api_key_authv3

package
v1.36.11-2026031120213... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: unknown License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_envoy_extensions_filters_http_api_key_auth_v3_api_key_auth_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ApiKeyAuth 

type ApiKeyAuth struct {

	// The credentials that are used to authenticate the clients.
	Credentials []*Credential `protobuf:"bytes,1,rep,name=credentials,proto3" json:"credentials,omitempty"`
	// The key sources to fetch the key from the coming request.
	KeySources []*KeySource `protobuf:"bytes,2,rep,name=key_sources,json=keySources,proto3" json:"key_sources,omitempty"`
	// Optional configuration to control what information should be propagated to upstream services.
	Forwarding *Forwarding `protobuf:"bytes,3,opt,name=forwarding,proto3" json:"forwarding,omitempty"`
	// contains filtered or unexported fields
}

API Key HTTP authentication.

For example, the following configuration configures the filter to authenticate the clients using the API key from the header “X-API-KEY“. And only the clients with the key “real-key“ are considered as authenticated. The client information is configured to be forwarded in the header “x-client-id“.

.. code-block:: yaml 

credentials:
- key: real-key
  client: user
key_sources:
 - header: "X-API-KEY"
forwarding:
  header: "x-client-id"
  hide_credentials: false

func (*ApiKeyAuth) ClearForwarding 

func (x *ApiKeyAuth) ClearForwarding()

func (*ApiKeyAuth) GetCredentials 

func (x *ApiKeyAuth) GetCredentials() []*Credential

func (*ApiKeyAuth) GetForwarding 

func (x *ApiKeyAuth) GetForwarding() *Forwarding

func (*ApiKeyAuth) GetKeySources 

func (x *ApiKeyAuth) GetKeySources() []*KeySource

func (*ApiKeyAuth) HasForwarding 

func (x *ApiKeyAuth) HasForwarding() bool

func (*ApiKeyAuth) ProtoMessage 

func (*ApiKeyAuth) ProtoMessage()

func (*ApiKeyAuth) ProtoReflect 

func (x *ApiKeyAuth) ProtoReflect() protoreflect.Message

func (*ApiKeyAuth) Reset 

func (x *ApiKeyAuth) Reset()

func (*ApiKeyAuth) SetCredentials 

func (x *ApiKeyAuth) SetCredentials(v []*Credential)

func (*ApiKeyAuth) SetForwarding 

func (x *ApiKeyAuth) SetForwarding(v *Forwarding)

func (*ApiKeyAuth) SetKeySources 

func (x *ApiKeyAuth) SetKeySources(v []*KeySource)

func (*ApiKeyAuth) String 

func (x *ApiKeyAuth) String() string

type ApiKeyAuthPerRoute 

type ApiKeyAuthPerRoute struct {

	// The credentials that are used to authenticate the clients. If this field is non-empty, then the
	// credentials in the filter level configuration will be ignored and the credentials in this
	// configuration will be used.
	Credentials []*Credential `protobuf:"bytes,1,rep,name=credentials,proto3" json:"credentials,omitempty"`
	// The key sources to fetch the key from the coming request. If this field is non-empty, then the
	// key sources in the filter level configuration will be ignored and the key sources in this
	// configuration will be used.
	KeySources []*KeySource `protobuf:"bytes,2,rep,name=key_sources,json=keySources,proto3" json:"key_sources,omitempty"`
	// A list of clients that are allowed to access the route or vhost. The clients listed here
	// should be subset of the clients listed in the “credentials“ to provide authorization control
	// after the authentication is successful. If the list is empty, then all authenticated clients
	// are allowed. This provides very limited but simple authorization. If more complex authorization
	// is required, then use the :ref:`HTTP RBAC filter <config_http_filters_rbac>` instead.
	//
	// .. note::
	//
	//	Setting this field and “credentials“ at the same configuration entry is not an error but
	//	also makes no much sense because they provide similar functionality. Please only use
	//	one of them at same configuration entry except for the case that you want to share the same
	//	credentials list across multiple routes but still use different allowed clients for each
	//	route.
	AllowedClients []string `protobuf:"bytes,3,rep,name=allowed_clients,json=allowedClients,proto3" json:"allowed_clients,omitempty"`
	// Optional configuration to control what information should be propagated to upstream services.
	// If this field is non-empty, then the forwarding information in the filter level configuration
	// will be ignored and the forwarding in this configuration will be used.
	Forwarding *Forwarding `protobuf:"bytes,4,opt,name=forwarding,proto3" json:"forwarding,omitempty"`
	// contains filtered or unexported fields
}

API key auth configuration of per route or per virtual host or per route configuration.

func (*ApiKeyAuthPerRoute) ClearForwarding 

func (x *ApiKeyAuthPerRoute) ClearForwarding()

func (*ApiKeyAuthPerRoute) GetAllowedClients 

func (x *ApiKeyAuthPerRoute) GetAllowedClients() []string

func (*ApiKeyAuthPerRoute) GetCredentials 

func (x *ApiKeyAuthPerRoute) GetCredentials() []*Credential

func (*ApiKeyAuthPerRoute) GetForwarding 

func (x *ApiKeyAuthPerRoute) GetForwarding() *Forwarding

func (*ApiKeyAuthPerRoute) GetKeySources 

func (x *ApiKeyAuthPerRoute) GetKeySources() []*KeySource

func (*ApiKeyAuthPerRoute) HasForwarding 

func (x *ApiKeyAuthPerRoute) HasForwarding() bool

func (*ApiKeyAuthPerRoute) ProtoMessage 

func (*ApiKeyAuthPerRoute) ProtoMessage()

func (*ApiKeyAuthPerRoute) ProtoReflect 

func (x *ApiKeyAuthPerRoute) ProtoReflect() protoreflect.Message

func (*ApiKeyAuthPerRoute) Reset 

func (x *ApiKeyAuthPerRoute) Reset()

func (*ApiKeyAuthPerRoute) SetAllowedClients 

func (x *ApiKeyAuthPerRoute) SetAllowedClients(v []string)

func (*ApiKeyAuthPerRoute) SetCredentials 

func (x *ApiKeyAuthPerRoute) SetCredentials(v []*Credential)

func (*ApiKeyAuthPerRoute) SetForwarding 

func (x *ApiKeyAuthPerRoute) SetForwarding(v *Forwarding)

func (*ApiKeyAuthPerRoute) SetKeySources 

func (x *ApiKeyAuthPerRoute) SetKeySources(v []*KeySource)

func (*ApiKeyAuthPerRoute) String 

func (x *ApiKeyAuthPerRoute) String() string

type ApiKeyAuthPerRoute_builder 

type ApiKeyAuthPerRoute_builder struct {

	// The credentials that are used to authenticate the clients. If this field is non-empty, then the
	// credentials in the filter level configuration will be ignored and the credentials in this
	// configuration will be used.
	Credentials []*Credential
	// The key sources to fetch the key from the coming request. If this field is non-empty, then the
	// key sources in the filter level configuration will be ignored and the key sources in this
	// configuration will be used.
	KeySources []*KeySource
	// A list of clients that are allowed to access the route or vhost. The clients listed here
	// should be subset of the clients listed in the “credentials“ to provide authorization control
	// after the authentication is successful. If the list is empty, then all authenticated clients
	// are allowed. This provides very limited but simple authorization. If more complex authorization
	// is required, then use the :ref:`HTTP RBAC filter <config_http_filters_rbac>` instead.
	//
	// .. note::
	//
	//	Setting this field and “credentials“ at the same configuration entry is not an error but
	//	also makes no much sense because they provide similar functionality. Please only use
	//	one of them at same configuration entry except for the case that you want to share the same
	//	credentials list across multiple routes but still use different allowed clients for each
	//	route.
	AllowedClients []string
	// Optional configuration to control what information should be propagated to upstream services.
	// If this field is non-empty, then the forwarding information in the filter level configuration
	// will be ignored and the forwarding in this configuration will be used.
	Forwarding *Forwarding
	// contains filtered or unexported fields
}

func (ApiKeyAuthPerRoute_builder) Build 

func (b0 ApiKeyAuthPerRoute_builder) Build() *ApiKeyAuthPerRoute

type ApiKeyAuth_builder 

type ApiKeyAuth_builder struct {

	// The credentials that are used to authenticate the clients.
	Credentials []*Credential
	// The key sources to fetch the key from the coming request.
	KeySources []*KeySource
	// Optional configuration to control what information should be propagated to upstream services.
	Forwarding *Forwarding
	// contains filtered or unexported fields
}

func (ApiKeyAuth_builder) Build 

func (b0 ApiKeyAuth_builder) Build() *ApiKeyAuth

type Credential 

type Credential struct {

	// The value of the unique API key.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// The unique id or identity that used to identify the client or consumer.
	Client string `protobuf:"bytes,2,opt,name=client,proto3" json:"client,omitempty"`
	// contains filtered or unexported fields
}

Single credential entry that contains the API key and the related client id.

func (*Credential) GetClient 

func (x *Credential) GetClient() string

func (*Credential) GetKey 

func (x *Credential) GetKey() string

func (*Credential) ProtoMessage 

func (*Credential) ProtoMessage()

func (*Credential) ProtoReflect 

func (x *Credential) ProtoReflect() protoreflect.Message

func (*Credential) Reset 

func (x *Credential) Reset()

func (*Credential) SetClient 

func (x *Credential) SetClient(v string)

func (*Credential) SetKey 

func (x *Credential) SetKey(v string)

func (*Credential) String 

func (x *Credential) String() string

type Credential_builder 

type Credential_builder struct {

	// The value of the unique API key.
	Key string
	// The unique id or identity that used to identify the client or consumer.
	Client string
	// contains filtered or unexported fields
}

func (Credential_builder) Build 

func (b0 Credential_builder) Build() *Credential

type Forwarding 

type Forwarding struct {

	// The header name in which to store the client information. If this field is non-empty,
	// the client string associated with the matched credential will be injected into
	// the request before forwarding upstream.
	Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
	// If true, remove the API key from the request before forwarding upstream.
	//
	// This applies to all configured key sources: “header“, “query“, and “cookie“.
	HideCredentials bool `protobuf:"varint,2,opt,name=hide_credentials,json=hideCredentials,proto3" json:"hide_credentials,omitempty"`
	// contains filtered or unexported fields
}

func (*Forwarding) GetHeader 

func (x *Forwarding) GetHeader() string

func (*Forwarding) GetHideCredentials 

func (x *Forwarding) GetHideCredentials() bool

func (*Forwarding) ProtoMessage 

func (*Forwarding) ProtoMessage()

func (*Forwarding) ProtoReflect 

func (x *Forwarding) ProtoReflect() protoreflect.Message

func (*Forwarding) Reset 

func (x *Forwarding) Reset()

func (*Forwarding) SetHeader 

func (x *Forwarding) SetHeader(v string)

func (*Forwarding) SetHideCredentials 

func (x *Forwarding) SetHideCredentials(v bool)

func (*Forwarding) String 

func (x *Forwarding) String() string

type Forwarding_builder 

type Forwarding_builder struct {

	// The header name in which to store the client information. If this field is non-empty,
	// the client string associated with the matched credential will be injected into
	// the request before forwarding upstream.
	Header string
	// If true, remove the API key from the request before forwarding upstream.
	//
	// This applies to all configured key sources: “header“, “query“, and “cookie“.
	HideCredentials bool
	// contains filtered or unexported fields
}

func (Forwarding_builder) Build 

func (b0 Forwarding_builder) Build() *Forwarding

type KeySource 

type KeySource struct {

	// The header name to fetch the key. If multiple header values are present, the first one will be
	// used. If the header value starts with 'Bearer ', this prefix will be stripped to get the
	// key value.
	//
	// If set, takes precedence over “query“ and “cookie“.
	Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
	// The query parameter name to fetch the key. If multiple query values are present, the first one
	// will be used.
	//
	// The field will be used if “header“ is not set. If set, takes precedence over “cookie“.
	Query string `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"`
	// The cookie name to fetch the key.
	//
	// The field will be used if the “header“ and “query“ are not set.
	Cookie string `protobuf:"bytes,3,opt,name=cookie,proto3" json:"cookie,omitempty"`
	// contains filtered or unexported fields
}

func (*KeySource) GetCookie 

func (x *KeySource) GetCookie() string

func (*KeySource) GetHeader 

func (x *KeySource) GetHeader() string

func (*KeySource) GetQuery 

func (x *KeySource) GetQuery() string

func (*KeySource) ProtoMessage 

func (*KeySource) ProtoMessage()

func (*KeySource) ProtoReflect 

func (x *KeySource) ProtoReflect() protoreflect.Message

func (*KeySource) Reset 

func (x *KeySource) Reset()

func (*KeySource) SetCookie 

func (x *KeySource) SetCookie(v string)

func (*KeySource) SetHeader 

func (x *KeySource) SetHeader(v string)

func (*KeySource) SetQuery 

func (x *KeySource) SetQuery(v string)

func (*KeySource) String 

func (x *KeySource) String() string

type KeySource_builder 

type KeySource_builder struct {

	// The header name to fetch the key. If multiple header values are present, the first one will be
	// used. If the header value starts with 'Bearer ', this prefix will be stripped to get the
	// key value.
	//
	// If set, takes precedence over “query“ and “cookie“.
	Header string
	// The query parameter name to fetch the key. If multiple query values are present, the first one
	// will be used.
	//
	// The field will be used if “header“ is not set. If set, takes precedence over “cookie“.
	Query string
	// The cookie name to fetch the key.
	//
	// The field will be used if the “header“ and “query“ are not set.
	Cookie string
	// contains filtered or unexported fields
}

func (KeySource_builder) Build 

func (b0 KeySource_builder) Build() *KeySource

Source Files

  • api_key_auth.pb.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.