What happened:
Empty tool list inside authorization struct in AccessPolicy needs to be implemented with "allow nothing" vs deny. Also, we are likely need to consider the current approach of adding different RBACs vs having one rbac for multiple policies targeting the same backend/gateway
What you expected to happen:
Empty allow will serve as "Deny-by-default" and additional policies will gradually allow it.
How to reproduce it (as minimally and precisely as possible):
Apply two policies targeting the same backend, one with an empy authorization.tools list and the other one with one tool. The expectation is that other tool is allowed and the rest is denied
Anything else we need to know?:
/cc @haiyanmeng
What happened:
Empty tool list inside authorization struct in AccessPolicy needs to be implemented with "allow nothing" vs deny. Also, we are likely need to consider the current approach of adding different RBACs vs having one rbac for multiple policies targeting the same backend/gateway
What you expected to happen:
Empty allow will serve as "Deny-by-default" and additional policies will gradually allow it.
How to reproduce it (as minimally and precisely as possible):
Apply two policies targeting the same backend, one with an empy
authorization.toolslist and the other one with one tool. The expectation is that other tool is allowed and the rest is deniedAnything else we need to know?:
/cc @haiyanmeng