Here is my AuthorizationPolicy having CUSTOM action used OPA as external authorizer, this policy has been applied successfully but getting error in istiod logs as shown below.
*apiVersion: security.istio.io/v1beta1*
*kind: AuthorizationPolicy*
*metadata:*
* name: '{{ .Values.fullnameOverride }}-authorisation-policy'*
*spec:*
* action: CUSTOM*
* provider:*
* name: opa.glue-system*
* rules:*
* - to:*
* - operation:*
* notPaths:*
* - /ip*
* selector:*
* matchLabels:*
* app: httpbin*
Error logs:
2022-09-19T07:24:44.780747Z debug authorization Resolved extension providers: (map[string]*builder.builtExtAuthz) (len=1) {
(string) (len=15) "opa.glue-system": (*builder.builtExtAuthz)(0xc0043f8960)({
http: (*ext_authzv3.ExtAuthz)(0xc0006a92b0)(grpc_service:{envoy_grpc:{cluster_name:"outbound|9191||opa.glue-system.svc.cluster.local" authority:"outbound_.9191_._.opa.glue-system.svc.cluster.local"} timeout:{seconds:600}} transport_api_version:V3 filter_enabled_metadata:{filter:"envoy.filters.http.rbac" path:{key:"istio_ext_authz_shadow_effective_policy_id"} value:{string_match:{prefix:"istio-ext-authz"}}}),
tcp: (*ext_authzv3.ExtAuthz)(0xc002cd3c80)(stat_prefix:"tcp." grpc_service:{envoy_grpc:{cluster_name:"outbound|9191||opa.glue-system.svc.cluster.local" authority:"outbound_.9191_._.opa.glue-system.svc.cluster.local"} timeout:{seconds:600}} transport_api_version:V3 filter_enabled_metadata:{filter:"envoy.filters.network.rbac" path:{key:"istio_ext_authz_shadow_effective_policy_id"} value:{string_match:{prefix:"istio-ext-authz"}}}),
err: (error) <nil>
})
}