/rond

A lightweight container for distributed security policy evaluation

Primary LanguageGoApache License 2.0Apache-2.0

Rönd Logo Rönd Logo

Build Status Coverage Status Go Report Card Go Sec

Docs

Mia-Platform

Rönd

Rönd is a lightweight container that distributes security policy enforcement throughout your application.

Rönd is based on OpenPolicy Agent and allows you to define security policies to be executed during API invocations. Rönd runs in your Kubernetes cluster as a sidecar container of your Pods. Rönd intercepts the API traffic, applies your policies and, based on the policy result, forwards the request to your application service or rejects the API invocation.

Why Rönd?

Find out more here.

Features

Rönd supports three policy types:

  1. Allow or reject request
  2. Query generation during the request flow
  3. Response body patching

RBAC capabilities

Rönd natively allows you to build an RBAC solution based on Roles and Bindings saved in MongoDB.

Who is using Rönd

Here is a list of awesome people using Rönd, if you're using it but do not appear in this list feel free to open a PR!

Local development

For local development you need to have Go installed locally, checkout the go.mod file to know the currently used language version.

Run tests

make test

Please note that in order to run tests you need Docker to be installed; tests need a local instance of MongoDB to be up and running, the make test command will take care of it by creating a new mongodb container. The container is auomatically removed at the end of tests; if it remains leaked simply run make clean.

With coverage

To run test with coverage file in output, run

make coverage

Contributing

Please read CONTRIBUTING.md for further details about the process for submitting pull requests.