HridoyRoy
commented
3 years ago Hi @andyinabox , Thanks for filing this issue. As far as I'm aware this feature is currently not on the roadmap. However, we'll raise this with Product and circle back. Thanks!
hixichen
Is your feature request related to a problem? Please describe. I'm working on an updated cloud architecture for my org, and would like to utilize Open Policy Agent (OPA) and its Rego policy DSL throughout our infrastructure to define RBAC policies so they can remain centralized, platform-independent, and utilize an open standard.
Describe the solution you'd like Allow delegating authorization to an external authorizer, which could be OPA or any other authorization method. The external authorizer would be provded a JSON object that includes the path, token, and any other relevant information, and respond with either a :+1: or :-1:. I would imagine this could be implemented in a similar fashion to the authentication plugins.
Describe alternatives you've considered Maintain a separate set of policies specifically for Vault written in HCL (yuck)