Skip to content

Instantly share code, notes, and snippets.

@ashutosh-narkar
Last active November 19, 2021 16:05
Show Gist options
  • Save ashutosh-narkar/2a12f5d9778c3921f7238ab6a7fad9c1 to your computer and use it in GitHub Desktop.
Save ashutosh-narkar/2a12f5d9778c3921f7238ab6a7fad9c1 to your computer and use it in GitHub Desktop.
package envoy.authz
import input.attributes.request.http as http_request
default allow = false
# allow Frontend service to access Database service
allow {
http_request.method == "GET"
svc_spiffe_id == "spiffe://acme.com/frontend"
}
svc_spiffe_id = client_id {
[_, _, uri_type_san] := split(http_request.headers["x-forwarded-client-cert"], ";")
[_, client_id] := split(uri_type_san, "=")
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment