envoy-types

Crates.ioenvoy-types
lib.rsenvoy-types
version0.5.0
sourcesrc
created_at2023-07-26 23:29:02.705864
updated_at2024-08-19 14:07:23.595323
descriptionCollection of protobuf types and other assets to work with the Envoy Proxy through Rust gRPC services.
homepagehttps://github.com/flemosr/envoy-types
repositoryhttps://github.com/flemosr/envoy-types
max_upload_size
id926922
size7,399,325
Rafael Lemos (flemosr)

documentation

README

Envoy Types

Collection of protobuf types and other assets to work with the Envoy Proxy through Rust gRPC services.

Among other use cases, this crate can be used to implement an Envoy External Authorization (ExtAuthz) gRPC Server written in Rust.

Crates.io Documentation Crates.io

Examples | Docs

Getting Started

[dependencies]
envoy-types = "<envoy-types-version>"

The protobuf types made available are already pre-compiled, so you only need to have the Protocol Buffer Compiler (protoc) installed to run the crate's tests. Installation instructions can be found here.

Examples

The example bellow covers a bare-bones implementation of an Envoy ExtAuthz gRPC AuthorizationServer, with tonic. A more complete implementation, including query parameters and header manipulation, can be found at the examples directory.

use tonic::{transport::Server, Request, Response, Status};

use envoy_types::ext_authz::v3::pb::{
    Authorization, AuthorizationServer, CheckRequest, CheckResponse,
};
use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt};

#[derive(Default)]
struct MyServer;

#[tonic::async_trait]
impl Authorization for MyServer {
    async fn check(
        &self,
        request: Request<CheckRequest>,
    ) -> Result<Response<CheckResponse>, Status> {
        let request = request.into_inner();

        let client_headers = request
            .get_client_headers()
            .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?;

        let mut request_status = Status::unauthenticated("not authorized");

        if let Some(authorization) = client_headers.get("authorization") {
            if authorization == "Bearer valid-token" {
                request_status = Status::ok("request is valid");
            }
        }

        Ok(Response::new(CheckResponse::with_status(request_status)))
    }
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let addr = format!("0.0.0.0:50051").parse().unwrap();
    let server = MyServer::default();

    println!("AuthorizationServer listening on {addr}");

    Server::builder()
        .add_service(AuthorizationServer::new(server))
        .serve(addr)
        .await?;

    Ok(())
}

You can check the currently supported version of tonic at this crate's Cargo.toml file. If you want to work with a previous version, consider using a previous version of envoy-types.

License

This project is licensed under the Apache License (Version 2.0).

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion by you, shall be licensed as Apache-2.0, without any additional terms or conditions.

Commit count: 46

cargo fmt