Feature: Add OpenFGA Check API Integration to the Security Policy

[missBerg]

Description: Have a well defined API for creating OpenFGA Check queries in the Security Policy, making it easier to leverage OpenFGA for authorization decisions in Envoy Gateway.

Ideally you should be able to pick up parameter values for the Open FGA Query API request from headers or query parameters in the request.

This simplifies integration with OpenFGA, as the adopter no longer have to write a separate service that sits between Envoy and OpenFGA.

I believe this probably would need some work in Envoy Proxy to make it work though.

Relevant Links: Open FGA (a CNCF project): https://openfga.dev/ The Check API can be found in Relationship Queries: https://openfga.dev/api/service#/Relationship%20Queries EG Security Policy: https://gateway.envoyproxy.io/contributions/design/security-policy/

[jcchavezs]

This is WIP https://github.com/openfga/openfga-envoy

[zirain]

This is WIP https://github.com/openfga/openfga-envoy

it's 404.

[arkodg]

prefer if we start off by documenting the integration of Envoy Gateway and OpenFGA with @jcchavezs's ext authz based OpenFGA-Envoy server

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 30 days.