Support per route config for basic auth http filter

[fgouteroux]

Hi,

I would ask for an update of the basic auth http filter (https://github.com/envoyproxy/envoy/pull/30079) to support per route config.

The use case is the following, I need to disable the basic auth filter in some routes and to allow differents source of users.

Maybe something like:

routes config

routes:
# route  with basic auth users
- match: { prefix: "/users" }
  route: { cluster: my-cluster }
  typed_per_filter_config:
    envoy.filters.http.basic_auth:
      "@type": type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuthPerRoute
      name: users.htpasswd

# route with basic auth admins
- match: { prefix: "/admins" }
  route: { cluster: my-cluster }
  typed_per_filter_config:
    envoy.filters.http.basic_auth:
      "@type": type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuthPerRoute
      name: admins.htpasswd

# route with no basic auth
- match: { prefix: "/" }
  route: { cluster: my-cluster }
  typed_per_filter_config:
    envoy.filters.http.basic_auth:
      "@type": type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuthPerRoute
      disabled: true

http filters config

http_filters:
- name: envoy.filters.http.basic_auth
  typed_config:
    "@type": type.googleapis.com/envoy.extensions.filters.http.basic_auth.v3.BasicAuth
    source_users:
      users.htpasswd
        filename: /etc/envoy/users.htpasswd
      admins.htpasswd
        filename: /etc/envoy/admins.htpasswd

cc @zhaohuabing