Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: Manage RBAC Entities #270

Closed
tjrivera opened this issue Feb 15, 2021 · 0 comments · Fixed by #276
Closed

feature: Manage RBAC Entities #270

tjrivera opened this issue Feb 15, 2021 · 0 comments · Fixed by #276

Comments

@tjrivera
Copy link
Contributor

Problem

My team currently leverages Kong's Enterprise Edition RBAC features to manage access to our control-plane.

We currently use some custom tooling that depends on go-kong to create custom roles, but we'd prefer to manage RBAC roles (and their associated endpoints and permissions) in a declarative format. i.e.

_format_version: "1.1"
services:
- connect_timeout: 60000
  host: localhost
  name: foo-service
  path: /
  port: 8001
  protocol: http
  read_timeout: 60000
  retries: 5
  write_timeout: 60000
  tags:
  - foo
  routes:
  - id: 6c6a94ff-4404-4e80-8c57-e6506eea4492
    paths:
    - /foo
    path_handling: v0
    preserve_host: false
    protocols:
    - http
    regex_priority: 0
    strip_path: true
    tags:
    - foo
    https_redirect_status_code: 426
plugins:
- name: rate-limiting
  config:
    day: null
    header_name: null
    hour: 10000
    limit_by: consumer
    minute: null
    month: null
    path: null
    policy: local
    second: null
    year: null
  enabled: true
  protocols:
  - grpc
  - grpcs
  - http
  - https
rbac_roles:
- name: admin
  comment: Full access to all endpoints, across all workspaces—except RBAC Admin API
  is_default: false
  endpoint_permissions:
  - workspace: '*'
    endpoint: '*'
    actions:
    - delete
    - create
    - update
    - read
    negative: false
  - workspace: '*'
    endpoint: /rbac/*
    actions:
    - delete
    - create
    - update
    - read
    negative: true
  - workspace: '*'
    endpoint: /rbac/*/*
    actions:
    - delete
    - create
    - update
    - read
    negative: true
  - workspace: '*'
    endpoint: /rbac/*/*/*
    actions:
    - delete
    - create
    - update
    - read
    negative: true
  - workspace: '*'
    endpoint: /rbac/*/*/*/*
    actions:
    - delete
    - create
    - update
    - read
    negative: true
  - workspace: '*'
    endpoint: /rbac/*/*/*/*/*
    actions:
    - delete
    - create
    - update
    - read
    negative: true
- name: super-admin
  comment: Full access to all endpoints, across all workspaces
  is_default: false
  endpoint_permissions:
  - workspace: '*'
    endpoint: '*'
    actions:
    - delete
    - create
    - update
    - read
    negative: false

Entities

  • RBACRole
  • RBACEndpointPermission
  • RBACEntityPermission

I have about 60% of this work complete but would like to get an issue up to track the feature.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add support for Kong Enterprise RBAC resources Kong/deck
1 participant
@tjrivera