I am using the CUSTOM action in authz policy to implement external authorization, as in Better External Authorization.
Specifically, I implemented a grpc AuthorizationServer
, listed it as an extension provider in the mesh, and configured VirtualServices. To verify it does work, I also added some logging. The logging basically prints out the received Check
requests.
The deployment is shown in the picture below. The AuthorizationServer
is provided by the container of service A.
What puzzled me is that, while my AuthorizationServer
does check traffic going to service B, it does not check traffic going to service A.
Can anyone give a hint?