policy size

[nirsnappy]

trafficstars

first of all look like a great idea! and the name is genius.

will you enforce policy size limit ?

[udondan]

Thanks @nirsnappy!

That's a good idea. But quite tricky, I believe.

First of all, the package only creates single statements, not complete policies. So we can only ensure a single statement does not exceed the size limit. That would already be a good feature though! But then we have the problem of the varying character limits of policies:

Inline role policies: 10,240 Inline group policies: 5,120 Managed policies: 6,144 Inline user policies: 2,048 Assume policies: 2,048

Since we don't know in which context the statement is going to be used, the only option I can think of is to ask the user.

statement.ensureSize(10240) -> true|false

But that's not really helpful. It's the same as this, what the user can already do now:

statement.toJSON().toString().length <= 10240

^{(I probably should implement a toString method)}

Yeah, so not sure about it 🤔

[niradler]

i always ending up google that: Inline role policies: 10,240 Inline group policies: 5,120 Managed policies: 6,144 Inline user policies: 2,048 Assume policies: 2,048

again and again so it will be nice touch. i agree about the toString() it can also minifey it to get more space.

[skorfmann]

A combination of automatically reducing the policy size and perhaps some context aware auto splitting would be awesome. Something along the lines of ensureValidSize(PolicyTarget.MANAGED) which returns Math.ceil(policy.length / 6144) policies in this case.

[udondan]

I have actually planned to add the concept of a full policy to Floyd and wanted to deal with it on that level. The policy then knows it's type (InlineUserPolicy, ManagedPolicy etc) and therefore it's maximum size. And yeah, it needs some auto-splitting capability. Otherwise it's no big help to know the policy is too large, but you can't do anything about it.