Built-in plugins
Otoroshi next provides some plugins out of the box. Here is the available plugins with their documentation and reference configuration.
Additional headers in
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.AdditionalHeadersIn
Description
This plugin adds headers in the incoming otoroshi request
Default configuration
{
"headers" : { }
}
Additional headers out
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.AdditionalHeadersOut
Description
This plugin adds headers in the otoroshi response
Default configuration
{
"headers" : { }
}
Allowed HTTP methods
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.AllowHttpMethods
Description
This plugin verifies the current request only uses allowed http methods
Default configuration
{
"allowed" : [ ],
"forbidden" : [ ]
}
Apikey auth module
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.ApikeyAuthModule
Description
This plugin adds basic auth on service where credentials are valid apikeys on the current service.
Default configuration
{
"realm" : "apikey-auth-module-realm",
"matcher" : null
}
Apikeys
Defined on steps
MatchRouteValidateAccessTransformRequest
Plugin reference
cp:otoroshi.next.plugins.ApikeyCalls
Description
This plugin expects to find an apikey to allow the request to pass
Default configuration
{
"extractors" : {
"basic" : {
"enabled" : true,
"header_name" : null,
"query_name" : null
},
"custom_headers" : {
"enabled" : true,
"client_id_header_name" : null,
"client_secret_header_name" : null
},
"client_id" : {
"enabled" : true,
"header_name" : null,
"query_name" : null
},
"jwt" : {
"enabled" : true,
"secret_signed" : true,
"keypair_signed" : true,
"include_request_attrs" : false,
"max_jwt_lifespan_sec" : null,
"header_name" : null,
"query_name" : null,
"cookie_name" : null
}
},
"routing" : {
"enabled" : false
},
"validate" : true,
"mandatory" : true,
"pass_with_user" : false,
"wipe_backend_request" : true,
"update_quotas" : true
}
Apikey quotas
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.ApikeyQuotas
Description
Increments quotas for the currents apikey. Useful when ‘legacy checks’ are disabled on a service/globally or when apikey are extracted in a custom fashion.
Authentication
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.AuthModule
Description
This plugin applies an authentication module
Default configuration
{
"pass_with_apikey" : false,
"auth_module" : null
}
Basic Auth. caller
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.BasicAuthCaller
Description
This plugin can be used to call api that are authenticated using basic auth.
Default configuration
{
"username" : null,
"passaword" : null,
"headerName" : "Authorization",
"headerValueFormat" : "Basic %s"
}
Brotli compression
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.BrotliResponseCompressor
Description
This plugin can compress responses using brotli
Default configuration
{
"excluded_patterns" : [ ],
"allowed_list" : [ "text/*", "application/javascript", "application/json" ],
"blocked_list" : [ ],
"buffer_size" : 8192,
"chunked_threshold" : 102400,
"compression_level" : 5
}
Build mode
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.BuildMode
Description
This plugin displays a build page
Canary mode
Defined on steps
PreRouteTransformResponse
Plugin reference
cp:otoroshi.next.plugins.CanaryMode
Description
This plugin can split a portion of the traffic to canary backends
Default configuration
{
"traffic" : 0.2,
"targets" : [ ],
"root" : "/"
}
Context validator
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.ContextValidation
Description
This plugin validates the current context using JSONPath validators.
This plugin let you configure a list of validators that will check if the current call can pass. A validator is composed of a JSONPath that will tell what to check and a value that is the expected value. The JSONPath will be applied on a document that will look like
{
"snowflake" : "1516772930422308903",
"apikey" : { // current apikey
"clientId" : "vrmElDerycXrofar",
"clientName" : "default-apikey",
"metadata" : {
"foo" : "bar"
},
"tags" : [ ]
},
"user" : null, // current user
"request" : {
"id" : 1,
"method" : "GET",
"headers" : {
"Host" : "ctx-validation-next-gen.oto.tools:9999",
"Accept" : "*/*",
"User-Agent" : "curl/7.64.1",
"Authorization" : "Basic dnJtRWxEZXJ5Y1hyb2ZhcjpvdDdOSTkyVGI2Q2J4bWVMYU9UNzJxamdCU2JlRHNLbkxtY1FBcXBjVjZTejh0Z3I1b2RUOHAzYjB5SEVNRzhZ",
"Remote-Address" : "127.0.0.1:58929",
"Timeout-Access" : "<function1>",
"Raw-Request-URI" : "/foo",
"Tls-Session-Info" : "Session(1650461821330|SSL_NULL_WITH_NULL_NULL)"
},
"cookies" : [ ],
"tls" : false,
"uri" : "/foo",
"path" : "/foo",
"version" : "HTTP/1.1",
"has_body" : false,
"remote" : "127.0.0.1",
"client_cert_chain" : null
},
"config" : {
"validators" : [ {
"path" : "$.apikey.metadata.foo",
"value" : "bar"
} ]
},
"global_config" : { ... }, // global config
"attrs" : {
"otoroshi.core.SnowFlake" : "1516772930422308903",
"otoroshi.core.ElCtx" : {
"requestId" : "1516772930422308903",
"requestSnowflake" : "1516772930422308903",
"requestTimestamp" : "2022-04-20T15:37:01.548+02:00"
},
"otoroshi.next.core.Report" : "otoroshi.next.proxy.NgExecutionReport@277b44e2",
"otoroshi.core.RequestStart" : 1650461821545,
"otoroshi.core.RequestWebsocket" : false,
"otoroshi.core.RequestCounterOut" : 0,
"otoroshi.core.RemainingQuotas" : {
"authorizedCallsPerSec" : 10000000,
"currentCallsPerSec" : 0,
"remainingCallsPerSec" : 10000000,
"authorizedCallsPerDay" : 10000000,
"currentCallsPerDay" : 2,
"remainingCallsPerDay" : 9999998,
"authorizedCallsPerMonth" : 10000000,
"currentCallsPerMonth" : 269,
"remainingCallsPerMonth" : 9999731
},
"otoroshi.next.core.MatchedRoutes" : "MutableList(route_022825450-e97d-42ed-8e22-b23342c1c7c8)",
"otoroshi.core.RequestNumber" : 1,
"otoroshi.next.core.Route" : { ... }, // current route as json
"otoroshi.core.RequestTimestamp" : "2022-04-20T15:37:01.548+02:00",
"otoroshi.core.ApiKey" : { ... }, // current apikey as json
"otoroshi.core.User" : { ... }, // current user as json
"otoroshi.core.RequestCounterIn" : 0
},
"route" : { ... },
"token" : null // current valid jwt token if one
}
the expected value support some syntax tricks like
Not(value)on a string to check if the current value does not equals another valueRegex(regex)on a string to check if the current value matches the regexRegexNot(regex)on a string to check if the current value does not matches the regexWildcard(*value*)on a string to check if the current value matches the value with wildcardsWildcardNot(*value*)on a string to check if the current value does not matches the value with wildcardsContains(value)on a string to check if the current value contains a valueContainsNot(value)on a string to check if the current value does not contains a valueContains(Regex(regex))on an array to check if one of the item of the array matches the regexContainsNot(Regex(regex))on an array to check if one of the item of the array does not matches the regexContains(Wildcard(*value*))on an array to check if one of the item of the array matches the wildcard valueContainsNot(Wildcard(*value*))on an array to check if one of the item of the array does not matches the wildcard valueContains(value)on an array to check if the array contains a valueContainsNot(value)on an array to check if the array does not contains a value
for instance to check if the current apikey has a metadata name foo with a value containing bar, you can write the following validator
{
"path": "$.apikey.metadata.foo",
"value": "Contains(bar)"
}
Default configuration
{
"validators" : [ ]
}
CORS
Defined on steps
PreRouteTransformResponse
Plugin reference
cp:otoroshi.next.plugins.Cors
Description
This plugin applies CORS rules
Default configuration
{
"allow_origin" : "*",
"expose_headers" : [ ],
"allow_headers" : [ ],
"allow_methods" : [ ],
"excluded_patterns" : [ ],
"max_age" : null,
"allow_credentials" : true
}
Disable HTTP/1.0
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.DisableHttp10
Description
This plugin forbids HTTP/1.0 requests
Endless HTTP responses
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.EndlessHttpResponse
Description
This plugin returns 128 Gb of 0 to the ip addresses is in the list
Default configuration
{
"finger" : false,
"addresses" : [ ]
}
Eureka instance
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.EurekaServerSink
Description
Eureka plugin description
Default configuration
{
"evictionTimeout" : 300
}
Internal Eureka target
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.EurekaTarget
Description
This plugin can be used to used a target that come from an internal Eureka server. If you want to use a target which it locate outside of Otoroshi, you must use the External Eureka Server.
Default configuration
{
"eureka_server" : null,
"eureka_app" : null
}
External Eureka target
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.ExternalEurekaTarget
Description
This plugin can be used to used a target that come from an external Eureka server. If you want to use a target that is directly exposed by an implementation of Eureka by Otoroshi, you must use the Internal Eureka Server.
Default configuration
{
"eureka_server" : null,
"eureka_app" : null
}
Force HTTPS traffic
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.ForceHttpsTraffic
Description
This plugin verifies the current request uses HTTPS
Forwarded header
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.ForwardedHeader
Description
This plugin adds all the Forwarded header to the request for the backend target
Global Maintenance mode
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.GlobalMaintenanceMode
Description
This plugin displays a maintenance page for every services. Useful when ‘legacy checks’ are disabled on a service/globally
Global per ip address throttling
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.GlobalPerIpAddressThrottling
Description
Enforce global per ip address throttling. Useful when ‘legacy checks’ are disabled on a service/globally
Global throttling
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.GlobalThrottling
Description
Enforce global throttling. Useful when ‘legacy checks’ are disabled on a service/globally
GraphQL Composer
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.GraphQLBackend
Description
This plugin exposes a GraphQL API that you can compose with whatever you want
Default configuration
{
"schema" : "\n type User {\n name: String!\n firstname: String!\n }\n\n type Query {\n users: [User] @json(data: \"[{ \\\"firstname\\\": \\\"Foo\\\", \\\"name\\\": \\\"Bar\\\" }, { \\\"firstname\\\": \\\"Bar\\\", \\\"name\\\": \\\"Foo\\\" }]\")\n }\n ",
"permissions" : [ ],
"initial_data" : null,
"max_depth" : 15
}
GraphQL Proxy
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.GraphQLProxy
Description
This plugin can apply validations (query, schema, max depth, max complexity) on graphql endpoints
Default configuration
{
"endpoint" : "https://countries.trevorblades.com/graphql",
"schema" : null,
"max_depth" : 50,
"max_complexity" : 50000,
"path" : "/graphql",
"headers" : { }
}
GraphQL Query to REST
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.GraphQLQuery
Description
This plugin can be used to call GraphQL query endpoints and expose it as a REST endpoint
Default configuration
{
"url" : "https://some.graphql/endpoint",
"headers" : { },
"method" : "POST",
"query" : "{\n\n}",
"timeout" : 60000,
"response_path" : null,
"response_filter" : null
}
Gzip compression
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.GzipResponseCompressor
Description
This plugin can compress responses using gzip
Default configuration
{
"excluded_patterns" : [ ],
"allowed_list" : [ "text/*", "application/javascript", "application/json" ],
"blocked_list" : [ ],
"buffer_size" : 8192,
"chunked_threshold" : 102400,
"compression_level" : 5
}
HMAC caller plugin
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.HMACCaller
Description
This plugin can be used to call a “protected” api by an HMAC signature. It will adds a signature with the secret configured on the plugin. The signature string will always the content of the header list listed in the plugin configuration.
Default configuration
{
"secret" : null,
"algo" : "HMAC-SHA512",
"authorizationHeader" : null
}
HMAC access validator
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.HMACValidator
Description
This plugin can be used to check if a HMAC signature is present and valid in Authorization header.
Default configuration
{
"secret" : null
}
Headers validation
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.HeadersValidation
Description
This plugin validates the values of incoming request headers
Default configuration
{
"headers" : { }
}
Http3 traffic switch
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.Http3Switch
Description
This plugin injects additional alt-svc header to switch to the http3 server
Default configuration
{
"ma" : 3600
}
Image replacer
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.ImageReplacer
Description
Replace all response with content-type image/* as they are proxied
Default configuration
{
"url" : "https://raw.githubusercontent.com/MAIF/otoroshi/master/resources/otoroshi-logo.png"
}
IP allowed list
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.IpAddressAllowedList
Description
This plugin verifies the current request ip address is in the allowed list
Default configuration
{
"addresses" : [ ]
}
IP block list
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.IpAddressBlockList
Description
This plugin verifies the current request ip address is not in the blocked list
Default configuration
{
"addresses" : [ ]
}
JQ
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.JQ
Description
This plugin let you transform JSON bodies (in requests and responses) using JQ filters.
Default configuration
{
"request" : ".",
"response" : ""
}
JQ transform request
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.JQRequest
Description
This plugin let you transform request JSON body using JQ filters.
Default configuration
{
"filter" : "."
}
JQ transform response
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.JQResponse
Description
This plugin let you transform JSON response using JQ filters.
Default configuration
{
"filter" : "."
}
request body json-to-xml
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.JsonToXmlRequest
Description
This plugin transform incoming request body from json to xml and may apply a jq transformation
Default configuration
{
"filter" : null
}
response body json-to-xml
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.JsonToXmlResponse
Description
This plugin transform response body from json to xml and may apply a jq transformation
Default configuration
{
"filter" : null
}
Jwt signer
Defined on steps
ValidateAccessTransformRequest
Plugin reference
cp:otoroshi.next.plugins.JwtSigner
Description
This plugin can only generate token
Default configuration
{
"verifier" : null,
"replace_if_present" : true,
"fail_if_present" : false
}
Jwt verifiers
Defined on steps
ValidateAccessTransformRequest
Plugin reference
cp:otoroshi.next.plugins.JwtVerification
Description
This plugin verifies the current request with one or more jwt verifier
Default configuration
{
"verifiers" : [ ]
}
Jwt verification only
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.JwtVerificationOnly
Description
This plugin verifies the current request with one jwt verifier
Default configuration
{
"verifier" : null,
"fail_if_absent" : true
}
Maintenance mode
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.MaintenanceMode
Description
This plugin displays a maintenance page
Missing headers in
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.MissingHeadersIn
Description
This plugin adds headers (if missing) in the incoming otoroshi request
Default configuration
{
"headers" : { }
}
Missing headers out
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.MissingHeadersOut
Description
This plugin adds headers (if missing) in the otoroshi response
Default configuration
{
"headers" : { }
}
Mock Responses
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.MockResponses
Description
This plugin returns mock responses
Default configuration
{
"responses" : [ ],
"pass_through" : true
}
Multi Authentication
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.MultiAuthModule
Description
This plugin applies an authentication module from a list of selected modules
Default configuration
{
"pass_with_apikey" : false,
"auth_modules" : [ ]
}
User logged in expected
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgAuthModuleExpectedUser
Description
This plugin enforce that a user from any auth. module is logged in
Default configuration
{
"only_from" : [ ]
}
User extraction from auth. module
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgAuthModuleUserExtractor
Description
This plugin extracts users from an authentication module without enforcing login
Default configuration
{
"auth_module" : null
}
Apikey from Biscuit token extractor
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.NgBiscuitExtractor
Description
This plugin extract an from a Biscuit token where the biscuit has an #authority fact ‘client_id’ containing apikey client_id and an #authority fact ‘client_sign’ that is the HMAC256 signature of the apikey client_id with the apikey client_secret
Default configuration
{
"public_key" : null,
"checks" : [ ],
"facts" : [ ],
"resources" : [ ],
"rules" : [ ],
"revocation_ids" : [ ],
"extractor" : {
"name" : "Authorization",
"type" : "header"
},
"enforce" : false
}
Biscuit token validator
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgBiscuitValidator
Description
This plugin validates a Biscuit token
Default configuration
{
"public_key" : null,
"checks" : [ ],
"facts" : [ ],
"resources" : [ ],
"rules" : [ ],
"revocation_ids" : [ ],
"extractor" : {
"name" : "Authorization",
"type" : "header"
},
"enforce" : false
}
Client certificate as apikey
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.NgCertificateAsApikey
Description
This plugin uses client certificate as an apikey. The apikey will be stored for classic apikey usage
Default configuration
{
"read_only" : false,
"allow_client_id_only" : false,
"throttling_quota" : 100,
"daily_quota" : 10000000,
"monthly_quota" : 10000000,
"constrained_services_only" : false,
"tags" : [ ],
"metadata" : { }
}
Client certificate header
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgClientCertChainHeader
Description
This plugin pass client certificate informations to the target in headers
Default configuration
{
"send_pem" : false,
"pem_header_name" : "X-Client-Cert-Pem",
"send_dns" : false,
"dns_header_name" : "X-Client-Cert-DNs",
"send_chain" : false,
"chain_header_name" : "X-Client-Cert-Chain"
}
Client credential token endpoint
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.NgClientCredentialTokenEndpoint
Description
This plugin provide the endpoint for the client_credential flow token endpoint
Default configuration
{
"expiration" : 3600000,
"default_key_pair" : "otoroshi-jwt-signing"
}
Client Credential Service
Defined on steps
Sink
Plugin reference
cp:otoroshi.next.plugins.NgClientCredentials
Description
This plugin add an an oauth client credentials service (https://unhandleddomain/.well-known/otoroshi/oauth/token) to create an access_token given a client id and secret
Default configuration
{
"expiration" : 3600000,
"default_key_pair" : "otoroshi-jwt-signing",
"domain" : "*",
"secure" : true,
"biscuit" : null
}
Custom quotas
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgCustomQuotas
Description
This plugin will enforce quotas on the current route based on whatever you want
Default configuration
{
"per_route" : true,
"global" : false,
"group" : null,
"expression" : "${req.ip}",
"daily_quota" : 10000000,
"monthly_quota" : 10000000
}
Custom throttling
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgCustomThrottling
Description
This plugin will enforce throttling on the current route based on whatever you want
Default configuration
{
"per_route" : true,
"global" : false,
"group" : null,
"expression" : "${req.ip}",
"throttling_quota" : 100
}
Default request body
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgDefaultRequestBody
Description
This plugin adds a default request body if none specified
Default configuration
{
"bodyBinary" : "",
"contentType" : "text/plain",
"contentEncoding" : null
}
Defer Responses
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgDeferPlugin
Description
This plugin will expect a X-Defer header or a defer query param and defer the response according to the value in milliseconds. This plugin is some kind of inside joke as one a our customer ask us to make slower apis.
Default configuration
{
"duration" : 0
}
Global self registration endpoints (service discovery)
Defined on steps
Sink
Plugin reference
cp:otoroshi.next.plugins.NgDiscoverySelfRegistrationSink
Description
This plugin add support for self registration endpoint on specific hostnames
Default configuration
{ }
Self registration endpoints (service discovery)
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgDiscoverySelfRegistrationTransformer
Description
This plugin add support for self registration endpoint on a specific service
Default configuration
{ }
Service discovery target selector (service discovery)
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.NgDiscoveryTargetsSelector
Description
This plugin select a target in the pool of discovered targets for this service. Use in combination with either DiscoverySelfRegistrationSink or DiscoverySelfRegistrationTransformer to make it work using the self registration pattern. Or use an implementation of DiscoveryJob for the third party registration pattern.
Default configuration
{ }
Error response rewrite
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.NgErrorRewriter
Description
This plugin catch http response with specific statuses and rewrite the response
Default configuration
{
"ranges" : [ {
"from" : 500,
"to" : 599
} ],
"templates" : {
"default" : "<html>\n <body style=\"background-color: #333; color: #eee; display: flex; flex-direction: column; justify-content: center; align-items: center; font-size: 40px\">\n <p>An error occurred with id: <span style=\"color: red\">${error_id}</span></p>\n <p>please contact your administrator with this error id !</p>\n </body>\n</html>"
},
"log" : true,
"export" : true
}
Geolocation endpoint
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgGeolocationInfoEndpoint
Description
This plugin will expose current geolocation informations on the following endpoint /.well-known/otoroshi/plugins/geolocation
Geolocation header
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgGeolocationInfoHeader
Description
This plugin will send informations extracted by the Geolocation details extractor to the target service in a header.
Default configuration
{
"header_name" : "X-User-Agent-Info"
}
Allowed users only
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgHasAllowedUsersValidator
Description
This plugin only let allowed users pass
Default configuration
{
"usernames" : [ ],
"emails" : [ ],
"email_domains" : [ ],
"metadata_match" : [ ],
"metadata_not_match" : [ ],
"profile_match" : [ ],
"profile_not_match" : [ ]
}
Client Certificate + Api Key only
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgHasClientCertMatchingApikeyValidator
Description
Check if a client certificate is present in the request and that the apikey used matches the client certificate. You can set the client cert. DN in an apikey metadata named allowed-client-cert-dn
Client certificate matching (over http)
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgHasClientCertMatchingHttpValidator
Description
Check if client certificate matches the following fetched from an http endpoint
Default configuration
{
"serial_numbers" : [ ],
"subject_dns" : [ ],
"issuer_dns" : [ ],
"regex_subject_dns" : [ ],
"regex_issuer_dns" : [ ]
}
Client certificate matching
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgHasClientCertMatchingValidator
Description
Check if client certificate matches the following configuration
Default configuration
{
"serial_numbers" : [ ],
"subject_dns" : [ ],
"issuer_dns" : [ ],
"regex_subject_dns" : [ ],
"regex_issuer_dns" : [ ]
}
Client Certificate Only
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgHasClientCertValidator
Description
Check if a client certificate is present in the request
Html Patcher
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.NgHtmlPatcher
Description
This plugin can inject elements in html pages (in the body or in the head) returned by the service
Default configuration
{
"append_head" : [ ],
"append_body" : [ ]
}
HTTP Client Cache
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.NgHttpClientCache
Description
This plugin add cache headers to responses
Default configuration
{
"max_age_seconds" : 86400,
"methods" : [ "GET" ],
"status" : [ 200 ],
"mime_types" : [ "text/html" ]
}
Geolocation details extractor (using IpStack api)
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.NgIpStackGeolocationInfoExtractor
Description
This plugin extract geolocation informations from ip address using the IpStack dbs. The informations are store in plugins attrs for other plugins to use
Default configuration
{
"apikey" : null,
"timeout" : 2000,
"log" : false
}
Izanami V1 Canary Campaign
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.NgIzanamiV1Canary
Description
This plugin allow you to perform canary testing based on an izanami experiment campaign (A/B test)
Default configuration
{
"experiment_id" : "foo:bar:qix",
"config_id" : "foo:bar:qix:config",
"izanami_url" : "https://izanami.foo.bar",
"tls" : {
"certs" : [ ],
"trusted_certs" : [ ],
"enabled" : false,
"loose" : false,
"trust_all" : false
},
"client_id" : "client",
"client_secret" : "secret",
"timeout" : 5000,
"route_config" : null
}
Izanami v1 APIs Proxy
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgIzanamiV1Proxy
Description
This plugin exposes routes to proxy Izanami configuration and features tree APIs
Default configuration
{
"path" : "/api/izanami",
"feature_pattern" : "*",
"config_pattern" : "*",
"auto_context" : false,
"features_enabled" : true,
"features_with_context_enabled" : true,
"configuration_enabled" : false,
"tls" : {
"certs" : [ ],
"trusted_certs" : [ ],
"enabled" : false,
"loose" : false,
"trust_all" : false
},
"izanami_url" : "https://izanami.foo.bar",
"client_id" : "client",
"client_secret" : "secret",
"timeout" : 500
}
Jwt user extractor
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.NgJwtUserExtractor
Description
This plugin extract a user from a JWT token
Default configuration
{
"verifier" : "none",
"strict" : true,
"strip" : false,
"name_path" : null,
"email_path" : null,
"meta_path" : null
}
Legacy apikeys
Defined on steps
MatchRouteValidateAccessTransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgLegacyApikeyCall
Description
This plugin expects to find an apikey to allow the request to pass. This plugin behaves exactly like the service descriptor does
Default configuration
{
"public_patterns" : [ ],
"private_patterns" : [ ],
"extractors" : {
"basic" : {
"enabled" : true,
"header_name" : null,
"query_name" : null
},
"custom_headers" : {
"enabled" : true,
"client_id_header_name" : null,
"client_secret_header_name" : null
},
"client_id" : {
"enabled" : true,
"header_name" : null,
"query_name" : null
},
"jwt" : {
"enabled" : true,
"secret_signed" : true,
"keypair_signed" : true,
"include_request_attrs" : false,
"max_jwt_lifespan_sec" : null,
"header_name" : null,
"query_name" : null,
"cookie_name" : null
}
},
"routing" : {
"enabled" : false
},
"validate" : true,
"mandatory" : true,
"pass_with_user" : false,
"wipe_backend_request" : true,
"update_quotas" : true
}
Legacy Authentication
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgLegacyAuthModuleCall
Description
This plugin applies an authentication module the same way service descriptor does
Default configuration
{
"public_patterns" : [ ],
"private_patterns" : [ ],
"pass_with_apikey" : false,
"auth_module" : null
}
Log4Shell mitigation plugin
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgLog4ShellFilter
Description
This plugin try to detect Log4Shell attacks in request and block them
Default configuration
{
"status" : 200,
"body" : "",
"parse_body" : false
}
Geolocation details extractor (using Maxmind db)
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.NgMaxMindGeolocationInfoExtractor
Description
This plugin extract geolocation informations from ip address using the Maxmind dbs. The informations are store in plugins attrs for other plugins to use
Default configuration
{
"path" : "global",
"log" : false
}
Response Cache
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.NgResponseCache
Description
This plugin can cache responses from target services in the otoroshi datasstore It also provides a debug UI at /.well-known/otoroshi/bodylogger.
Default configuration
{
"ttl" : 3600000,
"maxSize" : 52428800,
"autoClean" : true,
"filter" : null
}
Security Txt
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgSecurityTxt
Description
This plugin exposes a special route /.well-known/security.txt as proposed at https://securitytxt.org/
Default configuration
{
"contact" : "contact@foo.bar"
}
Public quotas
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.NgServiceQuotas
Description
This plugin will enforce public quotas on the current route
Default configuration
{
"throttling_quota" : 10000000,
"daily_quota" : 10000000,
"monthly_quota" : 10000000
}
Traffic Mirroring
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.NgTrafficMirroring
Description
This plugin will mirror every request to other targets
Default configuration
{
"to" : "https://foo.bar.dev",
"enabled" : true,
"capture_response" : false,
"generate_events" : false
}
User-Agent details extractor
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.NgUserAgentExtractor
Description
This plugin extract informations from User-Agent header such as browsser version, OS version, etc. The informations are store in plugins attrs for other plugins to use
Default configuration
{
"log" : false
}
User-Agent endpoint
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgUserAgentInfoEndpoint
Description
This plugin will expose current user-agent informations on the following endpoint: /.well-known/otoroshi/plugins/user-agent
User-Agent header
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.NgUserAgentInfoHeader
Description
This plugin will sent informations extracted by the User-Agent details extractor to the target service in a header
Default configuration
{
"header_name" : "X-User-Agent-Info"
}
OAuth1 caller
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.OAuth1Caller
Description
This plugin can be used to call api that are authenticated using OAuth1. Consumer key, secret, and OAuth token et OAuth token secret can be pass through the metadata of an api key or via the configuration of this plugin.
Default configuration
{
"consumerKey" : null,
"consumerSecret" : null,
"token" : null,
"tokenSecret" : null,
"algo" : null
}
OAuth2 caller
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.OAuth2Caller
Description
This plugin can be used to call api that are authenticated using OAuth2 client_credential/password flow. Do not forget to enable client retry to handle token generation on expire.
Default configuration
{
"kind" : "client_credentials",
"url" : "https://127.0.0.1:8080/oauth/token",
"method" : "POST",
"headerName" : "Authorization",
"headerValueFormat" : "Bearer %s",
"jsonPayload" : false,
"clientId" : "the client_id",
"clientSecret" : "the client_secret",
"scope" : null,
"audience" : null,
"user" : null,
"password" : null,
"cacheTokenSeconds" : 600000,
"tlsConfig" : {
"certs" : [ ],
"trustedCerts" : [ ],
"mtls" : false,
"loose" : false,
"trustAll" : false
}
}
OIDC access_token as apikey
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.OIDCAccessTokenAsApikey
Description
This plugin will use the third party apikey configuration to generate an apikey
Default configuration
{
"enabled" : true,
"atLeastOne" : false,
"config" : {
"enabled" : true,
"quotasEnabled" : true,
"uniqueApiKey" : false,
"type" : "OIDC",
"oidcConfigRef" : "some-oidc-auth-module-id",
"localVerificationOnly" : false,
"mode" : "Tmp",
"ttl" : 0,
"headerName" : "Authorization",
"throttlingQuota" : 100,
"dailyQuota" : 10000000,
"monthlyQuota" : 10000000,
"excludedPatterns" : [ ],
"scopes" : [ ],
"rolesPath" : [ ],
"roles" : [ ]
}
}
OIDC access_token validator
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.OIDCAccessTokenValidator
Description
This plugin will use the third party apikey configuration and apply it while keeping the apikey mecanism of otoroshi. Use it to combine apikey validation and OIDC access_token validation.
Default configuration
{
"enabled" : true,
"atLeastOne" : false,
"config" : {
"enabled" : true,
"quotasEnabled" : true,
"uniqueApiKey" : false,
"type" : "OIDC",
"oidcConfigRef" : "some-oidc-auth-module-id",
"localVerificationOnly" : false,
"mode" : "Tmp",
"ttl" : 0,
"headerName" : "Authorization",
"throttlingQuota" : 100,
"dailyQuota" : 10000000,
"monthlyQuota" : 10000000,
"excludedPatterns" : [ ],
"scopes" : [ ],
"rolesPath" : [ ],
"roles" : [ ]
}
}
OIDC headers
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.OIDCHeaders
Description
This plugin injects headers containing tokens and profile from current OIDC provider.
Default configuration
{
"profile" : {
"send" : false,
"headerName" : "X-OIDC-User"
},
"idToken" : {
"send" : false,
"name" : "id_token",
"headerName" : "X-OIDC-Id-Token",
"jwt" : true
},
"accessToken" : {
"send" : false,
"name" : "access_token",
"headerName" : "X-OIDC-Access-Token",
"jwt" : true
}
}
Otoroshi challenge token
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.OtoroshiChallenge
Description
This plugin adds a jwt challenge token to the request to a backend and expects a response with a matching token
Default configuration
{
"version" : "V2",
"ttl" : 30,
"request_header_name" : null,
"response_header_name" : null,
"algo_to_backend" : {
"type" : "HSAlgoSettings",
"size" : 512,
"secret" : "secret",
"base64" : false
},
"algo_from_backend" : {
"type" : "HSAlgoSettings",
"size" : 512,
"secret" : "secret",
"base64" : false
},
"state_resp_leeway" : 10
}
Otoroshi headers in
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.OtoroshiHeadersIn
Description
This plugin adds Otoroshi specific headers to the request
Otoroshi info. token
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.OtoroshiInfos
Description
This plugin adds a jwt token with informations about the caller to the backend
Default configuration
{
"version" : "Latest",
"ttl" : 30,
"header_name" : null,
"add_fields" : null,
"algo" : {
"type" : "HSAlgoSettings",
"size" : 512,
"secret" : "secret",
"base64" : false
}
}
Override host header
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.OverrideHost
Description
This plugin override the current Host header with the Host of the backend target
Public/Private paths
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.PublicPrivatePaths
Description
This plugin allows or forbid request based on path patterns
Default configuration
{
"strict" : false,
"private_patterns" : [ ],
"public_patterns" : [ ]
}
Query param transformer
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.QueryTransformer
Description
This plugin can modify the query params of the request
Default configuration
{
"remove" : [ ],
"rename" : { },
"add" : { }
}
RBAC
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.RBAC
Description
This plugin check if current user/apikey/jwt token has the right role
Default configuration
{
"allow" : [ ],
"deny" : [ ],
"allow_all" : false,
"deny_all" : false,
"jwt_path" : null,
"apikey_path" : null,
"user_path" : null,
"role_prefix" : null,
"roles" : "roles"
}
Read only requests
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.ReadOnlyCalls
Description
This plugin verifies the current request only reads data
Redirection
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.Redirection
Description
This plugin redirects the current request elsewhere
Default configuration
{
"code" : 303,
"to" : "https://www.otoroshi.io"
}
Remove headers in
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.RemoveHeadersIn
Description
This plugin removes headers in the incoming otoroshi request
Default configuration
{
"header_names" : [ ]
}
Remove headers out
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.RemoveHeadersOut
Description
This plugin removes headers in the otoroshi response
Default configuration
{
"header_names" : [ ]
}
Robots
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.Robots
Description
This plugin provides all the necessary tool to handle search engine robots
Default configuration
{
"robot_txt_enabled" : true,
"robot_txt_content" : "User-agent: *\nDisallow: /\n",
"meta_enabled" : true,
"meta_content" : "noindex,nofollow,noarchive",
"header_enabled" : true,
"header_content" : "noindex, nofollow, noarchive"
}
Routing Restrictions
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.RoutingRestrictions
Description
This plugin apply routing restriction method domain/path on the current request/route
Default configuration
{
"allow_last" : true,
"allowed" : [ ],
"forbidden" : [ ],
"not_found" : [ ]
}
S3 Static backend
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.S3Backend
Description
This plugin is able to S3 bucket with file content
Default configuration
{
"bucket" : "",
"endpoint" : "",
"region" : "eu-west-1",
"access" : "client",
"secret" : "secret",
"key" : "",
"chunkSize" : 8388608,
"v4auth" : true,
"writeEvery" : 60000,
"acl" : "private"
}
SOAP action
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.SOAPAction
Description
This plugin is able to call SOAP actions and expose it as a rest endpoint
Default configuration
{
"url" : null,
"envelope" : "<soap envelope />",
"action" : null,
"preserve_query" : true,
"charset" : null,
"jq_request_filter" : null,
"jq_response_filter" : null
}
Send otoroshi headers back
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.SendOtoroshiHeadersBack
Description
This plugin adds response header containing useful informations about the current call
Snow Monkey Chaos
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.SnowMonkeyChaos
Description
This plugin introduce some chaos into you life
Default configuration
{
"large_request_fault" : null,
"large_response_fault" : null,
"latency_injection_fault" : null,
"bad_responses_fault" : null
}
Static backend
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.StaticBackend
Description
This plugin is able to serve a static folder with file content
Default configuration
{
"root_path" : "/tmp"
}
Static Response
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.StaticResponse
Description
This plugin returns static responses
Default configuration
{
"status" : 200,
"headers" : { },
"body" : ""
}
Tailscale select target by name
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.TailscaleSelectTargetByName
Description
This plugin selects a machine instance on Tailscale network based on its name
Default configuration
{
"machine_name" : "my-machine",
"use_ip_address" : false
}
TCP Tunnel
Defined on steps
HandlesTunnel
Plugin reference
cp:otoroshi.next.plugins.TcpTunnel
Description
This plugin creates TCP tunnels through otoroshi
UDP Tunnel
Defined on steps
HandlesTunnel
Plugin reference
cp:otoroshi.next.plugins.UdpTunnel
Description
This plugin creates UDP tunnels through otoroshi
W3C Trace Context
Defined on steps
TransformRequestTransformResponse
Plugin reference
cp:otoroshi.next.plugins.W3CTracing
Description
This plugin propagates W3C Trace Context spans and can export it to Jaeger or Zipkin
Default configuration
{
"kind" : "noop",
"endpoint" : "http://localhost:3333/spans",
"timeout" : 30000,
"baggage" : { }
}
Wasm Access control
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.WasmAccessValidator
Description
Delegate route access to a wasm plugin
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Wasm Backend
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.WasmBackend
Description
This plugin can be used to use a wasm plugin as backend
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Open Policy Agent (OPA)
Defined on steps
ValidateAccess
Plugin reference
cp:otoroshi.next.plugins.WasmOPA
Description
Repo policies as WASM modules
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : true,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Wasm pre-route
Defined on steps
PreRoute
Plugin reference
cp:otoroshi.next.plugins.WasmPreRoute
Description
This plugin can be used to use a wasm plugin as in pre-route phase
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Wasm Request Transformer
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.WasmRequestTransformer
Description
Transform the content of the request with a wasm plugin
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Wasm Response Transformer
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.WasmResponseTransformer
Description
Transform the content of a response with a wasm plugin
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Wasm Route Matcher
Defined on steps
MatchRoute
Plugin reference
cp:otoroshi.next.plugins.WasmRouteMatcher
Description
This plugin can be used to use a wasm plugin as route matcher
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Wasm Router
Defined on steps
Router
Plugin reference
cp:otoroshi.next.plugins.WasmRouter
Description
Can decide for routing with a wasm plugin
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
Wasm Sink
Defined on steps
Sink
Plugin reference
cp:otoroshi.next.plugins.WasmSink
Description
Handle unmatched requests with a wasm plugin
Default configuration
{
"source" : {
"kind" : "Unknown",
"path" : "",
"opts" : { }
},
"memoryPages" : 20,
"functionName" : null,
"config" : { },
"allowedHosts" : [ ],
"allowedPaths" : { },
"wasi" : false,
"opa" : false,
"authorizations" : {
"httpAccess" : false,
"proxyHttpCallTimeout" : 5000,
"globalDataStoreAccess" : {
"read" : false,
"write" : false
},
"pluginDataStoreAccess" : {
"read" : false,
"write" : false
},
"globalMapAccess" : {
"read" : false,
"write" : false
},
"pluginMapAccess" : {
"read" : false,
"write" : false
},
"proxyStateAccess" : false,
"configurationAccess" : false
},
"instances" : 1,
"killOptions" : {
"immortal" : false,
"max_calls" : 2147483647,
"max_memory_usage" : 0,
"max_avg_call_duration" : 0,
"max_unused_duration" : 300000
}
}
X-Forwarded-* headers
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.XForwardedHeaders
Description
This plugin adds all the X-Forwarded-* headers to the request for the backend target
request body xml-to-json
Defined on steps
TransformRequest
Plugin reference
cp:otoroshi.next.plugins.XmlToJsonRequest
Description
This plugin transform incoming request body from xml to json and may apply a jq transformation
Default configuration
{
"filter" : null
}
response body xml-to-json
Defined on steps
TransformResponse
Plugin reference
cp:otoroshi.next.plugins.XmlToJsonResponse
Description
This plugin transform response body from xml to json and may apply a jq transformation
Default configuration
{
"filter" : null
}
Zip file backend
Defined on steps
CallBackend
Plugin reference
cp:otoroshi.next.plugins.ZipFileBackend
Description
Serves content from a zip file
Default configuration
{
"url" : "https://github.com/MAIF/otoroshi/releases/download/16.11.2/otoroshi-manual-16.11.2.zip",
"headers" : { },
"dir" : "./zips",
"prefix" : null,
"ttl" : 3600000
}