When calling the SetPolicy function it was overwrittng what ever was defined within the yaml configuration. This pr addresses this by changing the current functionality to overwrite the default policy while still allowing the policy in configuration to take precedence.
The pull request also introduces two new fields UsernameClaim and GroupsClaim aligning more with openid based claim names and not keycloak realm roles. The authz policy will pull the username and list of groups and run them through the casbin enforce function now. A user can now scope a policy to a username.
p, strantalis, policy.attributes.*, read, allow
Checklist
[ ] I have added or updated unit tests
[ ] I have added or updated integration tests (if appropriate)
Proposed Changes
When calling the SetPolicy function it was overwrittng what ever was defined within the yaml configuration. This pr addresses this by changing the current functionality to overwrite the default policy while still allowing the policy in configuration to take precedence.
The pull request also introduces two new fields
UsernameClaimandGroupsClaimaligning more with openid based claim names and not keycloak realm roles. The authz policy will pull the username and list of groups and run them through the casbin enforce function now. A user can now scope a policy to a username.Checklist
Testing Instructions