Basic Auth (proto)

This extension has the qualified name envoy.filters.http.basic_auth

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

• envoy.filters.http

This extension must be configured with one of the following type URLs:

• type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuth

• type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuthPerRoute

Basic Auth configuration overview.

extensions.filters.http.basic_auth.v3.BasicAuth

[extensions.filters.http.basic_auth.v3.BasicAuth proto]

Basic HTTP authentication.

Example:

users:
  inline_string: |-
    user1:{SHA}hashed_user1_password
    user2:{SHA}hashed_user2_password

{
  "users": {...},
  "forward_username_header": ...
}

users

(config.core.v3.DataSource) Username-password pairs used to verify user credentials in the “Authorization” header. The value needs to be the htpasswd format. Reference to https://httpd.apache.org/docs/2.4/programs/htpasswd.html

forward_username_header

(string) This field specifies the header name to forward a successfully authenticated user to the backend. The header will be added to the request with the username as the value.

If it is not specified, the username will not be forwarded.

extensions.filters.http.basic_auth.v3.BasicAuthPerRoute

[extensions.filters.http.basic_auth.v3.BasicAuthPerRoute proto]

Extra settings that may be added to per-route configuration for a virtual host or a cluster.

{
  "users": {...}
}

users

(config.core.v3.DataSource, REQUIRED) Username-password pairs for this route.