Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add AWS request signing filter (#9751)

Browse Source 
This new alpha filter injects authentication headers for requests
directed at AWS services that require authentication.

Note:

Requests over plain HTTP aren't handled yet, since the message body
needs to be signed.

Fixes #9708

Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>

Mirrored from https://github.com/envoyproxy/envoy @ ee2306673b79215641be02893cb4d8b2b256c466
master-ci-test
data-plane-api(CircleCI) 5 years ago
parent 5f6f4e6107
commit c6e78802b7
6 changed files with 90 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      BUILD
  2. 1
      docs/BUILD
  3. 9
      envoy/config/filter/http/aws_request_signing/v2alpha/BUILD
  4. 32
      envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto
  5. 12
      envoy/extensions/filters/http/aws_request_signing/v3/BUILD
  6. 34
      envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto

2
BUILD
Unescape View File

@ -28,6 +28,7 @@ proto_library(
"//envoy/config/filter/dubbo/router/v2alpha1:pkg",
"//envoy/config/filter/fault/v2:pkg",
"//envoy/config/filter/http/adaptive_concurrency/v2alpha:pkg",
"//envoy/config/filter/http/aws_request_signing/v2alpha:pkg",
"//envoy/config/filter/http/buffer/v2:pkg",
"//envoy/config/filter/http/cors/v2:pkg",
"//envoy/config/filter/http/csrf/v2:pkg",
@ -156,6 +157,7 @@ proto_library(
"//envoy/extensions/common/tap/v3:pkg",
"//envoy/extensions/filters/common/fault/v3:pkg",
"//envoy/extensions/filters/http/adaptive_concurrency/v3:pkg",
"//envoy/extensions/filters/http/aws_request_signing/v3:pkg",
"//envoy/extensions/filters/http/buffer/v3:pkg",
"//envoy/extensions/filters/http/cors/v3:pkg",
"//envoy/extensions/filters/http/csrf/v3:pkg",

1
docs/BUILD
Unescape View File

@ -34,6 +34,7 @@ proto_library(
"//envoy/config/filter/dubbo/router/v2alpha1:pkg",
"//envoy/config/filter/fault/v2:pkg",
"//envoy/config/filter/http/adaptive_concurrency/v2alpha:pkg",
"//envoy/config/filter/http/aws_request_signing/v2alpha:pkg",
"//envoy/config/filter/http/buffer/v2:pkg",
"//envoy/config/filter/http/cors/v2:pkg",
"//envoy/config/filter/http/csrf/v2:pkg",

9
envoy/config/filter/http/aws_request_signing/v2alpha/BUILD
Unescape View File

@ -0,0 +1,9 @@
# DO NOT EDIT. This file is generated by tools/proto_sync.py.
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
licenses(["notice"]) # Apache 2
api_proto_package(
deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"],
)

32
envoy/config/filter/http/aws_request_signing/v2alpha/aws_request_signing.proto
Unescape View File

@ -0,0 +1,32 @@
syntax = "proto3";
package envoy.config.filter.http.aws_request_signing.v2alpha;
import "udpa/annotations/migrate.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.filter.http.aws_request_signing.v2alpha";
option java_outer_classname = "AwsRequestSigningProto";
option java_multiple_files = true;
option (udpa.annotations.file_migrate).move_to_package =
"envoy.extensions.filters.http.aws_request_signing.v3";
// [#protodoc-title: AwsRequestSigning]
// AwsRequestSigning :ref:`configuration overview <config_http_filters_aws_request_signing>`.
// [#extension: envoy.filters.http.aws_request_signing]
// Top level configuration for the AWS request signing filter.
message AwsRequestSigning {
// The `service namespace
// <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces>`_
// of the HTTP endpoint.
//
// Example: s3
string service_name = 1 [(validate.rules).string = {min_bytes: 1}];
// The `region <https://docs.aws.amazon.com/general/latest/gr/rande.html>`_ hosting the HTTP
// endpoint.
//
// Example: us-west-2
string region = 2 [(validate.rules).string = {min_bytes: 1}];
}

12
envoy/extensions/filters/http/aws_request_signing/v3/BUILD
Unescape View File

@ -0,0 +1,12 @@
# DO NOT EDIT. This file is generated by tools/proto_sync.py.
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
licenses(["notice"]) # Apache 2
api_proto_package(
deps = [
"//envoy/config/filter/http/aws_request_signing/v2alpha:pkg",
"@com_github_cncf_udpa//udpa/annotations:pkg",
],
)

34
envoy/extensions/filters/http/aws_request_signing/v3/aws_request_signing.proto
Unescape View File

@ -0,0 +1,34 @@
syntax = "proto3";
package envoy.extensions.filters.http.aws_request_signing.v3;
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.aws_request_signing.v3";
option java_outer_classname = "AwsRequestSigningProto";
option java_multiple_files = true;
// [#protodoc-title: AwsRequestSigning]
// AwsRequestSigning :ref:`configuration overview <config_http_filters_aws_request_signing>`.
// [#extension: envoy.filters.http.aws_request_signing]
// Top level configuration for the AWS request signing filter.
message AwsRequestSigning {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.aws_request_signing.v2alpha.AwsRequestSigning";
// The `service namespace
// <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces>`_
// of the HTTP endpoint.
//
// Example: s3
string service_name = 1 [(validate.rules).string = {min_bytes: 1}];
// The `region <https://docs.aws.amazon.com/general/latest/gr/rande.html>`_ hosting the HTTP
// endpoint.
//
// Example: us-west-2
string region = 2 [(validate.rules).string = {min_bytes: 1}];
}
Write Preview
Loading…
Cancel
Save