Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

use inquiries data in policies

See original GitHub issue


Is it possible to use inquiries parameters in element of the policy ?

The use case is to limit an API call to only raws that belongs to a particular user. (stored in the example below in ‘route_instance_id’)

I want to authorise the rule only if the route_instance_id in the inquiry resource match the user_id in the inquiry subject

The only way I’ve found for now is to add dynamic policy at each request, but it’s not very efficient and hard to maintain.


inquiry = vakt.Inquiry(
                subject={"user_id": 42, "roles": ["user"]},
                        'route_endpoint': 'test_endpoint',
                        'route_instance_id': 42}
                        'query_sort': '-id',
                        'query_foo': 'bar'}
                context={"ip": ""},

against policy:

policy_user_test = vakt.Policy(
                "route_endpoint": Eq("test_endpoint"),
                "route_instance_id": Inquiry('subject', 'user_id'),
        ],  # uri
        subjects=[{"roles": AnyIn("user")}],
        Allow get for only its own instance

I’ve seen there was a first support before 1.2 for string with SubjectEqual & co, but it has been dropped and did not support dict, is there a reason for dropping this ?

I think the use case is quite common (below is an example, but i’ve plenty of use-case like this one for the api).

Or perhaps there is another way to do the same thing i’ve overlooked ?

Thanks, Regards, Thomas.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

ThomasChirouxcommented, Dec 10, 2019

Hi, sorry wasn’t available last week.

1.4.0 works perfectly for my use case.

Thanks a lot !! Thomas.

kolotaevcommented, Sep 25, 2019

Hi Thomas, Thanks for the question.

SubjectEqual & co are still there so I can’t say they are dropped, but indeed they still work only in case your policies (and inquiries respectively) are String-based like it was prior to 1.2. I have underestimated their usefulness when implemented Rule-based Policies support (Policies where you can define various attributes with dicts, like in your example). Besides, as far as I remember, there were some implementation issues with composition of Rules (And, Or, … Not, etc) for such Rules, so they remained overlooked.

Unfortunately the only way to achieve this is to deal with them in the old-fashion (like prior to 1.2), but in this case you’re loosing attributes dict definition facility.

We need to add new Rules, or new way to define such cases. Something like: SubjectKeyEqual(‘user_id’) I agree that there are plenty of use-cases for such functionality. So, hold on, I’ll implement it as the next most important feature after we finish and merge SQLStorage support.

Please, don’t close this issue - it will be the reference.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Litigation Minute: Navigating Government Inquiries After a ...
Organizations should have a written policy for responding to government inquiries involving the storage, use, and management of sensitive data.
Read more >
Policy learning and the public inquiry | SpringerLink
The data therefore underpin a big picture argument that inquiries may be more effective at learning than we currently appreciate.
Read more >
Gartner Inquiry Usage Policy
Learn more about guidelines and best practices for using Gartner Inquiry Sessions.
Read more >
PPS-10: Responding to External Investigations and Inquiries
General Inquiries: It is the policy of DU to attempt to respond fully and accurately to all general inquiries about all of our...
Read more >
Customer Data Research and Development Privacy Policy
This policy informs data subjects on the collection and use of your ... Privacy Policy, please contact us by filling out an inquiry...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found