Question: Promote RBAC filter API from v2alpha to v2

[yangminzhu]

Title: Question about promoting RBAC filter API from v2alpha to v2

Description:
The RBAC filter API currently is at v2alpha which means it's considered experimental and has no restrictions on breaking changes according to the Envoy API guidelines, making it less likely for production adoption.

This issues is opened to ask about how can we promote it to v2 to make it stable for more production adoption.

• Option 1: Keep the API as-is and just change the version from v2alpha to v2

• Option 2: Make some improvements when changing from v2alpha to v2. For example,

  • The Permission and Principal could be changed to use the same message considering there're a lot common fields in both of them (e.g. and/or/not/any/header/metadata),
  • The Action could be moved to inside policy so that allow/deny could be used at the same time for precedence policy

Option 1 makes it easier for other people to migrate but it would be harder to make any changes once the API becomes stable.

Option 2 makes some improvements but makes it harder for user to migrate from v2alpha to v2. we need to clarify if the RBAC filter API is being used by users directly and if they are okay for the change of API?

We're wondering how does Envoy generally promote alpha API to stable, and how do you think about the two options for RBAC. Is the RBAC filter API considered a user-facing API and should we optimize this to some extent?
Thank you!

/cc @liminw @wenchenglu @mattklein123 @rodaine @lizan @htuch @rshriram

[mattklein123]

I would suggest just doing option (1) since we are using it in production at Lyft and I assume others are as well. There are things that I don't like about the current API but I think we need to live with it and evolve it via the normal deprecation cycle. I would take a look at how we did the same dance for extauth which basically involved a config flag to allow the user to switch sending v2 and v2alpha since they will be wire compatible. cc @gsagula

[yangminzhu]

Thank you for the response, then I think we could just go with option (1) for now and leave the improvements to the future.

Looking at the PR (#5672 and #5825) for migrating the ext_auth from v2alpha to v2, it seems it adds a separate BUILD and proto file in order to maintain gRPC service cross-compatible with V2 and V2alpha, I'm not sure if this is needed when there is no RPC service definition in the RBAC filter API. Please let me know if you're referring to some other config flag for the migration. Thank you.

[yangminzhu]

@mattklein123
On the other hand, would you mind to share some thoughts and ideas about how would you like to improve the current API in the long run? Just trying to learn about different opinions on the API design. Thank you!

[gsagula]

@yangminzhu This is the PR for making v2 and v2alpha cross-compatible. Let me know if it helps.

#5825

[mattklein123]

@yangminzhu yeah sorry if there is no RPC call I think you can just switch the namespace and be done with it.

On the other hand, would you mind to share some thoughts and ideas about how would you like to improve the current API in the long run?

My main complaint which I talked about in #6751 is that I never thought it was necessary to split principal and permissions vs. have a simple rules based API in the data plane.

[yangminzhu]

@gsagula @mattklein123 Thank you for the response, I'll start to work on the PR, let me know if you have any other concerns.