Skip to content

Cedarling Build Plan

Oleh edited this page Nov 20, 2024 · 19 revisions

MVP

Each of these should be a single PR

  1. Define init, authz, and log interfaces which return True
  2. Log Startup message
  3. Read bootrap properties
  4. Policy Store: Parse Schema - both valid and invalid
  5. Policy Store: Parse Policies - both valid and invalid
  6. Parse access_token -- create access token and Workload entity
  7. Evaluate positive authz request if Workload is allowed and return result
  8. Parse id_token -- create id_token and User entity (or update User entity if it exists)
  9. Parse userinfo_token -- create userinfo and User entity (or update User entity)
  10. Evaluate positive authz request if User is allowed and return result
  11. Evaluate negative authz request if User is not allowed and diagnostics are returned
  12. Evaluate negative authz request if Workload is not allowed and diagnostics are returned
  13. Test all authz combinations of results are correct: (user ok, workload ok), (user ok, workload not ok), (user not ok, workload ok), (user not ok, workload not ok), also added for role
  14. WASM binding
Clone this wiki locally