-
Be the first to like this
Upcoming SlideShare
Deep Dive: Building external auth plugins for Gloo Enterprise
- 1. 1 | Copyright © 2019 Solo.io Deep Dive Building Go plugins for external auth service for Gloo Enterprise
- 2. 2 | Copyright © 2019 The Gloo Control Plane
- 3. 3 | Copyright © 2019 External Auth Plugins
- 4. 4 | Copyright © 2019 External Auth Plugins
- 5. 5 | Copyright © 2019 External Auth Plugins
- 6. 6 | Copyright © 2019 External Auth Plugins
- 7. 7 | Copyright © 2019 Creating a plugin https://github.com/solo-io/ext-auth-plugin-examplesSee example:
- 8. 8 | Copyright © 20198 | Copyright © 2019 Creating the plugin source
- 9. 9 | Copyright © 2019 Plugin implements ExtAuthPlugin interface type ExtAuthPlugin interface { NewConfigInstance(ctx context.Context) (configInstance interface{}, err error) GetAuthService(ctx context.Context, configInstance interface{}) (AuthService, error) } https://docs.solo.io/gloo/latest/gloo_routing/virtual_services/security/plugin_auth/
- 10. 10 | Copyright © 2019 Config instance maps to what we configure in VirtualService virtualHostPlugins: extensions: configs: extauth: plugin_auth: plugins: - config: RequiredHeader: my-header AllowedValues: - foo - bar - baz name: RequiredHeader plugin_file_name: RequiredHeader.so exported_symbol_name: Plugin
- 11. 11 | Copyright © 2019 AuthService interface type AuthService interface { Start(ctx context.Context) error Authorize(ctx context.Context, request *AuthorizationRequest) (*AuthorizationResponse, error) } https://docs.solo.io/gloo/latest/dev/writing_auth_plugins/
- 12. 12 | Copyright © 2019 Plugin implements ExtAuthPlugin interface package main import ( impl "github.com/solo-io/ext-auth-plugin-examples/plugins/required_header/pkg" "github.com/solo-io/ext-auth-plugins/api" ) func main() {} var Plugin impl.RequiredHeaderPlugin
- 13. 13 | Copyright © 2019 Creating a plugin https://github.com/solo-io/ext-auth-plugin-examplesSee example:
- 14. 14 | Copyright © 201914 | Copyright © 2019 Preparing and building the plugin for Gloo Enterprise
- 15. 15 | Copyright © 2019 Align version dependencies with Gloo Enterprise $ dep ensure –v $ GLOOE_VERSION=0.20.7 make compare-deps { "pluginDependencies": { "name": "github.com/gogo/protobuf", "version": "v1.2.1", "revision": "ba06b47c162d49f2af050fb4c75bcbc86a159d5c" }, "glooeDependencies": { "name": "github.com/gogo/protobuf", "version": "v1.3.0", "revision": "0ca988a254f991240804bf9821f3450d87ccbb1b" } },
- 16. 16 | Copyright © 2019 Align version dependencies with Gloo Enterprise $ // correct the dep mismatches in Gopkg.toml $ dep ensure –v $ GLOOE_VERSION=0.20.7 make compare-deps go run scripts/compare_dependencies.go Gopkg.lock _glooe/Gopkg.lock All shared dependencies match
- 17. 17 | Copyright © 2019 Build plugin (needs access to docker daemon) $ GLOOE_VERSION=0.20.7 make build-plugins {"level":"info","ts":"2019-11-01T16:51:10.694Z","logger":"verify-plugins.header_value_plugin", "caller":"pkg/impl.go:39","msg":"Parsed RequiredHeaderAuthService config", "requiredHeader":"my-auth-header","allowedHeaderValues":["foo","bar","baz"] } {"level":"info","ts":"2019-11-01T16:51:10.695Z","logger":"verify-plugins", "caller":"plugins/loader.go:63","msg":"Successfully loaded plugin. Adding it to the plugin chain.", "pluginName":"RequiredHeader"} {"level":"info","ts":"2019-11-01T16:51:10.696Z","logger":"verify-plugins", "caller":"scripts/verify_plugins.go:62","msg":"Successfully verified that plugins can be loaded by Gloo!"} Be on the lookout for this log line in the docker build:
- 18. 18 | Copyright © 2019 Tag the docker image and push to registry $ docker images $ docker tag <find tag> gcr.io/solo-public/ext-auth-example:v0.20.7 $ docker push gcr.io/solo-public/ext-auth-example:v0.20.7
- 19. 19 | Copyright © 2019 Now we have our plugin! https://github.com/solo-io/ext-auth-plugin-examplesSee example:
- 20. 20 | Copyright © 201920 | Copyright © 2019 Deploying and verifying our plugin
- 21. 21 | Copyright © 2019 External Auth Plugins
- 22. 22 | Copyright © 2019 Configuration values for Gloo Enterprise install plugin-values.yaml license_key: YOUR_LICENSE_KEY global: extensions: extAuth: plugins: my-plugin: image: repository: gloo-examples-extauth-required-header registry: gcr.io/solo-public pullPolicy: IfNotPresent tag: 0.20.7
- 23. 23 | Copyright © 2019 Install Gloo with Ext-Auth plugin configured $ helm fetch glooe/gloo-ee –-version ”0.20.7” --untar $ kubectl create ns gloo-system $ helm template gloo-ee -–namespace gloo-system –f plugin-values.yaml | kubectl apply –f -
- 24. 24 | Copyright © 2019 Verify plugin got copied over correctly $ kubectl exec -n gloo-system deploy/extauth -- ls -l /auth-plugins total 28356 -rw-r--r-- 1 root root 29033304 Nov 1 20:03 RequiredHeader.so
- 25. 25 | Copyright © 2019 If already have Gloo Enterprise installed? Just add the initcontainer to deploy/extauth: initContainers: - image: gcr.io/solo-public/gloo-examples-extauth-required-header:0.20.7 imagePullPolicy: IfNotPresent name: plugin-my-plugin resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /auth-plugins name: auth-plugins
- 26. 26 | Copyright © 201926 | Copyright © 2019 Configure the plugin and enforcement
- 27. 27 | Copyright © 2019 Config instance maps to what we configure in VirtualService virtualHostPlugins: extensions: configs: extauth: plugin_auth: plugins: - config: RequiredHeader: my-header AllowedValues: - foo - bar - baz name: RequiredHeader plugin_file_name: RequiredHeader.so exported_symbol_name: Plugin
- 28. 28 | Copyright © 2019
Be the first to comment