opa
opa copied to clipboard
Allow JSON schema verification on input when running as server
The new (and awesome!) feature for doing schema verification of the input document should be available when running OPA as a server. This would cleanly separate input verification from "real" policy, and would eliminate the need for much of the boiler plate around input checking found in certain type of policies.. at least if the input verification was known to have run before policy evaluation.
CC @aavarghese @vazirim
Doing schema verification on input
would also be an alternative for some #2095 use cases. For example, instead of using the error-on-undefined "dot" operator in input
documents, one could declare the property as required in JSON schema.
Totally @mattmahn .. I would expect most use cases for the dot operator to vanish in schema backed policies. It would still be useful for optional and unknown values though of course.
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.
Any updates in this one?
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.
bot, go away. we stil has a lot of interest in this issue.
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.
This feature could help with concerns we have regarding the potential for erroneous auth-z decisions in the presence of unexpected input. We are considering developing some features around input validation for ourselves, so if there is alignment in direction here we might be able to contribute.