Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-7263

[SPIKE] Evaluate OPA as shared authorization option for a shared gateway

XMLWordPrintable

    • Product / Portfolio Work
    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • NEW
    • NEW
    • Log Storage - Sprint 272, Log Storage - Sprint 273

      Context

      With the obs group wanting to re-use some of the concepts from RHOBS.next to MCOA we want to evaluate the possibility of MCOA deploying a central instance of gateway that will be used by all signals to handle AuthN & AuthZ. Goal is the following:
      For AuthN:

      • We would have a single cluster being a tenant validated by an mTLS cert
        For AuthZ:
      • We would have an OPA instance that would either allow access to a tenants through a certificate or RBAC

      Developer notes

      • First will we should attempt to validate this using the dynamic mode of LokiStack and then afterways see evaluate

              jmarcal@redhat.com Joao Marcal
              jmarcal@redhat.com Joao Marcal
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: