Identifying CF Resources


Christopher Brown <cbrown@...>
 

Hi all,

The Permissions component ("Perm") we're building to store and evaluate roles for Cloud Foundry needs to be able to identify resources across component boundaries so that it knows which policies to apply for any given permission check. AWS does this using their ARN scheme.

I'd like to work out if something like this would be the correct approach for Perm. We'd like to find something which can identify resources across foundations and encode the object hierarchy into the resource identifier. For example, an application inside PWS could be identified by:

pws:cc:application/[org guid]/[space guid]/[app guid]

I don't want to get too into the weeds of the exact format yet but if you:
  • ...have already built something like this to help with cross-foundation operations (or any other reason)
  • ...are looking into working on something like this to help with a different problem
then I'd be interested in talking with you about this requirement and what the solution could look like.

All the best,
Christopher
CF Permissions PM

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.