Package io.envoyproxy.envoy.extensions.filters.http.credential_injector.v3

Class CredentialInjector.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderT>
com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>
io.envoyproxy.envoy.extensions.filters.http.credential_injector.v3.CredentialInjector.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, CredentialInjectorOrBuilder, Cloneable
Enclosing class:
CredentialInjector
public static final class CredentialInjector.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder> implements CredentialInjectorOrBuilder
 Credential Injector injects credentials into outgoing HTTP requests. The filter configuration is used to retrieve the credentials, or
 they can be requested through the OAuth2 client credential grant. The credentials obtained are then injected into the Authorization header
 of the proxied HTTP requests, utilizing either the Basic or Bearer scheme.

 If the credential is not present or there was a failure injecting the credential, the request will fail with ``401 Unauthorized`` unless
 ``allow_request_without_credential`` is set to ``true``.

 Notice: This filter is intended to be used for workload authentication, which means that the identity associated with the inserted credential
 is considered as the identity of the workload behind the envoy proxy(in this case, envoy is typically deployed as a sidecar alongside that
 workload). Please note that this filter does not handle end user authentication. Its purpose is solely to authenticate the workload itself.

 Here is an example of CredentialInjector configuration with Generic credential, which injects an HTTP Basic Auth credential into the proxied requests.

 .. code-block:: yaml

  overwrite: true
  credential:
    name: generic_credential
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.http.injected_credentials.generic.v3.Generic
      credential:
        name: credential
        sds_config:
          path_config_source:
            path: credential.yaml
      header: Authorization

 credential.yaml for Basic Auth:

 .. code-block:: yaml

  resources:
  - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"
    name: credential
    generic_secret:
      secret:
        inline_string: "Basic base64EncodedUsernamePassword"

 It can also be configured to inject a Bearer token into the proxied requests.

 credential.yaml for Bearer Token:

 .. code-block:: yaml

  resources:
  - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"
    name: credential
    generic_secret:
      secret:
        inline_string: "Bearer myToken"
Protobuf type envoy.extensions.filters.http.credential_injector.v3.CredentialInjector

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • clear

      public CredentialInjector.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • getDefaultInstanceForType

      public CredentialInjector getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public CredentialInjector build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public CredentialInjector buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public CredentialInjector.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • setField

      public CredentialInjector.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • clearField

      public CredentialInjector.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • clearOneof

      public CredentialInjector.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • setRepeatedField

      public CredentialInjector.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • addRepeatedField

      public CredentialInjector.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • mergeFrom

      public CredentialInjector.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<CredentialInjector.Builder>

    • mergeFrom

      public CredentialInjector.Builder mergeFrom(CredentialInjector other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • mergeFrom

      public CredentialInjector.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<CredentialInjector.Builder>
      Throws:
      IOException

    • getOverwrite

      public boolean getOverwrite()
       Whether to overwrite the value or not if the injected headers already exist.
 Value defaults to false.
      bool overwrite = 1;
      Specified by:
      getOverwrite in interface CredentialInjectorOrBuilder
      Returns:
      The overwrite.

    • setOverwrite

      public CredentialInjector.Builder setOverwrite(boolean value)
       Whether to overwrite the value or not if the injected headers already exist.
 Value defaults to false.
      bool overwrite = 1;
      Parameters:
      value - The overwrite to set.
      Returns:
      This builder for chaining.

    • clearOverwrite

      public CredentialInjector.Builder clearOverwrite()
       Whether to overwrite the value or not if the injected headers already exist.
 Value defaults to false.
      bool overwrite = 1;
      Returns:
      This builder for chaining.

    • getAllowRequestWithoutCredential

      public boolean getAllowRequestWithoutCredential()
       Whether to send the request to upstream if the credential is not present or if the credential injection
 to the request fails.

 By default, a request will fail with ``401 Unauthorized`` if the
 credential is not present or the injection of the credential to the request fails.
 If set to true, the request will be sent to upstream without the credential.
      bool allow_request_without_credential = 2;
      Specified by:
      getAllowRequestWithoutCredential in interface CredentialInjectorOrBuilder
      Returns:
      The allowRequestWithoutCredential.

    • setAllowRequestWithoutCredential

      public CredentialInjector.Builder setAllowRequestWithoutCredential(boolean value)
       Whether to send the request to upstream if the credential is not present or if the credential injection
 to the request fails.

 By default, a request will fail with ``401 Unauthorized`` if the
 credential is not present or the injection of the credential to the request fails.
 If set to true, the request will be sent to upstream without the credential.
      bool allow_request_without_credential = 2;
      Parameters:
      value - The allowRequestWithoutCredential to set.
      Returns:
      This builder for chaining.

    • clearAllowRequestWithoutCredential

      public CredentialInjector.Builder clearAllowRequestWithoutCredential()
       Whether to send the request to upstream if the credential is not present or if the credential injection
 to the request fails.

 By default, a request will fail with ``401 Unauthorized`` if the
 credential is not present or the injection of the credential to the request fails.
 If set to true, the request will be sent to upstream without the credential.
      bool allow_request_without_credential = 2;
      Returns:
      This builder for chaining.

    • hasCredential

      public boolean hasCredential()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }
      Specified by:
      hasCredential in interface CredentialInjectorOrBuilder
      Returns:
      Whether the credential field is set.

    • getCredential

      public TypedExtensionConfig getCredential()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }
      Specified by:
      getCredential in interface CredentialInjectorOrBuilder
      Returns:
      The credential.

    • setCredential

      public CredentialInjector.Builder setCredential(TypedExtensionConfig value)
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }

    • setCredential

      public CredentialInjector.Builder setCredential(TypedExtensionConfig.Builder builderForValue)
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }

    • mergeCredential

      public CredentialInjector.Builder mergeCredential(TypedExtensionConfig value)
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }

    • clearCredential

      public CredentialInjector.Builder clearCredential()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }

    • getCredentialBuilder

      public TypedExtensionConfig.Builder getCredentialBuilder()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }

    • getCredentialOrBuilder

      public TypedExtensionConfigOrBuilder getCredentialOrBuilder()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }
      Specified by:
      getCredentialOrBuilder in interface CredentialInjectorOrBuilder

    • setUnknownFields

      public final CredentialInjector.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>

    • mergeUnknownFields

      public final CredentialInjector.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<CredentialInjector.Builder>