Use Case istio Allowed Mixer - GoogleCloudPlatform/anthos-appconfig GitHub Wiki
Use Case - istio - Allowed-Mixer
- Namespace: uc-allowed-services-istio
gsutil cat gs://anthos-appconfig_public/deploy/${RELEASE_NAME}/examples/use-cases/uc-allowed-services-istio/deploy-apps.yaml | kubectl apply -f -
Note: You may get HTTP - 503 - no healthy upstream while istio proxies get updated as pods start up
Dev Service -> All
Svc 1 -> Svc 2
Svc 2 -> Svc 1, Svc 3, Svc 4, Pubsub
Svc 3 -> No One
Svc 4 -> Svc 2, Svc 3
External Access via NAT (open)
Svc 2 -> Svc 3 - Should Work
curl "http://${INGRESS_ISTIO_HOST}/testcallseq?call1=http://app-allowed-istio-appconfigv2-service-sm-2.uc-allowed-services-istio/testcallseq&call2=http://app-allowed-istio-appconfigv2-service-sm-3/testcallseq"
Response (success)
host:hello-app-drv-py-1-64d47f558f-9bnh6
host:appconfigv2-service-sm-2-5b6d96f659-m28pd
host:appconfigv2-service-sm-3-679bd586dc-txrmw
Svc 1 -> Svc 3 - Should Not Work
curl "http://${INGRESS_ISTIO_HOST}/testcallseq?call1=http://app-allowed-istio-appconfigv2-service-sm-1.uc-allowed-services-istio/testcallseq&call2=http://app-allowed-istio-appconfigv2-service-sm-3/testcallseq"
Response (error)
host:hello-app-drv-py-1-64d47f558f-9bnh6
host:appconfigv2-service-sm-1-66844b6fbc-697n9
*Error*-Happened - Making the request-url[http://app-allowed-istio-appconfigv2-service-sm-1.uc-allowed-services-istio/testcallseq?call2=http%3A%2F%2Fapp-allowed-istio-appconfigv2-service-sm-3%2Ftestcallseq]
Traceback (most recent call last):
File "/app/hello_app_sm_py.py", line 141, in testcallseq
result_text = RestHelper.call_with_sequence(next_call, collection, headers=headers_dict)
File "/app/http_rest_helper.py", line 54, in call_with_sequence
raise Exception("Respose Failure for HTTP - {} - {}".format(result.status_code, result.text))
Exception: Respose Failure for HTTP - 403 - PERMISSION_DENIED:app-allowed-istio-whitelist--appconfigv2-service-sm-3.uc-allowed-services-istio:appconfigv2-service-sm-1 is not whitelisted