diff options
| author | mo khan <mo@mokhan.ca> | 2025-05-20 14:28:06 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-05-23 14:49:19 -0600 |
| commit | 4beee46dc6c7642316e118a4d3aa51e4b407256e (patch) | |
| tree | 039bdf57b99061844aeb0fe55ad0bc1c864166af /Makefile | |
| parent | 0ba49bfbde242920d8675a193d7af89420456fc0 (diff) | |
feat: add external authorization service (authzd) with JWT authentication
- Add new authzd gRPC service implementing Envoy's external authorization API
- Integrate JWT authentication filter in Envoy configuration with claim extraction
- Update middleware to support both cookie-based and header-based user authentication
- Add comprehensive test coverage for authorization service and server
- Configure proper service orchestration with authzd, sparkled, and Envoy
- Update build system and Docker configuration for multi-service deployment
- Add grpcurl tool for gRPC service debugging and testing
This enables fine-grained authorization control through Envoy's ext_authz filter
while maintaining backward compatibility with existing cookie-based authentication.
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 21 |
1 files changed, 18 insertions, 3 deletions
@@ -4,11 +4,14 @@ IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH) .PHONY: clean setup build test run +bin/authzd: + @go build -o ./bin/authzd ./cmd/authzd/main.go + bin/sparkled: @go build -o ./bin/sparkled ./cmd/sparkled/main.go clean: - @rm -f ./bin/sparkled + @rm -f ./bin/authzd ./bin/sparkled @go clean -testcache setup: @@ -18,13 +21,13 @@ setup: @command -v playwright @command -v yamlfmt -build: bin/sparkled +build: bin/authzd bin/sparkled test-unit: @go test -shuffle=on ./... test-integration: build-image - @IMAGE_TAG=$(IMAGE_TAG) go test -v -tags=integration ./test/integration/... + @IMAGE_TAG=$(IMAGE_TAG) go test -tags=integration ./test/integration/... test: clean test-unit test-integration @@ -37,12 +40,24 @@ build-builder-image: run: clean build @go tool godotenv -f .env.local,.env ./bin/entrypoint.sh +run-authzd: clean build + @go tool godotenv -f .env.local,.env ./bin/authzd + run-image: clean build-image @docker run --rm --network host --env-file .env.local -p 10000:10000 -p 9901:9901 -p 8080:8080 -it $(IMAGE_TAG) +run-envoy: + @go tool godotenv -f .env.local,.env ./bin/envoy.sh + +run-sparkled: clean build + @go tool godotenv -f .env.local,.env ./bin/sparkled + sh-image: build-builder-image @docker run --rm -it $(IMAGE_TAG) /bin/sh +authzd-rpc-check: + @go tool grpcurl -plaintext -format text -d '' 127.0.0.1:10003 envoy.service.auth.v3.Authorization.Check + lint: @go tool yamlfmt --lint -exclude vendor . |