Demonstrating how the JS interpreter API added in CCF 5 could be used to implement dynamic/customisable policy.
In short:
The (governance-populated) Configuration::Policy struct now has an optional policy_script field
If this is present, we execute it as a JS script:
look for an apply() function
pass the protected headers extracted from the COSE envelope
expect it to return a bool indicating whether submission should be accepted
If the policy exists and fails, return an error
Includes some tests of the error paths, and of a simple sample policy which protects some feeds so they can only be claimed by a given issuer. These feeds and issuers are currently literals within the policy script, but they could also be read from the KV.
Demonstrating how the JS interpreter API added in CCF 5 could be used to implement dynamic/customisable policy.
In short:
Configuration::Policy
struct now has an optionalpolicy_script
fieldapply()
functionIncludes some tests of the error paths, and of a simple sample policy which protects some feeds so they can only be claimed by a given issuer. These feeds and issuers are currently literals within the policy script, but they could also be read from the KV.