docs.konghq.com icon indicating copy to clipboard operation
docs.konghq.com copied to clipboard

Published 20 hours ago verified publisher icon Kong

Missing KIC guide on Key Authentication with ACL per service or route

Open mloskot opened this issue 1 year ago • 1 comments

Where is the problem?

https://docs.konghq.com/hub/kong-inc/key-auth/

What happened?

It would be good if there is a guide describing non-trivial case of configuration:

  • Two services or routes, A and B
  • Two API keys, 1 and 2
  • Key 1 can access A, but can not access B
  • Key 2 can access B, but can not access A

It requires combination of the Key Authentication plugin and ACL plugin. It would be useful if presented with declarative configuration.

Such configuration for Kong Ingress Controller is especially not trivial, because it requires

  1. Creation of 'conceptual/logical' ACL group via Kubernetes secret which is not very intuitive and not well documented, if at all, especially after deprecating kind: KongCredential
  2. API key stored in secret
  3. Consumer using the two secrets as credentials: one to authorise access to specific service/route and the other to authenticate consumer

What did you expect to happen?

Add a guide for Kong Ingress Controller with non-trivial authentication and authorisation scenarios.

Code of Conduct and Community Expectations

  • [X] I agree to follow this project's Code of Conduct
  • [X] I agree to abide by the Community Expectations

mloskot avatar Mar 21 '23 13:03 mloskot

I'm also interested in this

eschbach-dd avatar Jun 01 '23 15:06 eschbach-dd