Package io.envoyproxy.envoy.extensions.filters.http.credential_injector.v3

Class CredentialInjector

java.lang.Object
com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessage
com.google.protobuf.GeneratedMessageV3
io.envoyproxy.envoy.extensions.filters.http.credential_injector.v3.CredentialInjector
All Implemented Interfaces:
com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, CredentialInjectorOrBuilder, Serializable
public final class CredentialInjector extends com.google.protobuf.GeneratedMessageV3 implements CredentialInjectorOrBuilder
 Credential Injector injects credentials into outgoing HTTP requests. The filter configuration is used to retrieve the credentials, or
 they can be requested through the OAuth2 client credential grant. The credentials obtained are then injected into the Authorization header
 of the proxied HTTP requests, utilizing either the Basic or Bearer scheme.

 If the credential is not present or there was a failure injecting the credential, the request will fail with ``401 Unauthorized`` unless
 ``allow_request_without_credential`` is set to ``true``.

 Notice: This filter is intended to be used for workload authentication, which means that the identity associated with the inserted credential
 is considered as the identity of the workload behind the envoy proxy(in this case, envoy is typically deployed as a sidecar alongside that
 workload). Please note that this filter does not handle end user authentication. Its purpose is solely to authenticate the workload itself.

 Here is an example of CredentialInjector configuration with Generic credential, which injects an HTTP Basic Auth credential into the proxied requests.

 .. code-block:: yaml

  overwrite: true
  credential:
    name: generic_credential
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.http.injected_credentials.generic.v3.Generic
      credential:
        name: credential
        sds_config:
          path_config_source:
            path: credential.yaml
      header: Authorization

 credential.yaml for Basic Auth:

 .. code-block:: yaml

  resources:
  - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"
    name: credential
    generic_secret:
      secret:
        inline_string: "Basic base64EncodedUsernamePassword"

 It can also be configured to inject a Bearer token into the proxied requests.

 credential.yaml for Bearer Token:

 .. code-block:: yaml

  resources:
  - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"
    name: credential
    generic_secret:
      secret:
        inline_string: "Bearer myToken"
Protobuf type envoy.extensions.filters.http.credential_injector.v3.CredentialInjector
See Also:

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static final class 
    CredentialInjector.Builder
    Credential Injector injects credentials into outgoing HTTP requests.

    Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

    com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>,BuilderT extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT,BuilderT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

    Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

    com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    ALLOW_REQUEST_WITHOUT_CREDENTIAL_FIELD_NUMBER
     
    static final int
    CREDENTIAL_FIELD_NUMBER
     
    static final int
    OVERWRITE_FIELD_NUMBER
     

    Fields inherited from class com.google.protobuf.GeneratedMessageV3

    alwaysUseFieldBuilders, unknownFields

    Fields inherited from class com.google.protobuf.AbstractMessage

    memoizedSize

    Fields inherited from class com.google.protobuf.AbstractMessageLite

    memoizedHashCode

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    equals(Object obj)
     
    boolean
    getAllowRequestWithoutCredential()
    Whether to send the request to upstream if the credential is not present or if the credential injection to the request fails.
    TypedExtensionConfig
    getCredential()
    The credential to inject into the proxied requests [#extension-category: envoy.http.injected_credentials]
    TypedExtensionConfigOrBuilder
    getCredentialOrBuilder()
    The credential to inject into the proxied requests [#extension-category: envoy.http.injected_credentials]
    static CredentialInjector
    getDefaultInstance()
     
    CredentialInjector
    getDefaultInstanceForType()
     
    static final com.google.protobuf.Descriptors.Descriptor
    getDescriptor()
     
    boolean
    getOverwrite()
    Whether to overwrite the value or not if the injected headers already exist.
    com.google.protobuf.Parser<CredentialInjector>
    getParserForType()
     
    int
    getSerializedSize()
     
    boolean
    hasCredential()
    The credential to inject into the proxied requests [#extension-category: envoy.http.injected_credentials]
    int
    hashCode()
     
    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
    internalGetFieldAccessorTable()
     
    final boolean
    isInitialized()
     
    static CredentialInjector.Builder
    newBuilder()
     
    static CredentialInjector.Builder
    newBuilder(CredentialInjector prototype)
     
    CredentialInjector.Builder
    newBuilderForType()
     
    protected CredentialInjector.Builder
    newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
     
    protected Object
    newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
     
    static CredentialInjector
    parseDelimitedFrom(InputStream input)
     
    static CredentialInjector
    parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static CredentialInjector
    parseFrom(byte[] data)
     
    static CredentialInjector
    parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static CredentialInjector
    parseFrom(com.google.protobuf.ByteString data)
     
    static CredentialInjector
    parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static CredentialInjector
    parseFrom(com.google.protobuf.CodedInputStream input)
     
    static CredentialInjector
    parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static CredentialInjector
    parseFrom(InputStream input)
     
    static CredentialInjector
    parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static CredentialInjector
    parseFrom(ByteBuffer data)
     
    static CredentialInjector
    parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static com.google.protobuf.Parser<CredentialInjector>
    parser()
     
    CredentialInjector.Builder
    toBuilder()
     
    void
    writeTo(com.google.protobuf.CodedOutputStream output)
     

    Methods inherited from class com.google.protobuf.GeneratedMessageV3

    canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, isStringEmpty, makeExtensionsImmutable, makeMutableCopy, makeMutableCopy, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

    Methods inherited from class com.google.protobuf.AbstractMessage

    findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

    Methods inherited from class com.google.protobuf.AbstractMessageLite

    addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    Methods inherited from interface com.google.protobuf.MessageLite

    toByteArray, toByteString, writeDelimitedTo, writeTo

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Field Details

    • OVERWRITE_FIELD_NUMBER

      public static final int OVERWRITE_FIELD_NUMBER
      See Also:

    • ALLOW_REQUEST_WITHOUT_CREDENTIAL_FIELD_NUMBER

      public static final int ALLOW_REQUEST_WITHOUT_CREDENTIAL_FIELD_NUMBER
      See Also:

    • CREDENTIAL_FIELD_NUMBER

      public static final int CREDENTIAL_FIELD_NUMBER
      See Also:

  • Method Details

    • newInstance

      protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
      Overrides:
      newInstance in class com.google.protobuf.GeneratedMessageV3

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

    • getOverwrite

      public boolean getOverwrite()
       Whether to overwrite the value or not if the injected headers already exist.
 Value defaults to false.
      bool overwrite = 1;
      Specified by:
      getOverwrite in interface CredentialInjectorOrBuilder
      Returns:
      The overwrite.

    • getAllowRequestWithoutCredential

      public boolean getAllowRequestWithoutCredential()
       Whether to send the request to upstream if the credential is not present or if the credential injection
 to the request fails.

 By default, a request will fail with ``401 Unauthorized`` if the
 credential is not present or the injection of the credential to the request fails.
 If set to true, the request will be sent to upstream without the credential.
      bool allow_request_without_credential = 2;
      Specified by:
      getAllowRequestWithoutCredential in interface CredentialInjectorOrBuilder
      Returns:
      The allowRequestWithoutCredential.

    • hasCredential

      public boolean hasCredential()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }
      Specified by:
      hasCredential in interface CredentialInjectorOrBuilder
      Returns:
      Whether the credential field is set.

    • getCredential

      public TypedExtensionConfig getCredential()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }
      Specified by:
      getCredential in interface CredentialInjectorOrBuilder
      Returns:
      The credential.

    • getCredentialOrBuilder

      public TypedExtensionConfigOrBuilder getCredentialOrBuilder()
       The credential to inject into the proxied requests
 [#extension-category: envoy.http.injected_credentials]
      .envoy.config.core.v3.TypedExtensionConfig credential = 3 [(.validate.rules) = { ... }
      Specified by:
      getCredentialOrBuilder in interface CredentialInjectorOrBuilder

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3

    • writeTo

      public void writeTo(com.google.protobuf.CodedOutputStream output) throws IOException
      Specified by:
      writeTo in interface com.google.protobuf.MessageLite
      Overrides:
      writeTo in class com.google.protobuf.GeneratedMessageV3
      Throws:
      IOException

    • getSerializedSize

      public int getSerializedSize()
      Specified by:
      getSerializedSize in interface com.google.protobuf.MessageLite
      Overrides:
      getSerializedSize in class com.google.protobuf.GeneratedMessageV3

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface com.google.protobuf.Message
      Overrides:
      equals in class com.google.protobuf.AbstractMessage

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface com.google.protobuf.Message
      Overrides:
      hashCode in class com.google.protobuf.AbstractMessage

    • parseFrom

      public static CredentialInjector parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static CredentialInjector parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static CredentialInjector parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static CredentialInjector parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static CredentialInjector parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static CredentialInjector parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static CredentialInjector parseFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static CredentialInjector parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static CredentialInjector parseDelimitedFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static CredentialInjector parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseFrom

      public static CredentialInjector parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static CredentialInjector parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • newBuilderForType

      public CredentialInjector.Builder newBuilderForType()
      Specified by:
      newBuilderForType in interface com.google.protobuf.Message
      Specified by:
      newBuilderForType in interface com.google.protobuf.MessageLite

    • newBuilder

      public static CredentialInjector.Builder newBuilder()

    • newBuilder

      public static CredentialInjector.Builder newBuilder(CredentialInjector prototype)

    • toBuilder

      public CredentialInjector.Builder toBuilder()
      Specified by:
      toBuilder in interface com.google.protobuf.Message
      Specified by:
      toBuilder in interface com.google.protobuf.MessageLite

    • newBuilderForType

      protected CredentialInjector.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
      Specified by:
      newBuilderForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstance

      public static CredentialInjector getDefaultInstance()

    • parser

      public static com.google.protobuf.Parser<CredentialInjector> parser()

    • getParserForType

      public com.google.protobuf.Parser<CredentialInjector> getParserForType()
      Specified by:
      getParserForType in interface com.google.protobuf.Message
      Specified by:
      getParserForType in interface com.google.protobuf.MessageLite
      Overrides:
      getParserForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstanceForType

      public CredentialInjector getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder