inbound: Support multiple authorization types #1560
Merged
Commits on Mar 24, 2022
-
inbound: Support multiple authorization types
The inbound policy module uses the label `saz_name` to indicate the authorization resource being employed to allow/deny traffic. This corresponds to the `ServerAuthorization` kubernetes resource (with the `saz` shortname). This resource type is going to be deprecated in favor of a new, more general, `AuthorizationPolicy` resource. When this change is made in the control plane, the policy controller will include a `kind` label on gRPC messages indicating whether the resource type, or `default` if a default policy is in effect. This change honors this new `kind` field and adds a dedicated label to indicate the kind. Server labels are changed from: srv_name="default:foo" srv_name="fah" to: srv_kind="default",srv_name="foo" srv_kind="server",srv_name="fah" Authorization labels are changed from: saz_name="default:bar" saz_name="bah" to: authz_kind="default",authz_name="bar" authz_kind="serverauthorization",authz_name="bah" Signed-off-by: Oliver Gould <ver@buoyant.io>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.