You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now there is no ability to delete policies.
This is fine with static Git-based policy driver, but with dynamic policy storage like Postgres it becomes an issue.
The use case is, if we create policies dynamically, as per Custom Role and Scope, we can store a ref to in in our DB.
When the scope gets removed, the policies need to be cleaned up as well.
Currently it's only possible as a workaround b directly removing them from the DB by scope and resource.
Which feels awkward.
What would the ideal solution look like to you?
Please provide the ability to remove the policy(es), as in:
cerbosClient.deletePolicy(<id>)
cerbosClient.deletePolicies({ ids: <ids> })
Anything else?
Thank you :)
The text was updated successfully, but these errors were encountered:
Hi, the reason we haven't yet introduced a hard delete API endpoint is for two reasons:
Keep a history of policy changes (Cerbos was originally designed exclusively for GitOps).
It's quite easy to make the policy repository invalid by deleting a policy (e.g. deleting the middle scope of a scope chain)
You can use the DisablePolicy endpoint to disable a policy and it has the same effect as deleting one except for the fact that you can recover it quite easily with EnablePolicy.
Is your main concern the storage used by disabled policies?
Is there an existing issue for this?
Feature description
Right now there is no ability to delete policies.
This is fine with static Git-based policy driver, but with dynamic policy storage like Postgres it becomes an issue.
The use case is, if we create policies dynamically, as per Custom Role and Scope, we can store a ref to in in our DB.
When the scope gets removed, the policies need to be cleaned up as well.
Currently it's only possible as a workaround b directly removing them from the DB by
scope
andresource
.Which feels awkward.
What would the ideal solution look like to you?
Please provide the ability to remove the policy(es), as in:
cerbosClient.deletePolicy(<id>)
cerbosClient.deletePolicies({ ids: <ids> })
Anything else?
Thank you :)
The text was updated successfully, but these errors were encountered: