Closed strekm closed 7 months ago
Most of our access strategy handlers are Oathkeeper Authenticators (noop, jwt, oauth2_introspection, ...). For these handlers it's clear that its about so authn. The "allow" handler is ignoring authn and just expose the path with all methods.
The new handler would work in the same way by ignoring authn, but restrict access to methods. The proposed name "allow_methods" is confusing as long as the "allow" handler exists, because it's not extending the scope of allow, but limiting it. "allow" already allow all methods, but "allow_methods" restricts method exposure. That's why the name is confusing in my opinion.
I'd follow the initial idea of naming the handlers after authentication scope. The equality of "allow" would be, that this path and methods require no authentication, that's why I suggest to call the handler no_auth
.
For now allow
and no_auth
are also very similar and can cause confusion, but the same applies to allow
and allow_methods
. Once we remove allow, in my opinion no_auth
would be better fit into our API than allow_ methods
.
Description
As a follow up of https://github.com/kyma-project/api-gateway/issues/462 introduce Istio based handler exposing workload given path and given methods.
PR:
TODO:
no_auth
ACs:
Reasons
DoD:
Attachments