Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support ngsi-ld api #88

Open
chicco785 opened this issue Apr 14, 2022 · 3 comments
Open

support ngsi-ld api #88

chicco785 opened this issue Apr 14, 2022 · 3 comments
Assignees
@Cerfoglg
Labels
enhancement New feature or request
Milestone
0.9

Comments

@chicco785
Copy link
Contributor

Is your feature request related to a problem? Please describe.

Today we have a rule package only for ngsi-v2. We should have one also for NGSI-LD

Describe the solution you'd like

Create a new rego package for NGSI-LD apis.

Describe alternatives you've considered
N/A

Additional context
N/A
@chicco785 chicco785 added the enhancement New feature or request label Apr 14, 2022
@chicco785 chicco785 added this to the 0.4 milestone Apr 14, 2022
@chicco785 chicco785 modified the milestones: 0.4, 0.6 Jun 14, 2022
@chicco785 chicco785 modified the milestones: 0.6, 0.9 Oct 31, 2022
@chicco785 chicco785 mentioned this issue Nov 30, 2022
Closed
@chicco785
Copy link
Contributor Author

when implementing support for NGSI-LD , include tests also with scorpio (see #187) by @SURAJKALLOLI

@tarik-kafein
Copy link

tarik-kafein commented Jun 16, 2023
edited
Loading

Hi,

Is there any update on the ngsi-ld rego package?
I am kind of stuck on implementing this.

For the below code what do I need to change to support /ngsi-ld/v1/entities

check_policy { current_path := split(request.resource, "/") current_path[1] == "v1" current_path[2] == "policies" request.action == "POST" parsed_body.resource_type == "entity" control_request = {"user":request.user, "action": "CONTROL", "resource":concat("", ["/v2/entities/",parsed_body.access_to]), "tenant":request.tenant, "service_path":request.service_path} user_permitted(control_request) }

Also there is no /v2/types/ enpoint in ngsi-ld, so how can I change tis to support ngsi-ld?

check_policy { current_path := split(request.resource, "/") current_path[1] == "v1" current_path[2] == "policies" request.action in ["GET", "PUT", "PATCH", "DELETE"] policy_id := current_path[3] e := policies[_][_][_] match_policy_id_or_wildcard(e, policy_id) e.resource_type == "entity_type" control_request = {"user":request.user, "action": "CONTROL", "resource":concat("", ["/v2/types/",e.resource]), "tenant":request.tenant, "service_path":request.service_path} user_permitted(control_request) }

Once I have a working version I can also share it.

Appreciate the help. Thanks.

@Cerfoglg
Copy link
Collaborator

Sorry for the late reply @tarik-kafein

Currently no ETA on when we'll implement NGSI-LD support, as other tasks take precedence.

Though regarding how it works in relation to the code you referenced: the rego rules are effectively just checking if the path matches in relation to the policies Anubis has (splitting the URL by the "/" and checking each element, checking if there is a policy that enables reading on a GET request, ...). So for ngsi-ld it is the same principle as the example with v2 we already have, but accounting for the different URL formats. Rego can be a bit tricky to work with in this context, but you were on the right track with it.

We'll keep you informed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Cerfoglg Cerfoglg

Labels
enhancement New feature or request
Projects
None yet
Milestone
0.9
Development

No branches or pull requests
3 participants
@chicco785 @Cerfoglg @tarik-kafein