Gloo Edge is an Envoy-based API Gateway that provides a Kubernetes CustomResourceDefinition (CRD) to manage Gloo Edge configuration for performing traffic management and routing.
This feature makes it possible to delegate authorization decisions to an external service. It also makes the request context available to the service, which can then be used to make an informed decision about the incoming request received by Gloo Edge.
This tutorial shows how the Gloo Edge external authorization filter is used with OPA as an authorization service to enforce security policies over API requests received by Gloo Edge. It also covers examples of authoring policies over the HTTP request body. It is based on the HTTP API Authorization OPA tutorial with added policies to control the ingress behavior of the application and client.