Skip to content

Authorization policy: allow specifying string match for path and conditions#2173

Closed
sschepens wants to merge 1 commit intoistio:masterfrom
sschepens:authorization-string-match
Closed

Authorization policy: allow specifying string match for path and conditions#2173
sschepens wants to merge 1 commit intoistio:masterfrom
sschepens:authorization-string-match

Conversation

@sschepens
Copy link
Contributor

@sschepens sschepens commented Nov 30, 2021

Add StringMatcher options to Path and Condition in AuthorizationPolicy.
We use the same StringMatcher as used in VirtualHosts to provide consistent matching in both.
If both String and StringMatcher are present, they should be appended.

Fixes istio/istio#16585
Related: istio/istio#35641

@howardjohn wdyt? this way we can prevent introducing breaking changes in the exiting APIs but still support matching by regex as needed.

@istio-policy-bot
Copy link

istio-policy-bot commented Nov 30, 2021

🤔 🐛 You appear to be fixing a bug in Go code, yet your PR doesn't include updates to any test files. Did you forget to add a test?

Courtesy of your friendly test nag.

@istio-policy-bot
Copy link

istio-policy-bot commented Nov 30, 2021

😊 Welcome @sschepens! This is either your first contribution to the Istio api repo, or it's been
awhile since you've been here.

You can learn more about the Istio working groups, code of conduct, and contributing guidelines
by referring to Contributing to Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

@google-cla google-cla bot added the cla: no Set by the Google CLA bot to indicate the author of a PR has not signed the Google CLA. label Nov 30, 2021
@istio-testing istio-testing added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. needs-ok-to-test labels Nov 30, 2021
@istio-testing
Copy link
Collaborator

istio-testing commented Nov 30, 2021

Hi @sschepens. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mikebryant mikebryant mentioned this pull request Dec 2, 2021
Closed
@istio-testing istio-testing added the needs-rebase Indicates a PR needs to be rebased before being merged label Mar 16, 2022
@sschepens
Copy link
Contributor Author

sschepens commented Mar 22, 2022

@howardjohn what is your opinion on this? I would like to make progress on this feature, it is something that many people need.

@sschepens sschepens force-pushed the authorization-string-match branch from d95e15f to 2a53bd0 Compare March 22, 2022 20:00
@google-cla google-cla bot added cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. and removed cla: no Set by the Google CLA bot to indicate the author of a PR has not signed the Google CLA. labels Mar 22, 2022
@istio-testing istio-testing added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-rebase Indicates a PR needs to be rebased before being merged and removed needs-rebase Indicates a PR needs to be rebased before being merged size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 22, 2022
@istio-testing
Copy link
Collaborator

istio-testing commented Mar 23, 2022

@sschepens: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@edieYoung edieYoung mentioned this pull request Jun 29, 2022
Closed
@teddy-wahle
Copy link

teddy-wahle commented Oct 24, 2022

I would love for this PR to be merged! We really need this feature.

@timAdrien
Copy link

timAdrien commented Dec 14, 2022

Yes please someone validate the PR, a lot of people are waiting this feature for so long

@howardjohn howardjohn mentioned this pull request Jul 21, 2023
Closed
@craigbox
Copy link
Contributor

craigbox commented May 10, 2024

Closing due to implementation in istio/istio#50365

@craigbox craigbox closed this May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericvn ericvn Awaiting requested review from ericvn

@howardjohn howardjohn Awaiting requested review from howardjohn

@linsun linsun Awaiting requested review from linsun

@louiscryan louiscryan Awaiting requested review from louiscryan

@nrjpoddar nrjpoddar Awaiting requested review from nrjpoddar

@smawson smawson Awaiting requested review from smawson

Assignees

No one assigned

Labels

cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. needs-ok-to-test needs-rebase Indicates a PR needs to be rebased before being merged size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support regex for ServiceRole spec.rules.paths

6 participants

@sschepens @istio-policy-bot @istio-testing @teddy-wahle @timAdrien @craigbox