GCP authentication¶
This extension may be referenced by the qualified name envoy.filters.http.gcp_authn
Note
This extension is functional but has not had substantial production burn time, use only with this caveat.
This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.
Tip
This extension extends and can be used with the following extension category:
GCP authentication configuration overview.
extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig¶
[extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig proto]
Filter configuration.
{
"http_uri": "{...}",
"retry_policy": "{...}"
}
- http_uri
(config.core.v3.HttpUri, REQUIRED) The HTTP URI to fetch tokens from GCE Metadata Server(https://cloud.google.com/compute/docs/metadata/overview). The URL format is “http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience=[AUDIENCE]”
- retry_policy
(config.core.v3.RetryPolicy) Retry policy for fetching tokens. This field is optional. If it is not configured, the filter will be fail-closed (i.e., reject the requests).
extensions.filters.http.gcp_authn.v3.Audience¶
[extensions.filters.http.gcp_authn.v3.Audience proto]
{
"audience_map": "{...}"
}