credential_injectorv3

package

v0.12.0 Latest Latest Go to latest Published: Jan 2, 2024 License: Apache-2.0 Imports: 20 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/envoyproxy/go-control-plane

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type CredentialInjector
type CredentialInjectorMultiError
- func (m CredentialInjectorMultiError) AllErrors() []error
- func (m CredentialInjectorMultiError) Error() string
type CredentialInjectorValidationError

Constants ¶

This section is empty.

Variables ¶

View Source

var File_envoy_extensions_filters_http_credential_injector_v3_credential_injector_proto protoreflect.FileDescriptor

Functions ¶

This section is empty.

Types ¶

type CredentialInjector ¶

type CredentialInjector struct {

	// Whether to overwrite the value or not if the injected headers already exist.
	// Value defaults to false.
	Overwrite bool `protobuf:"varint,1,opt,name=overwrite,proto3" json:"overwrite,omitempty"`
	// Whether to fail the request if the credential is not present.
	// Value defaults to false.
	// If set to true, the request will fail with 401 Unauthorized if the credential is not present.
	FailIfNotPresent bool `protobuf:"varint,2,opt,name=fail_if_not_present,json=failIfNotPresent,proto3" json:"fail_if_not_present,omitempty"`
	// The credential to inject into the proxied requests
	// TODO add extension-category
	Credential *v3.TypedExtensionConfig `protobuf:"bytes,3,opt,name=credential,proto3" json:"credential,omitempty"`
	// contains filtered or unexported fields
}

Credential Injector injects credentials into outgoing HTTP requests. The filter configuration is used to retrieve the credentials, or they can be requested through the OAuth2 client credential grant. The credentials obtained are then injected into the Authorization header of the proxied HTTP requests, utilizing either the Basic or Bearer scheme.

If the credential is not present, the request will fail with 401 Unauthorized if fail_if_not_present is set to true.

Notice: This filter is intended to be used for workload authentication, which means that the identity associated with the inserted credential is considered as the identity of the workload behind the envoy proxy(in this case, envoy is typically deployed as a sidecar alongside that workload). Please note that this filter does not handle end user authentication. Its purpose is solely to authenticate the workload itself.

Here is an example of CredentialInjector configuration with Generic credential, which injects an HTTP Basic Auth credential into the proxied requests.

.. code-block:: yaml

overwrite: true
fail_if_not_present: true
credential:
  name: generic_credential
  typed_config:
    "@type": type.googleapis.com/envoy.extensions.injected_credentials.generic.v3.Generic
    credential:
      name: credential
      sds_config:
        path_config_source:
          path: credential.yaml
    header: Authorization

credential.yaml for Basic Auth:

.. code-block:: yaml

resources:
- "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"
  name: credential
  generic_secret:
    secret:
      inline_string: "Basic base64EncodedUsernamePassword"

It can also be configured to inject a Bearer token into the proxied requests. credential.yaml for Bearer Token:

.. code-block:: yaml

resources:
- "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"
  name: credential
  generic_secret:
    secret:
      inline_string: "Bearer myToken"

func (*CredentialInjector) Descriptor deprecated

func (*CredentialInjector) Descriptor() ([]byte, []int)

Deprecated: Use CredentialInjector.ProtoReflect.Descriptor instead.

func (*CredentialInjector) GetCredential ¶

func (x *CredentialInjector) GetCredential() *v3.TypedExtensionConfig

func (*CredentialInjector) GetFailIfNotPresent ¶

func (x *CredentialInjector) GetFailIfNotPresent() bool

func (*CredentialInjector) GetOverwrite ¶

func (x *CredentialInjector) GetOverwrite() bool

func (*CredentialInjector) ProtoMessage ¶

func (*CredentialInjector) ProtoMessage()

func (*CredentialInjector) ProtoReflect ¶

func (x *CredentialInjector) ProtoReflect() protoreflect.Message

func (*CredentialInjector) Reset ¶

func (x *CredentialInjector) Reset()

func (*CredentialInjector) String ¶

func (x *CredentialInjector) String() string

func (*CredentialInjector) Validate ¶

func (m *CredentialInjector) Validate() error

Validate checks the field values on CredentialInjector with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*CredentialInjector) ValidateAll ¶

func (m *CredentialInjector) ValidateAll() error

ValidateAll checks the field values on CredentialInjector with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in CredentialInjectorMultiError, or nil if none found.

type CredentialInjectorMultiError ¶

type CredentialInjectorMultiError []error

CredentialInjectorMultiError is an error wrapping multiple validation errors returned by CredentialInjector.ValidateAll() if the designated constraints aren't met.

func (CredentialInjectorMultiError) AllErrors ¶

func (m CredentialInjectorMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (CredentialInjectorMultiError) Error ¶

func (m CredentialInjectorMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type CredentialInjectorValidationError ¶

type CredentialInjectorValidationError struct {
	// contains filtered or unexported fields
}

CredentialInjectorValidationError is the validation error returned by CredentialInjector.Validate if the designated constraints aren't met.

func (CredentialInjectorValidationError) Cause ¶

func (e CredentialInjectorValidationError) Cause() error

Cause function returns cause value.

func (CredentialInjectorValidationError) Error ¶

func (e CredentialInjectorValidationError) Error() string

Error satisfies the builtin error interface

func (CredentialInjectorValidationError) ErrorName ¶

func (e CredentialInjectorValidationError) ErrorName() string

ErrorName returns error name.

func (CredentialInjectorValidationError) Field ¶

func (e CredentialInjectorValidationError) Field() string

Field function returns field value.

func (CredentialInjectorValidationError) Key ¶

func (e CredentialInjectorValidationError) Key() bool

Key function returns key value.

func (CredentialInjectorValidationError) Reason ¶

func (e CredentialInjectorValidationError) Reason() string

Reason function returns reason value.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL