[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control

2021-12-13 Thread GitBox 


bzp2010 commented on issue #5714:
URL: https://github.com/apache/apisix/issues/5714#issuecomment-992617718


   ## Update
   Stage 2 PR #5779 and scheme here 
[https://github.com/apache/apisix/pull/5779#issuecomment-992616536](https://github.com/apache/apisix/pull/5779#issuecomment-992616536)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control

2021-12-13 Thread GitBox 


bzp2010 commented on issue #5714:
URL: https://github.com/apache/apisix/issues/5714#issuecomment-992346214


   The first point is got, while I will try to do some work on the second point.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control

2021-12-12 Thread GitBox 


bzp2010 commented on issue #5714:
URL: https://github.com/apache/apisix/issues/5714#issuecomment-992074159


   Hi, @spacewander.
   
   I noticed in the OPA documentation the Envoy related use case, which 
contains the input content of the OPA filter to the OPA service in the 
following format. Is it necessary to adjust our current input to make it 
somewhat compatible with the OPA policy that was written for Envoy filter?
   ```json
   {
   "attributes": {
   "source": {
   "address": {
   "socketAddress": {
   "address": "172.17.0.1",
   "portValue": 61402
   }
   }
   },
   "destination": {
   "address": {
   "socketAddress": {
   "address": "172.17.06",
   "portValue": 8000
   }
   }
   },
   "request": {
   "time": "2020-11-20T09:47:47.722473Z",
   "http": {
   "id": "13519049518330544501",
   "method": "POST",
   "headers": {
   ":authority": "192.168.99.206:30164",
   ":method": "POST",
   ":path": "/people?lang=en",
   "accept": "*/*",
   "authorization": "Bearer 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYWRtaW4iLCJzdWIiOiJZbTlpIiwibmJmIjoxNTE0ODUxMTM5LCJleHAiOjE2NDEwODE1Mzl9.WCxNAveAVAdRCmkpIObOTaSd0AJRECY2Ch2Qdic3kU8",
   "content-length": "41",
   "content-type": "application/json",
   "user-agent": "curl/7.54.0",
   "x-forwarded-proto": "http",
   "x-request-id": "7bca5c86-bf55-432c-b212-8c0f1dc999ec"
   },
   "host": "192.168.99.206:30164",
   "path": "/people?lang=en",
   "protocol": "HTTP/1.1",
   "body": "{\"firstname\":\"Charlie\", \"lastname\":\"Opa\"}",
   "size": 41
   }
   },
   "metadataContext": {}
   },
   "parsed_body": {
   "firstname": "Charlie",
   "lastname": "Opa"
   },
   "parsed_path": [
   "people"
   ],
   "parsed_query": {
   "lang": [
   "en"
   ]
   },
   "truncated_body": false,
   "version": {
   "encoding": "protojson",
   "ext_authz": "v3"
   }
   }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control

2021-12-12 Thread GitBox 


bzp2010 commented on issue #5714:
URL: https://github.com/apache/apisix/issues/5714#issuecomment-992065110


   Hi, @anderseknert.
   
   The development of `stage 1: basic support` in the current roadmap has been 
completed and the PR is here #5734.
   I have some questions for you here. Does the OPA community have any use case 
or best practices for "response overwriting (e.g., status codes or headers) in 
case of authentication failure"? 
   
   Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control

2021-12-12 Thread GitBox 


bzp2010 commented on issue #5714:
URL: https://github.com/apache/apisix/issues/5714#issuecomment-992052188


   ## Update
   The current OPA basic support plugin has been completed and will begin the 
phase 2 of feature development on the roadmap. So I reopened this issue to 
track the status of the next PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org