Line data    Source code

       1             : #pragma once
       2             : 
       3             : #include "envoy/config/core/v3/grpc_service.pb.h"
       4             : #include "envoy/config/grpc_credential/v3/file_based_metadata.pb.h"
       5             : #include "envoy/grpc/google_grpc_creds.h"
       6             : 
       7             : #include "source/common/protobuf/protobuf.h"
       8             : 
       9             : namespace Envoy {
      10             : namespace Extensions {
      11             : namespace GrpcCredentials {
      12             : namespace FileBasedMetadata {
      13             : 
      14             : /**
      15             :  * File Based Metadata implementation of Google Grpc Credentials Factory
      16             :  * This implementation uses ssl creds for the grpc channel if available. Additionally, it uses
      17             :  * MetadataCredentialsFromPlugin to add a static secret that is loaded from a file. The header key
      18             :  * and header prefix are configurable.
      19             :  *
      20             :  * This implementation uses the from_plugin field in the call credentials config to get the filename
      21             :  * of where the secret is stored to add to the header.
      22             :  */
      23             : class FileBasedMetadataGrpcCredentialsFactory : public Grpc::GoogleGrpcCredentialsFactory {
      24             : public:
      25             :   std::shared_ptr<grpc::ChannelCredentials>
      26             :   getChannelCredentials(const envoy::config::core::v3::GrpcService& grpc_service_config,
      27             :                         Api::Api& api) override;
      28             : 
      29           0 :   Envoy::ProtobufTypes::MessagePtr createEmptyConfigProto() {
      30           0 :     return std::make_unique<envoy::config::grpc_credential::v3::FileBasedMetadataConfig>();
      31           0 :   }
      32             : 
      33           2 :   std::string name() const override { return "envoy.grpc_credentials.file_based_metadata"; }
      34             : };
      35             : 
      36             : class FileBasedMetadataAuthenticator : public grpc::MetadataCredentialsPlugin {
      37             : public:
      38             :   FileBasedMetadataAuthenticator(
      39             :       const envoy::config::grpc_credential::v3::FileBasedMetadataConfig& config, Api::Api& api)
      40           0 :       : config_(config), api_(api) {}
      41             : 
      42             :   grpc::Status GetMetadata(grpc::string_ref, grpc::string_ref, const grpc::AuthContext&,
      43             :                            std::multimap<grpc::string, grpc::string>* metadata) override;
      44             : 
      45             : private:
      46             :   const envoy::config::grpc_credential::v3::FileBasedMetadataConfig config_;
      47             :   Api::Api& api_;
      48             : };
      49             : 
      50             : } // namespace FileBasedMetadata
      51             : } // namespace GrpcCredentials
      52             : } // namespace Extensions
      53             : } // namespace Envoy