Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Log request payload #53

Merged
merged 3 commits into from
Mar 26, 2024
Merged

fix: Log request payload #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
66d2cb8
fix: Log request payload
Sanskarzz Mar 15, 2024
666fc55
Resolved error and add ext authz server manifest
Sanskarzz Mar 15, 2024
b9dffe7
Merge branch 'main' into requestpayload
eddycharly Mar 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions demo/istio/manifests/ext-authz.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
apiVersion: v1
kind: Service
metadata:
name: ext-authz
labels:
app: ext-authz
namespace: demo
spec:
ports:
- name: http
port: 8000
targetPort: 8000
- name: grpc
port: 9000
targetPort: 9000
selector:
app: ext-authz
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ext-authz
namespace: demo
spec:
replicas: 1
selector:
matchLabels:
app: ext-authz
template:
metadata:
labels:
app: ext-authz
spec:
containers:
- image: ko.local/github.com/kyverno/kyverno-envoy-plugin:7bd39c9d958eb408a86cee2d97241895522b317f
imagePullPolicy: IfNotPresent
name: ext-authz
ports:
- containerPort: 8000
- containerPort: 9000
5 changes: 4 additions & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,20 @@ module github.com/kyverno/kyverno-envoy-plugin
go 1.21.4

require (
github.com/envoyproxy/go-control-plane v0.12.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80
google.golang.org/grpc v1.62.1
k8s.io/apimachinery v0.29.2
)

require (
github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
google.golang.org/protobuf v1.32.0 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
Expand Down
6 changes: 6 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
github.com/envoyproxy/go-control-plane v0.12.0 h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI=
github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0=
github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
Expand Down
44 changes: 42 additions & 2 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package main
import (
"context"
"fmt"
"io"
"log"
"net"
"net/http"
Expand All @@ -11,17 +12,27 @@ import (
"syscall"
"time"

authv3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
"google.golang.org/genproto/googleapis/rpc/status"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"k8s.io/apimachinery/pkg/util/wait"
)

type Servers struct {
httpServer *http.Server
grpcServer *grpc.Server
grpcV3 *extAuthzServerV3
}

type (
extAuthzServerV3 struct{}
)

func NewServers() *Servers {
return &Servers{}
return &Servers{
grpcV3: &extAuthzServerV3{},
}
}

func (s *Servers) startHTTPServer(ctx context.Context) {
Expand All @@ -48,7 +59,35 @@ func (s *Servers) startHTTPServer(ctx context.Context) {
}

func handler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "Hello World!")

fmt.Printf("Received request from %s %s\n", r.RemoteAddr, r.URL.Path)
body, err := io.ReadAll(r.Body)
if err != nil {
http.Error(w, "Error reading request body", http.StatusInternalServerError)
return
}
defer r.Body.Close()
fmt.Println("Request payload:", string(body))

}

func (s *extAuthzServerV3) Check(ctx context.Context, req *authv3.CheckRequest) (*authv3.CheckResponse, error) {

attrs := req.GetAttributes()

// Print each attribute individually
for key, value := range attrs.GetRequest().GetHttp().GetHeaders() {
fmt.Printf("Header: %s = %s\n", key, value)
}

// Print the entire struct with field names
fmt.Printf("Attributes: %+v\n", attrs)

// Implement your authorization logic here
// For now, allow all requests
return &authv3.CheckResponse{
Status: &status.Status{Code: int32(codes.OK)},
}, nil
}

func (s *Servers) startGRPCServer(ctx context.Context) {
Expand All @@ -59,6 +98,7 @@ func (s *Servers) startGRPCServer(ctx context.Context) {
}
s.grpcServer = grpc.NewServer()
fmt.Println("Starting GRPC server on Port 9000")
authv3.RegisterAuthorizationServer(s.grpcServer, s.grpcV3)

go func() {
<-ctx.Done()
Expand Down