grpc auth: add file based grpc credentials extension (#3438)

Adds a file based grpc credentials extension. See issue #3392 for more details. Risk Level: Low: extension for grpc credentials loaded by explicit configuration options Testing: tests included in PR Docs Changes: Inline docs via comments and proto docs Release Notes: N/A Fixes #3392 Signed-off-by: Michael Wozniak <wozz@koh.ms> Mirrored from https://github.com/envoyproxy/envoy @ 230d2216fdd520a182dea9b5152522756853cd90
7 years ago · bd5c32ab13
parent 9f61f67459
commit bd5c32ab13
3 changed files with 43 additions and 0 deletions
--- a/docs/BUILD
+++ b/docs/BUILD
@ -47,6 +47,7 @@ proto_library(
        "//envoy/config/filter/network/rate_limit/v2:rate_limit",
        "//envoy/config/filter/network/redis_proxy/v2:redis_proxy",
        "//envoy/config/filter/network/tcp_proxy/v2:tcp_proxy",
+        "//envoy/config/grpc_credentials/v2alpha:file_based_metadata",
        "//envoy/config/health_checker/redis/v2:redis",
        "//envoy/config/metrics/v2:metrics_service",
        "//envoy/config/metrics/v2:stats",
--- a/envoy/config/grpc_credentials/v2alpha/BUILD
+++ b/envoy/config/grpc_credentials/v2alpha/BUILD
@ -0,0 +1,17 @@
+licenses(["notice"])  # Apache 2
+
+load("//bazel:api_build_system.bzl", "api_proto_library", "api_go_proto_library")
+
+api_proto_library(
+    name = "file_based_metadata",
+    srcs = ["file_based_metadata.proto"],
+    deps = ["//envoy/api/v2/core:base"],
+)
+
+api_go_proto_library(
+    name = "file_based_metadata",
+    proto = ":file_based_metadata",
+    deps = [
+        "//envoy/api/v2/core:base_go_proto",
+    ],
+)
--- a/envoy/config/grpc_credentials/v2alpha/file_based_metadata.proto
+++ b/envoy/config/grpc_credentials/v2alpha/file_based_metadata.proto
@ -0,0 +1,25 @@
+syntax = "proto3";
+
+// [#protodoc-title: Grpc Credentials File Based Metadata]
+// Configuration for File Based Metadata Grpc Credentials Plugin
+
+package envoy.config.grpc_credentials.v2alpha;
+option go_package = "v2alpha";
+
+import "envoy/api/v2/core/base.proto";
+
+message FileBasedMetadataConfig {
+
+  // Location or inline data of secret to use for authentication of the Google gRPC connection
+  // this secret will be attached to a header of the gRPC connection
+  envoy.api.v2.core.DataSource secret_data = 1;
+
+  // Metadata header key to use for sending the secret data
+  // if no header key is set, "authorization" header will be used
+  string header_key = 2;
+
+  // Prefix to prepend to the secret in the metadata header
+  // if no prefix is set, the default is to use no prefix
+  string header_prefix = 3;
+}
+