filters/auth: add token validator filter #3126
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
szuecs
reviewed
Jun 24, 2024
szuecs
reviewed
Jun 24, 2024
szuecs
reviewed
Jun 24, 2024
szuecs
reviewed
Jun 24, 2024
szuecs
reviewed
Jun 24, 2024
szuecs
reviewed
Jun 24, 2024
AlexanderYastrebov
force-pushed
the
filters/auth/oauthTokeninfo
branch
from
f1f25e6 to
4b6060f
Compare
AlexanderYastrebov
force-pushed
the
filters/auth/oauthTokeninfo
branch
2 times, most recently
from
304caa2 to
4179657
Compare
AlexanderYastrebov
force-pushed
the
filters/auth/oauthTokeninfo
branch
from
4179657 to
a53b42d
Compare
|
👍 |
1 similar comment
|
👍 |
szuecs
reviewed
Jun 26, 2024
|
|
||
| > This filter is experimental and may change in the future, please see tests for example usage. | ||
|
|
||
| The filter obtains token info and allows request if there was no error |
There was a problem hiding this comment.
We used tokeninfo as tool name, so it might make sense to stay with tokeninfo here and not use "token info".
There was a problem hiding this comment.
Its an info about token which it obtains. We also use "token info" in a few other places.
The `oauthTokeninfoValidate` filter obtains token info and allows request if there was no error otherwise it responds with `401 Unauthorized` status and configured response body. It does nothing if any preceding filter already validated the token or if route is annotated with configured annotations. It is useful as a default filter to ensure each request has a valid token. Since its logic is diffrent from existing oauthTokeninfo* filters it is implemented as a separate filter type. Signed-off-by: Alexander Yastrebov <alexander.yastrebov@zalando.de>
AlexanderYastrebov
force-pushed
the
filters/auth/oauthTokeninfo
branch
from
a53b42d to
cc53a8d
Compare
|
👍 |
1 similar comment
|
👍 |
MustafaSaber
added a commit
to zalando-incubator/kubernetes-on-aws
that referenced
this pull request
Jun 27, 2024
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125 * Facilitate OPA decision correlation with business flows: zalando/skipper#3041 * config: fix defaultFiltersFlags.String: zalando/skipper#3127 * config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128 * filters/auth: add token validator filter: zalando/skipper#3126 * metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129 * cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123 diff zalando/skipper@v0.21.124...v0.21.133
MustafaSaber
added a commit
to zalando-incubator/kubernetes-on-aws
that referenced
this pull request
Jun 27, 2024
…-version skipper: update canary version to v0.21.133 * build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125 * Facilitate OPA decision correlation with business flows: zalando/skipper#3041 * config: fix defaultFiltersFlags.String: zalando/skipper#3127 * config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128 * filters/auth: add token validator filter: zalando/skipper#3126 * metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129 * cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123 diff zalando/skipper@v0.21.124...v0.21.133
MustafaSaber
added a commit
to zalando-incubator/kubernetes-on-aws
that referenced
this pull request
Jun 27, 2024
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125 * Facilitate OPA decision correlation with business flows: zalando/skipper#3041 * config: fix defaultFiltersFlags.String: zalando/skipper#3127 * config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128 * filters/auth: add token validator filter: zalando/skipper#3126 * metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129 * cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123 diff zalando/skipper@v0.21.124...v0.21.133 depends on #7757
MustafaSaber
added a commit
to zalando-incubator/kubernetes-on-aws
that referenced
this pull request
Jun 27, 2024
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125 * Facilitate OPA decision correlation with business flows: zalando/skipper#3041 * config: fix defaultFiltersFlags.String: zalando/skipper#3127 * config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128 * filters/auth: add token validator filter: zalando/skipper#3126 * metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129 * cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123 diff zalando/skipper@v0.21.124...v0.21.133 depends on #7757
MustafaSaber
added a commit
to zalando-incubator/kubernetes-on-aws
that referenced
this pull request
Jul 2, 2024
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125 * Facilitate OPA decision correlation with business flows: zalando/skipper#3041 * config: fix defaultFiltersFlags.String: zalando/skipper#3127 * config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128 * filters/auth: add token validator filter: zalando/skipper#3126 * metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129 * cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123 * Revert "Facilitate OPA decision correlation with business flows (#3041)": zalando/skipper#3138 * build(deps): bump docker/build-push-action from 6.1.0 to 6.2.0: zalando/skipper#3134 * dependabot: group GoLang dependencies update: zalando/skipper#3136 * build(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.66.0: zalando/skipper#3135 * build(deps): bump amazonlinux from `b0016cb` to `5bf7910` in /fuzz: zalando/skipper#3133 * metrics: refactor prometheus metric registration: zalando/skipper#3132 diff zalando/skipper@v0.21.124...v0.21.139 depends on #7786
MustafaSaber
added a commit
to zalando-incubator/kubernetes-on-aws
that referenced
this pull request
Jul 2, 2024
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125 * Facilitate OPA decision correlation with business flows: zalando/skipper#3041 * config: fix defaultFiltersFlags.String: zalando/skipper#3127 * config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128 * filters/auth: add token validator filter: zalando/skipper#3126 * metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129 * cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123 * Revert "Facilitate OPA decision correlation with business flows (#3041)": zalando/skipper#3138 * build(deps): bump docker/build-push-action from 6.1.0 to 6.2.0: zalando/skipper#3134 * dependabot: group GoLang dependencies update: zalando/skipper#3136 * build(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.66.0: zalando/skipper#3135 * build(deps): bump amazonlinux from `b0016cb` to `5bf7910` in /fuzz: zalando/skipper#3133 * metrics: refactor prometheus metric registration: zalando/skipper#3132 diff zalando/skipper@v0.21.124...v0.21.139 depends on #7786
MustafaSaber
added a commit
to zalando-incubator/kubernetes-on-aws
that referenced
this pull request
Jul 2, 2024
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122 * build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124 * build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125 * Facilitate OPA decision correlation with business flows: zalando/skipper#3041 * config: fix defaultFiltersFlags.String: zalando/skipper#3127 * config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128 * filters/auth: add token validator filter: zalando/skipper#3126 * metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129 * cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123 * Revert "Facilitate OPA decision correlation with business flows (#3041)": zalando/skipper#3138 * build(deps): bump docker/build-push-action from 6.1.0 to 6.2.0: zalando/skipper#3134 * dependabot: group GoLang dependencies update: zalando/skipper#3136 * build(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.66.0: zalando/skipper#3135 * build(deps): bump amazonlinux from `b0016cb` to `5bf7910` in /fuzz: zalando/skipper#3133 * metrics: refactor prometheus metric registration: zalando/skipper#3132 diff zalando/skipper@v0.21.124...v0.21.139 depends on #7786
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
oauthTokeninfoValidatefilter obtains token info and allows request if there was no error otherwise it responds with401 Unauthorizedstatus and configured response body.It does nothing if any preceding filter already validated the token or if route is annotated with configured annotations.
It is useful as a default filter to ensure each request has a valid token.
Since its logic is diffrent from existing oauthTokeninfo* filters it is implemented as a separate filter type.