Kong-OPA Authz plugin does not send headers information to

[rLitto]

Use Case scenario: we want OPA to make different authorization decisions based on the Accept (eg json vs xml) or other headers present in the request.

Currently the plugin provides only:

• token (jwt token)
• method (GET, POST, etc)
• path

We want to add headers. If to keep backward compatibility we don't want it set by default, we want a property configuration for the plugin to enable the option as in this old plugin: https://github.com/ninjaneers-team/kong-opa

We do NOT want to send the body too

[tsandall]

@rLitto that sounds reasonable. Feel free to submit a PR to the integration if you'd like to see it added. The contrib repo is primarily for examples and proof-of-concepts. I'm not too familiar w/ the integration but I suspect you'd just have to add the right value from the request context here: https://github.com/open-policy-agent/contrib/blob/master/kong_api_authz/src/kong/plugins/opa/access.lua#L54

[rLitto]

Hi @tsandall I have a PR almost ready, it works in our Kong but I wanted some advice on two things:

1. Changing the tests: being not a lua expert, I am not sure what is the best way to update the test since I don't know the specs of the methods
2. Changing the diagram to add the headers: it seems that the tool used needs a license to support the changes, I can switch it to mermaid.js if you are ok

[rLitto]

Draft PR: https://github.com/open-policy-agent/contrib/pull/129

[srenatus]

Switching to mermaid would be great! If it's not too much of a hassle for you.

If you get stuck with the tests, I'll try to look into them tomorrow.

[anderseknert]

PR was closed long time ago, so will close the issue too. If there's interest in this later, we can have it reopened.