Skip to content

Instantly share code, notes, and snippets.

@ashutosh-narkar

ashutosh-narkar/service.rego Secret

Created September 27, 2022 23:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ashutosh-narkar/b4980d3745ab18984324773c97c15d9d to your computer and use it in GitHub Desktop.
Save ashutosh-narkar/b4980d3745ab18984324773c97c15d9d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
service.rego
package authz
default allow = false
# allow Frontend service to access Database service
allow {
input.method == "GET"
input.path = "/claims"
svc_spiffe_id == "spiffe://acme.com/frontend"
}
svc_spiffe_id := client_id {
[_, _, uri_type_san] := split(input.headers["x-forwarded-client-cert"], ";")
[_, client_id] := split(uri_type_san, "=")
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment