Able to insert a record with invalid ACL in preship environment for Azure and IBM platforms
For Azure and IBM While testing the Dynamic policy ran into an issue of being able to create a record by providing an invalid ACL, using the storage API. It appears that the storage API is not validating the ACL. In ACL for owners data.nodefault.owner@...
PUT https://{{STORAGE_endpoint}}/records [{ "kind": "{{data-partition-id}}:{{schemaSource}}:master-data--Well:1.0.0", "legal": { "legaltags": [ "{{tagName}}" ], "otherRelevantDataCountries": [ "US" ] }, "acl": { "owners": [ "data.notdefault.owner@{{data-partition-id}}{{domain}}" ], "viewers": [ "data.default.viewer@{{data-partition-id}}{{domain}}" ] }, "id": "{{data-partition-id}}:master-data--Well:dynamic-policy-test-data-1-{{randomId}}", "data": { "description": "Dynamic policy test record 1" } }]
For AWS: It does not create a record and gives the message of Forbidden For GCP: It does not create a record and gives the message Policy service is unavailable. DynamicPolicyTestingStatus.xlsxDynamicTestingM7.docx