Hello dear community!!
Example: let’s have Github “team1” and “team2”. We want that each team has got it’s own dedicated roles (editor, viewer …) per dedicated set of Feature Flags
Hey @dancer1325 !
Great question!
We support authorization using Open Policy Agent / Rego, which is an extremely configurable authz engine what uses policies defined by the user/operator to authorize requests.
We do currently allow you to specify which GitHub teams a user must belong to for authentication, however, we don’t currently expose that information to the Authz policy engine to also allow you to make authz decisions based on the user’s GitHub team.
I will create an issue on Flipt Open Source repo to add support for passing GitHub team membership to the authz policy engine, as well as provide examples on how to configure all this for your use case.
We could likely make this generic so that any external authentication provider can provide its own metadata that the person configuring the Flipt policy can use to build out their policy.
I created the issue here: [FLI-1258] Allow passing GitHub 'claims'/metadata to Authz · Issue #3435 · flipt-io/flipt · GitHub
Please feel free to add any additional context/requests there
Hey @mark ,
thank you for so fast reply. I have checked the issue and you comprehend my problem, yep. I will follow it, and in case of suggestions, I will share with you
Thanks, again