0

I tried to use the Kong image (0.5.3) and install kong successfully and was able to connect with Keyrock

Why am i not able to give Query paramter : type as a filter in keyrock permission so that user with specific permission entity type can only get the data of of that entity type and get denied for rest of the entity types

my kong congif

#####orion - host: "orion.fiware.svc.cluster.local" name: "orion" port: 1026 protocol: http

    routes:
      - name: orion
        paths:
          - /kong_prefix
        strip_path: true
  
    plugins:
      - name: rate-limiting
        config: 
          minute: 5
      
      - name: pep-plugin
        config:
          authorizationendpointtype: Keyrock
          authorizationendpointaddress: http://keyrock.fiware.svc.cluster.local:3005/user
          keyrockappid: 8216*********************************
          pathprefix: /kong_prefix
      
      - name: request-transformer
        config:
          remove:
            headers:
              - Authorization
              - authorization

how can i give permission based on Query paramter : type .

I have a issue with keyrock permission :

                  **Without using Query parameters**
                  I have set the keyrock permission method: GET, resource : **/ngsi-ld/v1/entities** 
                  when i try to get the entities using postman it works with out issues 
                  
                  **With using Query parameters**
                  But when i set the keyrock permission method: GET, resource: **/ngsi-ld/v1/entities?type=city**
                  This  fails to authorize gives error:
                   [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=debug msg="Delegate decision to Keyrock.", context: ngx.timer
                   [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="[Keyrock] Request was not allowed. Response was &
                   {0xc00020ed00 {0 0} false 0xc000022080 <nil> 0x6a1100}.", context: ngx.timer
                   [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="Request was not allowed.", context: ngx.timer

Same situation when i try to POST the data

                  **Without using Query parameters**
                  I have set the keyrock permission method: GET, resource : **/ngsi-ld/v1/entityOperations/upsert** 
                  when i try to get the entities using postman it works with out issues 
                  
                  **With using Query parameters**
                  But when i set the keyrock permission method: GET, resource: **/ngsi-ld/v1/entityOperations/upsert?type=city**
                  This  fails to authorize gives error:
                   [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=debug msg="Delegate decision to Keyrock.", context: ngx.timer
                   [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="[Keyrock] Request was not allowed. Response was &
                   {0xc00020ed00 {0 0} false 0xc000022080 <nil> 0x6a1100}.", context: ngx.timer
                   [pep-plugin:1121] time="2023-08-10T06:16:21Z" level=info msg="Request was not allowed.", context: ngx.timer
Ravi Podila
  • 1

0 Answers0