Skip to content

Comments

Add entriesAdditions and allowedImportAdditions for policy imports#2347

Draft
thjaeckle wants to merge 3 commits intoeclipse-ditto:masterfrom
beyonnex-io:feature/2221-policy-imports-enhancements
Draft

Add entriesAdditions and allowedImportAdditions for policy imports#2347
thjaeckle wants to merge 3 commits intoeclipse-ditto:masterfrom
beyonnex-io:feature/2221-policy-imports-enhancements

Conversation

@thjaeckle
Copy link
Member

Resolves: #2221

Introduce entriesAdditions on policy imports to allow importing policies to additively merge subjects and resources into imported policy entries. Template policies control what can be extended via allowedImportAdditions (enum-backed, secure-by-default: empty set means no additions allowed).

New model types: EntryAddition, EntriesAdditions, AllowedImportAddition enum. Write-time validation ensures entriesAdditions labels are declared in entries. Merge-time logic in PolicyImporter silently skips disallowed additions.

…clipse-ditto#2221)

Introduce `entriesAdditions` on policy imports to allow importing policies
to additively merge subjects and resources into imported policy entries.
Template policies control what can be extended via `allowedImportAdditions`
(enum-backed, secure-by-default: empty set means no additions allowed).

New model types: EntryAddition, EntriesAdditions, AllowedImportAddition enum.
Write-time validation ensures entriesAdditions labels are declared in entries.
Merge-time logic in PolicyImporter silently skips disallowed additions.

Includes OpenAPI schema updates, documentation, and comprehensive tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@thjaeckle thjaeckle added this to the 3.9.0 milestone Feb 18, 2026
@thjaeckle thjaeckle self-assigned this Feb 18, 2026
@thjaeckle thjaeckle marked this pull request as draft February 20, 2026 07:56
thjaeckle and others added 2 commits February 20, 2026 09:24
…ction

All code paths that reconstructed PolicyEntry objects (builder, ImmutablePolicy
mutations, command/event strategies, placeholder substitution, gateway route)
were using 3-arg or 4-arg factory methods that silently dropped the new
allowedImportAdditions field. Upgraded all call sites to the 5-arg
PoliciesModelFactory.newPolicyEntry() overload and added unit tests verifying
preservation through each code path.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…mportable

Add endpoints for managing policy import entries, entriesAdditions,
entryAddition, allowedImportAdditions, and entry importable type.
Includes signal classes, command/event strategies, gateway routes,
protocol adapter mappings, OpenAPI docs, and unit tests.

Also fix OpenAPI validation errors in PermissionCheckRequest,
PermissionCheckResponse, and WoT validation config response schemas.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

Enhance policy imports in a way to enhance the imported policy entries, e.g. providing additional subjects

1 participant