From 4beee46dc6c7642316e118a4d3aa51e4b407256e Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 20 May 2025 14:28:06 -0600 Subject: feat: add external authorization service (authzd) with JWT authentication - Add new authzd gRPC service implementing Envoy's external authorization API - Integrate JWT authentication filter in Envoy configuration with claim extraction - Update middleware to support both cookie-based and header-based user authentication - Add comprehensive test coverage for authorization service and server - Configure proper service orchestration with authzd, sparkled, and Envoy - Update build system and Docker configuration for multi-service deployment - Add grpcurl tool for gRPC service debugging and testing This enables fine-grained authorization control through Envoy's ext_authz filter while maintaining backward compatibility with existing cookie-based authentication. --- bin/entrypoint.sh | 3 +-- bin/envoy.sh | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'bin') diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh index 28d6c5f..eb7dc07 100755 --- a/bin/entrypoint.sh +++ b/bin/entrypoint.sh @@ -5,5 +5,4 @@ set -e [ -n "$DEBUG" ] && set -x cd "$(dirname "$0")/.." -echo "[$(date "+%H:%M:%S")] ==> Starting…" -./bin/envoy.sh & ./bin/sparkled +./bin/envoy.sh & ./bin/authzd & ./bin/sparkled diff --git a/bin/envoy.sh b/bin/envoy.sh index 67ea54c..7f2dcee 100755 --- a/bin/envoy.sh +++ b/bin/envoy.sh @@ -29,8 +29,8 @@ if ! command -v envoy; then exit 1 fi -echo "[$(date "+%H:%M:%S")] ==> Starting…" +# https://github.com/envoyproxy/envoy/blob/48f93b68232aba15b5b14743a134691926749122//source/common/common/logger.h#L36 envoy \ --config-yaml "$yaml" \ --log-level warn \ - --component-log-level oauth2:trace + --component-log-level admin:warn,connection:warn,ext_authz:info,grpc:info,health_checker:warn,http:warn,http2:warn,jwt:warn,oauth2:warn,router:warn,secret:warn,upstream:warn -- cgit v1.2.3