john/soteria
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added role-based access control (RBAC)

Browse Source
This commit is contained in:
John Lancaster
2026-01-02 13:32:42 -06:00
parent cd190d2e3f
commit f92924b74f
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
envoy.yaml
View File

@@ -20,8 +20,7 @@ static_resources:
match_typed_subject_alt_names: match_typed_subject_alt_names:
- san_type: URI - san_type: URI
matcher: matcher:
# exact: proxy-postgres-frontend.example.com prefix: spiffe://john-stream.com
exact: spiffe://john-stream.com/ubuntu
tls_certificates: tls_certificates:
- certificate_chain: - certificate_chain:
filename: /certs/cert.pem filename: /certs/cert.pem
@@ -43,6 +42,24 @@ static_resources:
route: route:
cluster: rest_server cluster: rest_server
http_filters: http_filters:
- name: envoy.filters.http.rbac
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
rules:
action: ALLOW
policies:
"data_policy":
permissions:
- and_rules:
rules:
- header:
name: ":path"
string_match:
prefix: "/dev-test"
principals:
- authenticated:
principal_name:
exact: "spiffe://john-stream.com/ubuntu"
- name: envoy.filters.http.router - name: envoy.filters.http.router
typed_config: typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router