Limit namespaces display with authz

andi4000 · December 4, 2024, 2:38pm

Hello community,

OPA noob here. With following rego policy

package flipt.authz.v1
import rego.v1

default allow := false

allow if {
  input.request.namespace in ["default", "my-team"]
}

I was hoping to only able to see only both namespaces in the UI. But instead all namespaces are displayed (GET /api/v1/namespaces returns all namespaces). Access is then denied when I click the other namespace not defined in the rego policy.

Is it possible that the unauthorized namespaces not to be displayed in the UI? So the team member can only see the namespaces they own.

Thanks!

erka · December 4, 2024, 3:37pm

Hey @andi4000,

Unfortunately, it isn’t implemented. Please create an issue in Github about it.

andi4000 · December 4, 2024, 3:37pm

Got it, will do. Thanks!

edit: created the issue here Restrict namespace listing based on user authorization · Issue #3686 · flipt-io/flipt · GitHub

Topic		Replies	Views
Restrict access to feature flags per teamS? Open Source	3	39	September 3, 2024
Authorization configuration Open Source	26	107	November 15, 2024
Search by name feature for namespace, flag Open Source	3	19	November 15, 2024
Read Only Static Token? Open Source	1	31	August 27, 2024
Gitops with multiple repositories Open Source	3	116	April 11, 2024

Limit namespaces display with authz

Related topics