Credential Injector Filter: OAuth2 client credential extension (#33702)

* Credential Injector Filter: Oauth2 client credential extension

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* Add tests

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* format

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* proto update

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* doc and gcc fix

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* docs

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* more tests and configuration knob for retry interval

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* format

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* format

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* retrigger ci

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* test

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* test

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* docs update

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* enable/disable instead recreating timer

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* retrigger ci

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* config test

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* yamllint

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* path update

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* try adding credentials file

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* access log

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* update path

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* more updates

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* add secrets for test env

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* add secrets dir

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* fix another rule

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* fix file count and address timer feedback

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* remove debugging changes

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* fix

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* dont use statelessMockServerContext

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* revert mockServerContext and docs changes to see if tests pass

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* revert references to example yamls

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* revert the reverts

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* retrigger ci

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* Use static secret in docs and more tests

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* format

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* format

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* fix

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* feedback

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* retrigger ci

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* more tests

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* format

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* fix tsan

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* Address feedback: docs and request lifetime

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* title line

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* fix doc

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* More tests

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* format

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* Address feedback

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* revert accidental commit

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* Move extension tests to under http/extensions

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* add teardown

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* tear down

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

* asan

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

---------

Signed-off-by: Vikas Choudhary <choudharyvikas16@gmail.com>

Mirrored from https://github.com/envoyproxy/envoy @ 1d180acd16605f5ba7519c953fcf3874c933e553

envoy/extensions/http/injected_credentials/oauth2/v3/oauth2.proto

@@ -5,6 +5,8 @@ package envoy.extensions.http.injected_credentials.oauth2.v3;
 import "envoy/config/core/v3/http_uri.proto";
 import "envoy/extensions/transport_sockets/tls/v3/secret.proto";
 
+import "google/protobuf/duration.proto";
+
 import "xds/annotations/v3/status.proto";
 
 import "udpa/annotations/status.proto";
@@ -18,7 +20,6 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 option (xds.annotations.v3.file_status).work_in_progress = true;
 
 // [#protodoc-title: OAuth2 Credential]
-// [#not-implemented-hide:]
 // [#extension: envoy.http.injected_credentials.oauth2]
 
 // OAuth2 extension can be used to retrieve an OAuth2 access token from an authorization server and inject it into the
@@ -67,4 +68,9 @@ message OAuth2 {
     // Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-4.4) for details.
     ClientCredentials client_credentials = 3;
   }
+
+  // The interval between two successive retries to fetch token from Identity Provider. Default is 2 secs.
+  // The interval must be at least 1 second.
+  google.protobuf.Duration token_fetch_retry_interval = 4
+      [(validate.rules).duration = {gte {seconds: 1}}];
 }