Configure consul connect with OPA as an authorization service


Envoy (v1.7.0+) supports an External Authorization filter which calls an authorization service to check if the incoming request is authorized or not and I can use OPA as an authorization service to enforce security policies over API requests received by Envoy.
In order to do this though I need to configure something similar to what I can do for Istio opa-envoy-plugin/quick_start.yaml at 2977de0ddbfc2b068c23fe4f9aae494b1c7c2113 · open-policy-agent/opa-envoy-plugin · GitHub

I was looking for ways to configure Envoy’s external_authz filter and hook in OPA through that but found nothing relevant.
Do you guys know if this is possible?


Hey Bogdan,

Just checking to see if you were able to make this work.

Hi, I didn’t had time yet to work on it. In 2 weeks I will get back and try to implement this: Connect - Envoy Integration | Consul by HashiCorp

I know it is experimental but I will test it to see if it works and also if it can be production ready.