Skip to content

Refactor rbac plugin and improve test coverage and readability #13489

Closed
Closed
Refactor rbac plugin and improve test coverage and readability#13489
Assignees
yangminzhu
Labels
area/securityarea/test and releasekind/enhancementlifecycle/staleIndicates a PR or issue hasn't been manipulated by an Istio team member for a while
@yangminzhu

Description

@yangminzhu
yangminzhu
opened on Apr 20, 2019

For Security Code Mauve: #13439

A couple of problems in current rbac code:

  • All the logic (rbac filter, envoy matcher, rbac policy, etc.) are tightly coupled in rbac.go, making it very hard to extend and find out the relationship between policy and generated config
  • The unit test rbac_test.go is full of boilerplate and extreme hard to read and maintain (2000 lines of code). It's super hard to find out what is covered and what is not
  • The current e2e test doesn't cover all the use cases, like the ClusterRbacConfig is not fully tested, etc.

/cc @liminw @pitlv2109

Metadata

Metadata

Assignees

Labels

area/securityarea/test and releasekind/enhancementlifecycle/staleIndicates a PR or issue hasn't been manipulated by an Istio team member for a while

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions