search

kmesh-net / kmesh

High Performance ServiceMesh Data Plane Based on Programmable Kernel
https://kmesh.net
Apache License 2.0
362 stars 46 forks source link

Track authz range spreading issues #332

Closed supercharge-xsy closed 1 month ago

supercharge-xsy commented 1 month ago

What happened:

auth.updatePolicy : When the by_workload rule is configured, the by_ns policy should not be updated. As a result, the authentication scope is extended.

Environment:

supercharge-xsy commented 1 month ago

fix by:https://github.com/kmesh-net/kmesh/pull/333

hzxuzhonghu commented 1 month ago

is this issue saying authorizationPolicy update doesnot take effect?

supercharge-xsy commented 1 month ago

is this issue saying authorizationPolicy update doesnot take effect?

no, this problem is when config a workload-select authz, we insert the policy to by_namespace cache;This will cause the rule to be applied to all worloads in the namespace.

supercharge-xsy commented 1 month ago

is this issue saying authorizationPolicy update doesnot take effect?

is this issue saying authorizationPolicy update doesnot take effect?

no, this problem is when config a workload-select authz, we insert the policy to by_namespace cache;This will cause the rule to be applied to all worloads in the namespace.

is this issue saying authorizationPolicy update doesnot take effect?

and for "update doesnot take effect" issue,i will try to set the ack nonce to fix it

supercharge-xsy commented 1 month ago

/close

kmesh-bot commented 1 month ago

@supercharge-xsy: Closing this issue.

In response to [this](https://github.com/kmesh-net/kmesh/issues/332#issuecomment-2115208240): >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.