Skip to content

Instantly share code, notes, and snippets.

@dio
Last active July 13, 2023 22:41
Show Gist options
  • Save dio/7a7aa09ea5027c660e0c1c9905be7ffd to your computer and use it in GitHub Desktop.
Save dio/7a7aa09ea5027c660e0c1c9905be7ffd to your computer and use it in GitHub Desktop.
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/cookies"
route:
host_rewrite: httpbin.org
cluster: service_bin
metadata:
filter_metadata:
envoy.lua:
credentials:
- "Basic b2s6dGVzdDE=" # btoa(ok:test1)
- "Basic b2s6dGVzdDI=" # btoa(ok:test2)
- match:
prefix: "/uuid"
route:
host_rewrite: httpbin.org
cluster: service_bin
metadata:
filter_metadata:
envoy.lua:
credentials:
- "Basic b2s6dGVzdDE=" # btoa(ok:test1)
- "Basic b2s6dGVzdDI=" # btoa(ok:test2)
http_filters:
- name: envoy.lua
config:
inline_code: |
function envoy_on_request(request_handle)
if request_handle:headers():get(":path") == "/cookies"
or request_handle:headers():get(":path") == "/uuid"
then
-- Surely you have to check if request_handle:metadata():get("credentials") has
-- nothing then you need to decide what to do.
for _, credential in pairs(request_handle:metadata():get("credentials")) do
if request_handle:headers():get("authorization") == credential
then
return
end
end
request_handle:respond(
{[":status"] = "401", ["WWW-Authenticate"] = "Basic realm=\"Unknown\""}, "Unauthorized"
)
end
end
- name: envoy.router
clusters:
- name: service_bin
connect_timeout: 25s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_bin
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: httpbin.org
port_value: 80
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment