Skip to content

api: Support ForwardUsernameHeader field in the BasicAuth#5342

Merged
zirain merged 3 commits intoenvoyproxy:mainfrom
surenraju:feat/security-policy-api
Feb 28, 2025
Merged

api: Support ForwardUsernameHeader field in the BasicAuth#5342
zirain merged 3 commits intoenvoyproxy:mainfrom
surenraju:feat/security-policy-api

Conversation

@surenraju
Copy link
Contributor

@surenraju surenraju commented Feb 24, 2025

What type of PR is this?

Type of PR
Feature

What this PR does / why we need it:
#2947

This PR introduces the ForwardUsernameHeader field in the BasicAuth section of SecurityPolicy. It enables the Envoy to forward the username of a successfully authenticated user to the backend services via a specified HTTP header.
The field is optional. If it's not specified, the username will not be forwarded.

Which issue(s) this PR fixes:
Fixes 2947

User-Facing Changes
Added ForwardUsernameHeader in BasicAuth of SecurityPolicy to enable username forwarding to backend services.

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
  name: backend-basic-auth
spec:
  targetRefs:
    - group: gateway.networking.k8s.io
      kind: HTTPRoute
      name: backend
  basicAuth:
    users:
      name: "basic-auth"
    forwardUsernameHeader: "x-username"

Release Notes: No

@surenraju surenraju requested a review from a team as a code owner February 24, 2025 08:58
@surenraju surenraju mentioned this pull request Feb 24, 2025
Merged
@zirain zirain changed the title feat: Support ForwardUsernameHeader field in the BasicAuth api: Support ForwardUsernameHeader field in the BasicAuth Feb 24, 2025
zirain
zirain reviewed Feb 24, 2025
View reviewed changes
@codecov
Copy link

codecov bot commented Feb 24, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.03%. Comparing base (12c4390) to head (0ba4d1d).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5342      +/-   ##
==========================================
- Coverage   65.11%   65.03%   -0.09%     
==========================================
  Files         213      213              
  Lines       33586    33586              
==========================================
- Hits        21869    21842      -27     
- Misses      10392    10411      +19     
- Partials     1325     1333       +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@zirain
Copy link
Member

zirain commented Feb 24, 2025

please run make docs to update the api doc.

@arkodg
Copy link
Contributor

arkodg commented Feb 25, 2025

make generate should generate the remaining files here

@surenraju
Copy link
Contributor Author

surenraju commented Feb 28, 2025

Thank you @arkodg @zirain. Updated the PR

arkodg
arkodg approved these changes Feb 28, 2025
View reviewed changes
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@surenraju @zirain
feat: Support ForwardUsernameHeader field in the BasicAuth
e855e64 
Signed-off-by: Suren Raju <suren.1988@gmail.com>
@surenraju @zirain
fix: Added +notImplementedHide
26e5e8e 
Signed-off-by: Suren Raju <suren.1988@gmail.com>
@surenraju @zirain
fix: missing changes
0ba4d1d 
Signed-off-by: Suren Raju <suren.1988@gmail.com>
@zirain zirain force-pushed the feat/security-policy-api branch from d75cfb1 to 0ba4d1d Compare February 28, 2025 05:40
@surenraju
Copy link
Contributor Author

surenraju commented Feb 28, 2025
edited
Loading

@arkodg @zirain thanks for the review. Are we merging this before or should I push other changes to same PR?

@zirain zirain merged commit b510909 into envoyproxy:main Feb 28, 2025
25 checks passed
@BrewTestBot BrewTestBot mentioned this pull request May 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zirain zirain zirain approved these changes

@arkodg arkodg arkodg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Extract username from basic auth and forward it to backends

3 participants

@surenraju @zirain @arkodg