GDG Devfest 2019 - Build go kit microservices at kubernetes with easeKAI CHU CHUNG
Gokit is microservice tookit and use Service/Endpoint/Transport to strict separation of concerns design. This talk to use go-kit develop microservice application integrate with consul, zipkin, prometheus, etc service and deploy on Kubernetes.
COSCUP 2020 Google 技術 x 公共參與 x 開源 口罩地圖技術開源KAI CHU CHUNG
這次台灣在防疫的表現上是亮眼的,其中最早的科技防疫「口罩地圖」扮演了拋磚引玉的作用,透過 Google Map 的結合,讓許多民眾可以很容易的找尋口罩物資,之後行政院也拍板釋出口罩存量的 open data,讓整個開放社群有更多資訊力量的投入。
介紹第一版「超商口罩地圖」的起源和概念,與第二版「藥局口罩地圖」的團隊組組成與技術應用,第二版口罩地圖是兩位 GDE 與三位 GDG organizer 的協同作業,在短短一個晚上時間內,使用 Google 雲端服務,做好能夠扛載第一天 80 萬次數的使用量。
Hiveminder - Everything but the Secret SauceJesse Vincent
Ten tools and techniques to help you:
Find bugs faster バグの検出をもっと素早く
Build web apps ウェブアプリの構築
Ship software ソフトのリリース
Get input from users ユーザからの入力を受けつける
Own the Inbox 受信箱を用意する
今日の話
Taking Jenkins Pipeline to the Extremeyinonavraham
Slide deck from Jenkins User Conference Tel Aviv 2018.
Talking about suggested (best?) practices, tips and tricks, using Jenkins pipeline scripts with shared libraries, managing shared libraries, using docker compose, and more.
GDG Devfest 2019 - Build go kit microservices at kubernetes with easeKAI CHU CHUNG
Gokit is microservice tookit and use Service/Endpoint/Transport to strict separation of concerns design. This talk to use go-kit develop microservice application integrate with consul, zipkin, prometheus, etc service and deploy on Kubernetes.
COSCUP 2020 Google 技術 x 公共參與 x 開源 口罩地圖技術開源KAI CHU CHUNG
這次台灣在防疫的表現上是亮眼的,其中最早的科技防疫「口罩地圖」扮演了拋磚引玉的作用,透過 Google Map 的結合,讓許多民眾可以很容易的找尋口罩物資,之後行政院也拍板釋出口罩存量的 open data,讓整個開放社群有更多資訊力量的投入。
介紹第一版「超商口罩地圖」的起源和概念,與第二版「藥局口罩地圖」的團隊組組成與技術應用,第二版口罩地圖是兩位 GDE 與三位 GDG organizer 的協同作業,在短短一個晚上時間內,使用 Google 雲端服務,做好能夠扛載第一天 80 萬次數的使用量。
Hiveminder - Everything but the Secret SauceJesse Vincent
Ten tools and techniques to help you:
Find bugs faster バグの検出をもっと素早く
Build web apps ウェブアプリの構築
Ship software ソフトのリリース
Get input from users ユーザからの入力を受けつける
Own the Inbox 受信箱を用意する
今日の話
Taking Jenkins Pipeline to the Extremeyinonavraham
Slide deck from Jenkins User Conference Tel Aviv 2018.
Talking about suggested (best?) practices, tips and tricks, using Jenkins pipeline scripts with shared libraries, managing shared libraries, using docker compose, and more.
Docker and Your Path to a Better Staging Environment - webinar by Gil TayarApplitools
** Full webinar recording here: https://youtu.be/cJqSr7ySTfo **
Staging environments are notoriously difficult to setup and maintain. Unless you have a top-notch DevOps team, staging environments are usually different from production environments, and because of that, are fraught with problems—from failing deployments, to out-of-disk-space errors, and various other errors.
Even when the staging environment is great, it has one problem—there’s only one. If you want to test a feature branch, you have to “allocate time”, or alternatively install the feature branch and risk disrupting other testers.
It’s time the testers took control! And build their own testing environments using Docker, Docker-Compose, and Kubernetes.
In this talk, Sr. Software Architect Gil Tayar shows how to deploy an app on your local machine using Docker and Docker Compose, and run an E2E test on it.
He also describes the necessary changes needed to make the application deployable in such a setup—turning it into a Twelve-Factor Application.
Watch this hands-on session. and enjoy these key takeaways:
Remind yourself why staging environments are problematic
-- Learn what Docker is
-- Quickly deploy an app that includes a frontend, backend service, and database, and run an E2E test on it
-- Learn how Docker, Docker Compose and Kubernetes can help you easily build multiple ephemeral staging environments
-- Enable you to help developers change their code so that it can be deployed using a Docker setup
A look at some of the configuration issues that containers introduce, and how to avoid or fix them. Discusses immutable infrastructure, the difference between build-time and runtime configuration, scheduler configuration and more.
Most AWS APIs will have limits on the amount of data you can send in one request and sometimes you really need to send a lot of data! To try to maximise the amount of data you can send, while still staying within the limits, some APIs support sending gzip-compressed payloads. But how can you send a gzipped request when using the Python SDK for AWS (boto3)? Well, I needed to answer this question recently and it turned out not to be as easy as I anticipated… Let’s jump into this rabbit hole together and let’s find out the answer!
A case study of the usage of Gradle in the Ratpack web framework. First, we'll examine the Ratpack Gradle plugins, including their functionality, implementation, and testing. Next, we'll examine the build script for the Ratpack project itself. Here, we'll discuss various details of the project's build, including handling multiple projects, multiple types of testing, support for multiple styles of target hardware (developer workstations, cloud CI), and more. For each, we'll go over the desired behavior, how it was achieved, and why it was necessary.
Gradle build tool that rocks with DSL JavaOne India 4th May 2012Rajmahendra Hegde
For the long time, we have used various build tools to package applications for new software releases or applying patches to existing applications etc. dependency management, version controlling, scalability, flexibility, single-multiple projects sup portability are some of the key areas that drove the selection of a build tool, This session focuses on Gradle as a successful build tool and looks into all the above areas and uses Groovy as a DSL. We will also look into how easy it is to use Gradle as compared to other open source build tools.
Photos: https://plus.google.com/u/0/photos/105295086916869617504/albums/5739617166453582993
Gradle build tool that rocks with DSL By Rajmahendra Hegde at JavaOne Hyderabad, India on 4th May 2012
This is my presentation from TechBeats #3 hosted by Applause about Server-Side Swift framework called Vapor.
Swift is a great language and possibility of using it also in backend is a huge benefit for any iOS developer out there. Using Vapor is a seamless experience. With this framework creating advance APIs by iOS developer is as easy as writing simple iOS app.
https://www.meetup.com/TechBeats-hosted-by-Applause/events/254910023/
Процесс разработки не начинается и не заканчивается на написании кода программного продукта. Мы пишем документацию, придумываем, как это всё оттестировать, и заботимся о том, чтобы доступность приложения была на высоком уровне.
Мы все делаем привычные вещи привычным для нас способом. Порой выполняя много ручной и неэффективной работы. Но что, если есть другой, радикальный подход. Можно ли формализовать свою деятельность и переложить её в код? Какие практики и инструменты для этого использовать?
В докладе будет представлен личный опыт автора по автоматизации различных элементов разработки ПО.
[Image Results] Java Build Tools: Part 2 - A Decision Maker's Guide Compariso...ZeroTurnaround
For you lazy coders out there, we offer the visual aids for the first 3 chapters of "Java Build Tools: Part 2 - A Decision Maker's Comparison of Maven, Gradle and Ant + Ivy". Here you can find the raw scores given to each tool based on 6 feature categories. **Download the full report to see Chapter 4, mapping the features against different user profiles**
Big query - Command line tools and Tips - (MOSG)Soshi Nemoto
BigQuery =Command line tools and Tips for business use=
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/231504491/
EWD 3 Training Course Part 22: Traversing Documents using DocumentNode ObjectsRob Tweed
This presentation is Part 22 of the EWD 3 Training Course. It examines how to traverse Documents and navigate within them using DocumentNode methods and properties
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
Docker and Your Path to a Better Staging Environment - webinar by Gil TayarApplitools
** Full webinar recording here: https://youtu.be/cJqSr7ySTfo **
Staging environments are notoriously difficult to setup and maintain. Unless you have a top-notch DevOps team, staging environments are usually different from production environments, and because of that, are fraught with problems—from failing deployments, to out-of-disk-space errors, and various other errors.
Even when the staging environment is great, it has one problem—there’s only one. If you want to test a feature branch, you have to “allocate time”, or alternatively install the feature branch and risk disrupting other testers.
It’s time the testers took control! And build their own testing environments using Docker, Docker-Compose, and Kubernetes.
In this talk, Sr. Software Architect Gil Tayar shows how to deploy an app on your local machine using Docker and Docker Compose, and run an E2E test on it.
He also describes the necessary changes needed to make the application deployable in such a setup—turning it into a Twelve-Factor Application.
Watch this hands-on session. and enjoy these key takeaways:
Remind yourself why staging environments are problematic
-- Learn what Docker is
-- Quickly deploy an app that includes a frontend, backend service, and database, and run an E2E test on it
-- Learn how Docker, Docker Compose and Kubernetes can help you easily build multiple ephemeral staging environments
-- Enable you to help developers change their code so that it can be deployed using a Docker setup
A look at some of the configuration issues that containers introduce, and how to avoid or fix them. Discusses immutable infrastructure, the difference between build-time and runtime configuration, scheduler configuration and more.
Most AWS APIs will have limits on the amount of data you can send in one request and sometimes you really need to send a lot of data! To try to maximise the amount of data you can send, while still staying within the limits, some APIs support sending gzip-compressed payloads. But how can you send a gzipped request when using the Python SDK for AWS (boto3)? Well, I needed to answer this question recently and it turned out not to be as easy as I anticipated… Let’s jump into this rabbit hole together and let’s find out the answer!
A case study of the usage of Gradle in the Ratpack web framework. First, we'll examine the Ratpack Gradle plugins, including their functionality, implementation, and testing. Next, we'll examine the build script for the Ratpack project itself. Here, we'll discuss various details of the project's build, including handling multiple projects, multiple types of testing, support for multiple styles of target hardware (developer workstations, cloud CI), and more. For each, we'll go over the desired behavior, how it was achieved, and why it was necessary.
Gradle build tool that rocks with DSL JavaOne India 4th May 2012Rajmahendra Hegde
For the long time, we have used various build tools to package applications for new software releases or applying patches to existing applications etc. dependency management, version controlling, scalability, flexibility, single-multiple projects sup portability are some of the key areas that drove the selection of a build tool, This session focuses on Gradle as a successful build tool and looks into all the above areas and uses Groovy as a DSL. We will also look into how easy it is to use Gradle as compared to other open source build tools.
Photos: https://plus.google.com/u/0/photos/105295086916869617504/albums/5739617166453582993
Gradle build tool that rocks with DSL By Rajmahendra Hegde at JavaOne Hyderabad, India on 4th May 2012
This is my presentation from TechBeats #3 hosted by Applause about Server-Side Swift framework called Vapor.
Swift is a great language and possibility of using it also in backend is a huge benefit for any iOS developer out there. Using Vapor is a seamless experience. With this framework creating advance APIs by iOS developer is as easy as writing simple iOS app.
https://www.meetup.com/TechBeats-hosted-by-Applause/events/254910023/
Процесс разработки не начинается и не заканчивается на написании кода программного продукта. Мы пишем документацию, придумываем, как это всё оттестировать, и заботимся о том, чтобы доступность приложения была на высоком уровне.
Мы все делаем привычные вещи привычным для нас способом. Порой выполняя много ручной и неэффективной работы. Но что, если есть другой, радикальный подход. Можно ли формализовать свою деятельность и переложить её в код? Какие практики и инструменты для этого использовать?
В докладе будет представлен личный опыт автора по автоматизации различных элементов разработки ПО.
[Image Results] Java Build Tools: Part 2 - A Decision Maker's Guide Compariso...ZeroTurnaround
For you lazy coders out there, we offer the visual aids for the first 3 chapters of "Java Build Tools: Part 2 - A Decision Maker's Comparison of Maven, Gradle and Ant + Ivy". Here you can find the raw scores given to each tool based on 6 feature categories. **Download the full report to see Chapter 4, mapping the features against different user profiles**
Big query - Command line tools and Tips - (MOSG)Soshi Nemoto
BigQuery =Command line tools and Tips for business use=
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/231504491/
EWD 3 Training Course Part 22: Traversing Documents using DocumentNode ObjectsRob Tweed
This presentation is Part 22 of the EWD 3 Training Course. It examines how to traverse Documents and navigate within them using DocumentNode methods and properties
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
It's silly to write the same functionality over and over again. Auth is the most often implemented functionality at web projects. Let's check how can we speed up development by using one of auth provider: Amazon Cognito, Google Firebase or Auth0. On code level we will use custom React Hooks.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Securing your Pulsar Cluster with Vault_Chris KelloggStreamNative
Learn how to secure a Pulsar cluster with Hashicorp Vault and deploy it on Kubernetes. Vault provides a secure way to generate tokens and store sensitive data and Pulsar has a pluggable architecture for authentication, authorization and secret management. This talk will walk through how to create custom plugins for Vault, integrate them with Pulsar and then deploy a Pulsar cluster on Kubernetes.
Deep Dive: Building external auth plugins for Gloo EnterpriseChristian Posta
Using the plugin framework for Ext. Auth Service in Gloo Enterprise, we can build any custom AuthN/AuthZ plugins to handle security requirements not provided out of the box.
Tired of “just use JWT!” tutorials? Learn how you could move your existing legacy authn/authz to a centralised service working together with your ingress gateway. Convert basic, bearer or other authentication mechanisms into a common format, even handling multiple auth types for all your endpoints.
Tired of “just use JWT!” tutorials? Learn how you could move your existing legacy authn/authz to a centralised service working together with your ingress gateway. Convert basic, bearer or other authentication mechanisms into a common format, even handling multiple auth types for all your endpoints.
Similar to GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization (20)
Devfest 2023 - Service Weaver Introduction - Taipei.pdfKAI CHU CHUNG
In modern software development, decentralized applications are increasingly common. Decentralized applications can split applications into multiple independent services, each service can be developed, deployed and managed independently.
Service Weaver is a decentralized application development framework provided by Google Cloud. It helps you develop, deploy and manage decentralized applications easily.
In this session, Google Cloud developer expert Kai-Chu Chung will introduce the basic concepts and usage of Service Weaver.
Cloud Workstations provides preconfigured, customizable, and secure managed development environments on Google Cloud. Cloud Workstations is accessible through a browser-based IDE, from multiple local code editors (such as IntelliJ IDEA Ultimate or VS Code), or through SSH. Instead of manually setting up development environments, you can create a workstation configuration specifying your environment in a reproducible way
GDG Cloud Taipei meetup #50 - Build go kit microservices at kubernetes with ...KAI CHU CHUNG
Gokit is microservice tookit and use Service/Endpoint/Transport to strict separation of concerns design. This talk to use go-kit develop microservice application integrate with istio, jaeger prometheus, etc service and deploy on Kubernetes.
TensorFlow 是由 Google 所公布的開源機器學習平台,根據 Github 的數據統計,TensorFlow 成為2016年最受關注的十大開源專案之一。此次分享將介紹,如何在 NAS 上整合TensorFlow 及相關 Open source project,以展示幾種相關的資料分析應用。
Continuous Integration & Continuous Delivery with GCPKAI CHU CHUNG
quick introduction to CI & CD with Google cloud platform
- App Engine Development
- Devops: CI & CD (Docker, gitlab, GCP)
- Tips & Study information
repo: https://gitlab.com/cage1016/gae-flask
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
10. Go-kit microservice + Istio
Golang UK Conference 2015 - Peter Bourgon - Go Kit A Toolkit for Microservices - https://youtu.be/aL6sd4d4hxk?t=1022
auth
+
11. Automatically secure your services through
managed authentication, authorization, and
encryption of communication between services.
Istio security - API
Authorization
12. Istio
● 1.8.0 (released 11/19)
● 1.7 (released 8/21)
● 1.6 (released 5/21)
● 1.5 (released 3/5)
● RequestAuthentication: 1.5 and above
● Mixer: default since Istio 1.3 and istio-telemetry
is disabled by default in Istio 1.5.
● holdApplicationUntilProxyStarts: 1.7 and
above
Istio - https://istio.io/latest/
13. Istio / Istio in 2020 - Following the Trade Winds - https://istio.io/latest/blog/2020/tradewinds-2020/
Istio Architecture
24. type AuthorizationServer interface {
// Performs authorization check based on the attributes associated with the
// incoming request, and returns status `OK` or not `OK`.
Check(context.Context, *CheckRequest) (*CheckResponse, error)
}
func (as *AuthorizationServer) Check(ctx context.Context, req *auth.CheckRequest) (*auth.CheckResponse, error) {
h := req.GetAttributes().GetRequest().GetHttp()
...
s := as.Verify(ctx, h.GetHeaders()["x-envoy-original-path"], h.Method, h.GetHeaders()["x-jwt-playload"])
return &auth.CheckResponse{
Status: s,
}, nil
}
envoy.config.filter.http.ext_authz.v2.ExtAuthz
AuthorizationServer is the server API for Authorization service.
If the request is deemed unauthorized at the HTTP filter the request will be denied with 403
(Forbidden) response.
25. type AuthorizationServer interface {
// Performs authorization check based on the attributes associated with the
// incoming request, and returns status `OK` or not `OK`.
Check(context.Context, *CheckRequest) (*CheckResponse, error)
}
func (as *AuthorizationServer) Check(ctx context.Context, req *auth.CheckRequest) (*auth.CheckResponse, error) {
h := req.GetAttributes().GetRequest().GetHttp()
...
s := as.Verify(ctx, h.GetHeaders()["x-envoy-original-path"], h.Method, h.GetHeaders()["x-jwt-playload"])
return &auth.CheckResponse{
Status: s,
}, nil
}
envoy.config.filter.http.ext_authz.v2.ExtAuthz
AuthorizationServer is the server API for Authorization service.
- env:
- name: QS_AUTHZ_URL
value: "authz:8000"
28. The Open Policy Agent (OPA) is an open source,
general-purpose policy engine that enables
unified, context-aware policy enforcement across
the entire stack.
Open Policy Agent