How to reflect http method to keycloak resource when using ambassador filter

Question

I'm trying to integrate the ambassador and keycloak, so all my microservices behind the ambassador could be protected by keycloak.

Now I can implement an easy case, by setting the filter + filter policy, say my resource: GET /products/:productId , if the user want to visit this page, ambassador will intercept it and redirect to keycloak login page, the filter policy settings look like:

apiVersion: getambassador.io/v2
kind: FilterPolicy
metadata:
  name: keycloak-filter-policy
  namespace: ambassador
spec:
  rules:
    - host: "*"
      path: /product/:productId
      filters:
        - name: keycloak-filter
          namespace: ambassador
          arguments:
            scopes:

My question is, how could I define policy like: POST /product/:productId ? On Keycloak, I have resource + policies such as: product:view product:edit how can I translate these resources to Ambassador's filter policies?

Answer 1

To directly answer your question, currently, you cannot add the HTTP method to the FilterPolicy. There is a workaround if you need to define more granular access control based on what you are trying to do with the resource.

For example, if you are using HTTP2 or HTTP3 you can get the method from the request headers. There is a pseudo-header called :method

Link for HTTP spec: https://httpwg.org/specs/rfc7540.html#HttpRequest

Link for Ambassador's Filters Doc: https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/