Contributor
Lahiru Udayanga De Silva

3scale - Envoy proxy authorization cache


Mentors
Alejandro Martinez Ruiz
Organization
JBoss Community

Implementing an in-proxy authorization cache for envoy proxy using web assembly and proxy-WASM rust SDK. The cache will be in synchronization with 3scale Service Management API by periodically flushing the local cache snapshot and updating the local cache with a new cache snapshot provided by 3scale Service Management API. When a HTTP request is received by the proxy, it will do a look up in the cache to check whether a cache record exist for that particular request. If a record exist, then perform authorization logic based on that request (cache hit) . If a cache record does not exist(cache miss), do a HTTP call to 3scale Service Management API to fetch relevant authorization data, add the records to the local cache for any subsequent requests and perform authorization based on the received data. For the project, a request intercepting HTTP filter and a singleton service that runs independently from request life cycle will be implemented using proxy-wasm-rust-sdk and will compile them as web assembly modules to extend envoy proxy with the HTTP filter and singleton. Web assembly modules allow us to extend envoy without building the envoy static binary using bazel build system.