As an admin, I want to set database access rules

Question

As an admin, I want to set database access rules

Closed this issue 5 years ago · 0 comments

Sometimes you won't have admin access to a database instance so allow database access rules to be applied on runtime.

For example, something like:

[{
  "alias1": {
       "users": {
         "allow": "all",
         "deny": "head, delete, post, get, put"
     }
  }
}]

Here we would have to add another file to the classpath or load it (like the JKS file) which means
that custom docker images would have to be created everytime a change is required (unless a volume is used...)

Or with properties, like a complemetely locked down database:

amforeas.alias1.jdbc.rules.deny=all
amforeas.alias1.jdbc.rules.catalog.allow=head, get

$ curl -X GET "http://.../amforeas/alias1/catalog/1" > 200
$ curl -X DELETE "http://.../amforeas/alias1/catalog/1" > 405 Method Not Allowed
$ curl -X GET "http://.../amforeas/alias1/foo/1" > 405 Method Not Allowed

Or a fine grained ACL:

amforeas.alias2.jdbc.rules.deny=none
amforeas.alias2.jdbc.rules.users.allow=head, get
amforeas.alias2.jdbc.rules.cars.allow=head, get, delete, post, put
amforeas.alias2.jdbc.rules.photos.allow=all

$ curl -X GET "http://.../amforeas/alias2/users/1" > 200
$ curl -X DELETE "http://.../amforeas/alias2/users/1" > 405 Method Not Allowed
$ curl -X GET "http://.../amforeas/alias1/bar/1" > 200