Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filters/auth: add token validator filter #3126

Merged
merged 1 commit into from
Jun 26, 2024
Merged

filters/auth: add token validator filter #3126

merged 1 commit into from
Jun 26, 2024

Conversation

AlexanderYastrebov
Copy link
Member

@AlexanderYastrebov AlexanderYastrebov commented Jun 24, 2024
edited
Loading

The oauthTokeninfoValidate filter obtains token info and allows request if there was no error otherwise it responds with
401 Unauthorized status and configured response body.

It does nothing if any preceding filter already validated the token or if route is annotated with configured annotations.

It is useful as a default filter to ensure each request has a valid token.

Since its logic is diffrent from existing oauthTokeninfo* filters it is implemented as a separate filter type.

@AlexanderYastrebov AlexanderYastrebov added the minor no risk changes, for example new filters label Jun 24, 2024
szuecs
szuecs reviewed Jun 24, 2024
View reviewed changes
filters/auth/tokeninfo.go Outdated Show resolved Hide resolved
@AlexanderYastrebov AlexanderYastrebov force-pushed the filters/auth/oauthTokeninfo branch 2 times, most recently from 304caa2 to 4179657 Compare June 25, 2024 14:09
@zalando zalando deleted a comment from RomanZavodskikh Jun 25, 2024
@RomanZavodskikh
Copy link
Member

👍

1 similar comment
@MustafaSaber
Copy link
Member

👍

szuecs
szuecs reviewed Jun 26, 2024
View reviewed changes
docs/reference/filters.md

> This filter is experimental and may change in the future, please see tests for example usage.
The filter obtains token info and allows request if there was no error
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We used tokeninfo as tool name, so it might make sense to stay with tokeninfo here and not use "token info".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its an info about token which it obtains. We also use "token info" in a few other places.

@AlexanderYastrebov
filters/auth: add token validator filter
cc53a8d 
The `oauthTokeninfoValidate` filter obtains token info and allows request
if there was no error otherwise it responds with
`401 Unauthorized` status and configured response body.

It does nothing if any preceding filter already validated the token or
if route is annotated with configured annotations.

It is useful as a default filter to ensure each request has a valid token.

Since its logic is diffrent from existing oauthTokeninfo* filters
it is implemented as a separate filter type.

Signed-off-by: Alexander Yastrebov <[email protected]>
@MustafaSaber
Copy link
Member

👍

1 similar comment
@AlexanderYastrebov
Copy link
Member Author

👍

@AlexanderYastrebov AlexanderYastrebov merged commit 4fee4d3 into master Jun 26, 2024
14 checks passed
@AlexanderYastrebov AlexanderYastrebov deleted the filters/auth/oauthTokeninfo branch June 26, 2024 16:12
MustafaSaber added a commit to zalando-incubator/kubernetes-on-aws that referenced this pull request Jun 27, 2024
@MustafaSaber
update skipper canary version
a473620 
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122
* build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124
* build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125
* Facilitate OPA decision correlation with business flows: zalando/skipper#3041
* config: fix defaultFiltersFlags.String: zalando/skipper#3127
* config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128
* filters/auth: add token validator filter: zalando/skipper#3126
* metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129
* cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123

diff zalando/skipper@v0.21.124...v0.21.133
@MustafaSaber MustafaSaber mentioned this pull request Jun 27, 2024
Merged
MustafaSaber added a commit to zalando-incubator/kubernetes-on-aws that referenced this pull request Jun 27, 2024
@MustafaSaber
Merge pull request #7757 from zalando-incubator/skipper/update-canary…
2470e9a 
…-version

skipper: update canary version to v0.21.133

* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122
* build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124
* build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125
* Facilitate OPA decision correlation with business flows: zalando/skipper#3041
* config: fix defaultFiltersFlags.String: zalando/skipper#3127
* config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128
* filters/auth: add token validator filter: zalando/skipper#3126
* metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129
* cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123

diff zalando/skipper@v0.21.124...v0.21.133
MustafaSaber added a commit to zalando-incubator/kubernetes-on-aws that referenced this pull request Jun 27, 2024
@MustafaSaber
skipper: update main fleet version to v0.21.133
cecb07a 
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122
* build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124
* build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125
* Facilitate OPA decision correlation with business flows: zalando/skipper#3041
* config: fix defaultFiltersFlags.String: zalando/skipper#3127
* config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128
* filters/auth: add token validator filter: zalando/skipper#3126
* metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129
* cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123

diff zalando/skipper@v0.21.124...v0.21.133

depends on #7757
@MustafaSaber MustafaSaber mentioned this pull request Jun 27, 2024
Open
MustafaSaber added a commit to zalando-incubator/kubernetes-on-aws that referenced this pull request Jun 27, 2024
@MustafaSaber
skipper: update main fleet version to v0.21.133
291e443 
* build(deps): bump alpine from `77726ef` to `b89d9c9` in /packaging: zalando/skipper#3122
* build(deps): bump docker/build-push-action from 5.4.0 to 6.1.0: zalando/skipper#3124
* build(deps): bump amazonlinux from `0d172f8` to `b0016cb` in /fuzz: zalando/skipper#3125
* Facilitate OPA decision correlation with business flows: zalando/skipper#3041
* config: fix defaultFiltersFlags.String: zalando/skipper#3127
* config: fix defaultFiltersFlags yaml test case: zalando/skipper#3128
* filters/auth: add token validator filter: zalando/skipper#3126
* metrics: register skipper_filter_create_duration_seconds: zalando/skipper#3129
* cmd/skipper: allow exclusion of insecure cipher suites: zalando/skipper#3123

diff zalando/skipper@v0.21.124...v0.21.133

depends on #7757
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szuecs szuecs szuecs left review comments

@RomanZavodskikh RomanZavodskikh RomanZavodskikh left review comments

Assignees
No one assigned
Labels
minor no risk changes, for example new filters
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@AlexanderYastrebov @RomanZavodskikh @MustafaSaber @szuecs