New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core): add a schema for policy files #620
Conversation
d668540
to
3e0b804
Compare
Current dependencies on/for this PR:
This comment was auto-generated by Graphite. |
@naugtur I'm unsure if we're going to be adopting Endo's policy format, or if they will adopt ours, or what. Here's this, anyway. Please let me know what you think. |
3a3e215
to
dbc1402
Compare
I wrote policy support in Endo to be a low level representation of something powerful enough to support our current format (via translation and setup) but also many other formats. One of the first steps on the path to rebuilding lavamoat-node on top of Endo is going to be a translation function and an attenuator to consume our current policy shape. There's also a potential future where our policy allows specifying "network access" as a category that gets translated into what's needed. |
@naugtur Seems like it'd be good then to formalize the policy format. What I don't have here are things like titles and descriptions of the various properties, and that would be helpful for someone (you?) to provide so that I can fill it in:
|
Converting back to draft. Need to implement |
fe9e6eb
to
7e5eb91
Compare
dbc1402
to
8f8d13e
Compare
ceb7409
to
0cea079
Compare
We will not normalize policy between Endo and LAvamoat as their scope differs. Endo's policy is low level, while LavaMoat is aiming to be more human readable. We're hoping to one day have the ability to put more general terms in the policy that'd get translated over to the low level policy like So there's going to be one policy format in Endo and potentially more than one format in LavaMoat |
34b2c42
to
61db1f9
Compare
e61ee01
to
a431b0c
Compare
30d88e0
to
96c905b
Compare
a431b0c
to
cdd2099
Compare
dedde1d
to
fded394
Compare
This looks OK for now. Usually I'd want to use something like json-schema-to-typescript to generate the |
92ca4a6
to
1796c2f
Compare
dfbef5e
to
5132152
Compare
0a8d5c1
to
76d575a
Compare
I pulled in [ajv](https://npm.im/ajv) for this. I had tried to use [z-schema](https://npm.im/z-schema) but I couldn't get it working quickly (apparently you need to supply the metaschema??) so abandoned it. If there's a more lightweight, _maintained_ solution, I'm happy to try it.
76d575a
to
dc63547
Compare
Closing this and opening from new branch |
Thought this might come in handy. Needs titles, descriptions and such.
This seems like a reasonable idea for schema versioning.
To test in VS Code, you can add this property to any policy file: