Policy builder interface #79
Conversation
| @@ -0,0 +1,434 @@ | |||
| import { AccountId, Action, Address, Alg, AssetId, Hex } from '@narval/authz-shared' | |||
There was a problem hiding this comment.
I liked the result of a policy. I feel it's easier to read and understand without much context than the existing policy builder types on the Armory API.
As a general feed, I would suggest being less verbose on some namings, like for example drop the smurf naming convention. I left comments about this down below.
| import { Intents } from '@narval/transaction-request-intent' | ||
| import { AccountType } from './domain.type' | ||
|
|
||
| enum PolicyRuleType { |
There was a problem hiding this comment.
| enum PolicyRuleType { | |
| enum Then { |
| FORBID = 'forbid' | ||
| } | ||
|
|
||
| enum PolicyCriteriaType { |
There was a problem hiding this comment.
| enum PolicyCriteriaType { | |
| enum Criterion { |
|
|
||
| type Wildcard = '*' | ||
|
|
||
| type NarvalEntityTypes = 'Narval::User' | 'Narval::UserRole' | 'Narval::UserGroup' |
There was a problem hiding this comment.
I would definitely call just it EntityType and remove the Narval:: prefix. IMO, they're "reserved" words of the system, and people can't use them. If users want to extend the system, they can come with a prefix of choice.
| type NarvalEntityTypes = 'Narval::User' | 'Narval::UserRole' | 'Narval::UserGroup' | |
| type NarvalEntityTypes = 'User' | 'UserRole' | 'UserGroup' |
| args: AccumulationCondition | ||
| } | ||
|
|
||
| type PolicyCriteriaArgs = |
There was a problem hiding this comment.
| type PolicyCriteriaArgs = | |
| type PolicyCriterion = |
| } | ||
|
|
||
| const examplePermitPolicy: PolicyCriteriaBuilder = { | ||
| type: PolicyRuleType.PERMIT, |
There was a problem hiding this comment.
| type: PolicyRuleType.PERMIT, | |
| then: Then.PERMIT, |
| const examplePermitPolicy: PolicyCriteriaBuilder = { | ||
| type: PolicyRuleType.PERMIT, | ||
| name: 'examplePermitPolicy', | ||
| criteria: [ |
There was a problem hiding this comment.
| criteria: [ | |
| when: [ |
| ] | ||
| } | ||
| ] | ||
| } |
There was a problem hiding this comment.
Are we supporting OR operator? I know OPA does support it.
If yes, we don't have to implement it today but we need a plan.
| criteria: PolicyCriteriaType.APPROVALS, | ||
| args: [ | ||
| { | ||
| approvalCount: 2, |
There was a problem hiding this comment.
| approvalCount: 2, | |
| required: 2, |
| { | ||
| approvalCount: 2, | ||
| countPrincipal: false, | ||
| approvalEntityType: 'Narval::User', |
There was a problem hiding this comment.
| approvalEntityType: 'Narval::User', | |
| entity: 'User', |
| approvalCount: 2, | ||
| countPrincipal: false, | ||
| approvalEntityType: 'Narval::User', | ||
| entityIds: ['[email protected]', '[email protected]'] |
There was a problem hiding this comment.
| entityIds: ['[email protected]', '[email protected]'] | |
| entities: ['[email protected]', '[email protected]'] |
* syncing wallets and accounts. Addresses takes ages * add a passthrough to query with no pagination limit * sync from wallets to known-dests * Moved composed externalId in a util, fixed queries * naming and filter correctly for fireblocks * throw a correct error for anchorage knownDestination failed sync * removed unused test suite * add external classification to fireblocks's wallets * re-deleted unused test file
No description provided.