kong <> permit.io - OPA - Open Policy Agent

[manjeshpv]

when i hit kong api via postman

i noticed, kong hit permit.io sidecar with below body

{
    "input": {
        "client_ip": "10.0.1.10",
        "request": {
            "http": {
                "tls": {},
                "method": "GET",
                "querystring": {},
                "port": "8000",
                "host": "api.example.com",
                "headers": {
                    "user-agent": "PostmanRuntime/7.33.0",
                    "cache-control": "no-cache",
                    "host": "api.example.com",
                    "x-real-ip": "000.000.000.000", << i made this 000 for security
                    "authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwic2Vzc2lvbl9pZCI6MSwiaWF0IjoxNjg4OTg3Mjk1LCJleHAiOjE2ODg5OTA4OTV9.wm_Y6f83BbceoL81dHjFR3eGa0Nd2UvvdSEMDnq7cKw",
                    "accept": "*/*",
                    "x-forwarded-for": "000.000.000.000",
                    "accept-encoding": "gzip, deflate, br",
                    "postman-token": "85003413-31ce-4196-ac12-40d4eab6318c",
                    "connection": "close",
                    "x-forwarded-proto": "https"
                },
                "scheme": "http",
                "path": "/hello"
            }
        }
    }
}

[manjeshpv]

got some idea from https://www.permit.io/blog/no-code-permissions-with-kong-and-permitio

For example, using the default translation table, consider the following request:

POST /v2/repository

Authorization: Bearer [bearer token for annie@example.com]

This will be translated into:

Can annie@example.com do post on repository?