You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While #9 is about having the CLI serve a web page with an interactive playground, this issue is about having the CLI provide a way to run datalog code without having to provide a token.
Currently, when I want to author datalog from my text editor, I use an empty token, along with the corresponding public key and feed them to biscuit inspect, along with the datalog file I'm authoring. This works, but is really not satisfying.
The alternative would be to use the web playground, but this is not as convenient as using my text editor.
What I'd like is a dedicated subcommand that centers on running datalog, without requiring a token:
biscuit playground --authorize-with FILENAME --query QUERY, etc.
Output
Same as in the web playground, the output would be first the authorization results, then the query results, then the complete set of generated facts
The tricky part
As long as no block scoping is needed, this works well. It becomes a little bit tricky when it comes to working with several blocks:
# same option name: the block order is easy to retrieve
biscuit playground --block-file FILENAME --block-file FILENAME --query QUERY
# different option names: the block order is harder to retrieve
biscuit playground --block DATALOG --block-file FILENAME --block DATALOG --query QUERY
# how to handle third-party blocks????
The different options I see are:
For the block order part:
only allow the authorizer block and forego scoping entirely
try to extract the original order information from clap (to mix --block-file and --block)
only allow using files to trivially keep the block definition order
For third-party blocks:
forego third-party blocks entirely
use a specific comment in datalog to extract the private key from the block source before parsing it
use position-aware parsing of options to pass a --sign-with / --sign-with-file option after the --block-file / --block option
Using position-aware options seems possible in clap, but I'm not keen on doing that. The two options that i like best for now are:
no blocks, only zuul the authorizer
only block files + a magic comment at the top of the file containing the private key
The text was updated successfully, but these errors were encountered:
While #9 is about having the CLI serve a web page with an interactive playground, this issue is about having the CLI provide a way to run datalog code without having to provide a token.
Currently, when I want to author datalog from my text editor, I use an empty token, along with the corresponding public key and feed them to
biscuit inspect, along with the datalog file I'm authoring. This works, but is really not satisfying.The alternative would be to use the web playground, but this is not as convenient as using my text editor.
What I'd like is a dedicated subcommand that centers on running datalog, without requiring a token:
biscuit playground --authorize-with FILENAME --query QUERY, etc.Output
Same as in the web playground, the output would be first the authorization results, then the query results, then the complete set of generated facts
The tricky part
As long as no block scoping is needed, this works well. It becomes a little bit tricky when it comes to working with several blocks:
The different options I see are:
For the block order part:
--block-fileand--block)For third-party blocks:
--sign-with/--sign-with-fileoption after the--block-file/--blockoptionUsing position-aware options seems possible in clap, but I'm not keen on doing that. The two options that i like best for now are:
zuulthe authorizerThe text was updated successfully, but these errors were encountered: