buzzfeed
Dynamic allowed groups
Is your feature request related to a problem? Please describe. We have several teams working on different projects and we have automated the generation of dynamic routes from which they can access dashboards that adapt depending on the hostname. The hostname is based on their project name.
For example: A team working on product Spiderman has access to their metrics dashboard by this route https://metrics.spiderman.company.net and team working on Venom by https://metrics.venom.company.net
The routing is easy to maintain by using the rewrite feature but we can't use the allowed_groups feature to protect the access because it forces us to write each route individually for each team.
default:
from: ^metrics.venom.company.net$
to: service.namespace
options:
allowed_groups:
- [email protected]
Describe the solution you'd like We would love to be able to use the rewrite feature not only to make the destination dynamic but also to make the allowed_groups field dynamic too.
For example:
default:
from: ^metrics.(.*).company.net$
to: service.namespace
options:
allowed_groups:
- [email protected]
Describe alternatives you've considered I can't think of an alternative solution.
Additional context We are not using the proxy yet, but we tested it and would love to use it. This is the only feature we believe it's missing for us.
Please let me know if you have any thought on this idea. Unfortunately we are not proficient enough in Go to help, but we may give it a try if you think it's useful.
Thanks!
:wave: @danieldabate, welcome to SSO!
This is a very interesting use-case! I don't think it's likely that we at BuzzFeed will take on this work as we don't have the same use case.
However, we would be happy to work through and polish any contributions on this front!
