| CPC H04L 63/105 (2013.01) [G06F 9/547 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A network controller for a software-defined networking (SDN) architecture system, the network controller comprising:
processing circuitry; and
one or more configuration nodes configured for execution by the processing circuitry, wherein the one or more configuration nodes include an application programming interface (API) server to process requests for operations on native resources of a container orchestration system and include a custom API server to process requests for operations on custom resources for SDN architecture configuration, to:
receive a request to generate an access control policy for a role in a container orchestration system, wherein the request specifies a plurality of functions of an aggregated API provided by the custom API server and the API server;
execute the plurality of functions;
log execution of the plurality of functions in an audit log;
parse the audit log to determine a plurality of resources of the container orchestration system accessed from executing the plurality of functions and, for each resource of the plurality of resources, a respective one or more types of operations of a plurality of actions performed on the respective resource from executing the plurality of functions; and
create, based at least in part on the parsed audit log, the access control policy for the role that permits a role to perform, on each of the plurality of resources, the respective one or more types of operations.
|