模型可视化>> envoy-authz>> 返回
项目作者: WesleyBatista

项目描述 :
Basic envoy setup example for running an external Authentication/Authorization backend
高级语言: Go
项目地址: git://github.com/WesleyBatista/envoy-authz.git
创建时间: 2020-03-21T17:32:48Z
项目社区:https://github.com/WesleyBatista/envoy-authz
开源协议:MIT License
下载


envoy-authz

Basic envoy setup example for running an external Authentication/Authorization backend

The example on this repo was copied from salrashid123/envoy_external_authz, which is connected to the article on medium

Cheers @salrashid123 for providing such great and actionable content :beers:

On this repo you find the example in the form of a docker-compose.yaml, making it even easier (for those who has familiarity with the tool, of course) to get started with the concept presented on the article.

Getting started

Open 2 terminals and run the following commands after cloning the repo:

terminal 1

Bring the services up with docker-compose:

  1. $ docker-compose up --build
  2. Building service_backend
  3. ...

After that you should see logs like this:

  1. service_authz_1    | 2020/03/21 17:30:23 Handling grpc Check request
  2. service_authz_1    | 2020/03/21 17:30:28 Handling grpc Check request
  3. service_authz_1    | 2020/03/21 17:30:33 Handling grpc Check request
  4. service_authz_1    | 2020/03/21 17:30:39 Handling grpc Check request
  5. service_authz_1    | 2020/03/21 17:30:45 Handling grpc Check request

… meaning that the envoy health checks are in action.

terminal 2

Now that we have the services up and running, we can see the results by running curl commands at http://localhost:8111:

Without the Authorization header

  1. $ curl -vv -w "\n" http://localhost:8111/
  2. *   Trying 127.0.0.1...
  3. * TCP_NODELAY set
  4. * Connected to localhost (127.0.0.1) port 8111 (#0)
  5. > GET / HTTP/1.1
  6. > Host: localhost:8111
  7. > User-Agent: curl/7.58.0
  8. > Accept: */*
  9. > 
  10. < HTTP/1.1 401 Unauthorized
  11. < content-length: 46
  12. < content-type: text/plain
  13. < x-custom-header-from-lua: bar
  14. < date: Sat, 21 Mar 2020 17:24:27 GMT
  15. < server: envoy
  16. < 
  17. * Connection #0 to host localhost left intact
  18. Authorization Header malformed or not provided

With the Authorization header

  1. $ curl -vv -H "Authorization: Bearer foo" -w "\n" http://localhost:8111/
  2. *   Trying 127.0.0.1...
  3. * TCP_NODELAY set
  4. * Connected to localhost (127.0.0.1) port 8111 (#0)
  5. > GET / HTTP/1.1
  6. > Host: localhost:8111
  7. > User-Agent: curl/7.58.0
  8. > Accept: */*
  9. > Authorization: Bearer foo
  10. > 
  11. < HTTP/1.1 200 OK
  12. < x-custom-header-from-backend: from backend
  13. < date: Sat, 21 Mar 2020 17:24:37 GMT
  14. < content-length: 2
  15. < content-type: text/plain; charset=utf-8
  16. < x-envoy-upstream-service-time: 0
  17. < x-custom-header-from-lua: bar
  18. < server: envoy
  19. < 
  20. * Connection #0 to host localhost left intact
  21. ok