From 66d2cb8e1d3fd5d52d294f0ff8a8e6a2832dc86f Mon Sep 17 00:00:00 2001
From: Sanskarzz <sanskar.gur@gmail.com>
Date: Fri, 15 Mar 2024 18:12:25 +0530
Subject: [PATCH 1/2] fix: Log request payload

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>
---
 go.mod  |  5 ++++-
 go.sum  |  6 ++++++
 main.go | 28 +++++++++++++++++++++++++++-
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index b957a33a..d0e5c8f1 100644
--- a/go.mod
+++ b/go.mod
@@ -3,17 +3,20 @@ module github.com/kyverno/kyverno-envoy-plugin
 go 1.21.4
 
 require (
+	github.com/envoyproxy/go-control-plane v0.12.0
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80
 	google.golang.org/grpc v1.62.1
 	k8s.io/apimachinery v0.29.2
 )
 
 require (
+	github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
 	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	golang.org/x/net v0.20.0 // indirect
 	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
 	google.golang.org/protobuf v1.32.0 // indirect
 	k8s.io/klog/v2 v2.110.1 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
diff --git a/go.sum b/go.sum
index 61809ef9..e96104f5 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,9 @@
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
+github.com/envoyproxy/go-control-plane v0.12.0 h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI=
+github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0=
+github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
+github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
 github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
diff --git a/main.go b/main.go
index af363f88..95eae602 100644
--- a/main.go
+++ b/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"io"
 	"log"
 	"net"
 	"net/http"
@@ -11,7 +12,10 @@ import (
 	"syscall"
 	"time"
 
+	authv2 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2"
+	"google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
 	"k8s.io/apimachinery/pkg/util/wait"
 )
 
@@ -48,7 +52,29 @@ func (s *Servers) startHTTPServer(ctx context.Context) {
 }
 
 func handler(w http.ResponseWriter, r *http.Request) {
-	fmt.Fprint(w, "Hello World!")
+
+	fmt.Printf("Received request from %s %s\n", r.RemoteAddr, r.URL.Path)
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		http.Error(w, "Error reading request body", http.StatusInternalServerError)
+		return
+	}
+	defer r.Body.Close()
+	fmt.Println("Request payload:", string(body))
+
+}
+
+type authServer struct{}
+
+func (s *authServer) Check(ctx context.Context, req *authv2.CheckRequest) (*authv2.CheckResponse, error) {
+	// Log the incoming request
+	fmt.Println("Received authorization request:", req)
+
+	//  implement your authorization logic here
+	// For now, allow all requests
+	return &authv2.CheckResponse{
+		Status: &status.Status{Code: int32(codes.OK)},
+	}, nil
 }
 
 func (s *Servers) startGRPCServer(ctx context.Context) {

From 666fc55955299ff59ac73e64b15cbb04c494bd3f Mon Sep 17 00:00:00 2001
From: Sanskarzz <sanskar.gur@gmail.com>
Date: Fri, 15 Mar 2024 21:04:42 +0530
Subject: [PATCH 2/2] Resolved error and add ext authz server manifest

Signed-off-by: Sanskarzz <sanskar.gur@gmail.com>
---
 demo/istio/manifests/ext-authz.yaml | 40 +++++++++++++++++++++++++++++
 main.go                             | 30 ++++++++++++++++------
 2 files changed, 62 insertions(+), 8 deletions(-)
 create mode 100644 demo/istio/manifests/ext-authz.yaml

diff --git a/demo/istio/manifests/ext-authz.yaml b/demo/istio/manifests/ext-authz.yaml
new file mode 100644
index 00000000..0a6a512e
--- /dev/null
+++ b/demo/istio/manifests/ext-authz.yaml
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ext-authz
+  labels:
+    app: ext-authz
+  namespace: demo  
+spec:
+  ports:
+  - name: http
+    port: 8000
+    targetPort: 8000
+  - name: grpc
+    port: 9000
+    targetPort: 9000
+  selector:
+    app: ext-authz
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ext-authz
+  namespace: demo 
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ext-authz 
+  template:
+    metadata:
+      labels:
+        app: ext-authz
+    spec:
+      containers:
+      - image: ko.local/github.com/kyverno/kyverno-envoy-plugin:7bd39c9d958eb408a86cee2d97241895522b317f
+        imagePullPolicy: IfNotPresent
+        name: ext-authz
+        ports:
+        - containerPort: 8000
+        - containerPort: 9000
\ No newline at end of file
diff --git a/main.go b/main.go
index 95eae602..0c027e8b 100644
--- a/main.go
+++ b/main.go
@@ -12,7 +12,7 @@ import (
 	"syscall"
 	"time"
 
-	authv2 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2"
+	authv3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
 	"google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -22,10 +22,17 @@ import (
 type Servers struct {
 	httpServer *http.Server
 	grpcServer *grpc.Server
+	grpcV3     *extAuthzServerV3
 }
 
+type (
+	extAuthzServerV3 struct{}
+)
+
 func NewServers() *Servers {
-	return &Servers{}
+	return &Servers{
+		grpcV3: &extAuthzServerV3{},
+	}
 }
 
 func (s *Servers) startHTTPServer(ctx context.Context) {
@@ -64,15 +71,21 @@ func handler(w http.ResponseWriter, r *http.Request) {
 
 }
 
-type authServer struct{}
+func (s *extAuthzServerV3) Check(ctx context.Context, req *authv3.CheckRequest) (*authv3.CheckResponse, error) {
+
+	attrs := req.GetAttributes()
+
+	// Print each attribute individually
+	for key, value := range attrs.GetRequest().GetHttp().GetHeaders() {
+		fmt.Printf("Header: %s = %s\n", key, value)
+	}
 
-func (s *authServer) Check(ctx context.Context, req *authv2.CheckRequest) (*authv2.CheckResponse, error) {
-	// Log the incoming request
-	fmt.Println("Received authorization request:", req)
+	// Print the entire struct with field names
+	fmt.Printf("Attributes: %+v\n", attrs)
 
-	//  implement your authorization logic here
+	// Implement your authorization logic here
 	// For now, allow all requests
-	return &authv2.CheckResponse{
+	return &authv3.CheckResponse{
 		Status: &status.Status{Code: int32(codes.OK)},
 	}, nil
 }
@@ -85,6 +98,7 @@ func (s *Servers) startGRPCServer(ctx context.Context) {
 	}
 	s.grpcServer = grpc.NewServer()
 	fmt.Println("Starting GRPC server on Port 9000")
+	authv3.RegisterAuthorizationServer(s.grpcServer, s.grpcV3)
 
 	go func() {
 		<-ctx.Done()