Closed viachaslau-latushkin closed 1 month ago
Hi, unfortunately the policy evaluate per ENDPOINT resource so it's necessary to include each config block per ENDPOINT.
Perhaps you can group similar endpoint together under resource
? i.e
example.com/foo/bar
example.con/foo/baz
example.com/foo/
to
example.com/foo/
or apply settings dynamically by changing resource_type
to liquid
and getting the endpoint from the claim. For example:
{
"client_roles": [
{
"name": "{{ jwt.aud }}",
"name_type": "liquid",
"client": "{{ jwt.aud }}",
"client_type": "liquid"
}
],
"resource": "/{{ jwt.aud }}",
"resource_type": "liquid"
}
Also I believe you already known this but if you are using an operator to deploy the gateway, you can also read from the configuration from the secret https://github.com/3scale/3scale-operator/blob/master/doc/product-reference.md#PolicyConfigSpec
Hi Dear 3scale!
I am using 3scale apicast as api-getway - combining a lot of microservices and keycloak's token validation. Also configured validation for access to endpoints of each microservice according special roles from keycloak's token.
Right now each endpoint for each role covered by next lines
3scale policies.yaml extremely big in this case. Is there any way to combine each endpoint from each microservice under list of roles without duplicating line above? Thank you in advance for any help.