[v1.6] How Istio translates the YAML AuthorizationPolicy in firewall or other rules to accept/deny a request?

I am a Cloud Computing student currently writing about the security mechanism in Istio and I am analyzing the code. Unfortunately, I cannot find any detailed developer guide in order to understand the GitHub code and how effectively Istio translates this YAML in AuthZ rules. Can anyone help, please? Thanks!

I’m not sure I understand your question but I guess you’re asking how does istio converts the AuthorizationPolicy to the Envoy RBAC filter config that actually does the enforcement in the data plane (allow or deny a request)?

If so you can take a look at the code here: https://github.com/istio/istio/tree/master/pilot/pkg/security/authz

1 Like

Thank you! That was exactly what I was looking for.