Versions Compared

Old Version 8

changes.mady.by.user fabian rouzaut

Saved on

compared with

New Version 9

changes.mady.by.user fabian rouzaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Simple

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name:so-vnfm-adapter-policy
  namespace: onap
spec:
  selector:
    matchLabels:
      app: aai                                                --> name of target (service)
  action: ALLOW
  rules:
    - from:
      - source:
         principals: ["so-vnfm-adapter-sa"] --> source, in this case the service account of POD






  •  Simple to maintain
  •  but less secure.

Complex

apiVersion: "security.istio.io/v1beta1"
kind: AuthorizationPolicy
  metadata:
    name: so-vnfm-adapter-policy
    namespace: onap
  spec:
    selector:
      matchLabels:
       app: aai                                                        aaf-cert-service                                  --> name of target (service)
    action: ALLOW
   rules:
     - from:
       - source:
           principals: ["so-vnfm-adapter-sa"]      --> source, in this case the service account of POD
       to:
        - operation:                                              
            ports: ["27017"]                                   --> the target port
           methods: ["GET", "POST"]                   --> the used methods



  • more complex to deploy
  • very hard to maintain if you modify the API 
  •  more secure.

...

Name of Source PODName of Target PODname of Target PODname of Methods
so-vnfm-adapteraai                                                       aaf-cert-service27017GET, POST



This flows are an informations but due to the complexity and the heterogenous of configuration, Could be miss some flow.

...