Example JAVA implementation of the check method for the Enovy Proxy.
This orientates on the Istio sample.
When you deploy it and the filter gets activated, then all requests with the x-ext-authz: allow header will pass.
Check my posts for a guide how to use it:
- Using Istio as an external authorizer. Part 1: The theory
- Using Istio as an external authorizer. Part 2: The implementation
- Implementation of an external authorizer for Istio in Java
- Clone this repo.
- In a terminal go into the directory.
- Build the jar:
gradle build - Build a Docker image:
docker build -t java-authz:v1 . - Deploy into your Kubernetes cluster
Now you can test the filter for example with cURL.
Requests with the -H "x-ext-authz: allow" header should pass. Other ones fail.
E.g.:
curl -H "x-ext-authz: allow" localhost/books
Here is a K8S resource file for the namespace sidecar-test:
apiVersion: v1
kind: Service
metadata:
name: ext-authz
namespace: sidecar-test
labels:
app: ext-authz
spec:
ports:
- name: grpc
port: 9000
targetPort: 9000
selector:
app: ext-authz
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ext-authz
namespace: sidecar-test
spec:
replicas: 1
selector:
matchLabels:
app: ext-authz
template:
metadata:
labels:
app: ext-authz
spec:
containers:
- image: java-authz:v1
imagePullPolicy: IfNotPresent
name: ext-authz
ports:
- containerPort: 9000
---