Open riptl opened 3 years ago
Seems fine to me if someone is willing to do the work and a maintainer wants to sponsor the extension, I imagine this would just be a fairly simple HTTP filter that parses the request/response to set some dynamic metadata for use with ext authz or RBAC.
Marking as help wanted, though let me know if you're interested in tackling this.
I encountered the same problem and am interested in developing the filter for this, but before that, I think we need to reach a consensus on the design. For example, how to influence the routing of a JSON-RPC request based on its method
.
@terorie @snowp Any further ideas we can discuss here.
It seems that if we don’t add a field for JSON RPC
like gRPC
, we have to pass DynamicMetadata []*v32.MetadataMatcher
:
https://github.com/envoyproxy/go-control-plane/blame/e7fb5d0c57d215361beab460b34a238d55f627dd/envoy/config/route/v3/route_components.pb.go#L1083
Let me share a few random bits of information that might help with making a decision. I have contributed to a JSON-RPC API gateway solution in a SaaS company. We see a fair amount of traffic with a few thousand upstreams to ~20 JSON-RPC APIs written by third parties. Our existing system is based on OpenResty, and we are interested in migrating to Envoy to seek to improve performance and observability.
"jsonrpc":"2.0"
in the request object, however some clients don't do this. This brings up the question how closely Envoy would want to follow the JSON-RPC 2.0 spec in general. Spec violations are getting rarer though.params
field, e.g. "make sure the number of items being requested is below X".params
part of the request. I don't know whether it's practical to export the entire params
field to dynamic metadata, since it can get quite large (few KBs).I hope this wasn't too verbose and is useful for anyone trying to implement this feature.
A first suggestion on the design
jq
-like syntax to pick arbitrary request data for dynamic metadata? Not sure how this would look with batches though
Title: JSON-RPC over HTTP support
Description:
JSON-RPC is a light-weight, transport-agnostic remote procedure call (RPC) protocol. The most common transport protocols are HTTP and WebSockets, and sometimes TCP and Unix domain sockets.
JSON-RPC is commonly used to provide remote access to management interfaces. It is particularly prevalent with cryptocurrency P2P clients, being the primary access method for the majority of projects.
A common use-case of an Envoy JSON-RPC filter is access control. For example, the
ext_authz
module could be used to limit access to harmless read-only methods to lesser privileged users, while allowing admins full control.Relevant Links:
Specifications:
Notable users: