platform icon indicating copy to clipboard operation
platform copied to clipboard
verified publisher icon opentdf

Authorization: GetEntitlements should allow unscoped calls per proto definition

Open jakedoublev opened this issue 1 year ago • 1 comments

Background

The Authorization Service GetEntitlements RPC proto indicates that the scopes are optional, but the RPC handler currently errors out if scopes are not provided. This presents a challenge for downstream use cases like: https://github.com/opentdf/platform/issues/705.

Acceptance Criteria

  1. GetEntitlements can accept unscoped calls, relying on the policy MatchSubjectMappings rpc
  2. The MatchSubjectMappings policy API is called with a flattened Entity Representation's selector fields/values (ERS is called first)
  3. Tests

jakedoublev avatar May 16 '24 14:05 jakedoublev

Reopening this as it looks like we aren't all the way to using MatchSubjectMappings yet and are still listing all attributes.

jakedoublev avatar Jul 31 '24 14:07 jakedoublev