i’ve noticed that it’s currently not possible to have black/whitelists based on source.ip of incoming data. I initially thought it could be done with listentry template in combination with listchecker adapter. But eventually i found out that the value field of listentry is of type String, source.ip though is of type IP_ADDRESS. Of course this lead to a mismatch in rule validation in mixer and my rules didn’t got applied.
I think this problem was not yet “discovered” because Istio is (in my point of view) mainly focusing on managing HTTP traffic (where IP adresses are at times available in http headers in string types), whereas i’m more interested in managing TCP traffic (where i do not have ip adresses in form of string).
To overcome this issue i’ve created a fork of istio where i’ve introduced a new template called “ListIpEntry” and made it also available to listchecker adapter. It’s basically a clone of listentry where i would call .String() method on passed IP_ADDRESS in HandleListIpEntry of listchecker.
So far it works very well
Please let me know what you think on this topic and my fork.