Better OAS-based configuration for policy configuration

Question

Better OAS-based configuration for policy configuration

Closed this issue 2 years ago · 2 comments

Is your feature request related to a problem? Please describe.

Currently, from the docs, in order to configure rönd sidecar with OAS exposed by an application service you have to specify something link this:

{
  "x-permission": {
    "allow": "greetings_read",
    "resourceFilter": {
      "rowFilter": {
        "enabled": true,
        "headerKey": "x-acl-rows"
      }
    },
    "responseFilter": {
      "policy": "filter_response_example"
    },
    "options": {
      "enableResourcePermissionsMapOptimization": true
    }
  }
}

I find this configuration a bit redundant and suggest the following (heavily breaking) change:

{
  "x-rond-config": {
    "requestFlow": {
       "policyName": "greetings_read",
       "generateQuery":  true,
       "queryOptions": {
          "headerName": "...",
          "language": "..." // for future support to different query languages
       }
    },
    "responseFlow": {
      "policyName": "filter_response_example"
    },
    "options": {
      "enableResourcePermissionsMapOptimization": true
    }
  }
}

Answer 1 · 2022-08-12T09:26:54.000Z

We could prevent the breaking change by defining a period where both configuration are accepted (with priority to the new one) so that people can adapt; we can start deprecating the x-permission keyword and then remove support in v2

Answer 2 · 2022-10-13T16:00:37.000Z

With PR #84 I've added the new OAS configuration format (named x-rond) but made it non-breaking; as soon as the work is merged I'm going to close this PR and open a new one for the deprecation and removal of the old configuration to be done in v2