This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Combine multiple access policys

Posted on 12-21-2023 03:53 PM
Bomelin
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi,

I'm trying to understand how to setup policys to allow multiple ways of auth with a proxy.

In short we have 3 different scenarios.

1. Service to service calls from GCP cloud run, gke, workflow etc. In this case I would like to send the service account JWT, validate it and if possible extract the roles to check that the SA may invoke the proxy.

2. Calls from non-GCP hosted services. In this case I'd like to use OAuth2 with app credentials from the Portal.

3. User generated calls from internal apps where the user is authed using Azure AD SSO. In this case I'd like to send an Azure AD JWT along, have it validated and extract roles/claims to check if the user may invoke the proxy. In some cases users in department A may only read, and department B may update so I would like to check this on endpoint level or uri based.

Is this possible? Or is it a bad approach? 

0 1 486
Topic Labels
0 Likes
1 REPLY 1