There is no documentation for the rules yet. But the rules replicate the File-based access control and its documentation can be used instead. All rules are implemented but roles are not matched.
Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
Please make sure all these things are done and tick the boxes
# Author
- [x] Changes are OpenShift compatible
- [x] Helm chart can be installed and deployed operator works
- [x] Integration tests passed (for non trivial changes)
- [x] Changes need to be "offline" compatible
# Reviewer
- [ ] Code contains useful comments
- [ ] Code contains useful logging statements
- [x] (Integration-)Test cases added
- [x] ~~Documentation added or updated. Follows the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs-style-guide).~~
- [ ] Changelog updated
- [x] Cargo.toml only contains references to git tags (not specific commits or branches)
# Acceptance
- [ ] Feature Tracker has been updated
- [ ] Proper release label has been added
- [ ] [Roadmap](https://github.com/orgs/stackabletech/projects/25/views/1) has been updated
Description
Create Rego rules for OPA which facilitate the definition of policies
Closes stackabletech/issues#500
The Rego rules are contained in an integration test in the directory
tests/templates/kuttl/opa-authorization/trino_rules/
.Currently, these rules must be deployed manually:
The custom policies can be defined in a separate file:
This file must also be deployed via a ConfigMap:
There is no documentation for the rules yet. But the rules replicate the File-based access control and its documentation can be used instead. All rules are implemented but roles are not matched.
The rules are formatted with
opa fmt
:The rules can be linted with Regal:
The unit tests can be run with
opa test
in the directorytests/templates/kuttl/opa-authorization/trino_rules/
:The integration test can be run with:
Definition of Done Checklist