Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EnvoyProxy Auth Layer POC #25

Closed
wants to merge 6 commits into from
Closed

EnvoyProxy Auth Layer POC #25

wants to merge 6 commits into from

Conversation

AlfredoG87
Copy link
Contributor

@AlfredoG87 AlfredoG87 commented Jan 4, 2024
edited
Loading

Description:
This is a good start for the implementation of EnvoyProxy as a reverse proxy for Hedera-The-Graph Auth layer.

Related issue(s):
#18

Fixes #24

Notes for reviewer:

Next tasks:

  • Decide if we move forward using EnvoyProxy.
    (I would say Yes)
  • Decide if we will use redis vs postgres for the token db store.
    (I would say postgres)
  • Clean the unneeded code for the option we discarded.
  • Decide if we want to Hash the token on the database, and add the function to the lua script
  • Normalize the database, do a final implementation/design of the database and its scripts
  • Create a new Chart for hedera-the-graph-auth-layer
  • Integrate new Chart on the umbrella Chart for the overall deployment of hedera-the-graph.

Checklist

  • Documented (Code comments, README, etc.)
  • Tested (unit, integration, etc.)

@AlfredoG87 AlfredoG87 marked this pull request as draft January 4, 2024 21:10
@AlfredoG87 AlfredoG87 self-assigned this Jan 4, 2024
@AlfredoG87 AlfredoG87 added the New Feature A new feature, service, or documentation. Major changes that are not backwards compatible. label Jan 4, 2024
@AlfredoG87 AlfredoG87 changed the title EnvoyProxy Auth Layer POC and Initial Commit EnvoyProxy Auth Layer POC Jan 11, 2024
Nana-EC
Nana-EC reviewed Jan 11, 2024
View reviewed changes
Copy link

@Nana-EC Nana-EC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work.
Jotted down some consideration for post POC

envoy-auth-layer/Dockerfile Outdated
@@ -0,0 +1,17 @@
FROM envoyproxy/envoy:v1.28-latest
# copy envoy.yaml to the container
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: remove commented out code

envoy-auth-layer/README.md
docker run --name postgres-envoy-test -e POSTGRES_PASSWORD=mysecretpassword -p 5432:5432 -d postgres
```

Run init script to create the database and the table
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consideration for later, we can make the envoy proxy have read only permissions to the db or cache, while the token manager preserves the write permissions

envoy-auth-layer/README.md
id integer,
token character varying(255) NOT NULL,
method character varying(50) NOT NULL,
param_name character varying(50) NOT NULL
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

param_name is a placeholder for subgraph name and email for later right?

Copy link
Contributor Author

@AlfredoG87 AlfredoG87 Jan 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is more like param.name of the json payload. but this is not final, so this could change.

@AlfredoG87
Adding POC Results for auth-layer, this could be used as the beginnig…
518c561 
… of a long term final solution.

Signed-off-by: Alfredo Gutierrez <[email protected]>
@AlfredoG87
Adding white lines EOF
26eb6b4 
Signed-off-by: Alfredo Gutierrez <[email protected]>
@AlfredoG87
Add example.env
bf01e54 
Signed-off-by: Alfredo Gutierrez <[email protected]>
@AlfredoG87
Add example.env
a5ecd94 
Signed-off-by: Alfredo Gutierrez <[email protected]>
@AlfredoG87
improvements on docs
eef3872 
Signed-off-by: Alfredo Gutierrez <[email protected]>
@AlfredoG87
Removed some commented lines, addded licence header to filters script…
5d303d5 
…s and improved a little on the docs instructions, also moved the copy of the filters from the mapping volume on the docker-compose to the Dockerfile, so those files can be copied and included with the image at build time

Signed-off-by: Alfredo Gutierrez <[email protected]>
@AlfredoG87 AlfredoG87 marked this pull request as ready for review January 19, 2024 17:50
@AlfredoG87 AlfredoG87 marked this pull request as draft January 19, 2024 17:55
@AlfredoG87 AlfredoG87 closed this Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nana-EC Nana-EC Nana-EC left review comments

@rustyShacklefurd rustyShacklefurd Awaiting requested review from rustyShacklefurd

Assignees

@AlfredoG87 AlfredoG87

Labels
New Feature A new feature, service, or documentation. Major changes that are not backwards compatible.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auth-Layer: EnvoyProxy POC
2 participants
@AlfredoG87 @Nana-EC