Do AuthenticationPolicy and AuthorizationPolicy depend on Mixer?

kylebe · April 9, 2020, 7:20pm

Do AuthenticationPolicy and AuthorizationPolicy depend on Mixer? If not, which istio system provides that functionality?

Thanks

leitang · April 10, 2020, 12:29am

cc @diemtvu, @YangminZhu

YangminZhu · April 16, 2020, 3:46am

No, it doesn’t depend on Mixer at all. It’s enforced directly in the Envoy sidecar and distributed by the pilot (or istiod) control plane.

kylebe · May 8, 2020, 3:31am

Thanks. The Mixer Attribute Vocabulary is deprecated, but the attributes themselves are built from the proxy correct? So the attributes are persisting beyond the deprecation of Mixer and the Attribute Vocabulary, right?

YangminZhu · May 20, 2020, 3:01am

Yes, but due to the limitation of the proxy, the attributes available in authorization policy is a very subset of the attributes available in the mixer, see https://istio.io/docs/reference/config/security/conditions/

Topic		Replies	Views
Is mixer not needed for RBAC in Istio 1.3? Security	2	470	December 2, 2019
Deprecated Mixer security	3	775	March 23, 2020
Question on Mixer support in Istio 1.5 and authorization policy Security	0	440	March 20, 2020
Question - Mixer Attribute Generation Policies and Telemetry	4	664	April 16, 2019
Mixer to envoy policy migration Policies and Telemetry	0	475	May 12, 2020

Do AuthenticationPolicy and AuthorizationPolicy depend on Mixer?

Related topics