Hello, when using RBAC with Istio and some workload is denied by policies, e.g. AuthorizationPolicy, Istio returns 403 - RBAC: access denied. Is it possible to configure Istio/Envoy to return 404 Not Found instead to “hide” workload existence?
currently this is not supported by the authorization policy but I think it’s a valid feature request that we can add at least in the Envoy level, feel free to open a feature request on github.
1 Like
GitHub issue for reference Workload evidence when using RBAC policy · Issue #31452 · istio/istio · GitHub
I believe this could be done with an EnvoyFilter.
But I tend to dislike to rely on those too much.