authv3

package
v0.0.0-...-8fb8d40 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2024 License: Apache-2.0 Imports: 28 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_envoy_service_auth_v3_attribute_context_proto protoreflect.FileDescriptor
View Source
var File_envoy_service_auth_v3_external_auth_proto protoreflect.FileDescriptor

Functions

func RegisterAuthorizationServer

func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer)

Types

type AttributeContext

type AttributeContext struct {

	// The source of a network activity, such as starting a TCP connection.
	// In a multi hop network activity, the source represents the sender of the
	// last hop.
	Source *AttributeContext_Peer `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
	// The destination of a network activity, such as accepting a TCP connection.
	// In a multi hop network activity, the destination represents the receiver of
	// the last hop.
	Destination *AttributeContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"`
	// Represents a network request, such as an HTTP request.
	Request *AttributeContext_Request `protobuf:"bytes,4,opt,name=request,proto3" json:"request,omitempty"`
	// This is analogous to http_request.headers, however these contents will not be sent to the
	// upstream server. Context_extensions provide an extension mechanism for sending additional
	// information to the auth server without modifying the proto definition. It maps to the
	// internal opaque context in the filter chain.
	ContextExtensions map[string]string `` /* 201-byte string literal not displayed */
	// Dynamic metadata associated with the request.
	MetadataContext *v3.Metadata `protobuf:"bytes,11,opt,name=metadata_context,json=metadataContext,proto3" json:"metadata_context,omitempty"`
	// Metadata associated with the selected route.
	RouteMetadataContext *v3.Metadata `protobuf:"bytes,13,opt,name=route_metadata_context,json=routeMetadataContext,proto3" json:"route_metadata_context,omitempty"`
	// TLS session details of the underlying connection.
	// This is not populated by default and will be populated only if the ext_authz filter has
	// been specifically configured to include this information.
	// For HTTP ext_authz, that requires :ref:`include_tls_session <config_http_filters_ext_authz>`
	// to be set to true.
	// For network ext_authz, that requires :ref:`include_tls_session <config_network_filters_ext_authz>`
	// to be set to true.
	TlsSession *AttributeContext_TLSSession `protobuf:"bytes,12,opt,name=tls_session,json=tlsSession,proto3" json:"tls_session,omitempty"`
	// contains filtered or unexported fields
}

An attribute is a piece of metadata that describes an activity on a network. For example, the size of an HTTP request, or the status code of an HTTP response.

Each attribute has a type and a name, which is logically defined as a proto message field of the “AttributeContext“. The “AttributeContext“ is a collection of individual attributes supported by Envoy authorization system. [#comment: The following items are left out of this proto Request.Auth field for jwt tokens Request.Api for api management Origin peer that originated the request Caching Protocol request_context return values to inject back into the filter chain peer.claims -- from X.509 extensions Configuration - field mask to send - which return values from request_context are copied back - which return values are copied into request_headers] [#next-free-field: 14]

func (*AttributeContext) Descriptor deprecated

func (*AttributeContext) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead.

func (*AttributeContext) GetContextExtensions

func (x *AttributeContext) GetContextExtensions() map[string]string

func (*AttributeContext) GetDestination

func (x *AttributeContext) GetDestination() *AttributeContext_Peer

func (*AttributeContext) GetMetadataContext

func (x *AttributeContext) GetMetadataContext() *v3.Metadata

func (*AttributeContext) GetRequest

func (x *AttributeContext) GetRequest() *AttributeContext_Request

func (*AttributeContext) GetRouteMetadataContext

func (x *AttributeContext) GetRouteMetadataContext() *v3.Metadata

func (*AttributeContext) GetSource

func (x *AttributeContext) GetSource() *AttributeContext_Peer

func (*AttributeContext) GetTlsSession

func (x *AttributeContext) GetTlsSession() *AttributeContext_TLSSession

func (*AttributeContext) ProtoMessage

func (*AttributeContext) ProtoMessage()

func (*AttributeContext) ProtoReflect

func (x *AttributeContext) ProtoReflect() protoreflect.Message

func (*AttributeContext) Reset

func (x *AttributeContext) Reset()

func (*AttributeContext) String

func (x *AttributeContext) String() string

func (*AttributeContext) Validate

func (m *AttributeContext) Validate() error

Validate checks the field values on AttributeContext with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext) ValidateAll

func (m *AttributeContext) ValidateAll() error

ValidateAll checks the field values on AttributeContext with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContextMultiError, or nil if none found.

type AttributeContextMultiError

type AttributeContextMultiError []error

AttributeContextMultiError is an error wrapping multiple validation errors returned by AttributeContext.ValidateAll() if the designated constraints aren't met.

func (AttributeContextMultiError) AllErrors

func (m AttributeContextMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AttributeContextMultiError) Error

Error returns a concatenation of all the error messages it wraps.

type AttributeContextValidationError

type AttributeContextValidationError struct {
	// contains filtered or unexported fields
}

AttributeContextValidationError is the validation error returned by AttributeContext.Validate if the designated constraints aren't met.

func (AttributeContextValidationError) Cause

Cause function returns cause value.

func (AttributeContextValidationError) Error

Error satisfies the builtin error interface

func (AttributeContextValidationError) ErrorName

ErrorName returns error name.

func (AttributeContextValidationError) Field

Field function returns field value.

func (AttributeContextValidationError) Key

Key function returns key value.

func (AttributeContextValidationError) Reason

Reason function returns reason value.

type AttributeContext_HttpRequest

type AttributeContext_HttpRequest struct {

	// The unique ID for a request, which can be propagated to downstream
	// systems. The ID should have low probability of collision
	// within a single day for a specific service.
	// For HTTP requests, it should be X-Request-ID or equivalent.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// The HTTP request method, such as “GET“, “POST“.
	Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"`
	// The HTTP request headers. If multiple headers share the same key, they
	// must be merged according to the HTTP spec. All header keys must be
	// lower-cased, because HTTP header keys are case-insensitive.
	// Header value is encoded as UTF-8 string. Non-UTF-8 characters will be replaced by "!".
	// This field will not be set if
	// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
	// is set to true.
	Headers map[string]string `` /* 155-byte string literal not displayed */
	// A list of the raw HTTP request headers. This is used instead of
	// :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>` when
	// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
	// is set to true.
	//
	// Note that this is not actually a map type. “header_map“ contains a single repeated field
	// “headers“.
	//
	// Here, only the “key“ and “raw_value“ fields will be populated for each HeaderValue, and
	// that is only when
	// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
	// is set to true.
	//
	// Also, unlike the
	// :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>`
	// field, headers with the same key are not combined into a single comma separated header.
	HeaderMap *v3.HeaderMap `protobuf:"bytes,13,opt,name=header_map,json=headerMap,proto3" json:"header_map,omitempty"`
	// The request target, as it appears in the first line of the HTTP request. This includes
	// the URL path and query-string. No decoding is performed.
	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
	// The HTTP request “Host“ or “:authority“ header value.
	Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"`
	// The HTTP URL scheme, such as “http“ and “https“.
	Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The HTTP URL query is
	// included in “path“ field.
	Query string `protobuf:"bytes,7,opt,name=query,proto3" json:"query,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The URL fragment is
	// not submitted as part of HTTP requests; it is unknowable.
	Fragment string `protobuf:"bytes,8,opt,name=fragment,proto3" json:"fragment,omitempty"`
	// The HTTP request size in bytes. If unknown, it must be -1.
	Size int64 `protobuf:"varint,9,opt,name=size,proto3" json:"size,omitempty"`
	// The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2".
	//
	// See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all
	// possible values.
	Protocol string `protobuf:"bytes,10,opt,name=protocol,proto3" json:"protocol,omitempty"`
	// The HTTP request body.
	Body string `protobuf:"bytes,11,opt,name=body,proto3" json:"body,omitempty"`
	// The HTTP request body in bytes. This is used instead of
	// :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when
	// :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>`
	// is set to true.
	RawBody []byte `protobuf:"bytes,12,opt,name=raw_body,json=rawBody,proto3" json:"raw_body,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for an HTTP request. HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests. [#next-free-field: 14]

func (*AttributeContext_HttpRequest) Descriptor deprecated

func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_HttpRequest.ProtoReflect.Descriptor instead.

func (*AttributeContext_HttpRequest) GetBody

func (x *AttributeContext_HttpRequest) GetBody() string

func (*AttributeContext_HttpRequest) GetFragment

func (x *AttributeContext_HttpRequest) GetFragment() string

func (*AttributeContext_HttpRequest) GetHeaderMap

func (x *AttributeContext_HttpRequest) GetHeaderMap() *v3.HeaderMap

func (*AttributeContext_HttpRequest) GetHeaders

func (x *AttributeContext_HttpRequest) GetHeaders() map[string]string

func (*AttributeContext_HttpRequest) GetHost

func (x *AttributeContext_HttpRequest) GetHost() string

func (*AttributeContext_HttpRequest) GetId

func (*AttributeContext_HttpRequest) GetMethod

func (x *AttributeContext_HttpRequest) GetMethod() string

func (*AttributeContext_HttpRequest) GetPath

func (x *AttributeContext_HttpRequest) GetPath() string

func (*AttributeContext_HttpRequest) GetProtocol

func (x *AttributeContext_HttpRequest) GetProtocol() string

func (*AttributeContext_HttpRequest) GetQuery

func (x *AttributeContext_HttpRequest) GetQuery() string

func (*AttributeContext_HttpRequest) GetRawBody

func (x *AttributeContext_HttpRequest) GetRawBody() []byte

func (*AttributeContext_HttpRequest) GetScheme

func (x *AttributeContext_HttpRequest) GetScheme() string

func (*AttributeContext_HttpRequest) GetSize

func (x *AttributeContext_HttpRequest) GetSize() int64

func (*AttributeContext_HttpRequest) ProtoMessage

func (*AttributeContext_HttpRequest) ProtoMessage()

func (*AttributeContext_HttpRequest) ProtoReflect

func (*AttributeContext_HttpRequest) Reset

func (x *AttributeContext_HttpRequest) Reset()

func (*AttributeContext_HttpRequest) String

func (*AttributeContext_HttpRequest) Validate

func (m *AttributeContext_HttpRequest) Validate() error

Validate checks the field values on AttributeContext_HttpRequest with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext_HttpRequest) ValidateAll

func (m *AttributeContext_HttpRequest) ValidateAll() error

ValidateAll checks the field values on AttributeContext_HttpRequest with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContext_HttpRequestMultiError, or nil if none found.

type AttributeContext_HttpRequestMultiError

type AttributeContext_HttpRequestMultiError []error

AttributeContext_HttpRequestMultiError is an error wrapping multiple validation errors returned by AttributeContext_HttpRequest.ValidateAll() if the designated constraints aren't met.

func (AttributeContext_HttpRequestMultiError) AllErrors

AllErrors returns a list of validation violation errors.

func (AttributeContext_HttpRequestMultiError) Error

Error returns a concatenation of all the error messages it wraps.

type AttributeContext_HttpRequestValidationError

type AttributeContext_HttpRequestValidationError struct {
	// contains filtered or unexported fields
}

AttributeContext_HttpRequestValidationError is the validation error returned by AttributeContext_HttpRequest.Validate if the designated constraints aren't met.

func (AttributeContext_HttpRequestValidationError) Cause

Cause function returns cause value.

func (AttributeContext_HttpRequestValidationError) Error

Error satisfies the builtin error interface

func (AttributeContext_HttpRequestValidationError) ErrorName

ErrorName returns error name.

func (AttributeContext_HttpRequestValidationError) Field

Field function returns field value.

func (AttributeContext_HttpRequestValidationError) Key

Key function returns key value.

func (AttributeContext_HttpRequestValidationError) Reason

Reason function returns reason value.

type AttributeContext_Peer

type AttributeContext_Peer struct {

	// The address of the peer, this is typically the IP address.
	// It can also be UDS path, or others.
	Address *v3.Address `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// The canonical service name of the peer.
	// It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster
	// <config_http_conn_man_headers_downstream-service-cluster>`
	// If a more trusted source of the service name is available through mTLS/secure naming, it
	// should be used.
	Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
	// The labels associated with the peer.
	// These could be pod labels for Kubernetes or tags for VMs.
	// The source of the labels could be an X.509 certificate or other configuration.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// The authenticated identity of this peer.
	// For example, the identity associated with the workload such as a service account.
	// If an X.509 certificate is used to assert the identity this field should be sourced from
	// “URI Subject Alternative Names“, “DNS Subject Alternate Names“ or “Subject“ in that order.
	// The primary identity should be the principal. The principal format is issuer specific.
	//
	// Examples:
	//
	// - SPIFFE format is “spiffe://trust-domain/path“.
	// - Google account format is “https://accounts.google.com/{userid}“.
	Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"`
	// The X.509 certificate used to authenticate the identify of this peer.
	// When present, the certificate contents are encoded in URL and PEM format.
	Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in the “service“, “principal“, and “labels“ as appropriate. [#next-free-field: 6]

func (*AttributeContext_Peer) Descriptor deprecated

func (*AttributeContext_Peer) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_Peer.ProtoReflect.Descriptor instead.

func (*AttributeContext_Peer) GetAddress

func (x *AttributeContext_Peer) GetAddress() *v3.Address

func (*AttributeContext_Peer) GetCertificate

func (x *AttributeContext_Peer) GetCertificate() string

func (*AttributeContext_Peer) GetLabels

func (x *AttributeContext_Peer) GetLabels() map[string]string

func (*AttributeContext_Peer) GetPrincipal

func (x *AttributeContext_Peer) GetPrincipal() string

func (*AttributeContext_Peer) GetService

func (x *AttributeContext_Peer) GetService() string

func (*AttributeContext_Peer) ProtoMessage

func (*AttributeContext_Peer) ProtoMessage()

func (*AttributeContext_Peer) ProtoReflect

func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message

func (*AttributeContext_Peer) Reset

func (x *AttributeContext_Peer) Reset()

func (*AttributeContext_Peer) String

func (x *AttributeContext_Peer) String() string

func (*AttributeContext_Peer) Validate

func (m *AttributeContext_Peer) Validate() error

Validate checks the field values on AttributeContext_Peer with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext_Peer) ValidateAll

func (m *AttributeContext_Peer) ValidateAll() error

ValidateAll checks the field values on AttributeContext_Peer with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContext_PeerMultiError, or nil if none found.

type AttributeContext_PeerMultiError

type AttributeContext_PeerMultiError []error

AttributeContext_PeerMultiError is an error wrapping multiple validation errors returned by AttributeContext_Peer.ValidateAll() if the designated constraints aren't met.

func (AttributeContext_PeerMultiError) AllErrors

func (m AttributeContext_PeerMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AttributeContext_PeerMultiError) Error

Error returns a concatenation of all the error messages it wraps.

type AttributeContext_PeerValidationError

type AttributeContext_PeerValidationError struct {
	// contains filtered or unexported fields
}

AttributeContext_PeerValidationError is the validation error returned by AttributeContext_Peer.Validate if the designated constraints aren't met.

func (AttributeContext_PeerValidationError) Cause

Cause function returns cause value.

func (AttributeContext_PeerValidationError) Error

Error satisfies the builtin error interface

func (AttributeContext_PeerValidationError) ErrorName

ErrorName returns error name.

func (AttributeContext_PeerValidationError) Field

Field function returns field value.

func (AttributeContext_PeerValidationError) Key

Key function returns key value.

func (AttributeContext_PeerValidationError) Reason

Reason function returns reason value.

type AttributeContext_Request

type AttributeContext_Request struct {

	// The timestamp when the proxy receives the first byte of the request.
	Time *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=time,proto3" json:"time,omitempty"`
	// Represents an HTTP request or an HTTP-like request.
	Http *AttributeContext_HttpRequest `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"`
	// contains filtered or unexported fields
}

Represents a network request, such as an HTTP request.

func (*AttributeContext_Request) Descriptor deprecated

func (*AttributeContext_Request) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead.

func (*AttributeContext_Request) GetHttp

func (*AttributeContext_Request) GetTime

func (*AttributeContext_Request) ProtoMessage

func (*AttributeContext_Request) ProtoMessage()

func (*AttributeContext_Request) ProtoReflect

func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message

func (*AttributeContext_Request) Reset

func (x *AttributeContext_Request) Reset()

func (*AttributeContext_Request) String

func (x *AttributeContext_Request) String() string

func (*AttributeContext_Request) Validate

func (m *AttributeContext_Request) Validate() error

Validate checks the field values on AttributeContext_Request with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext_Request) ValidateAll

func (m *AttributeContext_Request) ValidateAll() error

ValidateAll checks the field values on AttributeContext_Request with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContext_RequestMultiError, or nil if none found.

type AttributeContext_RequestMultiError

type AttributeContext_RequestMultiError []error

AttributeContext_RequestMultiError is an error wrapping multiple validation errors returned by AttributeContext_Request.ValidateAll() if the designated constraints aren't met.

func (AttributeContext_RequestMultiError) AllErrors

func (m AttributeContext_RequestMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AttributeContext_RequestMultiError) Error

Error returns a concatenation of all the error messages it wraps.

type AttributeContext_RequestValidationError

type AttributeContext_RequestValidationError struct {
	// contains filtered or unexported fields
}

AttributeContext_RequestValidationError is the validation error returned by AttributeContext_Request.Validate if the designated constraints aren't met.

func (AttributeContext_RequestValidationError) Cause

Cause function returns cause value.

func (AttributeContext_RequestValidationError) Error

Error satisfies the builtin error interface

func (AttributeContext_RequestValidationError) ErrorName

ErrorName returns error name.

func (AttributeContext_RequestValidationError) Field

Field function returns field value.

func (AttributeContext_RequestValidationError) Key

Key function returns key value.

func (AttributeContext_RequestValidationError) Reason

Reason function returns reason value.

type AttributeContext_TLSSession

type AttributeContext_TLSSession struct {

	// SNI used for TLS session.
	Sni string `protobuf:"bytes,1,opt,name=sni,proto3" json:"sni,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for the underlying TLS session.

func (*AttributeContext_TLSSession) Descriptor deprecated

func (*AttributeContext_TLSSession) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_TLSSession.ProtoReflect.Descriptor instead.

func (*AttributeContext_TLSSession) GetSni

func (x *AttributeContext_TLSSession) GetSni() string

func (*AttributeContext_TLSSession) ProtoMessage

func (*AttributeContext_TLSSession) ProtoMessage()

func (*AttributeContext_TLSSession) ProtoReflect

func (*AttributeContext_TLSSession) Reset

func (x *AttributeContext_TLSSession) Reset()

func (*AttributeContext_TLSSession) String

func (x *AttributeContext_TLSSession) String() string

func (*AttributeContext_TLSSession) Validate

func (m *AttributeContext_TLSSession) Validate() error

Validate checks the field values on AttributeContext_TLSSession with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext_TLSSession) ValidateAll

func (m *AttributeContext_TLSSession) ValidateAll() error

ValidateAll checks the field values on AttributeContext_TLSSession with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContext_TLSSessionMultiError, or nil if none found.

type AttributeContext_TLSSessionMultiError

type AttributeContext_TLSSessionMultiError []error

AttributeContext_TLSSessionMultiError is an error wrapping multiple validation errors returned by AttributeContext_TLSSession.ValidateAll() if the designated constraints aren't met.

func (AttributeContext_TLSSessionMultiError) AllErrors

AllErrors returns a list of validation violation errors.

func (AttributeContext_TLSSessionMultiError) Error

Error returns a concatenation of all the error messages it wraps.

type AttributeContext_TLSSessionValidationError

type AttributeContext_TLSSessionValidationError struct {
	// contains filtered or unexported fields
}

AttributeContext_TLSSessionValidationError is the validation error returned by AttributeContext_TLSSession.Validate if the designated constraints aren't met.

func (AttributeContext_TLSSessionValidationError) Cause

Cause function returns cause value.

func (AttributeContext_TLSSessionValidationError) Error

Error satisfies the builtin error interface

func (AttributeContext_TLSSessionValidationError) ErrorName

ErrorName returns error name.

func (AttributeContext_TLSSessionValidationError) Field

Field function returns field value.

func (AttributeContext_TLSSessionValidationError) Key

Key function returns key value.

func (AttributeContext_TLSSessionValidationError) Reason

Reason function returns reason value.

type AuthorizationClient

type AuthorizationClient interface {
	// Performs authorization check based on the attributes associated with the
	// incoming request, and returns status `OK` or not `OK`.
	Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error)
}

AuthorizationClient is the client API for Authorization service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

type AuthorizationServer

type AuthorizationServer interface {
	// Performs authorization check based on the attributes associated with the
	// incoming request, and returns status `OK` or not `OK`.
	Check(context.Context, *CheckRequest) (*CheckResponse, error)
}

AuthorizationServer is the server API for Authorization service.

type CheckRequest

type CheckRequest struct {

	// The request attributes.
	Attributes *AttributeContext `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"`
	// contains filtered or unexported fields
}

func (*CheckRequest) Descriptor deprecated

func (*CheckRequest) Descriptor() ([]byte, []int)

Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead.

func (*CheckRequest) GetAttributes

func (x *CheckRequest) GetAttributes() *AttributeContext

func (*CheckRequest) ProtoMessage

func (*CheckRequest) ProtoMessage()

func (*CheckRequest) ProtoReflect

func (x *CheckRequest) ProtoReflect() protoreflect.Message

func (*CheckRequest) Reset

func (x *CheckRequest) Reset()

func (*CheckRequest) String

func (x *CheckRequest) String() string

func (*CheckRequest) Validate

func (m *CheckRequest) Validate() error

Validate checks the field values on CheckRequest with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*CheckRequest) ValidateAll

func (m *CheckRequest) ValidateAll() error

ValidateAll checks the field values on CheckRequest with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in CheckRequestMultiError, or nil if none found.

type CheckRequestMultiError

type CheckRequestMultiError []error

CheckRequestMultiError is an error wrapping multiple validation errors returned by CheckRequest.ValidateAll() if the designated constraints aren't met.

func (CheckRequestMultiError) AllErrors

func (m CheckRequestMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (CheckRequestMultiError) Error

func (m CheckRequestMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type CheckRequestValidationError

type CheckRequestValidationError struct {
	// contains filtered or unexported fields
}

CheckRequestValidationError is the validation error returned by CheckRequest.Validate if the designated constraints aren't met.

func (CheckRequestValidationError) Cause

Cause function returns cause value.

func (CheckRequestValidationError) Error

Error satisfies the builtin error interface

func (CheckRequestValidationError) ErrorName

func (e CheckRequestValidationError) ErrorName() string

ErrorName returns error name.

func (CheckRequestValidationError) Field

Field function returns field value.

func (CheckRequestValidationError) Key

Key function returns key value.

func (CheckRequestValidationError) Reason

Reason function returns reason value.

type CheckResponse

type CheckResponse struct {

	// Status “OK“ allows the request. Any other status indicates the request should be denied, and
	// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
	// Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *status.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// An message that contains HTTP response attributes. This message is
	// used when the authorization service needs to send custom responses to the
	// downstream client or, to modify/add request headers being dispatched to the upstream.
	//
	// Types that are assignable to HttpResponse:
	//
	//	*CheckResponse_DeniedResponse
	//	*CheckResponse_OkResponse
	HttpResponse isCheckResponse_HttpResponse `protobuf_oneof:"http_response"`
	// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
	// filter. This metadata lives in a namespace specified by the canonical name of extension filter
	// that requires it:
	//
	// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
	// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
	DynamicMetadata *structpb.Struct `protobuf:"bytes,4,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// contains filtered or unexported fields
}

Intended for gRPC and Network Authorization servers “only“.

func (*CheckResponse) Descriptor deprecated

func (*CheckResponse) Descriptor() ([]byte, []int)

Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead.

func (*CheckResponse) GetDeniedResponse

func (x *CheckResponse) GetDeniedResponse() *DeniedHttpResponse

func (*CheckResponse) GetDynamicMetadata

func (x *CheckResponse) GetDynamicMetadata() *structpb.Struct

func (*CheckResponse) GetHttpResponse

func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse

func (*CheckResponse) GetOkResponse

func (x *CheckResponse) GetOkResponse() *OkHttpResponse

func (*CheckResponse) GetStatus

func (x *CheckResponse) GetStatus() *status.Status

func (*CheckResponse) ProtoMessage

func (*CheckResponse) ProtoMessage()

func (*CheckResponse) ProtoReflect

func (x *CheckResponse) ProtoReflect() protoreflect.Message

func (*CheckResponse) Reset

func (x *CheckResponse) Reset()

func (*CheckResponse) String

func (x *CheckResponse) String() string

func (*CheckResponse) Validate

func (m *CheckResponse) Validate() error

Validate checks the field values on CheckResponse with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*CheckResponse) ValidateAll

func (m *CheckResponse) ValidateAll() error

ValidateAll checks the field values on CheckResponse with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in CheckResponseMultiError, or nil if none found.

type CheckResponseMultiError

type CheckResponseMultiError []error

CheckResponseMultiError is an error wrapping multiple validation errors returned by CheckResponse.ValidateAll() if the designated constraints aren't met.

func (CheckResponseMultiError) AllErrors

func (m CheckResponseMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (CheckResponseMultiError) Error

func (m CheckResponseMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type CheckResponseValidationError

type CheckResponseValidationError struct {
	// contains filtered or unexported fields
}

CheckResponseValidationError is the validation error returned by CheckResponse.Validate if the designated constraints aren't met.

func (CheckResponseValidationError) Cause

Cause function returns cause value.

func (CheckResponseValidationError) Error

Error satisfies the builtin error interface

func (CheckResponseValidationError) ErrorName

func (e CheckResponseValidationError) ErrorName() string

ErrorName returns error name.

func (CheckResponseValidationError) Field

Field function returns field value.

func (CheckResponseValidationError) Key

Key function returns key value.

func (CheckResponseValidationError) Reason

Reason function returns reason value.

type CheckResponse_DeniedResponse

type CheckResponse_DeniedResponse struct {
	// Supplies http attributes for a denied response.
	DeniedResponse *DeniedHttpResponse `protobuf:"bytes,2,opt,name=denied_response,json=deniedResponse,proto3,oneof"`
}

type CheckResponse_OkResponse

type CheckResponse_OkResponse struct {
	// Supplies http attributes for an ok response.
	OkResponse *OkHttpResponse `protobuf:"bytes,3,opt,name=ok_response,json=okResponse,proto3,oneof"`
}

type DeniedHttpResponse

type DeniedHttpResponse struct {

	// This field allows the authorization service to send an HTTP response status code to the
	// downstream client. If not set, Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *v3.HttpStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// This field allows the authorization service to send a response body data
	// to the downstream client.
	Body string `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"`
	// contains filtered or unexported fields
}

HTTP attributes for a denied response.

func (*DeniedHttpResponse) Descriptor deprecated

func (*DeniedHttpResponse) Descriptor() ([]byte, []int)

Deprecated: Use DeniedHttpResponse.ProtoReflect.Descriptor instead.

func (*DeniedHttpResponse) GetBody

func (x *DeniedHttpResponse) GetBody() string

func (*DeniedHttpResponse) GetHeaders

func (x *DeniedHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*DeniedHttpResponse) GetStatus

func (x *DeniedHttpResponse) GetStatus() *v3.HttpStatus

func (*DeniedHttpResponse) ProtoMessage

func (*DeniedHttpResponse) ProtoMessage()

func (*DeniedHttpResponse) ProtoReflect

func (x *DeniedHttpResponse) ProtoReflect() protoreflect.Message

func (*DeniedHttpResponse) Reset

func (x *DeniedHttpResponse) Reset()

func (*DeniedHttpResponse) String

func (x *DeniedHttpResponse) String() string

func (*DeniedHttpResponse) Validate

func (m *DeniedHttpResponse) Validate() error

Validate checks the field values on DeniedHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*DeniedHttpResponse) ValidateAll

func (m *DeniedHttpResponse) ValidateAll() error

ValidateAll checks the field values on DeniedHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in DeniedHttpResponseMultiError, or nil if none found.

type DeniedHttpResponseMultiError

type DeniedHttpResponseMultiError []error

DeniedHttpResponseMultiError is an error wrapping multiple validation errors returned by DeniedHttpResponse.ValidateAll() if the designated constraints aren't met.

func (DeniedHttpResponseMultiError) AllErrors

func (m DeniedHttpResponseMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (DeniedHttpResponseMultiError) Error

Error returns a concatenation of all the error messages it wraps.

type DeniedHttpResponseValidationError

type DeniedHttpResponseValidationError struct {
	// contains filtered or unexported fields
}

DeniedHttpResponseValidationError is the validation error returned by DeniedHttpResponse.Validate if the designated constraints aren't met.

func (DeniedHttpResponseValidationError) Cause

Cause function returns cause value.

func (DeniedHttpResponseValidationError) Error

Error satisfies the builtin error interface

func (DeniedHttpResponseValidationError) ErrorName

ErrorName returns error name.

func (DeniedHttpResponseValidationError) Field

Field function returns field value.

func (DeniedHttpResponseValidationError) Key

Key function returns key value.

func (DeniedHttpResponseValidationError) Reason

Reason function returns reason value.

type OkHttpResponse

type OkHttpResponse struct {

	// HTTP entity headers in addition to the original request headers. This allows the authorization
	// service to append, to add or to override headers from the original request before
	// dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message. By setting the “append“ field to “true“,
	// the filter will append the correspondent header value to the matched request header.
	// By leaving “append“ as false, the filter will either add a new header, or override an existing
	// one if there is a match.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// HTTP entity headers to remove from the original request before dispatching
	// it to the upstream. This allows the authorization service to act on auth
	// related headers (like “Authorization“), process them, and consume them.
	// Under this model, the upstream will either receive the request (if it's
	// authorized) or not receive it (if it's not), but will not see headers
	// containing authorization credentials.
	//
	// Pseudo headers (such as “:authority“, “:method“, “:path“ etc), as well as
	// the header “Host“, may not be removed as that would make the request
	// malformed. If mentioned in “headers_to_remove“ these special headers will
	// be ignored.
	//
	// When using the HTTP service this must instead be set by the HTTP
	// authorization service as a comma separated list like so:
	// “x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header“.
	HeadersToRemove []string `protobuf:"bytes,5,rep,name=headers_to_remove,json=headersToRemove,proto3" json:"headers_to_remove,omitempty"`
	// This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
	// setting this field overrides :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
	//
	// Deprecated: Do not use.
	DynamicMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
	// defaults to false when used in this message.
	ResponseHeadersToAdd []*v31.HeaderValueOption `protobuf:"bytes,6,rep,name=response_headers_to_add,json=responseHeadersToAdd,proto3" json:"response_headers_to_add,omitempty"`
	// This field allows the authorization service to set (and overwrite) query
	// string parameters on the original request before it is sent upstream.
	QueryParametersToSet []*v31.QueryParameter `protobuf:"bytes,7,rep,name=query_parameters_to_set,json=queryParametersToSet,proto3" json:"query_parameters_to_set,omitempty"`
	// This field allows the authorization service to specify which query parameters
	// should be removed from the original request before it is sent upstream. Each
	// element in this list is a case-sensitive query parameter name to be removed.
	QueryParametersToRemove []string `` /* 134-byte string literal not displayed */
	// contains filtered or unexported fields
}

HTTP attributes for an OK response. [#next-free-field: 9]

func (*OkHttpResponse) Descriptor deprecated

func (*OkHttpResponse) Descriptor() ([]byte, []int)

Deprecated: Use OkHttpResponse.ProtoReflect.Descriptor instead.

func (*OkHttpResponse) GetDynamicMetadata deprecated

func (x *OkHttpResponse) GetDynamicMetadata() *structpb.Struct

Deprecated: Do not use.

func (*OkHttpResponse) GetHeaders

func (x *OkHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*OkHttpResponse) GetHeadersToRemove

func (x *OkHttpResponse) GetHeadersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToRemove

func (x *OkHttpResponse) GetQueryParametersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToSet

func (x *OkHttpResponse) GetQueryParametersToSet() []*v31.QueryParameter

func (*OkHttpResponse) GetResponseHeadersToAdd

func (x *OkHttpResponse) GetResponseHeadersToAdd() []*v31.HeaderValueOption

func (*OkHttpResponse) ProtoMessage

func (*OkHttpResponse) ProtoMessage()

func (*OkHttpResponse) ProtoReflect

func (x *OkHttpResponse) ProtoReflect() protoreflect.Message

func (*OkHttpResponse) Reset

func (x *OkHttpResponse) Reset()

func (*OkHttpResponse) String

func (x *OkHttpResponse) String() string

func (*OkHttpResponse) Validate

func (m *OkHttpResponse) Validate() error

Validate checks the field values on OkHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*OkHttpResponse) ValidateAll

func (m *OkHttpResponse) ValidateAll() error

ValidateAll checks the field values on OkHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in OkHttpResponseMultiError, or nil if none found.

type OkHttpResponseMultiError

type OkHttpResponseMultiError []error

OkHttpResponseMultiError is an error wrapping multiple validation errors returned by OkHttpResponse.ValidateAll() if the designated constraints aren't met.

func (OkHttpResponseMultiError) AllErrors

func (m OkHttpResponseMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (OkHttpResponseMultiError) Error

func (m OkHttpResponseMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type OkHttpResponseValidationError

type OkHttpResponseValidationError struct {
	// contains filtered or unexported fields
}

OkHttpResponseValidationError is the validation error returned by OkHttpResponse.Validate if the designated constraints aren't met.

func (OkHttpResponseValidationError) Cause

Cause function returns cause value.

func (OkHttpResponseValidationError) Error

Error satisfies the builtin error interface

func (OkHttpResponseValidationError) ErrorName

func (e OkHttpResponseValidationError) ErrorName() string

ErrorName returns error name.

func (OkHttpResponseValidationError) Field

Field function returns field value.

func (OkHttpResponseValidationError) Key

Key function returns key value.

func (OkHttpResponseValidationError) Reason

Reason function returns reason value.

type UnimplementedAuthorizationServer

type UnimplementedAuthorizationServer struct {
}

UnimplementedAuthorizationServer can be embedded to have forward compatible implementations.

func (*UnimplementedAuthorizationServer) Check

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL