john/soteria
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john:586c4b47bcc480a31c4dbd5895090903708021db
Branches Tags
john:main john:wizard
...
compare: john:5e52facc5c58080953786f9132e0745867c1dfd7
Branches Tags
john:main john:wizard

2 Commits
586c4b47bc ... 5e52facc5c

Author SHA1 Message Date
John Lancaster
5e52facc5c tweak 2026-01-02 23:08:38 -06:00
John Lancaster
7914368111 more rbac 2026-01-02 23:08:29 -06:00
2 changed files with 15 additions and 3 deletions
Expand all files Collapse all files

2
docker-compose.yml
View File

@@ -17,7 +17,7 @@ services:
- "443:10000" - "443:10000"
volumes: volumes:
- ./envoy.yaml:/etc/envoy/envoy.yaml:ro - ./envoy.yaml:/etc/envoy/envoy.yaml:ro
- ./access.log:/var/log/envoy/access.log
- /var/lib/tls:/certs - /var/lib/tls:/certs
- ./access.log:/var/log/envoy/access.log
depends_on: depends_on:
- rest-server - rest-server

16
envoy.yaml
View File

@@ -64,18 +64,30 @@ static_resources:
rules: rules:
action: ALLOW action: ALLOW
policies: policies:
"test_policy": "ubuntu-policy":
permissions: permissions:
- and_rules: - and_rules:
rules: rules:
- header: - header:
name: ":path" name: ":path"
string_match: string_match:
prefix: "/dev-test" prefix: "/john-ubuntu"
principals: principals:
- authenticated: - authenticated:
principal_name: principal_name:
exact: "spiffe://john-stream.com/ubuntu" exact: "spiffe://john-stream.com/ubuntu"
"p14-policy":
permissions:
- and_rules:
rules:
- header:
name: ":path"
string_match:
prefix: "/john-p14s"
principals:
- authenticated:
principal_name:
exact: "spiffe://john-stream.com/john-p14s"
# --8<-- [end:rbac] # --8<-- [end:rbac]
- name: envoy.filters.http.router - name: envoy.filters.http.router
typed_config: typed_config: