Policy Statement Condition
gearnode opened this issue · 1 comments
gearnode commented
Goal
Define the API to write condition in statement
Proposal
Like AWS IAM (JSON syntax)
- less security issue
- should create many condition to apply
- should create a JSON DSL or something like that
- should write documentation
- performance +++
- not easy to extend
- user can't introduce slow condition
Lua Scripting
- should create a VM sandbox to avoid security issue
- easy to extend judge with lua scripting
- performance --
- manage Lua VM pool to avoid performance issue
- compile to ensure proper syntax
- less documentation to write
- know solution like Redis, NGINX, etc.
- user can introduce slow condition
gearnode commented
After some try with Lua, I have a lot of security issue and I should implement a pool of Lua VM.
I try the other solution with JSON.
DSL example
["and",
["string:like", "foo", "foo"],
["or",
["string:like", "judge:username", "foobar"],
["string:like", "judge:username", "barfoo"]
]
]