Skip to main content

Envoy Conflict Resolution

When using Styra DAS, a System can be associated with a Stack or Stacks. Stacks can apply rules across multiple Systems. Multiple Stacks can be applied to the same System. If the Stacks and the System all define the same rules, it is important to understand how the final decision is resolved.

For Envoy, the Stack or System that supplies the final deny or allow rule is solely responsible for supplying the other supported rules as well. The selection is made using the following criteria.

  1. A Stack defining deny = true. If multiple Stacks define this, the one with the highest defined priority is selected, with a lower number meaning a higher priority. If multiple use the same status code, the first in definition order is selected.
  2. A Stack-defining allow = true. If multiple Stacks define this, the one with the highest defined priority is selected with a lower number meaning a higher priority. If multiple Stacks use the same status code, the first in definition order is selected.
  3. The System is selected.