Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need doc on authorization policy #15006

Open
linsun opened this issue May 1, 2024 · 3 comments
Open

Need doc on authorization policy #15006

linsun opened this issue May 1, 2024 · 3 comments
Labels
Ambient Beta area/ambient

Comments

@linsun
Copy link
Member

linsun commented May 1, 2024
edited

This is very tricky to get it right for ambient, I expect the doc to cover:

L4 authz policy
L7 authz policy
Strategy moving from L4 authz policy to L7 authz policy
Various scenarios on if authz policy is enforces:

  • with waypoint or without
  • use workload selector or targetRef(s)
  • client is out of mesh or sidecar or ingress gw.
  • does destination ztunnel always trust the destination waypoint?

cc @louiscryan if you have other thoughts.
@linsun linsun mentioned this issue May 1, 2024
Closed
@keithmattix
Copy link
Contributor

I can probably tackle/repurpose the L4 authZ policy doc. It may also be helpful to have a doc about how to reason about authorization generally in Ambient

@linsun
Copy link
Member Author

linsun commented May 8, 2024

Thanks Keith! Agreed, a doc on understanding authz in general for ambient would be good.

@ilrudie
Copy link
Contributor

ilrudie commented May 9, 2024

Looking into creating something for "Various scenarios on if authz policy is enforces"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Ambient Beta area/ambient
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ilrudie @keithmattix @linsun