-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support metadata input in Mathching API #34092
Comments
Sure, this would be a great addition, and can follow similar code to filter state input. |
Hey @zhaohuabing Are you working to implement it? |
No, feel free to go ahead if you get time. |
/assign |
@vikaschoudhary16 when you start implementing this, my use case is that I would like to use JWT claim like "email": "foo@bar.com" for RBAC. Also I would like to use JWT []string claims. That can be like "roles": ["foo", "bar"]. If these array claims are forwarded currently to backends as headers, these will be shown in headers as base64 encoded string. It is pretty difficult to do authorization for base64 encoded string. So is there somekind of shortcut to base64 decode and check is there value in array? |
Title: Support metadata input in Matching API
Description:
The Matching API currently doesn't support Metata Input. It would be valuable if Envoy could support it.
For instance, we prefer using Matcher over RBAC rules for authorization due to its flexibility. However, while RBAC allows specifying metadata as the principal, the matcher API currently lacks this capability, limiting use cases such as JWT claims as principals.
The supported Matching Inputs: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/matching/matching_api#extension-category-envoy-matching-http-input
@arkodg
The text was updated successfully, but these errors were encountered: