IdentityPropagation

microgateway.airlock.com/v1alpha1

IdentityPropagation specifies the desired identity propagation.

apiVersion: microgateway.airlock.com/v1alpha1
kind: IdentityPropagation
metadata:
  name: identity-propagation-example
spec:
  header:
    name: X-USER-NAME
    value:
      source:
        oidc:
          idToken:
            claim: "name"

apiVersion: microgateway.airlock.com/v1alpha1
kind: IdentityPropagation
metadata:
  name: default

IdentityPropagation

Field	Type	Description	Required	Default	Allowed Values
`metadata`	ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`	yes
spec	object	Specification of the desired identity propagation.	yes		`header{}`, `bearerToken{}`

IdentityPropagation.spec

Field	Type	Description	Required	Default	Allowed Values
bearerToken	object	BearerToken configures identity propagation via an authorization header containing a bearer token.	no
header	object	Header configures identity propagation via a request header.	no

IdentityPropagation.spec.bearerToken

Field	Type	Description	Required	Default	Allowed Values
source	object	Source from which to extract the token.	yes		`metadata{}`, `oidc{}`

IdentityPropagation.spec.bearerToken.source

Field	Type	Description	Required	Default	Allowed Values
metadata	object	Metadata specifies to extract a value from an Envoy dynamic filter metadata key.	no
oidc	object	OIDC specifies to extract a value from the result of an OpenID Connect flow.	no		`idToken{}`, `accessToken{}`

IdentityPropagation.spec.bearerToken.source.metadata

Field	Type	Description	Required	Default	Allowed Values
`key`	string	Key specifies the metadata key from which to load the value, e.g. `some_payload.aud`.	yes
`namespace`	string	Namespace specifies the metadata namespace within which the lookup should be performed, e.g. `envoy.filters.http.jwt_authn`.	yes

IdentityPropagation.spec.bearerToken.source.oidc

Field	Type	Description	Required	Default	Allowed Values
accessToken	object	AccessToken specifies to extract the value from the OpenID Connect Access Token.	no
idToken	object	IDToken specifies to extract the value from the OpenID Connect ID Token.	no

IdentityPropagation.spec.bearerToken.source.oidc.idToken

Field	Type	Description	Required	Default	Allowed Values
`claim`	string	Claim selects the JWT claim from which to extract the value.	yes

IdentityPropagation.spec.header

Field	Type	Description	Required	Default	Allowed Values
`name`	string	Name of the header to set.	yes
value	object	Value to propagate to the application.	yes

IdentityPropagation.spec.header.value

Field	Type	Description	Required	Default	Allowed Values
source	object	Source from which to extract the value.	yes		`metadata{}`, `oidc{}`

IdentityPropagation.spec.header.value.source

Field	Type	Description	Required	Default	Allowed Values
metadata	object	Metadata specifies to extract a value from an Envoy dynamic filter metadata key.	no
oidc	object	OIDC specifies to extract a value from the result of an OpenID Connect flow.	no		`idToken{}`, `accessToken{}`

IdentityPropagation.spec.header.value.source.metadata

Field	Type	Description	Required	Default	Allowed Values
`key`	string	Key specifies the metadata key from which to load the value, e.g. `some_payload.aud`.	yes
`namespace`	string	Namespace specifies the metadata namespace within which the lookup should be performed, e.g. `envoy.filters.http.jwt_authn`.	yes

IdentityPropagation.spec.header.value.source.oidc

Field	Type	Description	Required	Default	Allowed Values
accessToken	object	AccessToken specifies to extract the value from the OpenID Connect Access Token.	no
idToken	object	IDToken specifies to extract the value from the OpenID Connect ID Token.	no

IdentityPropagation.spec.header.value.source.oidc.idToken

Field	Type	Description	Required	Default	Allowed Values
`claim`	string	Claim selects the JWT claim from which to extract the value.	yes