Hi everyone,
I am trying to add an ext_authz filter in the istio cluster for authorizing API calls. The ext_authz filter will connect with an external server which responds with allow/deny.
Before the request reaches the ext_authz filter, we need to preprocess the request to add certain headers. The value of the headers depends on the request attributes(path, method, body etc) and can either come from a config or from an external service(http).
Ex: The header can depend on the request path and based on the config below, I can set the header value.
X-Auth-Action:
- path: “/product”
method: “POST”
value: “create-product”- path: “/product”
method: “PUT”
value: “update-product”
X-Auth-Action = “create-product” if request.path = “/product” and request.method = “POST”
Or the above value can come from an external service by passing the request details to the service.
One approach is to add another filter before ext_authz. In this case which filter will best fit the usecase? Is there any other recommended approach?