Skip to content

nhanvt/envoy-opa-compose

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Using Envoy external authorization with Open Policy Agent

This project demonstrates how to use Envoy's external authorization filter with Open Policy Agent as the authorization service to enforce security policies for all API requests received by Envoy.

Based on this OPA tutorial using docker-compose instead of Kubernetes.

This is meant for dockerized services (in a non-k8s environment) to easily leverage OPA for authorization.

Disclaimer: This example project was initially created when there was lack of documentation on how to use the ext_authz filter with OPA. Specifically there was a lack of sample code to run using docker-compose. There has since been updated documentation and sample code in the official docs. Do check that out instead!

Usage

Run docker-compose up to start services.

A toy policy.rego file is used to only permit GET requests, i.e. curl -X GET http://localhost:8080/anything should work but curl -X POST http://localhost:8080/anything should fail.

Environment variables SERVICE_NAME and SERVICE_PORT refers to the service Envoy is proxying. These env variables will replace the variables in envoy.yaml. See ./compose/envoy/entrypoint.sh for more details.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Open Policy Agent 43.4%
  • Shell 35.8%
  • Dockerfile 20.8%