Add a RBAC TCP filter #3993
Labels
Comments
|
+1 to reuse existing config proto, which is designed to be generic IIRC (so it wasn't scoped in http package). Of course some of its field (e.g. header matcher) won't be supported in TCP. |
mattklein123
added
enhancement
|
+1 to reuse and we can make the HTTP specific things empty. We do this elsewhere in cases like access logging and a few other places. |
|
+1 to reuse. The rbac proto is designed to be generic. Also the rbac engine implementation is designed to be shared for different filter implementations. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Title: Add a RBAC TCP filter
Description:
Add a RBAC (Role-Based-Access-Control) TCP filter. This is needed to support authorization for non-HTTP protocol.
Relevant Links:
The RBAC HTTP filter is added in #3455
some open questions:
We could either add a new config proto for the TCP filter that includes fields only available in TCP or just reuse the existing config proto introduced for HTTP filter, and only a subset of the fields are supported in this case.
I prefer the second option but not sure if there is any preference in Envoy when a filter is implemented for both HTTP and TCP.
/cc @liminw @lizan @rodaine @mattklein123
The text was updated successfully, but these errors were encountered: