[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control
bzp2010 commented on issue #5714: URL: https://github.com/apache/apisix/issues/5714#issuecomment-992617718 ## Update Stage 2 PR #5779 and scheme here [https://github.com/apache/apisix/pull/5779#issuecomment-992616536](https://github.com/apache/apisix/pull/5779#issuecomment-992616536) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control
bzp2010 commented on issue #5714: URL: https://github.com/apache/apisix/issues/5714#issuecomment-992346214 The first point is got, while I will try to do some work on the second point. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control
bzp2010 commented on issue #5714: URL: https://github.com/apache/apisix/issues/5714#issuecomment-992074159 Hi, @spacewander. I noticed in the OPA documentation the Envoy related use case, which contains the input content of the OPA filter to the OPA service in the following format. Is it necessary to adjust our current input to make it somewhat compatible with the OPA policy that was written for Envoy filter? ```json { "attributes": { "source": { "address": { "socketAddress": { "address": "172.17.0.1", "portValue": 61402 } } }, "destination": { "address": { "socketAddress": { "address": "172.17.06", "portValue": 8000 } } }, "request": { "time": "2020-11-20T09:47:47.722473Z", "http": { "id": "13519049518330544501", "method": "POST", "headers": { ":authority": "192.168.99.206:30164", ":method": "POST", ":path": "/people?lang=en", "accept": "*/*", "authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYWRtaW4iLCJzdWIiOiJZbTlpIiwibmJmIjoxNTE0ODUxMTM5LCJleHAiOjE2NDEwODE1Mzl9.WCxNAveAVAdRCmkpIObOTaSd0AJRECY2Ch2Qdic3kU8", "content-length": "41", "content-type": "application/json", "user-agent": "curl/7.54.0", "x-forwarded-proto": "http", "x-request-id": "7bca5c86-bf55-432c-b212-8c0f1dc999ec" }, "host": "192.168.99.206:30164", "path": "/people?lang=en", "protocol": "HTTP/1.1", "body": "{\"firstname\":\"Charlie\", \"lastname\":\"Opa\"}", "size": 41 } }, "metadataContext": {} }, "parsed_body": { "firstname": "Charlie", "lastname": "Opa" }, "parsed_path": [ "people" ], "parsed_query": { "lang": [ "en" ] }, "truncated_body": false, "version": { "encoding": "protojson", "ext_authz": "v3" } } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control
bzp2010 commented on issue #5714: URL: https://github.com/apache/apisix/issues/5714#issuecomment-992065110 Hi, @anderseknert. The development of `stage 1: basic support` in the current roadmap has been completed and the PR is here #5734. I have some questions for you here. Does the OPA community have any use case or best practices for "response overwriting (e.g., status codes or headers) in case of authentication failure"? Thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 commented on issue #5714: Proposal: support OpenPolicyAgent for access control
bzp2010 commented on issue #5714: URL: https://github.com/apache/apisix/issues/5714#issuecomment-992052188 ## Update The current OPA basic support plugin has been completed and will begin the phase 2 of feature development on the roadmap. So I reopened this issue to track the status of the next PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org