authv3

package
v1.36.2-20240129201517... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: unknown License: Apache-2.0 Imports: 10 Imported by: 6

Documentation

Index

Constants

View Source 
const CheckResponse_DeniedResponse_case case_CheckResponse_HttpResponse = 2
View Source 
const CheckResponse_HttpResponse_not_set_case case_CheckResponse_HttpResponse = 0
View Source 
const CheckResponse_OkResponse_case case_CheckResponse_HttpResponse = 3

Variables

View Source 
var File_envoy_service_auth_v3_attribute_context_proto protoreflect.FileDescriptor
View Source 
var File_envoy_service_auth_v3_external_auth_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type AttributeContext 

type AttributeContext struct {

	// The source of a network activity, such as starting a TCP connection.
	// In a multi hop network activity, the source represents the sender of the
	// last hop.
	Source *AttributeContext_Peer `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
	// The destination of a network activity, such as accepting a TCP connection.
	// In a multi hop network activity, the destination represents the receiver of
	// the last hop.
	Destination *AttributeContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"`
	// Represents a network request, such as an HTTP request.
	Request *AttributeContext_Request `protobuf:"bytes,4,opt,name=request,proto3" json:"request,omitempty"`
	// This is analogous to http_request.headers, however these contents will not be sent to the
	// upstream server. Context_extensions provide an extension mechanism for sending additional
	// information to the auth server without modifying the proto definition. It maps to the
	// internal opaque context in the filter chain.
	ContextExtensions map[string]string `` /* 187-byte string literal not displayed */
	// Dynamic metadata associated with the request.
	MetadataContext *v3.Metadata `protobuf:"bytes,11,opt,name=metadata_context,json=metadataContext,proto3" json:"metadata_context,omitempty"`
	// Metadata associated with the selected route.
	RouteMetadataContext *v3.Metadata `protobuf:"bytes,13,opt,name=route_metadata_context,json=routeMetadataContext,proto3" json:"route_metadata_context,omitempty"`
	// TLS session details of the underlying connection.
	// This is not populated by default and will be populated if ext_authz filter's
	// :ref:`include_tls_session <config_http_filters_ext_authz>` is set to true.
	TlsSession *AttributeContext_TLSSession `protobuf:"bytes,12,opt,name=tls_session,json=tlsSession,proto3" json:"tls_session,omitempty"`
	// contains filtered or unexported fields
}

An attribute is a piece of metadata that describes an activity on a network. For example, the size of an HTTP request, or the status code of an HTTP response.

Each attribute has a type and a name, which is logically defined as a proto message field of the “AttributeContext“. The “AttributeContext“ is a collection of individual attributes supported by Envoy authorization system. [#comment: The following items are left out of this proto Request.Auth field for jwt tokens Request.Api for api management Origin peer that originated the request Caching Protocol request_context return values to inject back into the filter chain peer.claims -- from X.509 extensions Configuration - field mask to send - which return values from request_context are copied back - which return values are copied into request_headers] [#next-free-field: 14]

func (*AttributeContext) ClearDestination 

func (x *AttributeContext) ClearDestination()

func (*AttributeContext) ClearMetadataContext 

func (x *AttributeContext) ClearMetadataContext()

func (*AttributeContext) ClearRequest 

func (x *AttributeContext) ClearRequest()

func (*AttributeContext) ClearRouteMetadataContext 

func (x *AttributeContext) ClearRouteMetadataContext()

func (*AttributeContext) ClearSource 

func (x *AttributeContext) ClearSource()

func (*AttributeContext) ClearTlsSession 

func (x *AttributeContext) ClearTlsSession()

func (*AttributeContext) GetContextExtensions 

func (x *AttributeContext) GetContextExtensions() map[string]string

func (*AttributeContext) GetDestination 

func (x *AttributeContext) GetDestination() *AttributeContext_Peer

func (*AttributeContext) GetMetadataContext 

func (x *AttributeContext) GetMetadataContext() *v3.Metadata

func (*AttributeContext) GetRequest 

func (x *AttributeContext) GetRequest() *AttributeContext_Request

func (*AttributeContext) GetRouteMetadataContext 

func (x *AttributeContext) GetRouteMetadataContext() *v3.Metadata

func (*AttributeContext) GetSource 

func (x *AttributeContext) GetSource() *AttributeContext_Peer

func (*AttributeContext) GetTlsSession 

func (x *AttributeContext) GetTlsSession() *AttributeContext_TLSSession

func (*AttributeContext) HasDestination 

func (x *AttributeContext) HasDestination() bool

func (*AttributeContext) HasMetadataContext 

func (x *AttributeContext) HasMetadataContext() bool

func (*AttributeContext) HasRequest 

func (x *AttributeContext) HasRequest() bool

func (*AttributeContext) HasRouteMetadataContext 

func (x *AttributeContext) HasRouteMetadataContext() bool

func (*AttributeContext) HasSource 

func (x *AttributeContext) HasSource() bool

func (*AttributeContext) HasTlsSession 

func (x *AttributeContext) HasTlsSession() bool

func (*AttributeContext) ProtoMessage 

func (*AttributeContext) ProtoMessage()

func (*AttributeContext) ProtoReflect 

func (x *AttributeContext) ProtoReflect() protoreflect.Message

func (*AttributeContext) Reset 

func (x *AttributeContext) Reset()

func (*AttributeContext) SetContextExtensions 

func (x *AttributeContext) SetContextExtensions(v map[string]string)

func (*AttributeContext) SetDestination 

func (x *AttributeContext) SetDestination(v *AttributeContext_Peer)

func (*AttributeContext) SetMetadataContext 

func (x *AttributeContext) SetMetadataContext(v *v3.Metadata)

func (*AttributeContext) SetRequest 

func (x *AttributeContext) SetRequest(v *AttributeContext_Request)

func (*AttributeContext) SetRouteMetadataContext 

func (x *AttributeContext) SetRouteMetadataContext(v *v3.Metadata)

func (*AttributeContext) SetSource 

func (x *AttributeContext) SetSource(v *AttributeContext_Peer)

func (*AttributeContext) SetTlsSession 

func (x *AttributeContext) SetTlsSession(v *AttributeContext_TLSSession)

func (*AttributeContext) String 

func (x *AttributeContext) String() string

type AttributeContext_HttpRequest 

type AttributeContext_HttpRequest struct {

	// The unique ID for a request, which can be propagated to downstream
	// systems. The ID should have low probability of collision
	// within a single day for a specific service.
	// For HTTP requests, it should be X-Request-ID or equivalent.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// The HTTP request method, such as “GET“, “POST“.
	Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"`
	// The HTTP request headers. If multiple headers share the same key, they
	// must be merged according to the HTTP spec. All header keys must be
	// lower-cased, because HTTP header keys are case-insensitive.
	Headers map[string]string `` /* 141-byte string literal not displayed */
	// The request target, as it appears in the first line of the HTTP request. This includes
	// the URL path and query-string. No decoding is performed.
	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
	// The HTTP request “Host“ or “:authority“ header value.
	Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"`
	// The HTTP URL scheme, such as “http“ and “https“.
	Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The HTTP URL query is
	// included in “path“ field.
	Query string `protobuf:"bytes,7,opt,name=query,proto3" json:"query,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The URL fragment is
	// not submitted as part of HTTP requests; it is unknowable.
	Fragment string `protobuf:"bytes,8,opt,name=fragment,proto3" json:"fragment,omitempty"`
	// The HTTP request size in bytes. If unknown, it must be -1.
	Size int64 `protobuf:"varint,9,opt,name=size,proto3" json:"size,omitempty"`
	// The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2".
	//
	// See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all
	// possible values.
	Protocol string `protobuf:"bytes,10,opt,name=protocol,proto3" json:"protocol,omitempty"`
	// The HTTP request body.
	Body string `protobuf:"bytes,11,opt,name=body,proto3" json:"body,omitempty"`
	// The HTTP request body in bytes. This is used instead of
	// :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when
	// :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>`
	// is set to true.
	RawBody []byte `protobuf:"bytes,12,opt,name=raw_body,json=rawBody,proto3" json:"raw_body,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for an HTTP request. HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests. [#next-free-field: 13]

func (*AttributeContext_HttpRequest) GetBody 

func (x *AttributeContext_HttpRequest) GetBody() string

func (*AttributeContext_HttpRequest) GetFragment 

func (x *AttributeContext_HttpRequest) GetFragment() string

func (*AttributeContext_HttpRequest) GetHeaders 

func (x *AttributeContext_HttpRequest) GetHeaders() map[string]string

func (*AttributeContext_HttpRequest) GetHost 

func (x *AttributeContext_HttpRequest) GetHost() string

func (*AttributeContext_HttpRequest) GetId 

func (x *AttributeContext_HttpRequest) GetId() string

func (*AttributeContext_HttpRequest) GetMethod 

func (x *AttributeContext_HttpRequest) GetMethod() string

func (*AttributeContext_HttpRequest) GetPath 

func (x *AttributeContext_HttpRequest) GetPath() string

func (*AttributeContext_HttpRequest) GetProtocol 

func (x *AttributeContext_HttpRequest) GetProtocol() string

func (*AttributeContext_HttpRequest) GetQuery 

func (x *AttributeContext_HttpRequest) GetQuery() string

func (*AttributeContext_HttpRequest) GetRawBody 

func (x *AttributeContext_HttpRequest) GetRawBody() []byte

func (*AttributeContext_HttpRequest) GetScheme 

func (x *AttributeContext_HttpRequest) GetScheme() string

func (*AttributeContext_HttpRequest) GetSize 

func (x *AttributeContext_HttpRequest) GetSize() int64

func (*AttributeContext_HttpRequest) ProtoMessage 

func (*AttributeContext_HttpRequest) ProtoMessage()

func (*AttributeContext_HttpRequest) ProtoReflect 

func (x *AttributeContext_HttpRequest) ProtoReflect() protoreflect.Message

func (*AttributeContext_HttpRequest) Reset 

func (x *AttributeContext_HttpRequest) Reset()

func (*AttributeContext_HttpRequest) SetBody 

func (x *AttributeContext_HttpRequest) SetBody(v string)

func (*AttributeContext_HttpRequest) SetFragment 

func (x *AttributeContext_HttpRequest) SetFragment(v string)

func (*AttributeContext_HttpRequest) SetHeaders 

func (x *AttributeContext_HttpRequest) SetHeaders(v map[string]string)

func (*AttributeContext_HttpRequest) SetHost 

func (x *AttributeContext_HttpRequest) SetHost(v string)

func (*AttributeContext_HttpRequest) SetId 

func (x *AttributeContext_HttpRequest) SetId(v string)

func (*AttributeContext_HttpRequest) SetMethod 

func (x *AttributeContext_HttpRequest) SetMethod(v string)

func (*AttributeContext_HttpRequest) SetPath 

func (x *AttributeContext_HttpRequest) SetPath(v string)

func (*AttributeContext_HttpRequest) SetProtocol 

func (x *AttributeContext_HttpRequest) SetProtocol(v string)

func (*AttributeContext_HttpRequest) SetQuery 

func (x *AttributeContext_HttpRequest) SetQuery(v string)

func (*AttributeContext_HttpRequest) SetRawBody 

func (x *AttributeContext_HttpRequest) SetRawBody(v []byte)

func (*AttributeContext_HttpRequest) SetScheme 

func (x *AttributeContext_HttpRequest) SetScheme(v string)

func (*AttributeContext_HttpRequest) SetSize 

func (x *AttributeContext_HttpRequest) SetSize(v int64)

func (*AttributeContext_HttpRequest) String 

func (x *AttributeContext_HttpRequest) String() string

type AttributeContext_HttpRequest_builder 

type AttributeContext_HttpRequest_builder struct {

	// The unique ID for a request, which can be propagated to downstream
	// systems. The ID should have low probability of collision
	// within a single day for a specific service.
	// For HTTP requests, it should be X-Request-ID or equivalent.
	Id string
	// The HTTP request method, such as “GET“, “POST“.
	Method string
	// The HTTP request headers. If multiple headers share the same key, they
	// must be merged according to the HTTP spec. All header keys must be
	// lower-cased, because HTTP header keys are case-insensitive.
	Headers map[string]string
	// The request target, as it appears in the first line of the HTTP request. This includes
	// the URL path and query-string. No decoding is performed.
	Path string
	// The HTTP request “Host“ or “:authority“ header value.
	Host string
	// The HTTP URL scheme, such as “http“ and “https“.
	Scheme string
	// This field is always empty, and exists for compatibility reasons. The HTTP URL query is
	// included in “path“ field.
	Query string
	// This field is always empty, and exists for compatibility reasons. The URL fragment is
	// not submitted as part of HTTP requests; it is unknowable.
	Fragment string
	// The HTTP request size in bytes. If unknown, it must be -1.
	Size int64
	// The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2".
	//
	// See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all
	// possible values.
	Protocol string
	// The HTTP request body.
	Body string
	// The HTTP request body in bytes. This is used instead of
	// :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when
	// :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>`
	// is set to true.
	RawBody []byte
	// contains filtered or unexported fields
}

func (AttributeContext_HttpRequest_builder) Build 

func (b0 AttributeContext_HttpRequest_builder) Build() *AttributeContext_HttpRequest

type AttributeContext_Peer 

type AttributeContext_Peer struct {

	// The address of the peer, this is typically the IP address.
	// It can also be UDS path, or others.
	Address *v3.Address `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// The canonical service name of the peer.
	// It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster
	// <config_http_conn_man_headers_downstream-service-cluster>`
	// If a more trusted source of the service name is available through mTLS/secure naming, it
	// should be used.
	Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
	// The labels associated with the peer.
	// These could be pod labels for Kubernetes or tags for VMs.
	// The source of the labels could be an X.509 certificate or other configuration.
	Labels map[string]string `` /* 139-byte string literal not displayed */
	// The authenticated identity of this peer.
	// For example, the identity associated with the workload such as a service account.
	// If an X.509 certificate is used to assert the identity this field should be sourced from
	// “URI Subject Alternative Names“, “DNS Subject Alternate Names“ or “Subject“ in that order.
	// The primary identity should be the principal. The principal format is issuer specific.
	//
	// Examples:
	//
	// - SPIFFE format is “spiffe://trust-domain/path“.
	// - Google account format is “https://accounts.google.com/{userid}“.
	Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"`
	// The X.509 certificate used to authenticate the identify of this peer.
	// When present, the certificate contents are encoded in URL and PEM format.
	Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in the “service“, “principal“, and “labels“ as appropriate. [#next-free-field: 6]

func (*AttributeContext_Peer) ClearAddress 

func (x *AttributeContext_Peer) ClearAddress()

func (*AttributeContext_Peer) GetAddress 

func (x *AttributeContext_Peer) GetAddress() *v3.Address

func (*AttributeContext_Peer) GetCertificate 

func (x *AttributeContext_Peer) GetCertificate() string

func (*AttributeContext_Peer) GetLabels 

func (x *AttributeContext_Peer) GetLabels() map[string]string

func (*AttributeContext_Peer) GetPrincipal 

func (x *AttributeContext_Peer) GetPrincipal() string

func (*AttributeContext_Peer) GetService 

func (x *AttributeContext_Peer) GetService() string

func (*AttributeContext_Peer) HasAddress 

func (x *AttributeContext_Peer) HasAddress() bool

func (*AttributeContext_Peer) ProtoMessage 

func (*AttributeContext_Peer) ProtoMessage()

func (*AttributeContext_Peer) ProtoReflect 

func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message

func (*AttributeContext_Peer) Reset 

func (x *AttributeContext_Peer) Reset()

func (*AttributeContext_Peer) SetAddress 

func (x *AttributeContext_Peer) SetAddress(v *v3.Address)

func (*AttributeContext_Peer) SetCertificate 

func (x *AttributeContext_Peer) SetCertificate(v string)

func (*AttributeContext_Peer) SetLabels 

func (x *AttributeContext_Peer) SetLabels(v map[string]string)

func (*AttributeContext_Peer) SetPrincipal 

func (x *AttributeContext_Peer) SetPrincipal(v string)

func (*AttributeContext_Peer) SetService 

func (x *AttributeContext_Peer) SetService(v string)

func (*AttributeContext_Peer) String 

func (x *AttributeContext_Peer) String() string

type AttributeContext_Peer_builder 

type AttributeContext_Peer_builder struct {

	// The address of the peer, this is typically the IP address.
	// It can also be UDS path, or others.
	Address *v3.Address
	// The canonical service name of the peer.
	// It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster
	// <config_http_conn_man_headers_downstream-service-cluster>`
	// If a more trusted source of the service name is available through mTLS/secure naming, it
	// should be used.
	Service string
	// The labels associated with the peer.
	// These could be pod labels for Kubernetes or tags for VMs.
	// The source of the labels could be an X.509 certificate or other configuration.
	Labels map[string]string
	// The authenticated identity of this peer.
	// For example, the identity associated with the workload such as a service account.
	// If an X.509 certificate is used to assert the identity this field should be sourced from
	// “URI Subject Alternative Names“, “DNS Subject Alternate Names“ or “Subject“ in that order.
	// The primary identity should be the principal. The principal format is issuer specific.
	//
	// Examples:
	//
	// - SPIFFE format is “spiffe://trust-domain/path“.
	// - Google account format is “https://accounts.google.com/{userid}“.
	Principal string
	// The X.509 certificate used to authenticate the identify of this peer.
	// When present, the certificate contents are encoded in URL and PEM format.
	Certificate string
	// contains filtered or unexported fields
}

func (AttributeContext_Peer_builder) Build 

func (b0 AttributeContext_Peer_builder) Build() *AttributeContext_Peer

type AttributeContext_Request 

type AttributeContext_Request struct {

	// The timestamp when the proxy receives the first byte of the request.
	Time *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=time,proto3" json:"time,omitempty"`
	// Represents an HTTP request or an HTTP-like request.
	Http *AttributeContext_HttpRequest `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"`
	// contains filtered or unexported fields
}

Represents a network request, such as an HTTP request.

func (*AttributeContext_Request) ClearHttp 

func (x *AttributeContext_Request) ClearHttp()

func (*AttributeContext_Request) ClearTime 

func (x *AttributeContext_Request) ClearTime()

func (*AttributeContext_Request) GetHttp 

func (x *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest

func (*AttributeContext_Request) GetTime 

func (x *AttributeContext_Request) GetTime() *timestamppb.Timestamp

func (*AttributeContext_Request) HasHttp 

func (x *AttributeContext_Request) HasHttp() bool

func (*AttributeContext_Request) HasTime 

func (x *AttributeContext_Request) HasTime() bool

func (*AttributeContext_Request) ProtoMessage 

func (*AttributeContext_Request) ProtoMessage()

func (*AttributeContext_Request) ProtoReflect 

func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message

func (*AttributeContext_Request) Reset 

func (x *AttributeContext_Request) Reset()

func (*AttributeContext_Request) SetHttp 

func (x *AttributeContext_Request) SetHttp(v *AttributeContext_HttpRequest)

func (*AttributeContext_Request) SetTime 

func (x *AttributeContext_Request) SetTime(v *timestamppb.Timestamp)

func (*AttributeContext_Request) String 

func (x *AttributeContext_Request) String() string

type AttributeContext_Request_builder 

type AttributeContext_Request_builder struct {

	// The timestamp when the proxy receives the first byte of the request.
	Time *timestamppb.Timestamp
	// Represents an HTTP request or an HTTP-like request.
	Http *AttributeContext_HttpRequest
	// contains filtered or unexported fields
}

func (AttributeContext_Request_builder) Build 

func (b0 AttributeContext_Request_builder) Build() *AttributeContext_Request

type AttributeContext_TLSSession 

type AttributeContext_TLSSession struct {

	// SNI used for TLS session.
	Sni string `protobuf:"bytes,1,opt,name=sni,proto3" json:"sni,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for the underlying TLS session.

func (*AttributeContext_TLSSession) GetSni 

func (x *AttributeContext_TLSSession) GetSni() string

func (*AttributeContext_TLSSession) ProtoMessage 

func (*AttributeContext_TLSSession) ProtoMessage()

func (*AttributeContext_TLSSession) ProtoReflect 

func (x *AttributeContext_TLSSession) ProtoReflect() protoreflect.Message

func (*AttributeContext_TLSSession) Reset 

func (x *AttributeContext_TLSSession) Reset()

func (*AttributeContext_TLSSession) SetSni 

func (x *AttributeContext_TLSSession) SetSni(v string)

func (*AttributeContext_TLSSession) String 

func (x *AttributeContext_TLSSession) String() string

type AttributeContext_TLSSession_builder 

type AttributeContext_TLSSession_builder struct {

	// SNI used for TLS session.
	Sni string
	// contains filtered or unexported fields
}

func (AttributeContext_TLSSession_builder) Build 

func (b0 AttributeContext_TLSSession_builder) Build() *AttributeContext_TLSSession

type AttributeContext_builder 

type AttributeContext_builder struct {

	// The source of a network activity, such as starting a TCP connection.
	// In a multi hop network activity, the source represents the sender of the
	// last hop.
	Source *AttributeContext_Peer
	// The destination of a network activity, such as accepting a TCP connection.
	// In a multi hop network activity, the destination represents the receiver of
	// the last hop.
	Destination *AttributeContext_Peer
	// Represents a network request, such as an HTTP request.
	Request *AttributeContext_Request
	// This is analogous to http_request.headers, however these contents will not be sent to the
	// upstream server. Context_extensions provide an extension mechanism for sending additional
	// information to the auth server without modifying the proto definition. It maps to the
	// internal opaque context in the filter chain.
	ContextExtensions map[string]string
	// Dynamic metadata associated with the request.
	MetadataContext *v3.Metadata
	// Metadata associated with the selected route.
	RouteMetadataContext *v3.Metadata
	// TLS session details of the underlying connection.
	// This is not populated by default and will be populated if ext_authz filter's
	// :ref:`include_tls_session <config_http_filters_ext_authz>` is set to true.
	TlsSession *AttributeContext_TLSSession
	// contains filtered or unexported fields
}

func (AttributeContext_builder) Build 

func (b0 AttributeContext_builder) Build() *AttributeContext

type CheckRequest 

type CheckRequest struct {

	// The request attributes.
	Attributes *AttributeContext `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"`
	// contains filtered or unexported fields
}

func (*CheckRequest) ClearAttributes 

func (x *CheckRequest) ClearAttributes()

func (*CheckRequest) GetAttributes 

func (x *CheckRequest) GetAttributes() *AttributeContext

func (*CheckRequest) HasAttributes 

func (x *CheckRequest) HasAttributes() bool

func (*CheckRequest) ProtoMessage 

func (*CheckRequest) ProtoMessage()

func (*CheckRequest) ProtoReflect 

func (x *CheckRequest) ProtoReflect() protoreflect.Message

func (*CheckRequest) Reset 

func (x *CheckRequest) Reset()

func (*CheckRequest) SetAttributes 

func (x *CheckRequest) SetAttributes(v *AttributeContext)

func (*CheckRequest) String 

func (x *CheckRequest) String() string

type CheckRequest_builder 

type CheckRequest_builder struct {

	// The request attributes.
	Attributes *AttributeContext
	// contains filtered or unexported fields
}

func (CheckRequest_builder) Build 

func (b0 CheckRequest_builder) Build() *CheckRequest

type CheckResponse 

type CheckResponse struct {

	// Status “OK“ allows the request. Any other status indicates the request should be denied, and
	// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
	// Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *status.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// An message that contains HTTP response attributes. This message is
	// used when the authorization service needs to send custom responses to the
	// downstream client or, to modify/add request headers being dispatched to the upstream.
	//
	// Types that are valid to be assigned to HttpResponse:
	//
	//	*CheckResponse_DeniedResponse
	//	*CheckResponse_OkResponse
	HttpResponse isCheckResponse_HttpResponse `protobuf_oneof:"http_response"`
	// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
	// filter. This metadata lives in a namespace specified by the canonical name of extension filter
	// that requires it:
	//
	// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
	// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
	DynamicMetadata *structpb.Struct `protobuf:"bytes,4,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// contains filtered or unexported fields
}

Intended for gRPC and Network Authorization servers “only“.

func (*CheckResponse) ClearDeniedResponse 

func (x *CheckResponse) ClearDeniedResponse()

func (*CheckResponse) ClearDynamicMetadata 

func (x *CheckResponse) ClearDynamicMetadata()

func (*CheckResponse) ClearHttpResponse 

func (x *CheckResponse) ClearHttpResponse()

func (*CheckResponse) ClearOkResponse 

func (x *CheckResponse) ClearOkResponse()

func (*CheckResponse) ClearStatus 

func (x *CheckResponse) ClearStatus()

func (*CheckResponse) GetDeniedResponse 

func (x *CheckResponse) GetDeniedResponse() *DeniedHttpResponse

func (*CheckResponse) GetDynamicMetadata 

func (x *CheckResponse) GetDynamicMetadata() *structpb.Struct

func (*CheckResponse) GetHttpResponse 

func (x *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse

func (*CheckResponse) GetOkResponse 

func (x *CheckResponse) GetOkResponse() *OkHttpResponse

func (*CheckResponse) GetStatus 

func (x *CheckResponse) GetStatus() *status.Status

func (*CheckResponse) HasDeniedResponse 

func (x *CheckResponse) HasDeniedResponse() bool

func (*CheckResponse) HasDynamicMetadata 

func (x *CheckResponse) HasDynamicMetadata() bool

func (*CheckResponse) HasHttpResponse 

func (x *CheckResponse) HasHttpResponse() bool

func (*CheckResponse) HasOkResponse 

func (x *CheckResponse) HasOkResponse() bool

func (*CheckResponse) HasStatus 

func (x *CheckResponse) HasStatus() bool

func (*CheckResponse) ProtoMessage 

func (*CheckResponse) ProtoMessage()

func (*CheckResponse) ProtoReflect 

func (x *CheckResponse) ProtoReflect() protoreflect.Message

func (*CheckResponse) Reset 

func (x *CheckResponse) Reset()

func (*CheckResponse) SetDeniedResponse 

func (x *CheckResponse) SetDeniedResponse(v *DeniedHttpResponse)

func (*CheckResponse) SetDynamicMetadata 

func (x *CheckResponse) SetDynamicMetadata(v *structpb.Struct)

func (*CheckResponse) SetOkResponse 

func (x *CheckResponse) SetOkResponse(v *OkHttpResponse)

func (*CheckResponse) SetStatus 

func (x *CheckResponse) SetStatus(v *status.Status)

func (*CheckResponse) String 

func (x *CheckResponse) String() string

func (*CheckResponse) WhichHttpResponse 

func (x *CheckResponse) WhichHttpResponse() case_CheckResponse_HttpResponse

type CheckResponse_DeniedResponse 

type CheckResponse_DeniedResponse struct {
	// Supplies http attributes for a denied response.
	DeniedResponse *DeniedHttpResponse `protobuf:"bytes,2,opt,name=denied_response,json=deniedResponse,proto3,oneof"`
}

type CheckResponse_OkResponse 

type CheckResponse_OkResponse struct {
	// Supplies http attributes for an ok response.
	OkResponse *OkHttpResponse `protobuf:"bytes,3,opt,name=ok_response,json=okResponse,proto3,oneof"`
}

type CheckResponse_builder 

type CheckResponse_builder struct {

	// Status “OK“ allows the request. Any other status indicates the request should be denied, and
	// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
	// Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *status.Status

	// Fields of oneof HttpResponse:
	// Supplies http attributes for a denied response.
	DeniedResponse *DeniedHttpResponse
	// Supplies http attributes for an ok response.
	OkResponse *OkHttpResponse
	// -- end of HttpResponse
	// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
	// filter. This metadata lives in a namespace specified by the canonical name of extension filter
	// that requires it:
	//
	// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
	// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
	DynamicMetadata *structpb.Struct
	// contains filtered or unexported fields
}

func (CheckResponse_builder) Build 

func (b0 CheckResponse_builder) Build() *CheckResponse

type DeniedHttpResponse 

type DeniedHttpResponse struct {

	// This field allows the authorization service to send an HTTP response status code to the
	// downstream client. If not set, Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *v3.HttpStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// This field allows the authorization service to send a response body data
	// to the downstream client.
	Body string `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"`
	// contains filtered or unexported fields
}

HTTP attributes for a denied response.

func (*DeniedHttpResponse) ClearStatus 

func (x *DeniedHttpResponse) ClearStatus()

func (*DeniedHttpResponse) GetBody 

func (x *DeniedHttpResponse) GetBody() string

func (*DeniedHttpResponse) GetHeaders 

func (x *DeniedHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*DeniedHttpResponse) GetStatus 

func (x *DeniedHttpResponse) GetStatus() *v3.HttpStatus

func (*DeniedHttpResponse) HasStatus 

func (x *DeniedHttpResponse) HasStatus() bool

func (*DeniedHttpResponse) ProtoMessage 

func (*DeniedHttpResponse) ProtoMessage()

func (*DeniedHttpResponse) ProtoReflect 

func (x *DeniedHttpResponse) ProtoReflect() protoreflect.Message

func (*DeniedHttpResponse) Reset 

func (x *DeniedHttpResponse) Reset()

func (*DeniedHttpResponse) SetBody 

func (x *DeniedHttpResponse) SetBody(v string)

func (*DeniedHttpResponse) SetHeaders 

func (x *DeniedHttpResponse) SetHeaders(v []*v31.HeaderValueOption)

func (*DeniedHttpResponse) SetStatus 

func (x *DeniedHttpResponse) SetStatus(v *v3.HttpStatus)

func (*DeniedHttpResponse) String 

func (x *DeniedHttpResponse) String() string

type DeniedHttpResponse_builder 

type DeniedHttpResponse_builder struct {

	// This field allows the authorization service to send an HTTP response status code to the
	// downstream client. If not set, Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *v3.HttpStatus
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message.
	Headers []*v31.HeaderValueOption
	// This field allows the authorization service to send a response body data
	// to the downstream client.
	Body string
	// contains filtered or unexported fields
}

func (DeniedHttpResponse_builder) Build 

func (b0 DeniedHttpResponse_builder) Build() *DeniedHttpResponse

type OkHttpResponse 

type OkHttpResponse struct {

	// HTTP entity headers in addition to the original request headers. This allows the authorization
	// service to append, to add or to override headers from the original request before
	// dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message. By setting the “append“ field to “true“,
	// the filter will append the correspondent header value to the matched request header.
	// By leaving “append“ as false, the filter will either add a new header, or override an existing
	// one if there is a match.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// HTTP entity headers to remove from the original request before dispatching
	// it to the upstream. This allows the authorization service to act on auth
	// related headers (like “Authorization“), process them, and consume them.
	// Under this model, the upstream will either receive the request (if it's
	// authorized) or not receive it (if it's not), but will not see headers
	// containing authorization credentials.
	//
	// Pseudo headers (such as “:authority“, “:method“, “:path“ etc), as well as
	// the header “Host“, may not be removed as that would make the request
	// malformed. If mentioned in “headers_to_remove“ these special headers will
	// be ignored.
	//
	// When using the HTTP service this must instead be set by the HTTP
	// authorization service as a comma separated list like so:
	// “x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header“.
	HeadersToRemove []string `protobuf:"bytes,5,rep,name=headers_to_remove,json=headersToRemove,proto3" json:"headers_to_remove,omitempty"`
	// This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
	// setting this field overrides :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
	//
	// Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.
	DynamicMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
	// defaults to false when used in this message.
	ResponseHeadersToAdd []*v31.HeaderValueOption `protobuf:"bytes,6,rep,name=response_headers_to_add,json=responseHeadersToAdd,proto3" json:"response_headers_to_add,omitempty"`
	// This field allows the authorization service to set (and overwrite) query
	// string parameters on the original request before it is sent upstream.
	QueryParametersToSet []*v31.QueryParameter `protobuf:"bytes,7,rep,name=query_parameters_to_set,json=queryParametersToSet,proto3" json:"query_parameters_to_set,omitempty"`
	// This field allows the authorization service to specify which query parameters
	// should be removed from the original request before it is sent upstream. Each
	// element in this list is a case-sensitive query parameter name to be removed.
	QueryParametersToRemove []string `` /* 134-byte string literal not displayed */
	// contains filtered or unexported fields
}

HTTP attributes for an OK response. [#next-free-field: 9]

func (*OkHttpResponse) ClearDynamicMetadata deprecated 

func (x *OkHttpResponse) ClearDynamicMetadata()

Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.

func (*OkHttpResponse) GetDynamicMetadata deprecated 

func (x *OkHttpResponse) GetDynamicMetadata() *structpb.Struct

Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.

func (*OkHttpResponse) GetHeaders 

func (x *OkHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*OkHttpResponse) GetHeadersToRemove 

func (x *OkHttpResponse) GetHeadersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToRemove 

func (x *OkHttpResponse) GetQueryParametersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToSet 

func (x *OkHttpResponse) GetQueryParametersToSet() []*v31.QueryParameter

func (*OkHttpResponse) GetResponseHeadersToAdd 

func (x *OkHttpResponse) GetResponseHeadersToAdd() []*v31.HeaderValueOption

func (*OkHttpResponse) HasDynamicMetadata deprecated 

func (x *OkHttpResponse) HasDynamicMetadata() bool

Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.

func (*OkHttpResponse) ProtoMessage 

func (*OkHttpResponse) ProtoMessage()

func (*OkHttpResponse) ProtoReflect 

func (x *OkHttpResponse) ProtoReflect() protoreflect.Message

func (*OkHttpResponse) Reset 

func (x *OkHttpResponse) Reset()

func (*OkHttpResponse) SetDynamicMetadata deprecated 

func (x *OkHttpResponse) SetDynamicMetadata(v *structpb.Struct)

Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.

func (*OkHttpResponse) SetHeaders 

func (x *OkHttpResponse) SetHeaders(v []*v31.HeaderValueOption)

func (*OkHttpResponse) SetHeadersToRemove 

func (x *OkHttpResponse) SetHeadersToRemove(v []string)

func (*OkHttpResponse) SetQueryParametersToRemove 

func (x *OkHttpResponse) SetQueryParametersToRemove(v []string)

func (*OkHttpResponse) SetQueryParametersToSet 

func (x *OkHttpResponse) SetQueryParametersToSet(v []*v31.QueryParameter)

func (*OkHttpResponse) SetResponseHeadersToAdd 

func (x *OkHttpResponse) SetResponseHeadersToAdd(v []*v31.HeaderValueOption)

func (*OkHttpResponse) String 

func (x *OkHttpResponse) String() string

type OkHttpResponse_builder 

type OkHttpResponse_builder struct {

	// HTTP entity headers in addition to the original request headers. This allows the authorization
	// service to append, to add or to override headers from the original request before
	// dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message. By setting the “append“ field to “true“,
	// the filter will append the correspondent header value to the matched request header.
	// By leaving “append“ as false, the filter will either add a new header, or override an existing
	// one if there is a match.
	Headers []*v31.HeaderValueOption
	// HTTP entity headers to remove from the original request before dispatching
	// it to the upstream. This allows the authorization service to act on auth
	// related headers (like “Authorization“), process them, and consume them.
	// Under this model, the upstream will either receive the request (if it's
	// authorized) or not receive it (if it's not), but will not see headers
	// containing authorization credentials.
	//
	// Pseudo headers (such as “:authority“, “:method“, “:path“ etc), as well as
	// the header “Host“, may not be removed as that would make the request
	// malformed. If mentioned in “headers_to_remove“ these special headers will
	// be ignored.
	//
	// When using the HTTP service this must instead be set by the HTTP
	// authorization service as a comma separated list like so:
	// “x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header“.
	HeadersToRemove []string
	// This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
	// setting this field overrides :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
	//
	// Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.
	DynamicMetadata *structpb.Struct
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
	// defaults to false when used in this message.
	ResponseHeadersToAdd []*v31.HeaderValueOption
	// This field allows the authorization service to set (and overwrite) query
	// string parameters on the original request before it is sent upstream.
	QueryParametersToSet []*v31.QueryParameter
	// This field allows the authorization service to specify which query parameters
	// should be removed from the original request before it is sent upstream. Each
	// element in this list is a case-sensitive query parameter name to be removed.
	QueryParametersToRemove []string
	// contains filtered or unexported fields
}

func (OkHttpResponse_builder) Build 

func (b0 OkHttpResponse_builder) Build() *OkHttpResponse

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.