, and applied to these subject logical combinations in the
policy
list. Unique identifiers (id
fields) are used to represent the subjects and rules in thepolicy
entries.