SlideShare uma empresa Scribd logo

Deep Dive: Building external auth plugins for Gloo Enterprise

Transferir como PPTX, PDF
Christian Posta
Christian Posta

Using the plugin framework for Ext. Auth Service in Gloo Enterprise, we can build any custom AuthN/AuthZ plugins to handle security requirements not provided out of the box.

Tecnologia
1 de 28
1 | Copyright © 2019 Solo.io Deep Dive Building Go plugins for external auth service for Gloo Enterprise
2 | Copyright © 2019 The Gloo Control Plane
3 | Copyright © 2019 External Auth Plugins
4 | Copyright © 2019 External Auth Plugins
5 | Copyright © 2019 External Auth Plugins
6 | Copyright © 2019 External Auth Plugins
7 | Copyright © 2019 Creating a plugin https://github.com/solo-io/ext-auth-plugin-examplesSee example:
8 | Copyright © 20198 | Copyright © 2019 Creating the plugin source
9 | Copyright © 2019 Plugin implements ExtAuthPlugin interface type ExtAuthPlugin interface { NewConfigInstance(ctx context.Context) (configInstance interface{}, err error) GetAuthService(ctx context.Context, configInstance interface{}) (AuthService, error) } https://docs.solo.io/gloo/latest/gloo_routing/virtual_services/security/plugin_auth/
10 | Copyright © 2019 Config instance maps to what we configure in VirtualService virtualHostPlugins: extensions: configs: extauth: plugin_auth: plugins: - config: RequiredHeader: my-header AllowedValues: - foo - bar - baz name: RequiredHeader plugin_file_name: RequiredHeader.so exported_symbol_name: Plugin
11 | Copyright © 2019 AuthService interface type AuthService interface { Start(ctx context.Context) error Authorize(ctx context.Context, request *AuthorizationRequest) (*AuthorizationResponse, error) } https://docs.solo.io/gloo/latest/dev/writing_auth_plugins/
12 | Copyright © 2019 Plugin implements ExtAuthPlugin interface package main import ( impl "github.com/solo-io/ext-auth-plugin-examples/plugins/required_header/pkg" "github.com/solo-io/ext-auth-plugins/api" ) func main() {} var Plugin impl.RequiredHeaderPlugin
13 | Copyright © 2019 Creating a plugin https://github.com/solo-io/ext-auth-plugin-examplesSee example:
14 | Copyright © 201914 | Copyright © 2019 Preparing and building the plugin for Gloo Enterprise
15 | Copyright © 2019 Align version dependencies with Gloo Enterprise $ dep ensure –v $ GLOOE_VERSION=0.20.7 make compare-deps { "pluginDependencies": { "name": "github.com/gogo/protobuf", "version": "v1.2.1", "revision": "ba06b47c162d49f2af050fb4c75bcbc86a159d5c" }, "glooeDependencies": { "name": "github.com/gogo/protobuf", "version": "v1.3.0", "revision": "0ca988a254f991240804bf9821f3450d87ccbb1b" } },
16 | Copyright © 2019 Align version dependencies with Gloo Enterprise $ // correct the dep mismatches in Gopkg.toml $ dep ensure –v $ GLOOE_VERSION=0.20.7 make compare-deps go run scripts/compare_dependencies.go Gopkg.lock _glooe/Gopkg.lock All shared dependencies match
17 | Copyright © 2019 Build plugin (needs access to docker daemon) $ GLOOE_VERSION=0.20.7 make build-plugins {"level":"info","ts":"2019-11-01T16:51:10.694Z","logger":"verify-plugins.header_value_plugin", "caller":"pkg/impl.go:39","msg":"Parsed RequiredHeaderAuthService config", "requiredHeader":"my-auth-header","allowedHeaderValues":["foo","bar","baz"] } {"level":"info","ts":"2019-11-01T16:51:10.695Z","logger":"verify-plugins", "caller":"plugins/loader.go:63","msg":"Successfully loaded plugin. Adding it to the plugin chain.", "pluginName":"RequiredHeader"} {"level":"info","ts":"2019-11-01T16:51:10.696Z","logger":"verify-plugins", "caller":"scripts/verify_plugins.go:62","msg":"Successfully verified that plugins can be loaded by Gloo!"} Be on the lookout for this log line in the docker build:
18 | Copyright © 2019 Tag the docker image and push to registry $ docker images $ docker tag <find tag> gcr.io/solo-public/ext-auth-example:v0.20.7 $ docker push gcr.io/solo-public/ext-auth-example:v0.20.7
19 | Copyright © 2019 Now we have our plugin! https://github.com/solo-io/ext-auth-plugin-examplesSee example:
20 | Copyright © 201920 | Copyright © 2019 Deploying and verifying our plugin
21 | Copyright © 2019 External Auth Plugins
22 | Copyright © 2019 Configuration values for Gloo Enterprise install plugin-values.yaml license_key: YOUR_LICENSE_KEY global: extensions: extAuth: plugins: my-plugin: image: repository: gloo-examples-extauth-required-header registry: gcr.io/solo-public pullPolicy: IfNotPresent tag: 0.20.7
23 | Copyright © 2019 Install Gloo with Ext-Auth plugin configured $ helm fetch glooe/gloo-ee –-version ”0.20.7” --untar $ kubectl create ns gloo-system $ helm template gloo-ee -–namespace gloo-system –f plugin-values.yaml | kubectl apply –f -
24 | Copyright © 2019 Verify plugin got copied over correctly $ kubectl exec -n gloo-system deploy/extauth -- ls -l /auth-plugins total 28356 -rw-r--r-- 1 root root 29033304 Nov 1 20:03 RequiredHeader.so
25 | Copyright © 2019 If already have Gloo Enterprise installed? Just add the initcontainer to deploy/extauth: initContainers: - image: gcr.io/solo-public/gloo-examples-extauth-required-header:0.20.7 imagePullPolicy: IfNotPresent name: plugin-my-plugin resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /auth-plugins name: auth-plugins
26 | Copyright © 201926 | Copyright © 2019 Configure the plugin and enforcement
27 | Copyright © 2019 Config instance maps to what we configure in VirtualService virtualHostPlugins: extensions: configs: extauth: plugin_auth: plugins: - config: RequiredHeader: my-header AllowedValues: - foo - bar - baz name: RequiredHeader plugin_file_name: RequiredHeader.so exported_symbol_name: Plugin
28 | Copyright © 2019

Recomendados

DevOps and APIs: Great Alone, Better Together
DevOps and APIs: Great Alone, Better Together DevOps and APIs: Great Alone, Better Together
DevOps and APIs: Great Alone, Better Together MuleSoft
 
Kubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentKubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
 
GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)Svetlin Nakov
 
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsMeetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsRenato de Oliveira
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Daniel Bryant
 
Pave the Golden Path On Your Internal Platform
Pave the Golden Path On Your Internal PlatformPave the Golden Path On Your Internal Platform
Pave the Golden Path On Your Internal PlatformMauricio (Salaboy) Salatino
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentZane Williamson
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOpsFelipe Artur Feltes
 

Recomendados

DevOps and APIs: Great Alone, Better Together
DevOps and APIs: Great Alone, Better Together DevOps and APIs: Great Alone, Better Together
DevOps and APIs: Great Alone, Better Together MuleSoft
 
Kubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentKubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
 
GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)Svetlin Nakov
 
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsMeetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsRenato de Oliveira
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Daniel Bryant
 
Pave the Golden Path On Your Internal Platform
Pave the Golden Path On Your Internal PlatformPave the Golden Path On Your Internal Platform
Pave the Golden Path On Your Internal PlatformMauricio (Salaboy) Salatino
 
Terraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentTerraform Modules and Continuous Deployment
Terraform Modules and Continuous DeploymentZane Williamson
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOpsFelipe Artur Feltes
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeOmar Al-Safi
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
KFServing and Feast
KFServing and FeastKFServing and Feast
KFServing and FeastAnimesh Singh
 
ELK and FileBeat on OCI
ELK and FileBeat on OCIELK and FileBeat on OCI
ELK and FileBeat on OCIDonghuKIM2
 
HelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHello Cloud
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
 
Mercado Libre Case Study
Mercado Libre Case StudyMercado Libre Case Study
Mercado Libre Case StudyVMware Tanzu
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service MeshAll Things Open
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in ActionCallon Campbell
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Kubernetes 101 - A Cluster Operating System
Kubernetes 101 - A Cluster Operating SystemKubernetes 101 - A Cluster Operating System
Kubernetes 101 - A Cluster Operating Systemmikaelbarbero
 
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...confluent
 
How we reduced logs costs by moving from Elasticsearch to Grafana Loki
How we reduced logs costs by moving from Elasticsearch to Grafana LokiHow we reduced logs costs by moving from Elasticsearch to Grafana Loki
How we reduced logs costs by moving from Elasticsearch to Grafana LokiIgor Latkin
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Janusz Nowak
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformKangaroot
 
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...Backstage l'Internal Developer Portal Open Source per una migliore Developer ...
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...Commit University
 
End-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEnd-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEtienne Tremel
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...SlideTeam
 
Connect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick StreuleConnect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick StreuleAtlassian
 
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API AuthorizationGDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API AuthorizationKAI CHU CHUNG
 

Mais conteúdo relacionado

Mais procurados

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeOmar Al-Safi
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
ELK and FileBeat on OCI
ELK and FileBeat on OCIELK and FileBeat on OCI
ELK and FileBeat on OCIDonghuKIM2
 
HelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHello Cloud
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
 
Mercado Libre Case Study
Mercado Libre Case StudyMercado Libre Case Study
Mercado Libre Case StudyVMware Tanzu
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service MeshAll Things Open
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Kubernetes 101 - A Cluster Operating System
Kubernetes 101 - A Cluster Operating SystemKubernetes 101 - A Cluster Operating System
Kubernetes 101 - A Cluster Operating Systemmikaelbarbero
 
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...confluent
 
How we reduced logs costs by moving from Elasticsearch to Grafana Loki
How we reduced logs costs by moving from Elasticsearch to Grafana LokiHow we reduced logs costs by moving from Elasticsearch to Grafana Loki
How we reduced logs costs by moving from Elasticsearch to Grafana LokiIgor Latkin
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Janusz Nowak
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformKangaroot
 
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...Backstage l'Internal Developer Portal Open Source per una migliore Developer ...
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...Commit University
 
End-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEnd-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEtienne Tremel
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...SlideTeam
 

Mais procurados (20)

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえり
 
KFServing and Feast
KFServing and FeastKFServing and Feast
KFServing and Feast
 
ELK and FileBeat on OCI
ELK and FileBeat on OCIELK and FileBeat on OCI
ELK and FileBeat on OCI
 
HelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & Terraform
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
 
Mercado Libre Case Study
Mercado Libre Case StudyMercado Libre Case Study
Mercado Libre Case Study
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in Action
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
Kubernetes 101 - A Cluster Operating System
Kubernetes 101 - A Cluster Operating SystemKubernetes 101 - A Cluster Operating System
Kubernetes 101 - A Cluster Operating System
 
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...
Ingesting and Processing IoT Data Using MQTT, Kafka Connect and Kafka Streams...
 
How we reduced logs costs by moving from Elasticsearch to Grafana Loki
How we reduced logs costs by moving from Elasticsearch to Grafana LokiHow we reduced logs costs by moving from Elasticsearch to Grafana Loki
How we reduced logs costs by moving from Elasticsearch to Grafana Loki
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...Backstage l'Internal Developer Portal Open Source per una migliore Developer ...
Backstage l'Internal Developer Portal Open Source per una migliore Developer ...
 
End-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environmentsEnd-to-end testing in complex GitOps environments
End-to-end testing in complex GitOps environments
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
 

Semelhante a Deep Dive: Building external auth plugins for Gloo Enterprise

Connect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick StreuleConnect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick StreuleAtlassian
 
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API AuthorizationGDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API AuthorizationKAI CHU CHUNG
 
Web APIs & Apps - Mozilla
Web APIs & Apps - MozillaWeb APIs & Apps - Mozilla
Web APIs & Apps - MozillaRobert Nyman
 
Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)
Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)
Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)NexThoughts Technologies
 
Chatting with HIpChat: APIs 101
Chatting with HIpChat: APIs 101Chatting with HIpChat: APIs 101
Chatting with HIpChat: APIs 101colleenfry
 
WebAPIs & Apps - Mozilla London
WebAPIs & Apps - Mozilla LondonWebAPIs & Apps - Mozilla London
WebAPIs & Apps - Mozilla LondonRobert Nyman
 
Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)남균 김
 
Integrating dialog flow (api.ai) into qiscus sdk chat application
Integrating dialog flow (api.ai) into qiscus sdk chat applicationIntegrating dialog flow (api.ai) into qiscus sdk chat application
Integrating dialog flow (api.ai) into qiscus sdk chat applicationErick Ranes Akbar Mawuntu
 
[Test bash manchester] contract testing in practice
[Test bash manchester] contract testing in practice[Test bash manchester] contract testing in practice
[Test bash manchester] contract testing in practicePierre Vincent
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
 
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...KAI CHU CHUNG
 
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsPVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsAndrey Karpov
 
Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)Maarten Mulders
 
Nk API - examples
Nk API - examplesNk API - examples
Nk API - examplesnasza-klasa
 
Distributing UI Libraries: in a post Web-Component world
Distributing UI Libraries: in a post Web-Component worldDistributing UI Libraries: in a post Web-Component world
Distributing UI Libraries: in a post Web-Component worldRachael L Moore
 
Baking in the cloud with packer and puppet
Baking in the cloud with packer and puppetBaking in the cloud with packer and puppet
Baking in the cloud with packer and puppetAlan Parkinson
 
Drive chrome(headless) with puppeteer
Drive chrome(headless) with puppeteerDrive chrome(headless) with puppeteer
Drive chrome(headless) with puppeteerVodqaBLR
 
OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýOSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýNETWAYS
 

Semelhante a Deep Dive: Building external auth plugins for Gloo Enterprise (20)

Connect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick StreuleConnect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick Streule
 
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API AuthorizationGDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
 
Web APIs & Apps - Mozilla
Web APIs & Apps - MozillaWeb APIs & Apps - Mozilla
Web APIs & Apps - Mozilla
 
Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)
Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)
Grails Plugins(Console, DB Migration, Asset Pipeline and Remote pagination)
 
Chatting with HIpChat: APIs 101
Chatting with HIpChat: APIs 101Chatting with HIpChat: APIs 101
Chatting with HIpChat: APIs 101
 
WebAPIs & Apps - Mozilla London
WebAPIs & Apps - Mozilla LondonWebAPIs & Apps - Mozilla London
WebAPIs & Apps - Mozilla London
 
Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)
 
Grails plugin
Grails pluginGrails plugin
Grails plugin
 
Integrating dialog flow (api.ai) into qiscus sdk chat application
Integrating dialog flow (api.ai) into qiscus sdk chat applicationIntegrating dialog flow (api.ai) into qiscus sdk chat application
Integrating dialog flow (api.ai) into qiscus sdk chat application
 
[Test bash manchester] contract testing in practice
[Test bash manchester] contract testing in practice[Test bash manchester] contract testing in practice
[Test bash manchester] contract testing in practice
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
 
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...
 
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsPVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
 
Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)Mastering Microservices with Kong (DevoxxUK 2019)
Mastering Microservices with Kong (DevoxxUK 2019)
 
Nk API - examples
Nk API - examplesNk API - examples
Nk API - examples
 
Distributing UI Libraries: in a post Web-Component world
Distributing UI Libraries: in a post Web-Component worldDistributing UI Libraries: in a post Web-Component world
Distributing UI Libraries: in a post Web-Component world
 
Baking in the cloud with packer and puppet
Baking in the cloud with packer and puppetBaking in the cloud with packer and puppet
Baking in the cloud with packer and puppet
 
Drive chrome(headless) with puppeteer
Drive chrome(headless) with puppeteerDrive chrome(headless) with puppeteer
Drive chrome(headless) with puppeteer
 
OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýOSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
 

Mais de Christian Posta

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityChristian Posta
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshChristian Posta
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsChristian Posta
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshChristian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneChristian Posta
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionChristian Posta
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for MicroservicesChristian Posta
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Christian Posta
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshChristian Posta
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Christian Posta
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisisChristian Posta
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...Christian Posta
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapeChristian Posta
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscapeChristian Posta
 

Mais de Christian Posta (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
 

Último

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Deep Dive: Building external auth plugins for Gloo Enterprise

  • 1. 1 | Copyright © 2019 Solo.io Deep Dive Building Go plugins for external auth service for Gloo Enterprise
  • 2. 2 | Copyright © 2019 The Gloo Control Plane
  • 3. 3 | Copyright © 2019 External Auth Plugins
  • 4. 4 | Copyright © 2019 External Auth Plugins
  • 5. 5 | Copyright © 2019 External Auth Plugins
  • 6. 6 | Copyright © 2019 External Auth Plugins
  • 7. 7 | Copyright © 2019 Creating a plugin https://github.com/solo-io/ext-auth-plugin-examplesSee example:
  • 8. 8 | Copyright © 20198 | Copyright © 2019 Creating the plugin source
  • 9. 9 | Copyright © 2019 Plugin implements ExtAuthPlugin interface type ExtAuthPlugin interface { NewConfigInstance(ctx context.Context) (configInstance interface{}, err error) GetAuthService(ctx context.Context, configInstance interface{}) (AuthService, error) } https://docs.solo.io/gloo/latest/gloo_routing/virtual_services/security/plugin_auth/
  • 10. 10 | Copyright © 2019 Config instance maps to what we configure in VirtualService virtualHostPlugins: extensions: configs: extauth: plugin_auth: plugins: - config: RequiredHeader: my-header AllowedValues: - foo - bar - baz name: RequiredHeader plugin_file_name: RequiredHeader.so exported_symbol_name: Plugin
  • 11. 11 | Copyright © 2019 AuthService interface type AuthService interface { Start(ctx context.Context) error Authorize(ctx context.Context, request *AuthorizationRequest) (*AuthorizationResponse, error) } https://docs.solo.io/gloo/latest/dev/writing_auth_plugins/
  • 12. 12 | Copyright © 2019 Plugin implements ExtAuthPlugin interface package main import ( impl "github.com/solo-io/ext-auth-plugin-examples/plugins/required_header/pkg" "github.com/solo-io/ext-auth-plugins/api" ) func main() {} var Plugin impl.RequiredHeaderPlugin
  • 13. 13 | Copyright © 2019 Creating a plugin https://github.com/solo-io/ext-auth-plugin-examplesSee example:
  • 14. 14 | Copyright © 201914 | Copyright © 2019 Preparing and building the plugin for Gloo Enterprise
  • 15. 15 | Copyright © 2019 Align version dependencies with Gloo Enterprise $ dep ensure –v $ GLOOE_VERSION=0.20.7 make compare-deps { "pluginDependencies": { "name": "github.com/gogo/protobuf", "version": "v1.2.1", "revision": "ba06b47c162d49f2af050fb4c75bcbc86a159d5c" }, "glooeDependencies": { "name": "github.com/gogo/protobuf", "version": "v1.3.0", "revision": "0ca988a254f991240804bf9821f3450d87ccbb1b" } },
  • 16. 16 | Copyright © 2019 Align version dependencies with Gloo Enterprise $ // correct the dep mismatches in Gopkg.toml $ dep ensure –v $ GLOOE_VERSION=0.20.7 make compare-deps go run scripts/compare_dependencies.go Gopkg.lock _glooe/Gopkg.lock All shared dependencies match
  • 17. 17 | Copyright © 2019 Build plugin (needs access to docker daemon) $ GLOOE_VERSION=0.20.7 make build-plugins {"level":"info","ts":"2019-11-01T16:51:10.694Z","logger":"verify-plugins.header_value_plugin", "caller":"pkg/impl.go:39","msg":"Parsed RequiredHeaderAuthService config", "requiredHeader":"my-auth-header","allowedHeaderValues":["foo","bar","baz"] } {"level":"info","ts":"2019-11-01T16:51:10.695Z","logger":"verify-plugins", "caller":"plugins/loader.go:63","msg":"Successfully loaded plugin. Adding it to the plugin chain.", "pluginName":"RequiredHeader"} {"level":"info","ts":"2019-11-01T16:51:10.696Z","logger":"verify-plugins", "caller":"scripts/verify_plugins.go:62","msg":"Successfully verified that plugins can be loaded by Gloo!"} Be on the lookout for this log line in the docker build:
  • 18. 18 | Copyright © 2019 Tag the docker image and push to registry $ docker images $ docker tag <find tag> gcr.io/solo-public/ext-auth-example:v0.20.7 $ docker push gcr.io/solo-public/ext-auth-example:v0.20.7
  • 19. 19 | Copyright © 2019 Now we have our plugin! https://github.com/solo-io/ext-auth-plugin-examplesSee example:
  • 20. 20 | Copyright © 201920 | Copyright © 2019 Deploying and verifying our plugin
  • 21. 21 | Copyright © 2019 External Auth Plugins
  • 22. 22 | Copyright © 2019 Configuration values for Gloo Enterprise install plugin-values.yaml license_key: YOUR_LICENSE_KEY global: extensions: extAuth: plugins: my-plugin: image: repository: gloo-examples-extauth-required-header registry: gcr.io/solo-public pullPolicy: IfNotPresent tag: 0.20.7
  • 23. 23 | Copyright © 2019 Install Gloo with Ext-Auth plugin configured $ helm fetch glooe/gloo-ee –-version ”0.20.7” --untar $ kubectl create ns gloo-system $ helm template gloo-ee -–namespace gloo-system –f plugin-values.yaml | kubectl apply –f -
  • 24. 24 | Copyright © 2019 Verify plugin got copied over correctly $ kubectl exec -n gloo-system deploy/extauth -- ls -l /auth-plugins total 28356 -rw-r--r-- 1 root root 29033304 Nov 1 20:03 RequiredHeader.so
  • 25. 25 | Copyright © 2019 If already have Gloo Enterprise installed? Just add the initcontainer to deploy/extauth: initContainers: - image: gcr.io/solo-public/gloo-examples-extauth-required-header:0.20.7 imagePullPolicy: IfNotPresent name: plugin-my-plugin resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /auth-plugins name: auth-plugins
  • 26. 26 | Copyright © 201926 | Copyright © 2019 Configure the plugin and enforcement
  • 27. 27 | Copyright © 2019 Config instance maps to what we configure in VirtualService virtualHostPlugins: extensions: configs: extauth: plugin_auth: plugins: - config: RequiredHeader: my-header AllowedValues: - foo - bar - baz name: RequiredHeader plugin_file_name: RequiredHeader.so exported_symbol_name: Plugin
  • 28. 28 | Copyright © 2019