Proxy-Wasm plugin that grants access based on a result of HTTP callout.
$ cargo build --target wasm32-wasip1 --release
This example can be run with docker compose
and has a matching Envoy configuration.
$ docker compose up
Send HTTP request to localhost:10000/headers
:
$ curl localhost:10000/headers
{
"headers": {
"Accept": "*/*",
"Host": "localhost",
"User-Agent": "curl/7.81.0",
"X-Amzn-Trace-Id": "Root=1-637c4767-6e31776a0b407a0219b5b570",
"X-Envoy-Expected-Rq-Timeout-Ms": "15000"
}
}
Expected Envoy logs:
[...] wasm log http_auth_random: Access granted.
Send HTTP request to localhost:10000/headers
:
$ curl localhost:10000/headers
Access forbidden.
Expected Envoy logs:
[...] wasm log http_auth_random: Access forbidden.