wwweww
659168fe32
- Implemented authz-adapter deployment and service for Envoy gRPC authorization. - Created PowerShell script to generate JWK for JWT authentication. - Documented the integration of ext_authz with user-rpc.ValidateToken in ENVOY_EXT_AUTHZ_ADAPTER.md. - Added comprehensive Envoy Gateway configuration guide with JWT authentication and access control in ENVOY_GATEWAY_GUIDE.md.
authz-adapter
Envoy ext_authz 适配服务,实现 envoy.service.auth.v3.Authorization,并调用 user-rpc.ValidateToken。
环境变量
LISTEN_ON:监听地址,默认0.0.0.0:9002USER_RPC_TARGET:user-rpc 地址,默认user-rpc-svc.juwan.svc.cluster.local:9001
本地运行
go run ./app/authz/adapter
Docker 构建
在仓库根目录执行:
docker build -f app/authz/adapter/Dockerfile -t authz-adapter:local .
docker run --rm -p 9002:9002 authz-adapter:local
说明
- 放行路径:
/healthz、/api/users/login、/api/users/register - 受保护路径:其余请求要求
- Cookie 中有
JToken - Header 中有
x-auth-user-id(由 Envoyjwt_authn注入)
- Cookie 中有
- 鉴权通过后回传:
x-auth-user-id、x-auth-role-type