Envoy: Set basic authentication to the endpoint

I think you can try running Envoy with this example: https://gist.github.com/dio/7a7aa09ea5027c660e0c1c9905be7ffd for now. I know it is not pretty, but I guess it solves your need.

$ envoy -c basic_auth.yaml
$ # call without creds to /cookies. Only /cookies and /uuid (only these two are configured).
$ curl localhost:10000/cookies 
< HTTP/1.1 401 Unauthorized
< www-authenticate: Basic realm="Unknown"
< content-length: 12
< date: Sun, 08 Sep 2019 12:15:18 GMT
< server: envoy
<
Unauthorized
$ curl localhost:10000/cookies 
< HTTP/1.1 200 OK
< access-control-allow-credentials: true
< access-control-allow-origin: *
< content-type: application/json
< date: Sun, 08 Sep 2019 12:15:09 GMT
< referrer-policy: no-referrer-when-downgrade
< server: envoy
< x-content-type-options: nosniff
< x-frame-options: DENY
< x-xss-protection: 1; mode=block
< content-length: 20
< x-envoy-upstream-service-time: 239
<
{
  "cookies": {}
}

Furthermore, surely, if it is reasonable we can have a basic auth filter inside envoy and can be configured as other filters.

The allow-and-deny thing of Nginx basic auth is possible but I need to check if we have that header (client IP?) exposed. If not, we can extract it through the Lua API.

Note that it is defined statically in the above config example, but you can play around with LDS to update the creds (it doesn't have to be served by dedicated service, it can be a file too!). Please let me know if you need an example of this.

Good luck!

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.