v0.0.4-2 - Fix fault_tolerant when opa is down or policy is missing, …

…X-Kong-Authz-Skipped also on request
carnei-ro · Nov 11, 2020 · 667cfa5 · 667cfa5
1 parent 737bbe4
commit 667cfa5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -10,11 +10,15 @@ Custom Kong plugin to allow for fine grained Authorization through [Open Policy
 
 Plugin will continue the request to the upstream target if OPA responds with `true`, else the plugin will return a `403 Forbidden`.
 
-Plugin will add the response headers:
+Plugin will add the:
 
-- `X-Kong-Authz-Latency`: Latency generated by the plugin
-- `X-Kong-Authz-Cache`: "Miss" or "Hit" when cache is enabled
-- `X-Kong-Authz-Skip`: "true" when `fault_tolerant` is enabled and Kong had troubles
+- request headers:
+    - `X-Kong-Authz-Skipped`: "true" when `fault_tolerant` is enabled and Kong had troubles
+
+- response headers:
+    - `X-Kong-Authz-Latency`: Latency generated by the plugin
+    - `X-Kong-Authz-Cache`: "Miss" or "Hit" when cache is enabled
+    - `X-Kong-Authz-Skipped`: "true" when `fault_tolerant` is enabled and Kong had troubles
 
 Plugin priority: `799`
 

diff --git a/opa/access.lua b/opa/access.lua
@@ -185,7 +185,8 @@ function _M.execute(conf)
   if (not body) or (err) then
     if conf.fault_tolerant then
       kong.response.set_header("X-Kong-Authz-Latency", (ngx.now() - start_time))
-      kong.response.set_header("X-Kong-Authz-Skip", "true")
+      kong.response.set_header("X-Kong-Authz-Skipped", "true")
+      kong.service.request.set_header("X-Kong-Authz-Skipped", "true")
       return true
     else
       return kong.response.exit(500, { message = "An unexpected error occurred", error = err })