diff --git a/BUILD b/BUILD index 41e3e365..459e54f3 100644 --- a/BUILD +++ b/BUILD @@ -161,6 +161,7 @@ proto_library( "//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg", "//envoy/extensions/filters/http/admission_control/v3:pkg", "//envoy/extensions/filters/http/alternate_protocols_cache/v3:pkg", + "//envoy/extensions/filters/http/api_key_auth/v3:pkg", "//envoy/extensions/filters/http/aws_lambda/v3:pkg", "//envoy/extensions/filters/http/aws_request_signing/v3:pkg", "//envoy/extensions/filters/http/bandwidth_limit/v3:pkg", diff --git a/envoy/extensions/filters/http/api_key_auth/v3/BUILD b/envoy/extensions/filters/http/api_key_auth/v3/BUILD new file mode 100644 index 00000000..628f7132 --- /dev/null +++ b/envoy/extensions/filters/http/api_key_auth/v3/BUILD @@ -0,0 +1,13 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = [ + "//envoy/config/core/v3:pkg", + "@com_github_cncf_xds//udpa/annotations:pkg", + "@com_github_cncf_xds//xds/annotations/v3:pkg", + ], +) diff --git a/envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto b/envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto new file mode 100644 index 00000000..0ea66523 --- /dev/null +++ b/envoy/extensions/filters/http/api_key_auth/v3/api_key_auth.proto @@ -0,0 +1,54 @@ +syntax = "proto3"; + +package envoy.extensions.filters.http.api_key_auth.v3; + +import "envoy/config/core/v3/base.proto"; + +import "xds/annotations/v3/status.proto"; + +import "udpa/annotations/sensitive.proto"; +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.filters.http.api_key_auth.v3"; +option java_outer_classname = "ApiKeyAuthProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/api_key_auth/v3;api_key_authv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; +option (xds.annotations.v3.file_status).work_in_progress = true; + +// [#protodoc-title: APIKey Auth] +// [#not-implemented-hide:] +// APIKey Auth :ref:`configuration overview `. +// [#extension: envoy.filters.http.api_key_auth] + +// API Key HTTP authentication. +// +// Example: +// +// .. code-block:: yaml +// +// authentication_header: "X-API-KEY" +// keys: +// inline_string: |- +// clientID1:apiKey1 +// clientID2:apiKey2 +// +message APIKeyAuth { + // keys used to authenticate the client. + // It should be a map of clientID to apiKey. + // The clientID serves solely for identification purposes and isn't used for authentication. + config.core.v3.DataSource keys = 1 [(udpa.annotations.sensitive) = true]; + + // The header name to fetch the key. + // If multiple values are present in the given header, the filter rejects the request. + // Only one of authentication_header, authentication_query, or authentication_cookie should be set. + string authentication_header = 2; + + // The query parameter name to fetch the key. + // Only one of authentication_header, authentication_query, or authentication_cookie should be set. + string authentication_query = 3; + + // The cookie name to fetch the key. + // Only one of authentication_header, authentication_query, or authentication_cookie should be set. + string authentication_cookie = 4; +} diff --git a/versioning/BUILD b/versioning/BUILD index 6a0455c0..59e46ce6 100644 --- a/versioning/BUILD +++ b/versioning/BUILD @@ -99,6 +99,7 @@ proto_library( "//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg", "//envoy/extensions/filters/http/admission_control/v3:pkg", "//envoy/extensions/filters/http/alternate_protocols_cache/v3:pkg", + "//envoy/extensions/filters/http/api_key_auth/v3:pkg", "//envoy/extensions/filters/http/aws_lambda/v3:pkg", "//envoy/extensions/filters/http/aws_request_signing/v3:pkg", "//envoy/extensions/filters/http/bandwidth_limit/v3:pkg",