Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve AllowWithShadowDeny (or/and RBAC in general) #8459

Open
slonka opened this issue Nov 27, 2023 · 5 comments
Open

Improve AllowWithShadowDeny (or/and RBAC in general) #8459

slonka opened this issue Nov 27, 2023 · 5 comments
Labels
area/policies kind/improvement Improvement on an existing feature triage/accepted The issue was reviewed and is complete enough to start working on it triage/stale Inactive for some time. It will be triaged again
Milestone
backlog

Comments

@slonka
Copy link
Contributor

slonka commented Nov 27, 2023
edited by jakubdyszkiewicz
Loading

Description

Right now AllowWithShadowDeny is not very useful due to the following:

  • RBAC filter being applied on the L4 level means that counter is only bumped on new connections, it's a bit hard to correlate a policy change to stats
  • we don't have docs on how to interpret rbac.shadow_allowed and we bump that metric
  • no RBAC stats in our dashboards
  • we don't use access_log_hint which could make it easier to inspect interesting requests
@slonka slonka added triage/pending This issue will be looked at on the next triage meeting kind/improvement Improvement on an existing feature labels Nov 27, 2023
@jakubdyszkiewicz
Copy link
Contributor

jakubdyszkiewicz commented Nov 27, 2023
edited
Loading

Triage:

@jakubdyszkiewicz jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Nov 27, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Feb 26, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@jakubdyszkiewicz jakubdyszkiewicz removed the triage/stale Inactive for some time. It will be triaged again label Feb 26, 2024
@lukidzi lukidzi added this to the 2.7.x milestone Feb 26, 2024
@lahabana lahabana modified the milestones: 2.7.x, 2.8.x Mar 27, 2024
@lahabana lahabana modified the milestones: 2.8.x, backlog Apr 5, 2024
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jul 5, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 5, 2024

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@jakubdyszkiewicz jakubdyszkiewicz removed the triage/stale Inactive for some time. It will be triaged again label Jul 10, 2024
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Oct 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 9, 2024

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lukidzi lukidzi removed the triage/stale Inactive for some time. It will be triaged again label Oct 21, 2024
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jan 21, 2025
@github-actions GitHub Actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/policies kind/improvement Improvement on an existing feature triage/accepted The issue was reviewed and is complete enough to start working on it triage/stale Inactive for some time. It will be triaged again
Projects
None yet
Milestone
backlog
Development

No branches or pull requests
4 participants
@lahabana @slonka @jakubdyszkiewicz @lukidzi