Skip to content

Cedarling Build Plan

Jump to bottom
Michael Schwartz edited this page Oct 1, 2024 · 18 revisions

MVP

Each of these should be a single PR

  1. Define init, authz, and log interfaces which return True
  2. Log Startup message
  3. Read bootrap properties
  4. Policy Store: Parse Schema - both valid and invalid
  5. Policy Store: Parse Policies - both valid and invalid
  6. Parse access_token -- create access token and Workload entity
  7. Parse id_token -- create id_token and User entity (or update User entity if it exists)
  8. Parse userinfo_token -- create userinfo and User entity (or update User entity)
  9. Evaluate positive authz request if User is allowed and return result
  10. Evaluate negative authz request if User is not allowed and diagnostics are returned
  11. Evaluate positive authz request if Workload is allowed and return result
  12. Evaluate negative authz request if Workload is not allowed and diagnostics are returned
  13. Test all authz combinations of results are correct: (user ok, workload ok), (user ok, workload not ok), (user not ok, workload ok), (user not ok, workload not ok)
Clone this wiki locally