forked from TrueCloudLab/policy-engine
20 lines
No EOL
1.2 KiB
Markdown
20 lines
No EOL
1.2 KiB
Markdown
# Resource
|
|
|
|
From the point of the access policy engine, a resource is an object to which a request is being performed.
|
|
This can be an object in a container within a namespace, or all objects in a container,
|
|
or all containers within the root namespace etc.
|
|
|
|
A resource can be viewed from two sides:
|
|
- As part of a [request](../pkg/resource/resource.go). In this case a resource has a name and properties.
|
|
- As part of rule [chain](../pkg/chain/chain.go): a resource has just a name.
|
|
|
|
## Resource name
|
|
|
|
A resource name must have a such format that can be processed by a chain router that matches a request
|
|
either with local overrides or with rules within policy contract to get if this request is allowed to be performed.
|
|
The main idea of this format is for the chain router to match by full name (`native:object//cnrID/objID`) or
|
|
wildcard (`native:object//cnrID/*`).
|
|
|
|
Check out formats that are defined in the schema: [native formats](../schema/native/consts.go), [s3 formats](../schema/s3/consts.go).
|
|
You should validate a resource name using [util](../schema/native/util/validation.go) before instantiating a request or
|
|
before putting it to either to local override storage or the policy contract storage. |