Grove Auth

🌿 GROVE ONLY

This section is only relevant to Grove's Portal authentication implementation.

If you are not using Grove's Portal authentication, you will likely not find anything of value here.

But feel free to take a look if you're curious.

Table of Contents

• Overview
  • 🫛 PEAS - PATH External Auth Server
  • Architecture Diagram
  • Enabling Grove Auth
• PEAS Documentation
  • Grove Portal Database
  • README.md
• Documentation References

Overview

GUARD contains configurations to implement authentication for PATH in a way that is compatible with Grove's Portal.

This Grove-specific implementation utilizes Envoy Gateway's External Authorization feature, which wraps Envoy Proxy's ext_authz gRPC interface.

🫛 PEAS - PATH External Auth Server

PEAS Repo

PEAS is the Grove-specific implementation of Envoy Gateway's External Authorization feature.

• This is a gRPC server that is responsible for checking if a request is authorized to access a specific service.
• Connects to the Grove Portal database to get the auth data and stores in an in-memory cache.

Architecture Diagram

Enabling Grove Auth

To enable Grove Auth, you need to set the following values in the values.yaml file:

guard.auth.groveLegacy.enabled = true
guard.auth.groveLegacy.peas.enabled = true

PEAS Documentation

Grove Portal Database

README.md

PEAS README.md

Documentation References

Helm Charts

For the full GUARD Helm Chart documentation, see GUARD Helm Chart.

For the Grove Auth code in the Helm Charts repo, see:

• Grove Auth templates Directory
• GUARD Helm Chart Grove Auth values.yaml

Envoy External Docs

For an example walkthrough of implementing external authorization with Envoy Gateway, see:

• Envoy Gateway External Auth Docs

For Envoy Proxy's ext_authz HTTP Filter documentation (how PEAS communicates with Envoy), see:

• Envoy Proxy External Auth Docs