Add entriesAdditions and allowedImportAdditions for policy imports#2347
Draft
thjaeckle wants to merge 3 commits intoeclipse-ditto:masterfrom
Draft
Add entriesAdditions and allowedImportAdditions for policy imports#2347thjaeckle wants to merge 3 commits intoeclipse-ditto:masterfrom
thjaeckle wants to merge 3 commits intoeclipse-ditto:masterfrom
Conversation
…clipse-ditto#2221) Introduce `entriesAdditions` on policy imports to allow importing policies to additively merge subjects and resources into imported policy entries. Template policies control what can be extended via `allowedImportAdditions` (enum-backed, secure-by-default: empty set means no additions allowed). New model types: EntryAddition, EntriesAdditions, AllowedImportAddition enum. Write-time validation ensures entriesAdditions labels are declared in entries. Merge-time logic in PolicyImporter silently skips disallowed additions. Includes OpenAPI schema updates, documentation, and comprehensive tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ction All code paths that reconstructed PolicyEntry objects (builder, ImmutablePolicy mutations, command/event strategies, placeholder substitution, gateway route) were using 3-arg or 4-arg factory methods that silently dropped the new allowedImportAdditions field. Upgraded all call sites to the 5-arg PoliciesModelFactory.newPolicyEntry() overload and added unit tests verifying preservation through each code path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…mportable Add endpoints for managing policy import entries, entriesAdditions, entryAddition, allowedImportAdditions, and entry importable type. Includes signal classes, command/event strategies, gateway routes, protocol adapter mappings, OpenAPI docs, and unit tests. Also fix OpenAPI validation errors in PermissionCheckRequest, PermissionCheckResponse, and WoT validation config response schemas. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves: #2221
Introduce
entriesAdditionson policy imports to allow importing policies to additively merge subjects and resources into imported policy entries. Template policies control what can be extended viaallowedImportAdditions(enum-backed, secure-by-default: empty set means no additions allowed).New model types: EntryAddition, EntriesAdditions, AllowedImportAddition enum. Write-time validation ensures entriesAdditions labels are declared in entries. Merge-time logic in PolicyImporter silently skips disallowed additions.