Rönd is a lightweight container that distributes security policy enforcement throughout your application.
Rönd is based on OpenPolicy Agent and allows you to define security policies to be executed during API invocations. Rönd runs in your Kubernetes cluster as a sidecar container of your Pods. Rönd intercepts the API traffic, applies your policies and, based on the policy result, forwards the request to your application service or rejects the API invocation.
Find out more here.
Rönd supports three policy types:
- Allow or reject request
- Query generation during the request flow
- Response body patching
Rönd natively allows you to build an RBAC solution based on Roles and Bindings saved in MongoDB.
Here is a list of awesome people using Rönd, if you're using it but do not appear in this list feel free to open a PR!
For local development you need to have Go installed locally, checkout the go.mod file to know the currently used language version.
make testPlease note that in order to run tests you need Docker to be installed, since tests need a local instance of MongoDB to be up and running make tests takes care of it by creating a new mongo container.
Please read CONTRIBUTING.md for further details about the process for submitting pull requests.