feat: provide minimal `ext-authz` implementation

https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter

1 files changed, 63 insertions, 0 deletions

diff --git a/app/server_test.go b/app/server_test.go
new file mode 100644
index 00000000..ff34487a
--- /dev/null
+++ b/app/server_test.go
@@ -0,0 +1,63 @@
+package app
+
+import (
+	"context"
+	"net"
+	"testing"
+
+	auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/test/bufconn"
+)
+
+type HTTPRequest = auth.AttributeContext_HttpRequest
+
+func TestServer(t *testing.T) {
+	socket := bufconn.Listen(1024 * 1024)
+	srv := NewServer(t.Context())
+
+	defer srv.GracefulStop()
+	go func() {
+		require.NoError(t, srv.Serve(socket))
+	}()
+
+	connection, err := grpc.DialContext(
+		t.Context(),
+		"bufnet",
+		grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) {
+			return socket.Dial()
+		}),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+	)
+	require.NoError(t, err)
+	defer connection.Close()
+
+	client := auth.NewAuthorizationClient(connection)
+
+	t.Run("CheckRequest", func(t *testing.T) {
+		tt := []struct {
+			http   *HTTPRequest
+			status codes.Code
+		}{
+			{status: codes.OK, http: &HTTPRequest{Method: "GET", Path: "/"}},
+		}
+
+		for _, example := range tt {
+			t.Run(example.http.Path, func(t *testing.T) {
+				response, err := client.Check(t.Context(), &auth.CheckRequest{
+					Attributes: &auth.AttributeContext{
+						Request: &auth.AttributeContext_Request{
+							Http: example.http,
+						},
+					},
+				})
+				require.NoError(t, err)
+				assert.Equal(t, int32(example.status), response.Status.Code)
+			})
+		}
+	})
+}