Very fast Serverless OpenResty based proxy that can wrap upstream binaries with a login. Furthermore, we have examples of
- Local development environment
- Slack/Zapier intergration.
- A Write Ahead Log
- Google Secret Manager intergration
Read more on the OpenResty: a Swiss Army Proxy for Serverless; WAL, Slack, Zapier and Auth blog.
An earlier version is linked to in the Minimalist BeyondCorp style Identity Aware Proxy for Cloud Run blog that is just the login part.
Build on top of OpenResty, hosted on Cloud Run (and excellent match)
If upstream is slow (e.g. scaling up), you can redirect to a WAL. Latency is the time to store the message. A different location plays back the WAL with retries so you can be sure the request is eventially handled.
Intergration with Slack Reads a secret from Google secrets manager and verifies the signature HMAC
Zapier can be protected with an Oauth account
Generate a local service account key in .secret
gcloud iam service-accounts keys create .secret/sa.json --iam-account=openresty@larkworthy-tester.iam.gserviceaccount.com
run this script to get a setup that reloads on CTRL + C
/bin/bash test/dev.sh
The use of bash to start the script gives it an easier name to find to kill
killall "bash"
https://openresty-flxotk3pnq-ew.a.run.app/login?token=true
curl -X POST -d "{}" http://localhost:8080/wal-playback/
curl http://localhost:8080/httptokeninfo?id_token=foo
curl http://localhost:8080/httptokeninfo?access_token=foo
curl http://localhost:8080/slack/command