From 4beee46dc6c7642316e118a4d3aa51e4b407256e Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 20 May 2025 14:28:06 -0600 Subject: feat: add external authorization service (authzd) with JWT authentication - Add new authzd gRPC service implementing Envoy's external authorization API - Integrate JWT authentication filter in Envoy configuration with claim extraction - Update middleware to support both cookie-based and header-based user authentication - Add comprehensive test coverage for authorization service and server - Configure proper service orchestration with authzd, sparkled, and Envoy - Update build system and Docker configuration for multi-service deployment - Add grpcurl tool for gRPC service debugging and testing This enables fine-grained authorization control through Envoy's ext_authz filter while maintaining backward compatibility with existing cookie-based authentication. --- test/integration/container.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test/integration/container.go') diff --git a/test/integration/container.go b/test/integration/container.go index 0a210dd..6c346a5 100644 --- a/test/integration/container.go +++ b/test/integration/container.go @@ -27,13 +27,14 @@ func NewContainer(t *testing.T, ctx context.Context, envVars map[string]string) testcontainers.WithWaitStrategy( wait.ForLog("Listening on"), wait.ForListeningPort(x.Must(nat.NewPort("tcp", "10000"))), + wait.ForListeningPort(x.Must(nat.NewPort("tcp", "10003"))), wait.ForListeningPort(x.Must(nat.NewPort("tcp", "8080"))), wait.ForListeningPort(x.Must(nat.NewPort("tcp", "9901"))), ), testcontainers.WithHostConfigModifier(func(cfg *xcontainer.HostConfig) { cfg.NetworkMode = xcontainer.NetworkMode(network.NetworkHost) }), - // testcontainers.WithExposedPorts("8080/tcp", "9901/tcp", "10000/tcp"), + // testcontainers.WithExposedPorts("8080/tcp", "9901/tcp", "10000/tcp", "10003/tcp"), // testcontainers.WithHostPortAccess(port), ) require.NoError(t, err) -- cgit v1.2.3