Page MenuHomePhabricator

Create a Conduit API method to lookup Policy information
Closed, ResolvedPublic


When I call or various other Conduit endpoints the response can contain PHID-PLCY-* phids referencing various built-in or custom policies. In the Phabricator web gui these are rendered in a human readable manner (e.g. I'd like to be able to provide similar information in the Tools Lab management console by reading the data via a conduit api call.

A lookup done via phid.query for a custom policy only returns "Custom Policy" rather than providing any information on the details of said policy. The Phabricator web gui can produce a description of a custom policy that is human readable (e.g. I would like to be able to get the data needed to render something similar via Conduit.

Revisions and Commits

Event Timeline

Restricted Application added subscribers: Zppix, TerraCodes, Aklapper. · View Herald Transcript

@mmodell before I dive into this, can you think of a reason that it is a horrible idea? I've poked about a bit on the WMF Phabricator instance and I think that the details of a custom policy aren't really a secret. They may be a bit hidden in some parts of the UI, but I can't find an example of one that is completely opaque.

Maybe we can report it upstream, because it causes a problem for bots. But I'm not sure, how fast the would handle that request. Otherwise, we can write it on our own, and upload the patch upstream, if they thing that they want have that too.

(Opps, I didn't see that the task is already assigned ;))

@bd808 I don't think it's a terrible idea. In general we want policies to be transparent as long as they are enforced. Security through obscurity isn't security, etc.


bd808 moved this task from Doing to Done on the Community-Tech-Tool-Labs board.
bd808 moved this task from In Dev/Progress to Done on the User-bd808 board.