wordpress

Kong – add custom plugins (ansible playbook)

techhadoop , , , , 

---
- name: Deploy and enable a custom plugin in Kong
  hosts: kong_servers
  become: yes
  vars:
    plugin_name: "my_custom_plugin"
    plugin_source_path: "/path/to/local/plugin" # Local path to the plugin code
    kong_plugin_dir: "/usr/local/share/lua/5.1/kong/plugins" # Default Kong plugin directory
  tasks:

    - name: Ensure Kong plugin directory exists
      file:
        path: "{{ kong_plugin_dir }}/{{ plugin_name }}"
        state: directory
        mode: '0755'

    - name: Copy plugin files to Kong plugin directory
      copy:
        src: "{{ plugin_source_path }}/"
        dest: "{{ kong_plugin_dir }}/{{ plugin_name }}/"
        mode: '0644'

    - name: Verify plugin files were copied
      shell: ls -la "{{ kong_plugin_dir }}/{{ plugin_name }}"
      register: verify_plugin_copy
    - debug:
        var: verify_plugin_copy.stdout

    - name: Update Kong configuration to include the custom plugin
      lineinfile:
        path: "/etc/kong/kong.conf"
        regexp: "^plugins ="
        line: "plugins = bundled,{{ plugin_name }}"
        state: present
      notify: restart kong

    - name: Verify the plugin is enabled
      shell: kong config parse /etc/kong/kong.conf
      register: config_check
    - debug:
        var: config_check.stdout

  handlers:
    - name: restart kong
      service:
        name: kong
        state: restarted

Ping auth plugin

techhadoop , , , ,

The Ping Auth plugin for Kong API Gateway integrates with Ping Identity’s PingAuthorize to provide attribute-based access control and policy decisions. This plugin allows Kong to utilize Ping products for dynamic authorization, making it easier to control access to your API resources1.

Key Features:

  • Attribute-Based Access Control (ABAC): Allows fine-grained access control based on user attributes and policies.
  • Dynamic Authorization: Policies can be updated in real-time without redeploying the API gateway.
  • Mutual TLS (mTLS): Supports client certificate authentication using mTLS.
  • Sideband API Protocol: Communicates with Ping services to retrieve authorization decisions.

Installation:

  1. Download the Plugin: Get the ping-auth plugin from Luarocks.
  2. Install the Plugin: Use LuaRocks to install the plugin:

luarocks install kong-plugin-ping-auth

  1. Configure Kong: Add the plugin to your Kong configuration:

plugins = bundled,ping-auth

  1. Apply the Plugin: Enable and configure the plugin via Kong’s admin UI or API.

Example Configuration:

plugins:

  – name: ping-auth

    config:

      service_url: “https://your-ping-service/policy”

This setup allows Kong to communicate with Ping services to handle authorization decisions.

Would you like more details on configuring this plugin or any other specific information?

https://github.com/pingidentity/kong-plugin-ping-auth