Contains miscellaneous Wasm extensions for Istio
This repository contains several canonical Wasm extensions, which intend to demonstrate:
Basic auth enforces basic auth based on request host, path, and methods. In this extension, you can find how to perform local auth decision based on headers and local reply, as well as JSON configuration string parsing and base64 decoding.
C++ scaffold provides an empty C++ extension, which can be used as a starting point to write a C++ Wasm extension.
gRPC access logging makes a logging request to a gRPC service with various kinds of request and workload attributes. In this extension, you can find how to perform asynchronous telemetry reporting, fetch various request attributes and proxy properties, use protobuf and make gRPC callout.
JWT based routing (WIP) reads JWT token information from Envoy dynamic metadata written by JWT auth filter, update host header accordingly, and trigger routing recomputation. In this extension, you can find how to read dynamic metadata, manipulate headers, and affect request routing.
Local rate limit applies a token bucket rate limit to incoming requests. Each request processed by the filter utilizes a single token, and if no tokens are available, the request is denied. In this extension you can find how to share data across all plugin VMs and deny request with local reply.
Open Policy Agent client makes HTTP callout to an Open Policy Agent (OPA) server and based on OPA server response decides whether to allow or deny an incoming request. A result cache is also included to avoid expensive callout on every request. In this extension, you can find how to perform HTTP callout, and asynchronously continue or stop an incoming request based on the response of HTTP call. You will also find how to record stats, which can be scraped in the same way as Istio standard metrics.
Zig scaffold provides an empty Zig extension, which can be used as a starting point to write a Zig Wasm extension.