Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Implement RBAC for inbound connections #1964

Closed
shashankram opened this issue Oct 29, 2020 · 0 comments
Closed

Implement RBAC for inbound connections #1964

shashankram opened this issue Oct 29, 2020 · 0 comments
Assignees
@shashankram
Milestone
v0.6.0

Comments

@shashankram
Copy link
Member

Please describe the Improvement and/or Feature Request
Implement network RBAC policies for inbound connections based on SMI TrafficTarget policies.

Scope (please mark with X where applicable)

  • New Functionality [X]
  • Install [ ]
  • SMI Traffic Access Policy [X]
  • SMI Traffic Specs Policy [ ]
  • SMI Traffic Split Policy [ ]
  • Permissive Traffic Policy [ ]
  • Ingress [ ]
  • Egress [ ]
  • Envoy Control Plane [X]
  • CLI Tool [ ]
  • Metrics [ ]
  • Certificate Management [ ]
  • Sidecar Injection [ ]
  • Logging [ ]
  • Debugging [ ]
  • Tests [ ]
  • CI System [ ]
  • Project Release [ ]

Possible use cases
RBAC policies will directly be programmed based on the TrafficTarget policies on upstream proxies.

Required by #1521
@shashankram shashankram self-assigned this Oct 29, 2020
@shashankram shashankram mentioned this issue Oct 30, 2020
Closed
@shashankram shashankram added this to the v0.6.0 milestone Nov 9, 2020
@michelleN michelleN mentioned this issue Nov 11, 2020
Closed
shashankram added a commit to shashankram/osm that referenced this issue Nov 13, 2020
@shashankram
envoy/rbac: add support for server side RBAC fitler
d234398 
This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
shashankram added a commit to shashankram/osm that referenced this issue Nov 13, 2020
@shashankram
envoy/rbac: add support for server side RBAC fitler
2c2ba1a 
This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
shashankram added a commit to shashankram/osm that referenced this issue Nov 13, 2020
@shashankram
envoy/rbac: add support for server side RBAC fitler
985cb13 
This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
@shashankram shashankram mentioned this issue Nov 13, 2020
Merged
shashankram added a commit to shashankram/osm that referenced this issue Nov 13, 2020
@shashankram
envoy/rbac: add support for server side RBAC fitler
cc4257e 
This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
shashankram added a commit to shashankram/osm that referenced this issue Nov 13, 2020
@shashankram
envoy/rbac: add support for server side RBAC fitler
d43e4f2 
This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
shashankram added a commit that referenced this issue Nov 14, 2020
@shashankram
envoy/rbac: add support for server side RBAC fitler (#2054)
495110c 
This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of #1964 and is required by #1521.
@shashankram shashankram mentioned this issue Nov 18, 2020
Closed
draychev pushed a commit to draychev/osm that referenced this issue Nov 19, 2020
@shashankram @draychev
envoy/rbac: add support for server side RBAC fitler (openservicemesh#…
19b660d 
…2054)

This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
draychev pushed a commit to draychev/osm that referenced this issue Nov 19, 2020
@shashankram @draychev
envoy/rbac: add support for server side RBAC fitler (openservicemesh#…
b2d8805 
…2054)

This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
draychev pushed a commit to draychev/osm that referenced this issue Dec 14, 2020
@shashankram @draychev
envoy/rbac: add support for server side RBAC fitler (openservicemesh#…
e299b2c 
…2054)

This change introduces an RBAC filter in the inbound mesh filter
chain. Currently, the RBAC filter grants full access to client
identities that are permitted by an SMI traffic target policy.
HTTP filtering based on HTTP routes still happens within RDS.
The RBAC filter is omitted in permissive mode.

This change is a part of openservicemesh#1964 and is required by openservicemesh#1521.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@shashankram shashankram

Labels
None yet
Projects
None yet
Milestone
v0.6.0
Development

No branches or pull requests
1 participant
@shashankram