v1

package
v0.20.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2019 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source
const ExtAuthConfigType = cache.TypePrefix + "/enterprise.gloo.solo.io.ExtAuthConfig"

Variables

View Source
var (
	AuthConfigCrd = crd.NewCrd(
		"authconfigs",
		AuthConfigGVK.Group,
		AuthConfigGVK.Version,
		AuthConfigGVK.Kind,
		"ac",
		false,
		&AuthConfig{})
)
View Source
var (
	AuthConfigGVK = schema.GroupVersionKind{
		Version: "v1",
		Group:   "enterprise.gloo.solo.io",
		Kind:    "AuthConfig",
	}
)
View Source
var ExtAuthConfigTypeRecord = client.NewTypeRecord(
	ExtAuthConfigType,

	func() cache.ResourceProto { return &ExtAuthConfig{} },

	func(r cache.ResourceProto) cache.Resource {
		return &ExtAuthConfigXdsResourceWrapper{Resource: r.(*ExtAuthConfig)}
	},
)

Define a type record. This is used by the generic client library.

Functions

func NewExtAuthConfigClient

func NewExtAuthConfigClient(nodeinfo *core.Node, typedApply ApplyExtAuthConfig) client.Client

func RegisterExtAuthDiscoveryServiceServer

func RegisterExtAuthDiscoveryServiceServer(s *grpc.Server, srv ExtAuthDiscoveryServiceServer)

Types

type ApiKeyAuth

type ApiKeyAuth struct {
	// identify all valid apikey secrets using the provided label selector.
	// apikey secrets must be in gloo's watch namespaces for gloo to locate them
	LabelSelector map[string]string `` /* 188-byte string literal not displayed */
	// a way to reference apikey secrets individually (good for testing); prefer apikey groups via label selector
	ApiKeySecretRefs     []*core.ResourceRef `protobuf:"bytes,2,rep,name=api_key_secret_refs,json=apiKeySecretRefs,proto3" json:"api_key_secret_refs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

func (*ApiKeyAuth) Descriptor

func (*ApiKeyAuth) Descriptor() ([]byte, []int)

func (*ApiKeyAuth) Equal

func (this *ApiKeyAuth) Equal(that interface{}) bool

func (*ApiKeyAuth) GetApiKeySecretRefs

func (m *ApiKeyAuth) GetApiKeySecretRefs() []*core.ResourceRef

func (*ApiKeyAuth) GetLabelSelector

func (m *ApiKeyAuth) GetLabelSelector() map[string]string

func (*ApiKeyAuth) ProtoMessage

func (*ApiKeyAuth) ProtoMessage()

func (*ApiKeyAuth) Reset

func (m *ApiKeyAuth) Reset()

func (*ApiKeyAuth) String

func (m *ApiKeyAuth) String() string

func (*ApiKeyAuth) XXX_DiscardUnknown

func (m *ApiKeyAuth) XXX_DiscardUnknown()

func (*ApiKeyAuth) XXX_Marshal

func (m *ApiKeyAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ApiKeyAuth) XXX_Merge

func (m *ApiKeyAuth) XXX_Merge(src proto.Message)

func (*ApiKeyAuth) XXX_Size

func (m *ApiKeyAuth) XXX_Size() int

func (*ApiKeyAuth) XXX_Unmarshal

func (m *ApiKeyAuth) XXX_Unmarshal(b []byte) error

type ApiKeySecret

type ApiKeySecret struct {
	// if true, generate an apikey
	GenerateApiKey bool `protobuf:"varint,1,opt,name=generate_api_key,json=generateApiKey,proto3" json:"generate_api_key,omitempty"`
	// if present, use the provided apikey
	ApiKey string `protobuf:"bytes,2,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"`
	// a list of labels (key=value) for the apikey secret.
	// virtual services may look for these labels using a provided label selector
	Labels               []string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ApiKeySecret) Descriptor

func (*ApiKeySecret) Descriptor() ([]byte, []int)

func (*ApiKeySecret) Equal

func (this *ApiKeySecret) Equal(that interface{}) bool

func (*ApiKeySecret) GetApiKey

func (m *ApiKeySecret) GetApiKey() string

func (*ApiKeySecret) GetGenerateApiKey

func (m *ApiKeySecret) GetGenerateApiKey() bool

func (*ApiKeySecret) GetLabels

func (m *ApiKeySecret) GetLabels() []string

func (*ApiKeySecret) ProtoMessage

func (*ApiKeySecret) ProtoMessage()

func (*ApiKeySecret) Reset

func (m *ApiKeySecret) Reset()

func (*ApiKeySecret) String

func (m *ApiKeySecret) String() string

func (*ApiKeySecret) XXX_DiscardUnknown

func (m *ApiKeySecret) XXX_DiscardUnknown()

func (*ApiKeySecret) XXX_Marshal

func (m *ApiKeySecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ApiKeySecret) XXX_Merge

func (m *ApiKeySecret) XXX_Merge(src proto.Message)

func (*ApiKeySecret) XXX_Size

func (m *ApiKeySecret) XXX_Size() int

func (*ApiKeySecret) XXX_Unmarshal

func (m *ApiKeySecret) XXX_Unmarshal(b []byte) error

type ApplyExtAuthConfig

type ApplyExtAuthConfig func(version string, resources []*ExtAuthConfig) error

The apply functions receives resources and returns an error if they were applied correctly. In theory the configuration can become valid in the future (i.e. eventually consistent), but I don't think we need to worry about that now As our current use cases only have one configuration resource, so no interactions are expected.

type AuthConfig

type AuthConfig struct {
	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by gloo during validation
	Status core.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status" testdiff:"ignore"`
	// Metadata contains the object metadata for this resource
	Metadata             core.Metadata        `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata"`
	Configs              []*AuthConfig_Config `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

This is the user-facing auth configuration. When processed by Gloo, certain configuration types (i.a. oauth, opa) will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the final config format that will be included in the extauth snapshot.

func NewAuthConfig

func NewAuthConfig(namespace, name string) *AuthConfig

func (*AuthConfig) DeepCopyObject

func (o *AuthConfig) DeepCopyObject() runtime.Object

func (*AuthConfig) Descriptor

func (*AuthConfig) Descriptor() ([]byte, []int)

func (*AuthConfig) Equal

func (this *AuthConfig) Equal(that interface{}) bool

func (*AuthConfig) GetConfigs

func (m *AuthConfig) GetConfigs() []*AuthConfig_Config

func (*AuthConfig) GetMetadata

func (m *AuthConfig) GetMetadata() core.Metadata

func (*AuthConfig) GetObjectKind

func (o *AuthConfig) GetObjectKind() schema.ObjectKind

func (*AuthConfig) GetStatus

func (m *AuthConfig) GetStatus() core.Status

func (*AuthConfig) GroupVersionKind

func (r *AuthConfig) GroupVersionKind() schema.GroupVersionKind

func (*AuthConfig) Hash

func (r *AuthConfig) Hash() uint64

func (*AuthConfig) ProtoMessage

func (*AuthConfig) ProtoMessage()

func (*AuthConfig) Reset

func (m *AuthConfig) Reset()

func (*AuthConfig) SetMetadata

func (r *AuthConfig) SetMetadata(meta core.Metadata)

func (*AuthConfig) SetStatus

func (r *AuthConfig) SetStatus(status core.Status)

func (*AuthConfig) String

func (m *AuthConfig) String() string

func (*AuthConfig) XXX_DiscardUnknown

func (m *AuthConfig) XXX_DiscardUnknown()

func (*AuthConfig) XXX_Marshal

func (m *AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthConfig) XXX_Merge

func (m *AuthConfig) XXX_Merge(src proto.Message)

func (*AuthConfig) XXX_Size

func (m *AuthConfig) XXX_Size() int

func (*AuthConfig) XXX_Unmarshal

func (m *AuthConfig) XXX_Unmarshal(b []byte) error

type AuthConfigClient

type AuthConfigClient interface {
	BaseClient() clients.ResourceClient
	Register() error
	Read(namespace, name string, opts clients.ReadOpts) (*AuthConfig, error)
	Write(resource *AuthConfig, opts clients.WriteOpts) (*AuthConfig, error)
	Delete(namespace, name string, opts clients.DeleteOpts) error
	List(namespace string, opts clients.ListOpts) (AuthConfigList, error)
	AuthConfigWatcher
}

func NewAuthConfigClient

func NewAuthConfigClient(rcFactory factory.ResourceClientFactory) (AuthConfigClient, error)

func NewAuthConfigClientWithBase

func NewAuthConfigClientWithBase(rc clients.ResourceClient) AuthConfigClient

func NewAuthConfigClientWithToken

func NewAuthConfigClientWithToken(rcFactory factory.ResourceClientFactory, token string) (AuthConfigClient, error)

type AuthConfigList

type AuthConfigList []*AuthConfig

func (AuthConfigList) AsInputResources

func (list AuthConfigList) AsInputResources() resources.InputResourceList

func (AuthConfigList) AsInterfaces

func (list AuthConfigList) AsInterfaces() []interface{}

func (AuthConfigList) AsResources

func (list AuthConfigList) AsResources() resources.ResourceList

func (AuthConfigList) Clone

func (list AuthConfigList) Clone() AuthConfigList

func (AuthConfigList) Each

func (list AuthConfigList) Each(f func(element *AuthConfig))

func (AuthConfigList) EachResource

func (list AuthConfigList) EachResource(f func(element resources.Resource))

func (AuthConfigList) Find

func (list AuthConfigList) Find(namespace, name string) (*AuthConfig, error)

namespace is optional, if left empty, names can collide if the list contains more than one with the same name

func (AuthConfigList) Names

func (list AuthConfigList) Names() []string

func (AuthConfigList) NamespacesDotNames

func (list AuthConfigList) NamespacesDotNames() []string

func (AuthConfigList) Sort

func (list AuthConfigList) Sort() AuthConfigList

type AuthConfigReconciler

type AuthConfigReconciler interface {
	Reconcile(namespace string, desiredResources AuthConfigList, transition TransitionAuthConfigFunc, opts clients.ListOpts) error
}

func NewAuthConfigReconciler

func NewAuthConfigReconciler(client AuthConfigClient) AuthConfigReconciler

type AuthConfigWatcher

type AuthConfigWatcher interface {
	// watch namespace-scoped AuthConfigs
	Watch(namespace string, opts clients.WatchOpts) (<-chan AuthConfigList, <-chan error, error)
}

type AuthConfig_Config

type AuthConfig_Config struct {
	// Types that are valid to be assigned to AuthConfig:
	//	*AuthConfig_Config_BasicAuth
	//	*AuthConfig_Config_Oauth
	//	*AuthConfig_Config_CustomAuth
	//	*AuthConfig_Config_ApiKeyAuth
	//	*AuthConfig_Config_PluginAuth
	//	*AuthConfig_Config_OpaAuth
	//	*AuthConfig_Config_Ldap
	AuthConfig           isAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"`
	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
	XXX_unrecognized     []byte                         `json:"-"`
	XXX_sizecache        int32                          `json:"-"`
}

func (*AuthConfig_Config) Descriptor

func (*AuthConfig_Config) Descriptor() ([]byte, []int)

func (*AuthConfig_Config) Equal

func (this *AuthConfig_Config) Equal(that interface{}) bool

func (*AuthConfig_Config) GetApiKeyAuth

func (m *AuthConfig_Config) GetApiKeyAuth() *ApiKeyAuth

func (*AuthConfig_Config) GetAuthConfig

func (m *AuthConfig_Config) GetAuthConfig() isAuthConfig_Config_AuthConfig

func (*AuthConfig_Config) GetBasicAuth

func (m *AuthConfig_Config) GetBasicAuth() *BasicAuth

func (*AuthConfig_Config) GetCustomAuth deprecated

func (m *AuthConfig_Config) GetCustomAuth() *CustomAuth

Deprecated: Do not use.

func (*AuthConfig_Config) GetLdap

func (m *AuthConfig_Config) GetLdap() *Ldap

func (*AuthConfig_Config) GetOauth

func (m *AuthConfig_Config) GetOauth() *OAuth

func (*AuthConfig_Config) GetOpaAuth

func (m *AuthConfig_Config) GetOpaAuth() *OpaAuth

func (*AuthConfig_Config) GetPluginAuth

func (m *AuthConfig_Config) GetPluginAuth() *AuthPlugin

func (*AuthConfig_Config) ProtoMessage

func (*AuthConfig_Config) ProtoMessage()

func (*AuthConfig_Config) Reset

func (m *AuthConfig_Config) Reset()

func (*AuthConfig_Config) String

func (m *AuthConfig_Config) String() string

func (*AuthConfig_Config) XXX_DiscardUnknown

func (m *AuthConfig_Config) XXX_DiscardUnknown()

func (*AuthConfig_Config) XXX_Marshal

func (m *AuthConfig_Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthConfig_Config) XXX_Merge

func (m *AuthConfig_Config) XXX_Merge(src proto.Message)

func (*AuthConfig_Config) XXX_OneofWrappers

func (*AuthConfig_Config) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*AuthConfig_Config) XXX_Size

func (m *AuthConfig_Config) XXX_Size() int

func (*AuthConfig_Config) XXX_Unmarshal

func (m *AuthConfig_Config) XXX_Unmarshal(b []byte) error

type AuthConfig_Config_ApiKeyAuth

type AuthConfig_Config_ApiKeyAuth struct {
	ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"`
}

func (*AuthConfig_Config_ApiKeyAuth) Equal

func (this *AuthConfig_Config_ApiKeyAuth) Equal(that interface{}) bool

type AuthConfig_Config_BasicAuth

type AuthConfig_Config_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"`
}

func (*AuthConfig_Config_BasicAuth) Equal

func (this *AuthConfig_Config_BasicAuth) Equal(that interface{}) bool

type AuthConfig_Config_CustomAuth

type AuthConfig_Config_CustomAuth struct {
	CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"`
}

func (*AuthConfig_Config_CustomAuth) Equal

func (this *AuthConfig_Config_CustomAuth) Equal(that interface{}) bool

type AuthConfig_Config_Ldap

type AuthConfig_Config_Ldap struct {
	Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"`
}

func (*AuthConfig_Config_Ldap) Equal

func (this *AuthConfig_Config_Ldap) Equal(that interface{}) bool

type AuthConfig_Config_Oauth

type AuthConfig_Config_Oauth struct {
	Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"`
}

func (*AuthConfig_Config_Oauth) Equal

func (this *AuthConfig_Config_Oauth) Equal(that interface{}) bool

type AuthConfig_Config_OpaAuth

type AuthConfig_Config_OpaAuth struct {
	OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"`
}

func (*AuthConfig_Config_OpaAuth) Equal

func (this *AuthConfig_Config_OpaAuth) Equal(that interface{}) bool

type AuthConfig_Config_PluginAuth

type AuthConfig_Config_PluginAuth struct {
	PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"`
}

func (*AuthConfig_Config_PluginAuth) Equal

func (this *AuthConfig_Config_PluginAuth) Equal(that interface{}) bool

type AuthPlugin

type AuthPlugin struct {
	// Name of the plugin
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Name of the compiled plugin file. If not specified, GlooE will look for an ".so" file with same name as the plugin.
	PluginFileName string `protobuf:"bytes,2,opt,name=plugin_file_name,json=pluginFileName,proto3" json:"plugin_file_name,omitempty"`
	// Name of the exported symbol that implements the plugin interface in the plugin.
	// If not specified, defaults to the name of the plugin
	ExportedSymbolName   string        `protobuf:"bytes,3,opt,name=exported_symbol_name,json=exportedSymbolName,proto3" json:"exported_symbol_name,omitempty"`
	Config               *types.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

func (*AuthPlugin) Descriptor

func (*AuthPlugin) Descriptor() ([]byte, []int)

func (*AuthPlugin) Equal

func (this *AuthPlugin) Equal(that interface{}) bool

func (*AuthPlugin) GetConfig

func (m *AuthPlugin) GetConfig() *types.Struct

func (*AuthPlugin) GetExportedSymbolName

func (m *AuthPlugin) GetExportedSymbolName() string

func (*AuthPlugin) GetName

func (m *AuthPlugin) GetName() string

func (*AuthPlugin) GetPluginFileName

func (m *AuthPlugin) GetPluginFileName() string

func (*AuthPlugin) ProtoMessage

func (*AuthPlugin) ProtoMessage()

func (*AuthPlugin) Reset

func (m *AuthPlugin) Reset()

func (*AuthPlugin) String

func (m *AuthPlugin) String() string

func (*AuthPlugin) XXX_DiscardUnknown

func (m *AuthPlugin) XXX_DiscardUnknown()

func (*AuthPlugin) XXX_Marshal

func (m *AuthPlugin) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthPlugin) XXX_Merge

func (m *AuthPlugin) XXX_Merge(src proto.Message)

func (*AuthPlugin) XXX_Size

func (m *AuthPlugin) XXX_Size() int

func (*AuthPlugin) XXX_Unmarshal

func (m *AuthPlugin) XXX_Unmarshal(b []byte) error

type BasicAuth

type BasicAuth struct {
	Realm                string         `protobuf:"bytes,1,opt,name=realm,proto3" json:"realm,omitempty"`
	Apr                  *BasicAuth_Apr `protobuf:"bytes,2,opt,name=apr,proto3" json:"apr,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

func (*BasicAuth) Descriptor

func (*BasicAuth) Descriptor() ([]byte, []int)

func (*BasicAuth) Equal

func (this *BasicAuth) Equal(that interface{}) bool

func (*BasicAuth) GetApr

func (m *BasicAuth) GetApr() *BasicAuth_Apr

func (*BasicAuth) GetRealm

func (m *BasicAuth) GetRealm() string

func (*BasicAuth) ProtoMessage

func (*BasicAuth) ProtoMessage()

func (*BasicAuth) Reset

func (m *BasicAuth) Reset()

func (*BasicAuth) String

func (m *BasicAuth) String() string

func (*BasicAuth) XXX_DiscardUnknown

func (m *BasicAuth) XXX_DiscardUnknown()

func (*BasicAuth) XXX_Marshal

func (m *BasicAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BasicAuth) XXX_Merge

func (m *BasicAuth) XXX_Merge(src proto.Message)

func (*BasicAuth) XXX_Size

func (m *BasicAuth) XXX_Size() int

func (*BasicAuth) XXX_Unmarshal

func (m *BasicAuth) XXX_Unmarshal(b []byte) error

type BasicAuth_Apr

type BasicAuth_Apr struct {
	Users                map[string]*BasicAuth_Apr_SaltedHashedPassword `` /* 151-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                                       `json:"-"`
	XXX_unrecognized     []byte                                         `json:"-"`
	XXX_sizecache        int32                                          `json:"-"`
}

func (*BasicAuth_Apr) Descriptor

func (*BasicAuth_Apr) Descriptor() ([]byte, []int)

func (*BasicAuth_Apr) Equal

func (this *BasicAuth_Apr) Equal(that interface{}) bool

func (*BasicAuth_Apr) GetUsers

func (*BasicAuth_Apr) ProtoMessage

func (*BasicAuth_Apr) ProtoMessage()

func (*BasicAuth_Apr) Reset

func (m *BasicAuth_Apr) Reset()

func (*BasicAuth_Apr) String

func (m *BasicAuth_Apr) String() string

func (*BasicAuth_Apr) XXX_DiscardUnknown

func (m *BasicAuth_Apr) XXX_DiscardUnknown()

func (*BasicAuth_Apr) XXX_Marshal

func (m *BasicAuth_Apr) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BasicAuth_Apr) XXX_Merge

func (m *BasicAuth_Apr) XXX_Merge(src proto.Message)

func (*BasicAuth_Apr) XXX_Size

func (m *BasicAuth_Apr) XXX_Size() int

func (*BasicAuth_Apr) XXX_Unmarshal

func (m *BasicAuth_Apr) XXX_Unmarshal(b []byte) error

type BasicAuth_Apr_SaltedHashedPassword

type BasicAuth_Apr_SaltedHashedPassword struct {
	Salt                 string   `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"`
	HashedPassword       string   `protobuf:"bytes,2,opt,name=hashed_password,json=hashedPassword,proto3" json:"hashed_password,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor

func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor() ([]byte, []int)

func (*BasicAuth_Apr_SaltedHashedPassword) Equal

func (this *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool

func (*BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword

func (m *BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword() string

func (*BasicAuth_Apr_SaltedHashedPassword) GetSalt

func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage

func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage()

func (*BasicAuth_Apr_SaltedHashedPassword) Reset

func (*BasicAuth_Apr_SaltedHashedPassword) String

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_DiscardUnknown

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_DiscardUnknown()

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Marshal

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Merge

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Size

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Unmarshal

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Unmarshal(b []byte) error

type BufferSettings

type BufferSettings struct {
	// Sets the maximum size of a message body that the filter will hold in memory. Envoy will return
	// *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number
	// set in this field. Note that this setting will have precedence over failure_mode_allow.
	// Defaults to 4KB.
	MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"`
	// When this field is true, Envoy will buffer the message until *max_request_bytes* is reached.
	// The authorization request will be dispatched and no 413 HTTP error will be returned by the
	// filter.
	AllowPartialMessage  bool     `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Configuration for buffering the request data.

func (*BufferSettings) Descriptor

func (*BufferSettings) Descriptor() ([]byte, []int)

func (*BufferSettings) Equal

func (this *BufferSettings) Equal(that interface{}) bool

func (*BufferSettings) GetAllowPartialMessage

func (m *BufferSettings) GetAllowPartialMessage() bool

func (*BufferSettings) GetMaxRequestBytes

func (m *BufferSettings) GetMaxRequestBytes() uint32

func (*BufferSettings) ProtoMessage

func (*BufferSettings) ProtoMessage()

func (*BufferSettings) Reset

func (m *BufferSettings) Reset()

func (*BufferSettings) String

func (m *BufferSettings) String() string

func (*BufferSettings) XXX_DiscardUnknown

func (m *BufferSettings) XXX_DiscardUnknown()

func (*BufferSettings) XXX_Marshal

func (m *BufferSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BufferSettings) XXX_Merge

func (m *BufferSettings) XXX_Merge(src proto.Message)

func (*BufferSettings) XXX_Size

func (m *BufferSettings) XXX_Size() int

func (*BufferSettings) XXX_Unmarshal

func (m *BufferSettings) XXX_Unmarshal(b []byte) error

type CustomAuth

type CustomAuth struct {
	// When a request matches the virtual host, route, or weighted destination on which this configuration is defined,
	// Gloo will add the given context_extensions to the request that is sent to the external authorization server.
	// This allows the server to base the auth decision on metadata that you define on the source of the request.
	//
	// This attribute is analogous to Envoy's config.filter.http.ext_authz.v2.CheckSettings. See the official
	// [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/ext_authz/v2/ext_authz.proto.html?highlight=ext_authz#config-filter-http-ext-authz-v2-checksettings)
	// for more details.
	ContextExtensions    map[string]string `` /* 200-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

Gloo is not expected to configure the ext auth server in this case. This is used with custom auth servers.

func (*CustomAuth) Descriptor

func (*CustomAuth) Descriptor() ([]byte, []int)

func (*CustomAuth) Equal

func (this *CustomAuth) Equal(that interface{}) bool

func (*CustomAuth) GetContextExtensions added in v0.20.7

func (m *CustomAuth) GetContextExtensions() map[string]string

func (*CustomAuth) ProtoMessage

func (*CustomAuth) ProtoMessage()

func (*CustomAuth) Reset

func (m *CustomAuth) Reset()

func (*CustomAuth) String

func (m *CustomAuth) String() string

func (*CustomAuth) XXX_DiscardUnknown

func (m *CustomAuth) XXX_DiscardUnknown()

func (*CustomAuth) XXX_Marshal

func (m *CustomAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CustomAuth) XXX_Merge

func (m *CustomAuth) XXX_Merge(src proto.Message)

func (*CustomAuth) XXX_Size

func (m *CustomAuth) XXX_Size() int

func (*CustomAuth) XXX_Unmarshal

func (m *CustomAuth) XXX_Unmarshal(b []byte) error

type ExtAuthConfig

type ExtAuthConfig struct {
	// @solo-kit:resource.name
	// This is the identifier of the AuthConfig resource that this configuration is associated with.
	// Any request to the external auth server includes an identifier that is matched against this field to determine
	// which AuthConfig should be applied to it.
	AuthConfigRefName string `protobuf:"bytes,1,opt,name=auth_config_ref_name,json=authConfigRefName,proto3" json:"auth_config_ref_name,omitempty"`
	// Deprecated: use auth_config_ref_name instead
	Vhost string `protobuf:"bytes,2,opt,name=vhost,proto3" json:"vhost,omitempty"` // Deprecated: Do not use.
	// Deprecated
	//
	// Types that are valid to be assigned to AuthConfig:
	//	*ExtAuthConfig_Oauth
	//	*ExtAuthConfig_BasicAuth
	//	*ExtAuthConfig_ApiKeyAuth
	//	*ExtAuthConfig_PluginAuth
	AuthConfig           isExtAuthConfig_AuthConfig `protobuf_oneof:"auth_config"`
	Configs              []*ExtAuthConfig_Config    `protobuf:"bytes,8,rep,name=configs,proto3" json:"configs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
	XXX_unrecognized     []byte                     `json:"-"`
	XXX_sizecache        int32                      `json:"-"`
}

@solo-kit:xds-service=ExtAuthDiscoveryService @solo-kit:resource.no_references

func (*ExtAuthConfig) Descriptor

func (*ExtAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig) Equal

func (this *ExtAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig) GetApiKeyAuth deprecated

func (m *ExtAuthConfig) GetApiKeyAuth() *ExtAuthConfig_ApiKeyAuthConfig

Deprecated: Do not use.

func (*ExtAuthConfig) GetAuthConfig

func (m *ExtAuthConfig) GetAuthConfig() isExtAuthConfig_AuthConfig

func (*ExtAuthConfig) GetAuthConfigRefName

func (m *ExtAuthConfig) GetAuthConfigRefName() string

func (*ExtAuthConfig) GetBasicAuth deprecated

func (m *ExtAuthConfig) GetBasicAuth() *BasicAuth

Deprecated: Do not use.

func (*ExtAuthConfig) GetConfigs

func (m *ExtAuthConfig) GetConfigs() []*ExtAuthConfig_Config

func (*ExtAuthConfig) GetOauth deprecated

Deprecated: Do not use.

func (*ExtAuthConfig) GetPluginAuth deprecated

func (m *ExtAuthConfig) GetPluginAuth() *PluginAuth

Deprecated: Do not use.

func (*ExtAuthConfig) GetVhost deprecated

func (m *ExtAuthConfig) GetVhost() string

Deprecated: Do not use.

func (*ExtAuthConfig) ProtoMessage

func (*ExtAuthConfig) ProtoMessage()

func (*ExtAuthConfig) Reset

func (m *ExtAuthConfig) Reset()

func (*ExtAuthConfig) String

func (m *ExtAuthConfig) String() string

func (*ExtAuthConfig) XXX_DiscardUnknown

func (m *ExtAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig) XXX_Marshal

func (m *ExtAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig) XXX_Merge

func (m *ExtAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig) XXX_OneofWrappers

func (*ExtAuthConfig) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*ExtAuthConfig) XXX_Size

func (m *ExtAuthConfig) XXX_Size() int

func (*ExtAuthConfig) XXX_Unmarshal

func (m *ExtAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthConfigXdsResourceWrapper

type ExtAuthConfigXdsResourceWrapper struct {
	// TODO(yuval-k): This is public for mitchellh hashstructure to work properly. consider better alternatives.
	Resource *ExtAuthConfig
}

Defined a resource - to be used by snapshot

func NewExtAuthConfigXdsResourceWrapper

func NewExtAuthConfigXdsResourceWrapper(resourceProto *ExtAuthConfig) *ExtAuthConfigXdsResourceWrapper

func (*ExtAuthConfigXdsResourceWrapper) References

func (*ExtAuthConfigXdsResourceWrapper) ResourceProto

func (*ExtAuthConfigXdsResourceWrapper) Self

type ExtAuthConfig_ApiKeyAuth

type ExtAuthConfig_ApiKeyAuth struct {
	ApiKeyAuth *ExtAuthConfig_ApiKeyAuthConfig `protobuf:"bytes,5,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"`
}

func (*ExtAuthConfig_ApiKeyAuth) Equal

func (this *ExtAuthConfig_ApiKeyAuth) Equal(that interface{}) bool

type ExtAuthConfig_ApiKeyAuthConfig

type ExtAuthConfig_ApiKeyAuthConfig struct {
	// a map of valid apikeys to their associated plaintext users.
	ValidApiKeyAndUser   map[string]string `` /* 209-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor

func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_ApiKeyAuthConfig) Equal

func (this *ExtAuthConfig_ApiKeyAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeyAndUser

func (m *ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeyAndUser() map[string]string

func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage

func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage()

func (*ExtAuthConfig_ApiKeyAuthConfig) Reset

func (m *ExtAuthConfig_ApiKeyAuthConfig) Reset()

func (*ExtAuthConfig_ApiKeyAuthConfig) String

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_DiscardUnknown

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Marshal

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Merge

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Size

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Size() int

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Unmarshal

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthConfig_BasicAuth

type ExtAuthConfig_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,4,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"`
}

func (*ExtAuthConfig_BasicAuth) Equal

func (this *ExtAuthConfig_BasicAuth) Equal(that interface{}) bool

type ExtAuthConfig_Config

type ExtAuthConfig_Config struct {
	// Types that are valid to be assigned to AuthConfig:
	//	*ExtAuthConfig_Config_Oauth
	//	*ExtAuthConfig_Config_BasicAuth
	//	*ExtAuthConfig_Config_ApiKeyAuth
	//	*ExtAuthConfig_Config_PluginAuth
	//	*ExtAuthConfig_Config_OpaAuth
	//	*ExtAuthConfig_Config_Ldap
	AuthConfig           isExtAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

func (*ExtAuthConfig_Config) Descriptor

func (*ExtAuthConfig_Config) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_Config) Equal

func (this *ExtAuthConfig_Config) Equal(that interface{}) bool

func (*ExtAuthConfig_Config) GetApiKeyAuth

func (*ExtAuthConfig_Config) GetAuthConfig

func (m *ExtAuthConfig_Config) GetAuthConfig() isExtAuthConfig_Config_AuthConfig

func (*ExtAuthConfig_Config) GetBasicAuth

func (m *ExtAuthConfig_Config) GetBasicAuth() *BasicAuth

func (*ExtAuthConfig_Config) GetLdap

func (m *ExtAuthConfig_Config) GetLdap() *Ldap

func (*ExtAuthConfig_Config) GetOauth

func (*ExtAuthConfig_Config) GetOpaAuth

func (*ExtAuthConfig_Config) GetPluginAuth

func (m *ExtAuthConfig_Config) GetPluginAuth() *AuthPlugin

func (*ExtAuthConfig_Config) ProtoMessage

func (*ExtAuthConfig_Config) ProtoMessage()

func (*ExtAuthConfig_Config) Reset

func (m *ExtAuthConfig_Config) Reset()

func (*ExtAuthConfig_Config) String

func (m *ExtAuthConfig_Config) String() string

func (*ExtAuthConfig_Config) XXX_DiscardUnknown

func (m *ExtAuthConfig_Config) XXX_DiscardUnknown()

func (*ExtAuthConfig_Config) XXX_Marshal

func (m *ExtAuthConfig_Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_Config) XXX_Merge

func (m *ExtAuthConfig_Config) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_Config) XXX_OneofWrappers

func (*ExtAuthConfig_Config) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*ExtAuthConfig_Config) XXX_Size

func (m *ExtAuthConfig_Config) XXX_Size() int

func (*ExtAuthConfig_Config) XXX_Unmarshal

func (m *ExtAuthConfig_Config) XXX_Unmarshal(b []byte) error

type ExtAuthConfig_Config_ApiKeyAuth

type ExtAuthConfig_Config_ApiKeyAuth struct {
	ApiKeyAuth *ExtAuthConfig_ApiKeyAuthConfig `protobuf:"bytes,5,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"`
}

func (*ExtAuthConfig_Config_ApiKeyAuth) Equal

func (this *ExtAuthConfig_Config_ApiKeyAuth) Equal(that interface{}) bool

type ExtAuthConfig_Config_BasicAuth

type ExtAuthConfig_Config_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,4,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"`
}

func (*ExtAuthConfig_Config_BasicAuth) Equal

func (this *ExtAuthConfig_Config_BasicAuth) Equal(that interface{}) bool

type ExtAuthConfig_Config_Ldap

type ExtAuthConfig_Config_Ldap struct {
	Ldap *Ldap `protobuf:"bytes,8,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"`
}

func (*ExtAuthConfig_Config_Ldap) Equal

func (this *ExtAuthConfig_Config_Ldap) Equal(that interface{}) bool

type ExtAuthConfig_Config_Oauth

type ExtAuthConfig_Config_Oauth struct {
	Oauth *ExtAuthConfig_OAuthConfig `protobuf:"bytes,3,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"`
}

func (*ExtAuthConfig_Config_Oauth) Equal

func (this *ExtAuthConfig_Config_Oauth) Equal(that interface{}) bool

type ExtAuthConfig_Config_OpaAuth

type ExtAuthConfig_Config_OpaAuth struct {
	OpaAuth *ExtAuthConfig_OpaAuthConfig `protobuf:"bytes,7,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"`
}

func (*ExtAuthConfig_Config_OpaAuth) Equal

func (this *ExtAuthConfig_Config_OpaAuth) Equal(that interface{}) bool

type ExtAuthConfig_Config_PluginAuth

type ExtAuthConfig_Config_PluginAuth struct {
	PluginAuth *AuthPlugin `protobuf:"bytes,6,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"`
}

func (*ExtAuthConfig_Config_PluginAuth) Equal

func (this *ExtAuthConfig_Config_PluginAuth) Equal(that interface{}) bool

type ExtAuthConfig_OAuthConfig

type ExtAuthConfig_OAuthConfig struct {
	// your client id as registered with the issuer
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// we to redirect after successful auth, if we can't determine the original
	// url this should be your publicly available app url.
	AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// needs to not be used by the application
	CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// scopes to request in addition to the openid scope.
	Scopes               []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ExtAuthConfig_OAuthConfig) Descriptor

func (*ExtAuthConfig_OAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_OAuthConfig) Equal

func (this *ExtAuthConfig_OAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig_OAuthConfig) GetAppUrl

func (m *ExtAuthConfig_OAuthConfig) GetAppUrl() string

func (*ExtAuthConfig_OAuthConfig) GetCallbackPath

func (m *ExtAuthConfig_OAuthConfig) GetCallbackPath() string

func (*ExtAuthConfig_OAuthConfig) GetClientId

func (m *ExtAuthConfig_OAuthConfig) GetClientId() string

func (*ExtAuthConfig_OAuthConfig) GetClientSecret

func (m *ExtAuthConfig_OAuthConfig) GetClientSecret() string

func (*ExtAuthConfig_OAuthConfig) GetIssuerUrl

func (m *ExtAuthConfig_OAuthConfig) GetIssuerUrl() string

func (*ExtAuthConfig_OAuthConfig) GetScopes

func (m *ExtAuthConfig_OAuthConfig) GetScopes() []string

func (*ExtAuthConfig_OAuthConfig) ProtoMessage

func (*ExtAuthConfig_OAuthConfig) ProtoMessage()

func (*ExtAuthConfig_OAuthConfig) Reset

func (m *ExtAuthConfig_OAuthConfig) Reset()

func (*ExtAuthConfig_OAuthConfig) String

func (m *ExtAuthConfig_OAuthConfig) String() string

func (*ExtAuthConfig_OAuthConfig) XXX_DiscardUnknown

func (m *ExtAuthConfig_OAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig_OAuthConfig) XXX_Marshal

func (m *ExtAuthConfig_OAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_OAuthConfig) XXX_Merge

func (m *ExtAuthConfig_OAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_OAuthConfig) XXX_Size

func (m *ExtAuthConfig_OAuthConfig) XXX_Size() int

func (*ExtAuthConfig_OAuthConfig) XXX_Unmarshal

func (m *ExtAuthConfig_OAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthConfig_Oauth

type ExtAuthConfig_Oauth struct {
	Oauth *ExtAuthConfig_OAuthConfig `protobuf:"bytes,3,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"`
}

func (*ExtAuthConfig_Oauth) Equal

func (this *ExtAuthConfig_Oauth) Equal(that interface{}) bool

type ExtAuthConfig_OpaAuthConfig

type ExtAuthConfig_OpaAuthConfig struct {
	// An optional modules (filename, module content) maps containing modules assist in the resolution of `query`.
	Modules map[string]string `` /* 155-byte string literal not displayed */
	// The query that determines the auth decision. The result of this query must be either a boolean
	// or an array with boolean as the first element. A boolean `true` value means that the request
	// will be authorized. Any other value, or error, means that the request will be denied.
	Query                string   `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ExtAuthConfig_OpaAuthConfig) Descriptor

func (*ExtAuthConfig_OpaAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_OpaAuthConfig) Equal

func (this *ExtAuthConfig_OpaAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig_OpaAuthConfig) GetModules

func (m *ExtAuthConfig_OpaAuthConfig) GetModules() map[string]string

func (*ExtAuthConfig_OpaAuthConfig) GetQuery

func (m *ExtAuthConfig_OpaAuthConfig) GetQuery() string

func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage

func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage()

func (*ExtAuthConfig_OpaAuthConfig) Reset

func (m *ExtAuthConfig_OpaAuthConfig) Reset()

func (*ExtAuthConfig_OpaAuthConfig) String

func (m *ExtAuthConfig_OpaAuthConfig) String() string

func (*ExtAuthConfig_OpaAuthConfig) XXX_DiscardUnknown

func (m *ExtAuthConfig_OpaAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig_OpaAuthConfig) XXX_Marshal

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_OpaAuthConfig) XXX_Merge

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_OpaAuthConfig) XXX_Size

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Size() int

func (*ExtAuthConfig_OpaAuthConfig) XXX_Unmarshal

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthConfig_PluginAuth

type ExtAuthConfig_PluginAuth struct {
	PluginAuth *PluginAuth `protobuf:"bytes,6,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"`
}

func (*ExtAuthConfig_PluginAuth) Equal

func (this *ExtAuthConfig_PluginAuth) Equal(that interface{}) bool

type ExtAuthDiscoveryServiceClient

type ExtAuthDiscoveryServiceClient interface {
	StreamExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_StreamExtAuthConfigClient, error)
	DeltaExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_DeltaExtAuthConfigClient, error)
	FetchExtAuthConfig(ctx context.Context, in *v2.DiscoveryRequest, opts ...grpc.CallOption) (*v2.DiscoveryResponse, error)
}

ExtAuthDiscoveryServiceClient is the client API for ExtAuthDiscoveryService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewExtAuthDiscoveryServiceClient

func NewExtAuthDiscoveryServiceClient(cc *grpc.ClientConn) ExtAuthDiscoveryServiceClient

type ExtAuthDiscoveryServiceServer

type ExtAuthDiscoveryServiceServer interface {
	StreamExtAuthConfig(ExtAuthDiscoveryService_StreamExtAuthConfigServer) error
	DeltaExtAuthConfig(ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error
	FetchExtAuthConfig(context.Context, *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)
}

ExtAuthDiscoveryServiceServer is the server API for ExtAuthDiscoveryService service.

func NewExtAuthDiscoveryServiceServer

func NewExtAuthDiscoveryServiceServer(genericServer server.Server) ExtAuthDiscoveryServiceServer

type ExtAuthDiscoveryService_DeltaExtAuthConfigClient

type ExtAuthDiscoveryService_DeltaExtAuthConfigClient interface {
	Send(*v2.DeltaDiscoveryRequest) error
	Recv() (*v2.DeltaDiscoveryResponse, error)
	grpc.ClientStream
}

type ExtAuthDiscoveryService_DeltaExtAuthConfigServer

type ExtAuthDiscoveryService_DeltaExtAuthConfigServer interface {
	Send(*v2.DeltaDiscoveryResponse) error
	Recv() (*v2.DeltaDiscoveryRequest, error)
	grpc.ServerStream
}

type ExtAuthDiscoveryService_StreamExtAuthConfigClient

type ExtAuthDiscoveryService_StreamExtAuthConfigClient interface {
	Send(*v2.DiscoveryRequest) error
	Recv() (*v2.DiscoveryResponse, error)
	grpc.ClientStream
}

type ExtAuthDiscoveryService_StreamExtAuthConfigServer

type ExtAuthDiscoveryService_StreamExtAuthConfigServer interface {
	Send(*v2.DiscoveryResponse) error
	Recv() (*v2.DiscoveryRequest, error)
	grpc.ServerStream
}

type ExtAuthExtension

type ExtAuthExtension struct {
	// Types that are valid to be assigned to Spec:
	//	*ExtAuthExtension_Disable
	//	*ExtAuthExtension_ConfigRef
	//	*ExtAuthExtension_CustomAuth
	Spec                 isExtAuthExtension_Spec `protobuf_oneof:"spec"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

Auth configurations defined on virtual hosts, routes, and weighted destinations will be unmarshalled to this message.

func (*ExtAuthExtension) Descriptor

func (*ExtAuthExtension) Descriptor() ([]byte, []int)

func (*ExtAuthExtension) Equal

func (this *ExtAuthExtension) Equal(that interface{}) bool

func (*ExtAuthExtension) GetConfigRef

func (m *ExtAuthExtension) GetConfigRef() *core.ResourceRef

func (*ExtAuthExtension) GetCustomAuth added in v0.20.7

func (m *ExtAuthExtension) GetCustomAuth() *CustomAuth

func (*ExtAuthExtension) GetDisable

func (m *ExtAuthExtension) GetDisable() bool

func (*ExtAuthExtension) GetSpec

func (m *ExtAuthExtension) GetSpec() isExtAuthExtension_Spec

func (*ExtAuthExtension) ProtoMessage

func (*ExtAuthExtension) ProtoMessage()

func (*ExtAuthExtension) Reset

func (m *ExtAuthExtension) Reset()

func (*ExtAuthExtension) String

func (m *ExtAuthExtension) String() string

func (*ExtAuthExtension) XXX_DiscardUnknown

func (m *ExtAuthExtension) XXX_DiscardUnknown()

func (*ExtAuthExtension) XXX_Marshal

func (m *ExtAuthExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthExtension) XXX_Merge

func (m *ExtAuthExtension) XXX_Merge(src proto.Message)

func (*ExtAuthExtension) XXX_OneofWrappers

func (*ExtAuthExtension) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*ExtAuthExtension) XXX_Size

func (m *ExtAuthExtension) XXX_Size() int

func (*ExtAuthExtension) XXX_Unmarshal

func (m *ExtAuthExtension) XXX_Unmarshal(b []byte) error

type ExtAuthExtension_ConfigRef

type ExtAuthExtension_ConfigRef struct {
	ConfigRef *core.ResourceRef `protobuf:"bytes,2,opt,name=config_ref,json=configRef,proto3,oneof" json:"config_ref,omitempty"`
}

func (*ExtAuthExtension_ConfigRef) Equal

func (this *ExtAuthExtension_ConfigRef) Equal(that interface{}) bool

type ExtAuthExtension_CustomAuth added in v0.20.7

type ExtAuthExtension_CustomAuth struct {
	CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"`
}

func (*ExtAuthExtension_CustomAuth) Equal added in v0.20.7

func (this *ExtAuthExtension_CustomAuth) Equal(that interface{}) bool

type ExtAuthExtension_Disable

type ExtAuthExtension_Disable struct {
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3,oneof" json:"disable,omitempty"`
}

func (*ExtAuthExtension_Disable) Equal

func (this *ExtAuthExtension_Disable) Equal(that interface{}) bool

type HttpService

type HttpService struct {
	// Sets a prefix to the value of authorization request header *Path*.
	PathPrefix           string                `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	Request              *HttpService_Request  `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Response             *HttpService_Response `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

func (*HttpService) Descriptor

func (*HttpService) Descriptor() ([]byte, []int)

func (*HttpService) Equal

func (this *HttpService) Equal(that interface{}) bool

func (*HttpService) GetPathPrefix

func (m *HttpService) GetPathPrefix() string

func (*HttpService) GetRequest

func (m *HttpService) GetRequest() *HttpService_Request

func (*HttpService) GetResponse

func (m *HttpService) GetResponse() *HttpService_Response

func (*HttpService) ProtoMessage

func (*HttpService) ProtoMessage()

func (*HttpService) Reset

func (m *HttpService) Reset()

func (*HttpService) String

func (m *HttpService) String() string

func (*HttpService) XXX_DiscardUnknown

func (m *HttpService) XXX_DiscardUnknown()

func (*HttpService) XXX_Marshal

func (m *HttpService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpService) XXX_Merge

func (m *HttpService) XXX_Merge(src proto.Message)

func (*HttpService) XXX_Size

func (m *HttpService) XXX_Size() int

func (*HttpService) XXX_Unmarshal

func (m *HttpService) XXX_Unmarshal(b []byte) error

type HttpService_Request

type HttpService_Request struct {
	// These headers will be copied from the incoming request to the request going
	// to the auth server. Note that in addition to the user's supplied matchers:
	//
	// 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
	//
	// 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
	// a message body.
	AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"`
	// These headers that will be included to the request to authorization service. Note that
	// client request of the same key will be overridden.
	HeadersToAdd         map[string]string `` /* 187-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*HttpService_Request) Descriptor

func (*HttpService_Request) Descriptor() ([]byte, []int)

func (*HttpService_Request) Equal

func (this *HttpService_Request) Equal(that interface{}) bool

func (*HttpService_Request) GetAllowedHeaders

func (m *HttpService_Request) GetAllowedHeaders() []string

func (*HttpService_Request) GetHeadersToAdd

func (m *HttpService_Request) GetHeadersToAdd() map[string]string

func (*HttpService_Request) ProtoMessage

func (*HttpService_Request) ProtoMessage()

func (*HttpService_Request) Reset

func (m *HttpService_Request) Reset()

func (*HttpService_Request) String

func (m *HttpService_Request) String() string

func (*HttpService_Request) XXX_DiscardUnknown

func (m *HttpService_Request) XXX_DiscardUnknown()

func (*HttpService_Request) XXX_Marshal

func (m *HttpService_Request) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpService_Request) XXX_Merge

func (m *HttpService_Request) XXX_Merge(src proto.Message)

func (*HttpService_Request) XXX_Size

func (m *HttpService_Request) XXX_Size() int

func (*HttpService_Request) XXX_Unmarshal

func (m *HttpService_Request) XXX_Unmarshal(b []byte) error

type HttpService_Response

type HttpService_Response struct {
	// When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream.
	// Note that coexistent headers will be overridden.
	AllowedUpstreamHeaders []string `` /* 129-byte string literal not displayed */
	// When this. is set, authorization response headers that will be added to the client's response when auth request is denied.
	// Note that when this list is *not* set, all the authorization response headers, except *Authority
	// (Host)* will be in the response to the client. When a header is included in this list, *Path*,
	// *Status*, *Content-Length*, *WWW-Authenticate* and *Location* are automatically added.
	AllowedClientHeaders []string `protobuf:"bytes,2,rep,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*HttpService_Response) Descriptor

func (*HttpService_Response) Descriptor() ([]byte, []int)

func (*HttpService_Response) Equal

func (this *HttpService_Response) Equal(that interface{}) bool

func (*HttpService_Response) GetAllowedClientHeaders

func (m *HttpService_Response) GetAllowedClientHeaders() []string

func (*HttpService_Response) GetAllowedUpstreamHeaders

func (m *HttpService_Response) GetAllowedUpstreamHeaders() []string

func (*HttpService_Response) ProtoMessage

func (*HttpService_Response) ProtoMessage()

func (*HttpService_Response) Reset

func (m *HttpService_Response) Reset()

func (*HttpService_Response) String

func (m *HttpService_Response) String() string

func (*HttpService_Response) XXX_DiscardUnknown

func (m *HttpService_Response) XXX_DiscardUnknown()

func (*HttpService_Response) XXX_Marshal

func (m *HttpService_Response) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpService_Response) XXX_Merge

func (m *HttpService_Response) XXX_Merge(src proto.Message)

func (*HttpService_Response) XXX_Size

func (m *HttpService_Response) XXX_Size() int

func (*HttpService_Response) XXX_Unmarshal

func (m *HttpService_Response) XXX_Unmarshal(b []byte) error

type Ldap

type Ldap struct {
	// Address of the LDAP server to query. Should be in the form: <address>:<port>.
	Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder.
	// When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the
	// placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope).
	// E.g. "uid=%s,ou=people,dc=solo,dc=io"
	UserDnTemplate string `protobuf:"bytes,2,opt,name=userDnTemplate,proto3" json:"userDnTemplate,omitempty"`
	// Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look
	// for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided.
	MembershipAttributeName string `protobuf:"bytes,3,opt,name=membershipAttributeName,proto3" json:"membershipAttributeName,omitempty"`
	// In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must
	// contain at least of one of the group DNs specified via this option.
	// E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" }
	AllowedGroups []string `protobuf:"bytes,4,rep,name=allowedGroups,proto3" json:"allowedGroups,omitempty"`
	// Use this property to tune the pool of connections to the LDAP server that Gloo maintains.
	Pool                 *Ldap_ConnectionPool `protobuf:"bytes,5,opt,name=pool,proto3" json:"pool,omitempty"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

Authenticates and authorizes requests by querying an LDAP server. Gloo makes the following assumptions:

  • Requests provide credentials via the basic HTTP authentication header. Gloo will BIND to the LDAP server using the credentials extracted from the header.
  • Your LDAP server is configured so that each entry you want to authorize has an attribute that indicates its group memberships. A common way of achieving this is by using the [*memberof* overlay](http://www.openldap.org/software/man.cgi?query=slapo-memberof).

func (*Ldap) Descriptor

func (*Ldap) Descriptor() ([]byte, []int)

func (*Ldap) Equal

func (this *Ldap) Equal(that interface{}) bool

func (*Ldap) GetAddress

func (m *Ldap) GetAddress() string

func (*Ldap) GetAllowedGroups

func (m *Ldap) GetAllowedGroups() []string

func (*Ldap) GetMembershipAttributeName

func (m *Ldap) GetMembershipAttributeName() string

func (*Ldap) GetPool

func (m *Ldap) GetPool() *Ldap_ConnectionPool

func (*Ldap) GetUserDnTemplate

func (m *Ldap) GetUserDnTemplate() string

func (*Ldap) ProtoMessage

func (*Ldap) ProtoMessage()

func (*Ldap) Reset

func (m *Ldap) Reset()

func (*Ldap) String

func (m *Ldap) String() string

func (*Ldap) XXX_DiscardUnknown

func (m *Ldap) XXX_DiscardUnknown()

func (*Ldap) XXX_Marshal

func (m *Ldap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Ldap) XXX_Merge

func (m *Ldap) XXX_Merge(src proto.Message)

func (*Ldap) XXX_Size

func (m *Ldap) XXX_Size() int

func (*Ldap) XXX_Unmarshal

func (m *Ldap) XXX_Unmarshal(b []byte) error

type Ldap_ConnectionPool

type Ldap_ConnectionPool struct {
	// Maximum number connections that are pooled at any give time. The default value is 5.
	MaxSize *types.UInt32Value `protobuf:"bytes,1,opt,name=maxSize,proto3" json:"maxSize,omitempty"`
	// Number of connections that the pool will be pre-populated with upon initialization. The default value is 2.
	InitialSize          *types.UInt32Value `protobuf:"bytes,2,opt,name=initialSize,proto3" json:"initialSize,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

Configuration properties for pooling connections to the LDAP server. If the pool is exhausted when a connection is requested (meaning that all the polled connections are in use), the connection will be created on the fly.

func (*Ldap_ConnectionPool) Descriptor

func (*Ldap_ConnectionPool) Descriptor() ([]byte, []int)

func (*Ldap_ConnectionPool) Equal

func (this *Ldap_ConnectionPool) Equal(that interface{}) bool

func (*Ldap_ConnectionPool) GetInitialSize

func (m *Ldap_ConnectionPool) GetInitialSize() *types.UInt32Value

func (*Ldap_ConnectionPool) GetMaxSize

func (m *Ldap_ConnectionPool) GetMaxSize() *types.UInt32Value

func (*Ldap_ConnectionPool) ProtoMessage

func (*Ldap_ConnectionPool) ProtoMessage()

func (*Ldap_ConnectionPool) Reset

func (m *Ldap_ConnectionPool) Reset()

func (*Ldap_ConnectionPool) String

func (m *Ldap_ConnectionPool) String() string

func (*Ldap_ConnectionPool) XXX_DiscardUnknown

func (m *Ldap_ConnectionPool) XXX_DiscardUnknown()

func (*Ldap_ConnectionPool) XXX_Marshal

func (m *Ldap_ConnectionPool) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Ldap_ConnectionPool) XXX_Merge

func (m *Ldap_ConnectionPool) XXX_Merge(src proto.Message)

func (*Ldap_ConnectionPool) XXX_Size

func (m *Ldap_ConnectionPool) XXX_Size() int

func (*Ldap_ConnectionPool) XXX_Unmarshal

func (m *Ldap_ConnectionPool) XXX_Unmarshal(b []byte) error

type OAuth

type OAuth struct {
	// your client id as registered with the issuer
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// we to redirect after successful auth, if we can't determine the original
	// url this should be your publicly available app url.
	AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// needs to not be used by the application
	CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// Scopes to request in addition to openid scope.
	Scopes               []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*OAuth) Descriptor

func (*OAuth) Descriptor() ([]byte, []int)

func (*OAuth) Equal

func (this *OAuth) Equal(that interface{}) bool

func (*OAuth) GetAppUrl

func (m *OAuth) GetAppUrl() string

func (*OAuth) GetCallbackPath

func (m *OAuth) GetCallbackPath() string

func (*OAuth) GetClientId

func (m *OAuth) GetClientId() string

func (*OAuth) GetClientSecretRef

func (m *OAuth) GetClientSecretRef() *core.ResourceRef

func (*OAuth) GetIssuerUrl

func (m *OAuth) GetIssuerUrl() string

func (*OAuth) GetScopes

func (m *OAuth) GetScopes() []string

func (*OAuth) ProtoMessage

func (*OAuth) ProtoMessage()

func (*OAuth) Reset

func (m *OAuth) Reset()

func (*OAuth) String

func (m *OAuth) String() string

func (*OAuth) XXX_DiscardUnknown

func (m *OAuth) XXX_DiscardUnknown()

func (*OAuth) XXX_Marshal

func (m *OAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OAuth) XXX_Merge

func (m *OAuth) XXX_Merge(src proto.Message)

func (*OAuth) XXX_Size

func (m *OAuth) XXX_Size() int

func (*OAuth) XXX_Unmarshal

func (m *OAuth) XXX_Unmarshal(b []byte) error

type OauthSecret

type OauthSecret struct {
	ClientSecret         string   `protobuf:"bytes,1,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*OauthSecret) Descriptor

func (*OauthSecret) Descriptor() ([]byte, []int)

func (*OauthSecret) Equal

func (this *OauthSecret) Equal(that interface{}) bool

func (*OauthSecret) GetClientSecret

func (m *OauthSecret) GetClientSecret() string

func (*OauthSecret) ProtoMessage

func (*OauthSecret) ProtoMessage()

func (*OauthSecret) Reset

func (m *OauthSecret) Reset()

func (*OauthSecret) String

func (m *OauthSecret) String() string

func (*OauthSecret) XXX_DiscardUnknown

func (m *OauthSecret) XXX_DiscardUnknown()

func (*OauthSecret) XXX_Marshal

func (m *OauthSecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OauthSecret) XXX_Merge

func (m *OauthSecret) XXX_Merge(src proto.Message)

func (*OauthSecret) XXX_Size

func (m *OauthSecret) XXX_Size() int

func (*OauthSecret) XXX_Unmarshal

func (m *OauthSecret) XXX_Unmarshal(b []byte) error

type OpaAuth

type OpaAuth struct {
	// An optional resource reference to config maps containing modules to assist in the resolution of `query`.
	Modules []*core.ResourceRef `protobuf:"bytes,1,rep,name=modules,proto3" json:"modules,omitempty"`
	// The query that determines the auth decision. The result of this query must be either a boolean
	// or an array with boolean as the first element. A boolean `true` value means that the request
	// will be authorized. Any other value, or error, means that the request will be denied.
	Query                string   `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*OpaAuth) Descriptor

func (*OpaAuth) Descriptor() ([]byte, []int)

func (*OpaAuth) Equal

func (this *OpaAuth) Equal(that interface{}) bool

func (*OpaAuth) GetModules

func (m *OpaAuth) GetModules() []*core.ResourceRef

func (*OpaAuth) GetQuery

func (m *OpaAuth) GetQuery() string

func (*OpaAuth) ProtoMessage

func (*OpaAuth) ProtoMessage()

func (*OpaAuth) Reset

func (m *OpaAuth) Reset()

func (*OpaAuth) String

func (m *OpaAuth) String() string

func (*OpaAuth) XXX_DiscardUnknown

func (m *OpaAuth) XXX_DiscardUnknown()

func (*OpaAuth) XXX_Marshal

func (m *OpaAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OpaAuth) XXX_Merge

func (m *OpaAuth) XXX_Merge(src proto.Message)

func (*OpaAuth) XXX_Size

func (m *OpaAuth) XXX_Size() int

func (*OpaAuth) XXX_Unmarshal

func (m *OpaAuth) XXX_Unmarshal(b []byte) error

type PluginAuth deprecated

type PluginAuth struct {
	Plugins              []*AuthPlugin `protobuf:"bytes,1,rep,name=plugins,proto3" json:"plugins,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

Configures auth via dynamically loaded Go plugins. Deprecated

Deprecated: Do not use.

func (*PluginAuth) Descriptor

func (*PluginAuth) Descriptor() ([]byte, []int)

func (*PluginAuth) Equal

func (this *PluginAuth) Equal(that interface{}) bool

func (*PluginAuth) GetPlugins

func (m *PluginAuth) GetPlugins() []*AuthPlugin

func (*PluginAuth) ProtoMessage

func (*PluginAuth) ProtoMessage()

func (*PluginAuth) Reset

func (m *PluginAuth) Reset()

func (*PluginAuth) String

func (m *PluginAuth) String() string

func (*PluginAuth) XXX_DiscardUnknown

func (m *PluginAuth) XXX_DiscardUnknown()

func (*PluginAuth) XXX_Marshal

func (m *PluginAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PluginAuth) XXX_Merge

func (m *PluginAuth) XXX_Merge(src proto.Message)

func (*PluginAuth) XXX_Size

func (m *PluginAuth) XXX_Size() int

func (*PluginAuth) XXX_Unmarshal

func (m *PluginAuth) XXX_Unmarshal(b []byte) error

type RouteExtension deprecated

type RouteExtension struct {
	Disable              bool     `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Deprecated: use ExtAuthExtension

Deprecated: Do not use.

func (*RouteExtension) Descriptor

func (*RouteExtension) Descriptor() ([]byte, []int)

func (*RouteExtension) Equal

func (this *RouteExtension) Equal(that interface{}) bool

func (*RouteExtension) GetDisable

func (m *RouteExtension) GetDisable() bool

func (*RouteExtension) ProtoMessage

func (*RouteExtension) ProtoMessage()

func (*RouteExtension) Reset

func (m *RouteExtension) Reset()

func (*RouteExtension) String

func (m *RouteExtension) String() string

func (*RouteExtension) XXX_DiscardUnknown

func (m *RouteExtension) XXX_DiscardUnknown()

func (*RouteExtension) XXX_Marshal

func (m *RouteExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RouteExtension) XXX_Merge

func (m *RouteExtension) XXX_Merge(src proto.Message)

func (*RouteExtension) XXX_Size

func (m *RouteExtension) XXX_Size() int

func (*RouteExtension) XXX_Unmarshal

func (m *RouteExtension) XXX_Unmarshal(b []byte) error

type Settings

type Settings struct {
	// The upstream to ask about auth decisions
	ExtauthzServerRef *core.ResourceRef `protobuf:"bytes,1,opt,name=extauthz_server_ref,json=extauthzServerRef,proto3" json:"extauthz_server_ref,omitempty"`
	// If this is set, communication to the upstream will be via HTTP and not GRPC.
	HttpService *HttpService `protobuf:"bytes,2,opt,name=http_service,json=httpService,proto3" json:"http_service,omitempty"`
	// If the auth server trusted id of the user, it will be set in this header.
	// Specifically this means that this header will be sanitized form the incoming request.
	UserIdHeader string `protobuf:"bytes,3,opt,name=user_id_header,json=userIdHeader,proto3" json:"user_id_header,omitempty"`
	// Timeout for the ext auth service to respond. Defaults to 200ms
	RequestTimeout *time.Duration `protobuf:"bytes,4,opt,name=request_timeout,json=requestTimeout,proto3,stdduration" json:"request_timeout,omitempty"`
	// In case of a failure or timeout querying the auth server, normally a request is denied.
	// if this is set to true, the request will be allowed.
	FailureModeAllow bool `protobuf:"varint,5,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"`
	// Set this if you also want to send the body of the request, and not just the headers.
	RequestBody *BufferSettings `protobuf:"bytes,6,opt,name=request_body,json=requestBody,proto3" json:"request_body,omitempty"`
	// Clears route cache in order to allow the external authorization service to correctly affect
	// routing decisions. Filter clears all cached routes when:
	//
	// 1. The field is set to *true*.
	//
	// 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.
	//
	// 3. At least one *authorization response header* is added to the client request, or is used for
	// altering another client request header.
	//
	ClearRouteCache bool `protobuf:"varint,7,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"`
	// Sets the HTTP status that is returned to the client when there is a network error between the
	// filter and the authorization server. The default status is HTTP 403 Forbidden.
	// If set, this must be one of the following:
	// - 100
	// - 200 201 202 203 204 205 206 207 208 226
	// - 300 301 302 303 304 305 307 308
	// - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431
	// - 500 501 502 503 504 505 506 507 508 510 511
	StatusOnError        uint32   `protobuf:"varint,8,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Settings) Descriptor

func (*Settings) Descriptor() ([]byte, []int)

func (*Settings) Equal

func (this *Settings) Equal(that interface{}) bool

func (*Settings) GetClearRouteCache

func (m *Settings) GetClearRouteCache() bool

func (*Settings) GetExtauthzServerRef

func (m *Settings) GetExtauthzServerRef() *core.ResourceRef

func (*Settings) GetFailureModeAllow

func (m *Settings) GetFailureModeAllow() bool

func (*Settings) GetHttpService

func (m *Settings) GetHttpService() *HttpService

func (*Settings) GetRequestBody

func (m *Settings) GetRequestBody() *BufferSettings

func (*Settings) GetRequestTimeout

func (m *Settings) GetRequestTimeout() *time.Duration

func (*Settings) GetStatusOnError

func (m *Settings) GetStatusOnError() uint32

func (*Settings) GetUserIdHeader

func (m *Settings) GetUserIdHeader() string

func (*Settings) ProtoMessage

func (*Settings) ProtoMessage()

func (*Settings) Reset

func (m *Settings) Reset()

func (*Settings) String

func (m *Settings) String() string

func (*Settings) XXX_DiscardUnknown

func (m *Settings) XXX_DiscardUnknown()

func (*Settings) XXX_Marshal

func (m *Settings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Settings) XXX_Merge

func (m *Settings) XXX_Merge(src proto.Message)

func (*Settings) XXX_Size

func (m *Settings) XXX_Size() int

func (*Settings) XXX_Unmarshal

func (m *Settings) XXX_Unmarshal(b []byte) error

type TransitionAuthConfigFunc

type TransitionAuthConfigFunc func(original, desired *AuthConfig) (bool, error)

Option to copy anything from the original to the desired before writing. Return value of false means don't update

type UnimplementedExtAuthDiscoveryServiceServer

type UnimplementedExtAuthDiscoveryServiceServer struct {
}

UnimplementedExtAuthDiscoveryServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig

func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig

func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig

type VhostExtension deprecated

type VhostExtension struct {
	// Deprecated: use `configs` field instead.
	//
	// Types that are valid to be assigned to AuthConfig:
	//	*VhostExtension_BasicAuth
	//	*VhostExtension_Oauth
	//	*VhostExtension_CustomAuth
	//	*VhostExtension_ApiKeyAuth
	//	*VhostExtension_PluginAuth
	AuthConfig isVhostExtension_AuthConfig `protobuf_oneof:"auth_config"`
	// A chain of AuthN\AuthZ configurations which will be executed in the order they are specified. The first plugin to deny a request will
	// cause a 403 response to be returned; any subsequent plugin in the chain will not be executed.
	// The headers on the OkHttpResponse returned from a plugin in the chain will be added to the request that will be sent
	// to the next one(s) according to the rules described here:
	// https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto#service-auth-v2-okhttpresponse
	Configs              []*VhostExtension_AuthConfig `protobuf:"bytes,6,rep,name=configs,proto3" json:"configs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                     `json:"-"`
	XXX_unrecognized     []byte                       `json:"-"`
	XXX_sizecache        int32                        `json:"-"`
}

Deprecated: use ExtAuthExtension

Deprecated: Do not use.

func (*VhostExtension) Descriptor

func (*VhostExtension) Descriptor() ([]byte, []int)

func (*VhostExtension) Equal

func (this *VhostExtension) Equal(that interface{}) bool

func (*VhostExtension) GetApiKeyAuth deprecated

func (m *VhostExtension) GetApiKeyAuth() *ApiKeyAuth

Deprecated: Do not use.

func (*VhostExtension) GetAuthConfig

func (m *VhostExtension) GetAuthConfig() isVhostExtension_AuthConfig

func (*VhostExtension) GetBasicAuth deprecated

func (m *VhostExtension) GetBasicAuth() *BasicAuth

Deprecated: Do not use.

func (*VhostExtension) GetConfigs

func (m *VhostExtension) GetConfigs() []*VhostExtension_AuthConfig

func (*VhostExtension) GetCustomAuth deprecated

func (m *VhostExtension) GetCustomAuth() *CustomAuth

Deprecated: Do not use.

func (*VhostExtension) GetOauth deprecated

func (m *VhostExtension) GetOauth() *OAuth

Deprecated: Do not use.

func (*VhostExtension) GetPluginAuth deprecated

func (m *VhostExtension) GetPluginAuth() *PluginAuth

Deprecated: Do not use.

func (*VhostExtension) ProtoMessage

func (*VhostExtension) ProtoMessage()

func (*VhostExtension) Reset

func (m *VhostExtension) Reset()

func (*VhostExtension) String

func (m *VhostExtension) String() string

func (*VhostExtension) XXX_DiscardUnknown

func (m *VhostExtension) XXX_DiscardUnknown()

func (*VhostExtension) XXX_Marshal

func (m *VhostExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VhostExtension) XXX_Merge

func (m *VhostExtension) XXX_Merge(src proto.Message)

func (*VhostExtension) XXX_OneofWrappers

func (*VhostExtension) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*VhostExtension) XXX_Size

func (m *VhostExtension) XXX_Size() int

func (*VhostExtension) XXX_Unmarshal

func (m *VhostExtension) XXX_Unmarshal(b []byte) error

type VhostExtension_ApiKeyAuth

type VhostExtension_ApiKeyAuth struct {
	ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"`
}

func (*VhostExtension_ApiKeyAuth) Equal

func (this *VhostExtension_ApiKeyAuth) Equal(that interface{}) bool

type VhostExtension_AuthConfig

type VhostExtension_AuthConfig struct {
	// Types that are valid to be assigned to AuthConfig:
	//	*VhostExtension_AuthConfig_BasicAuth
	//	*VhostExtension_AuthConfig_Oauth
	//	*VhostExtension_AuthConfig_CustomAuth
	//	*VhostExtension_AuthConfig_ApiKeyAuth
	//	*VhostExtension_AuthConfig_PluginAuth
	//	*VhostExtension_AuthConfig_OpaAuth
	//	*VhostExtension_AuthConfig_Ldap
	AuthConfig           isVhostExtension_AuthConfig_AuthConfig `protobuf_oneof:"auth_config"`
	XXX_NoUnkeyedLiteral struct{}                               `json:"-"`
	XXX_unrecognized     []byte                                 `json:"-"`
	XXX_sizecache        int32                                  `json:"-"`
}

func (*VhostExtension_AuthConfig) Descriptor

func (*VhostExtension_AuthConfig) Descriptor() ([]byte, []int)

func (*VhostExtension_AuthConfig) Equal

func (this *VhostExtension_AuthConfig) Equal(that interface{}) bool

func (*VhostExtension_AuthConfig) GetApiKeyAuth

func (m *VhostExtension_AuthConfig) GetApiKeyAuth() *ApiKeyAuth

func (*VhostExtension_AuthConfig) GetAuthConfig

func (m *VhostExtension_AuthConfig) GetAuthConfig() isVhostExtension_AuthConfig_AuthConfig

func (*VhostExtension_AuthConfig) GetBasicAuth

func (m *VhostExtension_AuthConfig) GetBasicAuth() *BasicAuth

func (*VhostExtension_AuthConfig) GetCustomAuth

func (m *VhostExtension_AuthConfig) GetCustomAuth() *CustomAuth

func (*VhostExtension_AuthConfig) GetLdap

func (m *VhostExtension_AuthConfig) GetLdap() *Ldap

func (*VhostExtension_AuthConfig) GetOauth

func (m *VhostExtension_AuthConfig) GetOauth() *OAuth

func (*VhostExtension_AuthConfig) GetOpaAuth

func (m *VhostExtension_AuthConfig) GetOpaAuth() *OpaAuth

func (*VhostExtension_AuthConfig) GetPluginAuth

func (m *VhostExtension_AuthConfig) GetPluginAuth() *AuthPlugin

func (*VhostExtension_AuthConfig) ProtoMessage

func (*VhostExtension_AuthConfig) ProtoMessage()

func (*VhostExtension_AuthConfig) Reset

func (m *VhostExtension_AuthConfig) Reset()

func (*VhostExtension_AuthConfig) String

func (m *VhostExtension_AuthConfig) String() string

func (*VhostExtension_AuthConfig) XXX_DiscardUnknown

func (m *VhostExtension_AuthConfig) XXX_DiscardUnknown()

func (*VhostExtension_AuthConfig) XXX_Marshal

func (m *VhostExtension_AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VhostExtension_AuthConfig) XXX_Merge

func (m *VhostExtension_AuthConfig) XXX_Merge(src proto.Message)

func (*VhostExtension_AuthConfig) XXX_OneofWrappers

func (*VhostExtension_AuthConfig) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*VhostExtension_AuthConfig) XXX_Size

func (m *VhostExtension_AuthConfig) XXX_Size() int

func (*VhostExtension_AuthConfig) XXX_Unmarshal

func (m *VhostExtension_AuthConfig) XXX_Unmarshal(b []byte) error

type VhostExtension_AuthConfig_ApiKeyAuth

type VhostExtension_AuthConfig_ApiKeyAuth struct {
	ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"`
}

func (*VhostExtension_AuthConfig_ApiKeyAuth) Equal

func (this *VhostExtension_AuthConfig_ApiKeyAuth) Equal(that interface{}) bool

type VhostExtension_AuthConfig_BasicAuth

type VhostExtension_AuthConfig_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"`
}

func (*VhostExtension_AuthConfig_BasicAuth) Equal

func (this *VhostExtension_AuthConfig_BasicAuth) Equal(that interface{}) bool

type VhostExtension_AuthConfig_CustomAuth

type VhostExtension_AuthConfig_CustomAuth struct {
	CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"`
}

func (*VhostExtension_AuthConfig_CustomAuth) Equal

func (this *VhostExtension_AuthConfig_CustomAuth) Equal(that interface{}) bool

type VhostExtension_AuthConfig_Ldap

type VhostExtension_AuthConfig_Ldap struct {
	Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"`
}

func (*VhostExtension_AuthConfig_Ldap) Equal

func (this *VhostExtension_AuthConfig_Ldap) Equal(that interface{}) bool

type VhostExtension_AuthConfig_Oauth

type VhostExtension_AuthConfig_Oauth struct {
	Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"`
}

func (*VhostExtension_AuthConfig_Oauth) Equal

func (this *VhostExtension_AuthConfig_Oauth) Equal(that interface{}) bool

type VhostExtension_AuthConfig_OpaAuth

type VhostExtension_AuthConfig_OpaAuth struct {
	OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"`
}

func (*VhostExtension_AuthConfig_OpaAuth) Equal

func (this *VhostExtension_AuthConfig_OpaAuth) Equal(that interface{}) bool

type VhostExtension_AuthConfig_PluginAuth

type VhostExtension_AuthConfig_PluginAuth struct {
	PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"`
}

func (*VhostExtension_AuthConfig_PluginAuth) Equal

func (this *VhostExtension_AuthConfig_PluginAuth) Equal(that interface{}) bool

type VhostExtension_BasicAuth

type VhostExtension_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"`
}

func (*VhostExtension_BasicAuth) Equal

func (this *VhostExtension_BasicAuth) Equal(that interface{}) bool

type VhostExtension_CustomAuth

type VhostExtension_CustomAuth struct {
	CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"`
}

func (*VhostExtension_CustomAuth) Equal

func (this *VhostExtension_CustomAuth) Equal(that interface{}) bool

type VhostExtension_Oauth

type VhostExtension_Oauth struct {
	Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"`
}

func (*VhostExtension_Oauth) Equal

func (this *VhostExtension_Oauth) Equal(that interface{}) bool

type VhostExtension_PluginAuth

type VhostExtension_PluginAuth struct {
	PluginAuth *PluginAuth `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"`
}

func (*VhostExtension_PluginAuth) Equal

func (this *VhostExtension_PluginAuth) Equal(that interface{}) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL