[
https://issues.apache.org/jira/browse/KNOX-2974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17781023#comment-17781023
]
ASF subversion and git services commented on KNOX-2974:
-------------------------------------------------------
Commit 8e55969f3f85ac99925842744c143f7e916f784d in knox's branch
refs/heads/master from Sandeep Moré
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=8e55969f3 ]
KNOX-2974 - Add a new endpoint 'extauthz' similar to pre that accepts HTTP
verbs other than GET and if confgiured ignores additional context path params
(#813)
> Add a new endpoint like 'pre' that supports other verbs and ignores paths
> -------------------------------------------------------------------------
>
> Key: KNOX-2974
> URL: https://issues.apache.org/jira/browse/KNOX-2974
> Project: Apache Knox
> Issue Type: New Feature
> Components: docker, Server
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Knox can be used as an [external authorizer for Istio
> |https://istio.io/v1.10/blog/2021/better-external-authz/]. In this model
> Istio forwards the request to the external authorizer and depending on the
> results the request then either errors out with 401 or 403 OR proceeds to
> it's intended destination after successful authentication and authorization
> by Knox.
> Here the request is getting forwarded and Knox acts as a "filter". This means
> the "pre" endpoint should support all the HTTP verbs and it should have the
> ability to ignore additional paths that may be appended by Istio.
> This JIRA is to address these issues by creating a new service "extauthz"
> that addresses these issues without changing existing "pre" service to
> prevent breakage.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
