Do AuthenticationPolicy and AuthorizationPolicy depend on Mixer?

Do AuthenticationPolicy and AuthorizationPolicy depend on Mixer? If not, which istio system provides that functionality?

Thanks

cc @diemtvu, @YangminZhu

No, it doesn’t depend on Mixer at all. It’s enforced directly in the Envoy sidecar and distributed by the pilot (or istiod) control plane.

1 Like

Thanks. The Mixer Attribute Vocabulary is deprecated, but the attributes themselves are built from the proxy correct? So the attributes are persisting beyond the deprecation of Mixer and the Attribute Vocabulary, right?

Yes, but due to the limitation of the proxy, the attributes available in authorization policy is a very subset of the attributes available in the mixer, see https://istio.io/docs/reference/config/security/conditions/