Skip to content

Commit

Permalink
Resolved error and add ext authz server manifest
Browse files Browse the repository at this point in the history
Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>
  • Loading branch information
Sanskarzz authored and eddycharly committed Mar 26, 2024
1 parent ba6ed3b commit 72e1902
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 8 deletions.
40 changes: 40 additions & 0 deletions demo/istio/manifests/ext-authz.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
apiVersion: v1
kind: Service
metadata:
name: ext-authz
labels:
app: ext-authz
namespace: demo
spec:
ports:
- name: http
port: 8000
targetPort: 8000
- name: grpc
port: 9000
targetPort: 9000
selector:
app: ext-authz
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ext-authz
namespace: demo
spec:
replicas: 1
selector:
matchLabels:
app: ext-authz
template:
metadata:
labels:
app: ext-authz
spec:
containers:
- image: ko.local/github.com/kyverno/kyverno-envoy-plugin:7bd39c9d958eb408a86cee2d97241895522b317f
imagePullPolicy: IfNotPresent
name: ext-authz
ports:
- containerPort: 8000
- containerPort: 9000
30 changes: 22 additions & 8 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
"syscall"
"time"

authv2 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2"
authv3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
"google.golang.org/genproto/googleapis/rpc/status"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
Expand All @@ -22,10 +22,17 @@ import (
type Servers struct {
httpServer *http.Server
grpcServer *grpc.Server
grpcV3 *extAuthzServerV3
}

type (
extAuthzServerV3 struct{}
)

func NewServers() *Servers {
return &Servers{}
return &Servers{
grpcV3: &extAuthzServerV3{},
}
}

func (s *Servers) startHTTPServer(ctx context.Context) {
Expand Down Expand Up @@ -64,15 +71,21 @@ func handler(w http.ResponseWriter, r *http.Request) {

}

type authServer struct{}
func (s *extAuthzServerV3) Check(ctx context.Context, req *authv3.CheckRequest) (*authv3.CheckResponse, error) {

attrs := req.GetAttributes()

// Print each attribute individually
for key, value := range attrs.GetRequest().GetHttp().GetHeaders() {
fmt.Printf("Header: %s = %s\n", key, value)
}

func (s *authServer) Check(ctx context.Context, req *authv2.CheckRequest) (*authv2.CheckResponse, error) {
// Log the incoming request
fmt.Println("Received authorization request:", req)
// Print the entire struct with field names
fmt.Printf("Attributes: %+v\n", attrs)

// implement your authorization logic here
// Implement your authorization logic here
// For now, allow all requests
return &authv2.CheckResponse{
return &authv3.CheckResponse{
Status: &status.Status{Code: int32(codes.OK)},
}, nil
}
Expand All @@ -85,6 +98,7 @@ func (s *Servers) startGRPCServer(ctx context.Context) {
}
s.grpcServer = grpc.NewServer()
fmt.Println("Starting GRPC server on Port 9000")
authv3.RegisterAuthorizationServer(s.grpcServer, s.grpcV3)

go func() {
<-ctx.Done()
Expand Down

0 comments on commit 72e1902

Please sign in to comment.