Prefix for negating values from jwt token used in rbaac

allegro / envoy-control

Envoy Control is a platform-agnostic, production-ready Control Plane for Service Mesh based on Envoy Proxy.

Apache License 2.0

100 stars 33 forks source link

Prefix for negating values from jwt token used in rbaac #348

Closed Ferdudas97 closed 1 year ago

KSmigielski commented 1 year ago

I missed some tests (propably integration). For example how it will work if someone set something like that: "A", "!B"? It will allow traffic for everyone except B and A doesn't matter?

Ferdudas97 commented 1 year ago

I missed some tests (propably integration). For example how it will work if someone set something like that: "A", "!B"? It will allow traffic for everyone except B and A doesn't matter?

It will accept traffic from users from users which have B and not have A. Negated value works as blackList

matb4r commented 1 year ago

Could you give an example how clients should use this feature, to be guest-aware?