From 4beee46dc6c7642316e118a4d3aa51e4b407256e Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 20 May 2025 14:28:06 -0600 Subject: feat: add external authorization service (authzd) with JWT authentication - Add new authzd gRPC service implementing Envoy's external authorization API - Integrate JWT authentication filter in Envoy configuration with claim extraction - Update middleware to support both cookie-based and header-based user authentication - Add comprehensive test coverage for authorization service and server - Configure proper service orchestration with authzd, sparkled, and Envoy - Update build system and Docker configuration for multi-service deployment - Add grpcurl tool for gRPC service debugging and testing This enables fine-grained authorization control through Envoy's ext_authz filter while maintaining backward compatibility with existing cookie-based authentication. --- Makefile | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 612148b..c92e006 100644 --- a/Makefile +++ b/Makefile @@ -4,11 +4,14 @@ IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH) .PHONY: clean setup build test run +bin/authzd: + @go build -o ./bin/authzd ./cmd/authzd/main.go + bin/sparkled: @go build -o ./bin/sparkled ./cmd/sparkled/main.go clean: - @rm -f ./bin/sparkled + @rm -f ./bin/authzd ./bin/sparkled @go clean -testcache setup: @@ -18,13 +21,13 @@ setup: @command -v playwright @command -v yamlfmt -build: bin/sparkled +build: bin/authzd bin/sparkled test-unit: @go test -shuffle=on ./... test-integration: build-image - @IMAGE_TAG=$(IMAGE_TAG) go test -v -tags=integration ./test/integration/... + @IMAGE_TAG=$(IMAGE_TAG) go test -tags=integration ./test/integration/... test: clean test-unit test-integration @@ -37,12 +40,24 @@ build-builder-image: run: clean build @go tool godotenv -f .env.local,.env ./bin/entrypoint.sh +run-authzd: clean build + @go tool godotenv -f .env.local,.env ./bin/authzd + run-image: clean build-image @docker run --rm --network host --env-file .env.local -p 10000:10000 -p 9901:9901 -p 8080:8080 -it $(IMAGE_TAG) +run-envoy: + @go tool godotenv -f .env.local,.env ./bin/envoy.sh + +run-sparkled: clean build + @go tool godotenv -f .env.local,.env ./bin/sparkled + sh-image: build-builder-image @docker run --rm -it $(IMAGE_TAG) /bin/sh +authzd-rpc-check: + @go tool grpcurl -plaintext -format text -d '' 127.0.0.1:10003 envoy.service.auth.v3.Authorization.Check + lint: @go tool yamlfmt --lint -exclude vendor . -- cgit v1.2.3