v0.0.4-2 - Fix fault_tolerant when opa is down or policy is missing, X-Kong-Authz-Skipped also on request

Author: carnei-ro

README.md

@@ -10,11 +10,15 @@ Custom Kong plugin to allow for fine grained Authorization through [Open Policy
 
 Plugin will continue the request to the upstream target if OPA responds with `true`, else the plugin will return a `403 Forbidden`.
 
-Plugin will add the response headers:
+Plugin will add the:
 
-- `X-Kong-Authz-Latency`: Latency generated by the plugin
-- `X-Kong-Authz-Cache`: "Miss" or "Hit" when cache is enabled
-- `X-Kong-Authz-Skip`: "true" when `fault_tolerant` is enabled and Kong had troubles
+- request headers:
+    - `X-Kong-Authz-Skipped`: "true" when `fault_tolerant` is enabled and Kong had troubles
+
+- response headers:
+    - `X-Kong-Authz-Latency`: Latency generated by the plugin
+    - `X-Kong-Authz-Cache`: "Miss" or "Hit" when cache is enabled
+    - `X-Kong-Authz-Skipped`: "true" when `fault_tolerant` is enabled and Kong had troubles
 
 Plugin priority: `799`
 

opa/access.lua

@@ -185,7 +185,8 @@ function _M.execute(conf)
   if (not body) or (err) then
     if conf.fault_tolerant then
       kong.response.set_header("X-Kong-Authz-Latency", (ngx.now() - start_time))
-      kong.response.set_header("X-Kong-Authz-Skip", "true")
+      kong.response.set_header("X-Kong-Authz-Skipped", "true")
+      kong.service.request.set_header("X-Kong-Authz-Skipped", "true")
       return true
     else
       return kong.response.exit(500, { message = "An unexpected error occurred", error = err })