Closed jakedoublev closed 1 week ago
@jakedoublev KAS does not support upsert. I believe that's for remote policies but not 100% on that.
Interesting. I was seeing calls to it from within the TDF3Client consumed from opentdf/client-web. Monday I plan to test working around upsert and will submit a PR if I find a good path forward. The ins and outs of KAS flows are not something I’m intimately familiar with.
@dmihalcik-virtru Will probably have more insights into this as well.
Closing as the offline
config option in opentdf/client-web
works for browser-driven encrypt and skips the unsupported upsert
call.
If KAS does its own auth validation, perhaps all KAS routes should be public?
Route
/kas/v2/upsert
is not covered by default casbin policy and appears to be completely inaccessible (at least over HTTP).