Rönd is a lightweight container that distributes security policy enforcement throughout your application.
Rönd is based on OpenPolicy Agent and allows you to define security policies to be executed during API invocations. Rönd runs in your Kubernetes cluster as a sidecar container of your Pods. Rönd intercepts the API traffic, applies your policies and, based on the policy result, forwards the request to your application service or rejects the API invocation.
Find out more here.
Rönd supports three policy types:
- Allow or reject request
- Query generation during the request flow
- Response body patching
Rönd natively allows you to build an RBAC solution based on Roles and Bindings saved in MongoDB.
Here is a list of awesome people using Rönd, if you're using it but do not appear in this list feel free to open a PR!
For local development you need to have Go installed locally, checkout the go.mod file to know the currently used language version.
make test
Please note that in order to run tests you need Docker to be installed; tests need a local instance of MongoDB to be up and running, the make test
command will take care of it by creating a new mongodb
container. The container is auomatically removed at the end of tests; if it remains leaked simply run make clean
.
To run test with coverage file in output, run
make coverage
Please read CONTRIBUTING.md for further details about the process for submitting pull requests.