How to customize Anubis
Adding new actions
TBD
Protecting new APIs
TBD
Creating a custom rego
Specific rules are defined based on the spec of the API to protect, e.g.:
# Checks if the entity in the policy matches the path
path_matches_policy(resource, resource_type, path) {
resource_type = "entity"
current_path := split(path, "/")
current_path[1] == "v2"
current_path[2] == "entities"
current_path[3] == resource
}
# User permissions
user_permitted {
is_token_valid
entry := data.user_permissions[token.payload.sub][_]
scope_method[entry.action][_] == request.action
path_matches_policy(entry.resource, entry.resource_type, request.resource)
entry.tenant == request.tenant
entry.service_path == request.service_path
}
In this case, the path_matches_policy
check if a the incoming request has a
given format, while user_permitted
checks if according to the user based
access policies, the request is allowed.
Creating a custom lua script to automate policy creation at resource creation
TBD
Customize authentication
TBD