Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

api: HTTP APIKey Auth Filter (#36709)

Browse Source 
<!--
!!!ATTENTION!!!

If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.

!!!ATTENTION!!!

For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)
-->

This PR adds the API for HTTP APIKey Auth Filter that is proposed at
https://github.com/envoyproxy/envoy/issues/34877 and
https://github.com/envoyproxy/gateway/issues/2630.

Commit Message: api: HTTP APIKey Auth Filter
Risk Level: Low (only API)
Testing: WIP (will be done after we agree on the API)
Docs Changes: WIP
Release Notes: WIP
Platform Specific Features: No
Part of: #34877

---------

Signed-off-by: Kensei Nakada <handbomusic@gmail.com>
Signed-off-by: wangbaiping(wbpcode) <wangbaiping@bytedance.com>
Co-authored-by: wangbaiping(wbpcode) <wangbaiping@bytedance.com>

Mirrored from https://github.com/envoyproxy/envoy @ 72b75074a0ee089ad81f68ae011e31f14c2936fe
main
update-envoy[bot] 4 months ago
parent 53a525a403
commit 470d9be5aa
4 changed files with 69 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      BUILD
  2. 13
      envoy/extensions/filters/http/api_key_auth/v3/BUILD
  3. 54
      envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto
  4. 1
      versioning/BUILD

1
BUILD
Unescape View File

@ -161,6 +161,7 @@ proto_library(
"//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg",
"//envoy/extensions/filters/http/admission_control/v3:pkg",
"//envoy/extensions/filters/http/alternate_protocols_cache/v3:pkg",
"//envoy/extensions/filters/http/api_key_auth/v3:pkg",
"//envoy/extensions/filters/http/aws_lambda/v3:pkg",
"//envoy/extensions/filters/http/aws_request_signing/v3:pkg",
"//envoy/extensions/filters/http/bandwidth_limit/v3:pkg",

13
envoy/extensions/filters/http/api_key_auth/v3/BUILD
Unescape View File

@ -0,0 +1,13 @@
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py.
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
licenses(["notice"]) # Apache 2
api_proto_package(
deps = [
"//envoy/config/core/v3:pkg",
"@com_github_cncf_xds//udpa/annotations:pkg",
"@com_github_cncf_xds//xds/annotations/v3:pkg",
],
)

54
envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto
Unescape View File

@ -0,0 +1,54 @@
syntax = "proto3";
package envoy.extensions.filters.http.api_key_auth.v3;
import "envoy/config/core/v3/base.proto";
import "xds/annotations/v3/status.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.api_key_auth.v3";
option java_outer_classname = "ApiKeyAuthProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/api_key_auth/v3;api_key_authv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
option (xds.annotations.v3.file_status).work_in_progress = true;
// [#protodoc-title: APIKey Auth]
// [#not-implemented-hide:]
// APIKey Auth :ref:`configuration overview <config_http_filters_api_key_auth>`.
// [#extension: envoy.filters.http.api_key_auth]
// API Key HTTP authentication.
//
// Example:
//
// .. code-block:: yaml
//
// authentication_header: "X-API-KEY"
// keys:
// inline_string: |-
// clientID1:apiKey1
// clientID2:apiKey2
//
message APIKeyAuth {
// keys used to authenticate the client.
// It should be a map of clientID to apiKey.
// The clientID serves solely for identification purposes and isn't used for authentication.
config.core.v3.DataSource keys = 1 [(udpa.annotations.sensitive) = true];
// The header name to fetch the key.
// If multiple values are present in the given header, the filter rejects the request.
// Only one of authentication_header, authentication_query, or authentication_cookie should be set.
string authentication_header = 2;
// The query parameter name to fetch the key.
// Only one of authentication_header, authentication_query, or authentication_cookie should be set.
string authentication_query = 3;
// The cookie name to fetch the key.
// Only one of authentication_header, authentication_query, or authentication_cookie should be set.
string authentication_cookie = 4;
}

1
versioning/BUILD
Unescape View File

@ -99,6 +99,7 @@ proto_library(
"//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg",
"//envoy/extensions/filters/http/admission_control/v3:pkg",
"//envoy/extensions/filters/http/alternate_protocols_cache/v3:pkg",
"//envoy/extensions/filters/http/api_key_auth/v3:pkg",
"//envoy/extensions/filters/http/aws_lambda/v3:pkg",
"//envoy/extensions/filters/http/aws_request_signing/v3:pkg",
"//envoy/extensions/filters/http/bandwidth_limit/v3:pkg",

Write Preview
Loading…
Cancel
Save