Hi Team,
I am trying to customize the default http response returned from ISTIO AuthorizationPolicy for unauthorized request , But unable to intercept the request flow using Envoy filter .
istio version: 1.6.12
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: reference-oauth-impl-filter-lua
namespace: reference
spec:
workloadSelector:
labels:
app: reference-oauth-impl-rest
# tier: backend
configPatches:
-
applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: “envoy.http_connection_manager”
subFilter:
name: “envoy.router”
patch:
operation: INSERT_FIRST
value: # lua filter specification
name: envoy.lua
config:
inlineCode: |
function envoy_on_request(request_handle)
– request_handle:logWarn(“Hello World”)
end
function envoy_on_response(response_handle)
local status_ = response_handle:headers():get(":status")
response_handle:logInfo("in response_handle")
response_handle:logInfo("Status: " .. status_)
if(status_ == 401 or status_ == 403 ) then
local message_ = response_handle:body()
local response = "{"requestId"}"
local response_ = "{ \"ID\" : 123 " .. ", \"message\"" .. ":\"" .. message_ .. "\", \"status\"" ..":" ..status_ .."}"
response_handle:logInfo(response_)
response_handle:body():setBytes( response_)
response_handle:headers():replace("content-length", response_.len())
response_handle:headers():replace("content-type", "application/json")
end
end
Default Behaviour :
RBAC: access denied
status:403 and Response Headers: content-type:text/plain
Expected:
{ message: RBAC: access denied
code: 403
x-request-id:123
}
Thanks and regards,