Documentation ¶
Index ¶
- Variables
- func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer)
- type AttributeContext
- func (*AttributeContext) Descriptor() ([]byte, []int)deprecated
- func (x *AttributeContext) GetContextExtensions() map[string]string
- func (x *AttributeContext) GetDestination() *AttributeContext_Peer
- func (x *AttributeContext) GetMetadataContext() *v3.Metadata
- func (x *AttributeContext) GetRequest() *AttributeContext_Request
- func (x *AttributeContext) GetSource() *AttributeContext_Peer
- func (*AttributeContext) ProtoMessage()
- func (x *AttributeContext) ProtoReflect() protoreflect.Message
- func (x *AttributeContext) Reset()
- func (x *AttributeContext) String() string
- func (m *AttributeContext) Validate() error
- type AttributeContextValidationError
- func (e AttributeContextValidationError) Cause() error
- func (e AttributeContextValidationError) Error() string
- func (e AttributeContextValidationError) ErrorName() string
- func (e AttributeContextValidationError) Field() string
- func (e AttributeContextValidationError) Key() bool
- func (e AttributeContextValidationError) Reason() string
- type AttributeContext_HttpRequest
- func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int)deprecated
- func (x *AttributeContext_HttpRequest) GetBody() string
- func (x *AttributeContext_HttpRequest) GetFragment() string
- func (x *AttributeContext_HttpRequest) GetHeaders() map[string]string
- func (x *AttributeContext_HttpRequest) GetHost() string
- func (x *AttributeContext_HttpRequest) GetId() string
- func (x *AttributeContext_HttpRequest) GetMethod() string
- func (x *AttributeContext_HttpRequest) GetPath() string
- func (x *AttributeContext_HttpRequest) GetProtocol() string
- func (x *AttributeContext_HttpRequest) GetQuery() string
- func (x *AttributeContext_HttpRequest) GetRawBody() []byte
- func (x *AttributeContext_HttpRequest) GetScheme() string
- func (x *AttributeContext_HttpRequest) GetSize() int64
- func (*AttributeContext_HttpRequest) ProtoMessage()
- func (x *AttributeContext_HttpRequest) ProtoReflect() protoreflect.Message
- func (x *AttributeContext_HttpRequest) Reset()
- func (x *AttributeContext_HttpRequest) String() string
- func (m *AttributeContext_HttpRequest) Validate() error
- type AttributeContext_HttpRequestValidationError
- func (e AttributeContext_HttpRequestValidationError) Cause() error
- func (e AttributeContext_HttpRequestValidationError) Error() string
- func (e AttributeContext_HttpRequestValidationError) ErrorName() string
- func (e AttributeContext_HttpRequestValidationError) Field() string
- func (e AttributeContext_HttpRequestValidationError) Key() bool
- func (e AttributeContext_HttpRequestValidationError) Reason() string
- type AttributeContext_Peer
- func (*AttributeContext_Peer) Descriptor() ([]byte, []int)deprecated
- func (x *AttributeContext_Peer) GetAddress() *v3.Address
- func (x *AttributeContext_Peer) GetCertificate() string
- func (x *AttributeContext_Peer) GetLabels() map[string]string
- func (x *AttributeContext_Peer) GetPrincipal() string
- func (x *AttributeContext_Peer) GetService() string
- func (*AttributeContext_Peer) ProtoMessage()
- func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message
- func (x *AttributeContext_Peer) Reset()
- func (x *AttributeContext_Peer) String() string
- func (m *AttributeContext_Peer) Validate() error
- type AttributeContext_PeerValidationError
- func (e AttributeContext_PeerValidationError) Cause() error
- func (e AttributeContext_PeerValidationError) Error() string
- func (e AttributeContext_PeerValidationError) ErrorName() string
- func (e AttributeContext_PeerValidationError) Field() string
- func (e AttributeContext_PeerValidationError) Key() bool
- func (e AttributeContext_PeerValidationError) Reason() string
- type AttributeContext_Request
- func (*AttributeContext_Request) Descriptor() ([]byte, []int)deprecated
- func (x *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest
- func (x *AttributeContext_Request) GetTime() *timestamp.Timestamp
- func (*AttributeContext_Request) ProtoMessage()
- func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message
- func (x *AttributeContext_Request) Reset()
- func (x *AttributeContext_Request) String() string
- func (m *AttributeContext_Request) Validate() error
- type AttributeContext_RequestValidationError
- func (e AttributeContext_RequestValidationError) Cause() error
- func (e AttributeContext_RequestValidationError) Error() string
- func (e AttributeContext_RequestValidationError) ErrorName() string
- func (e AttributeContext_RequestValidationError) Field() string
- func (e AttributeContext_RequestValidationError) Key() bool
- func (e AttributeContext_RequestValidationError) Reason() string
- type AuthorizationClient
- type AuthorizationServer
- type CheckRequest
- func (*CheckRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CheckRequest) GetAttributes() *AttributeContext
- func (*CheckRequest) ProtoMessage()
- func (x *CheckRequest) ProtoReflect() protoreflect.Message
- func (x *CheckRequest) Reset()
- func (x *CheckRequest) String() string
- func (m *CheckRequest) Validate() error
- type CheckRequestValidationError
- func (e CheckRequestValidationError) Cause() error
- func (e CheckRequestValidationError) Error() string
- func (e CheckRequestValidationError) ErrorName() string
- func (e CheckRequestValidationError) Field() string
- func (e CheckRequestValidationError) Key() bool
- func (e CheckRequestValidationError) Reason() string
- type CheckResponse
- func (*CheckResponse) Descriptor() ([]byte, []int)deprecated
- func (x *CheckResponse) GetDeniedResponse() *DeniedHttpResponse
- func (x *CheckResponse) GetDynamicMetadata() *_struct.Struct
- func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse
- func (x *CheckResponse) GetOkResponse() *OkHttpResponse
- func (x *CheckResponse) GetStatus() *status.Status
- func (*CheckResponse) ProtoMessage()
- func (x *CheckResponse) ProtoReflect() protoreflect.Message
- func (x *CheckResponse) Reset()
- func (x *CheckResponse) String() string
- func (m *CheckResponse) Validate() error
- type CheckResponseValidationError
- func (e CheckResponseValidationError) Cause() error
- func (e CheckResponseValidationError) Error() string
- func (e CheckResponseValidationError) ErrorName() string
- func (e CheckResponseValidationError) Field() string
- func (e CheckResponseValidationError) Key() bool
- func (e CheckResponseValidationError) Reason() string
- type CheckResponse_DeniedResponse
- type CheckResponse_OkResponse
- type DeniedHttpResponse
- func (*DeniedHttpResponse) Descriptor() ([]byte, []int)deprecated
- func (x *DeniedHttpResponse) GetBody() string
- func (x *DeniedHttpResponse) GetHeaders() []*v31.HeaderValueOption
- func (x *DeniedHttpResponse) GetStatus() *v3.HttpStatus
- func (*DeniedHttpResponse) ProtoMessage()
- func (x *DeniedHttpResponse) ProtoReflect() protoreflect.Message
- func (x *DeniedHttpResponse) Reset()
- func (x *DeniedHttpResponse) String() string
- func (m *DeniedHttpResponse) Validate() error
- type DeniedHttpResponseValidationError
- func (e DeniedHttpResponseValidationError) Cause() error
- func (e DeniedHttpResponseValidationError) Error() string
- func (e DeniedHttpResponseValidationError) ErrorName() string
- func (e DeniedHttpResponseValidationError) Field() string
- func (e DeniedHttpResponseValidationError) Key() bool
- func (e DeniedHttpResponseValidationError) Reason() string
- type OkHttpResponse
- func (*OkHttpResponse) Descriptor() ([]byte, []int)deprecated
- func (x *OkHttpResponse) GetDynamicMetadata() *_struct.Structdeprecated
- func (x *OkHttpResponse) GetHeaders() []*v31.HeaderValueOption
- func (x *OkHttpResponse) GetHeadersToRemove() []string
- func (x *OkHttpResponse) GetResponseHeadersToAdd() []*v31.HeaderValueOption
- func (*OkHttpResponse) ProtoMessage()
- func (x *OkHttpResponse) ProtoReflect() protoreflect.Message
- func (x *OkHttpResponse) Reset()
- func (x *OkHttpResponse) String() string
- func (m *OkHttpResponse) Validate() error
- type OkHttpResponseValidationError
- func (e OkHttpResponseValidationError) Cause() error
- func (e OkHttpResponseValidationError) Error() string
- func (e OkHttpResponseValidationError) ErrorName() string
- func (e OkHttpResponseValidationError) Field() string
- func (e OkHttpResponseValidationError) Key() bool
- func (e OkHttpResponseValidationError) Reason() string
- type UnimplementedAuthorizationServer
Constants ¶
This section is empty.
Variables ¶
var File_envoy_service_auth_v3_attribute_context_proto protoreflect.FileDescriptor
var File_envoy_service_auth_v3_external_auth_proto protoreflect.FileDescriptor
Functions ¶
func RegisterAuthorizationServer ¶
func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer)
Types ¶
type AttributeContext ¶
type AttributeContext struct { // The source of a network activity, such as starting a TCP connection. // In a multi hop network activity, the source represents the sender of the // last hop. Source *AttributeContext_Peer `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"` // The destination of a network activity, such as accepting a TCP connection. // In a multi hop network activity, the destination represents the receiver of // the last hop. Destination *AttributeContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"` // Represents a network request, such as an HTTP request. Request *AttributeContext_Request `protobuf:"bytes,4,opt,name=request,proto3" json:"request,omitempty"` // This is analogous to http_request.headers, however these contents will not be sent to the // upstream server. Context_extensions provide an extension mechanism for sending additional // information to the auth server without modifying the proto definition. It maps to the // internal opaque context in the filter chain. ContextExtensions map[string]string `` /* 201-byte string literal not displayed */ // Dynamic metadata associated with the request. MetadataContext *v3.Metadata `protobuf:"bytes,11,opt,name=metadata_context,json=metadataContext,proto3" json:"metadata_context,omitempty"` // contains filtered or unexported fields }
An attribute is a piece of metadata that describes an activity on a network. For example, the size of an HTTP request, or the status code of an HTTP response.
Each attribute has a type and a name, which is logically defined as a proto message field of the `AttributeContext`. The `AttributeContext` is a collection of individual attributes supported by Envoy authorization system. [#comment: The following items are left out of this proto Request.Auth field for jwt tokens Request.Api for api management Origin peer that originated the request Caching Protocol request_context return values to inject back into the filter chain peer.claims -- from X.509 extensions Configuration - field mask to send - which return values from request_context are copied back - which return values are copied into request_headers] [#next-free-field: 12]
func (*AttributeContext) Descriptor
deprecated
func (*AttributeContext) Descriptor() ([]byte, []int)
Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead.
func (*AttributeContext) GetContextExtensions ¶
func (x *AttributeContext) GetContextExtensions() map[string]string
func (*AttributeContext) GetDestination ¶
func (x *AttributeContext) GetDestination() *AttributeContext_Peer
func (*AttributeContext) GetMetadataContext ¶
func (x *AttributeContext) GetMetadataContext() *v3.Metadata
func (*AttributeContext) GetRequest ¶
func (x *AttributeContext) GetRequest() *AttributeContext_Request
func (*AttributeContext) GetSource ¶
func (x *AttributeContext) GetSource() *AttributeContext_Peer
func (*AttributeContext) ProtoMessage ¶
func (*AttributeContext) ProtoMessage()
func (*AttributeContext) ProtoReflect ¶
func (x *AttributeContext) ProtoReflect() protoreflect.Message
func (*AttributeContext) Reset ¶
func (x *AttributeContext) Reset()
func (*AttributeContext) String ¶
func (x *AttributeContext) String() string
func (*AttributeContext) Validate ¶
func (m *AttributeContext) Validate() error
Validate checks the field values on AttributeContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type AttributeContextValidationError ¶
type AttributeContextValidationError struct {
// contains filtered or unexported fields
}
AttributeContextValidationError is the validation error returned by AttributeContext.Validate if the designated constraints aren't met.
func (AttributeContextValidationError) Cause ¶
func (e AttributeContextValidationError) Cause() error
Cause function returns cause value.
func (AttributeContextValidationError) Error ¶
func (e AttributeContextValidationError) Error() string
Error satisfies the builtin error interface
func (AttributeContextValidationError) ErrorName ¶
func (e AttributeContextValidationError) ErrorName() string
ErrorName returns error name.
func (AttributeContextValidationError) Field ¶
func (e AttributeContextValidationError) Field() string
Field function returns field value.
func (AttributeContextValidationError) Key ¶
func (e AttributeContextValidationError) Key() bool
Key function returns key value.
func (AttributeContextValidationError) Reason ¶
func (e AttributeContextValidationError) Reason() string
Reason function returns reason value.
type AttributeContext_HttpRequest ¶
type AttributeContext_HttpRequest struct { // The unique ID for a request, which can be propagated to downstream // systems. The ID should have low probability of collision // within a single day for a specific service. // For HTTP requests, it should be X-Request-ID or equivalent. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // The HTTP request method, such as `GET`, `POST`. Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"` // The HTTP request headers. If multiple headers share the same key, they // must be merged according to the HTTP spec. All header keys must be // lower-cased, because HTTP header keys are case-insensitive. Headers map[string]string `` /* 155-byte string literal not displayed */ // The request target, as it appears in the first line of the HTTP request. This includes // the URL path and query-string. No decoding is performed. Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` // The HTTP request `Host` or 'Authority` header value. Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"` // The HTTP URL scheme, such as `http` and `https`. Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"` // This field is always empty, and exists for compatibility reasons. The HTTP URL query is // included in `path` field. Query string `protobuf:"bytes,7,opt,name=query,proto3" json:"query,omitempty"` // This field is always empty, and exists for compatibility reasons. The URL fragment is // not submitted as part of HTTP requests; it is unknowable. Fragment string `protobuf:"bytes,8,opt,name=fragment,proto3" json:"fragment,omitempty"` // The HTTP request size in bytes. If unknown, it must be -1. Size int64 `protobuf:"varint,9,opt,name=size,proto3" json:"size,omitempty"` // The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2". // // See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all // possible values. Protocol string `protobuf:"bytes,10,opt,name=protocol,proto3" json:"protocol,omitempty"` // The HTTP request body. Body string `protobuf:"bytes,11,opt,name=body,proto3" json:"body,omitempty"` // The HTTP request body in bytes. This is used instead of // :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when // :ref:`pack_as_bytes <envoy_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>` // is set to true. RawBody []byte `protobuf:"bytes,12,opt,name=raw_body,json=rawBody,proto3" json:"raw_body,omitempty"` // contains filtered or unexported fields }
This message defines attributes for an HTTP request. HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests. [#next-free-field: 13]
func (*AttributeContext_HttpRequest) Descriptor
deprecated
func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int)
Deprecated: Use AttributeContext_HttpRequest.ProtoReflect.Descriptor instead.
func (*AttributeContext_HttpRequest) GetBody ¶
func (x *AttributeContext_HttpRequest) GetBody() string
func (*AttributeContext_HttpRequest) GetFragment ¶
func (x *AttributeContext_HttpRequest) GetFragment() string
func (*AttributeContext_HttpRequest) GetHeaders ¶
func (x *AttributeContext_HttpRequest) GetHeaders() map[string]string
func (*AttributeContext_HttpRequest) GetHost ¶
func (x *AttributeContext_HttpRequest) GetHost() string
func (*AttributeContext_HttpRequest) GetId ¶
func (x *AttributeContext_HttpRequest) GetId() string
func (*AttributeContext_HttpRequest) GetMethod ¶
func (x *AttributeContext_HttpRequest) GetMethod() string
func (*AttributeContext_HttpRequest) GetPath ¶
func (x *AttributeContext_HttpRequest) GetPath() string
func (*AttributeContext_HttpRequest) GetProtocol ¶
func (x *AttributeContext_HttpRequest) GetProtocol() string
func (*AttributeContext_HttpRequest) GetQuery ¶
func (x *AttributeContext_HttpRequest) GetQuery() string
func (*AttributeContext_HttpRequest) GetRawBody ¶
func (x *AttributeContext_HttpRequest) GetRawBody() []byte
func (*AttributeContext_HttpRequest) GetScheme ¶
func (x *AttributeContext_HttpRequest) GetScheme() string
func (*AttributeContext_HttpRequest) GetSize ¶
func (x *AttributeContext_HttpRequest) GetSize() int64
func (*AttributeContext_HttpRequest) ProtoMessage ¶
func (*AttributeContext_HttpRequest) ProtoMessage()
func (*AttributeContext_HttpRequest) ProtoReflect ¶
func (x *AttributeContext_HttpRequest) ProtoReflect() protoreflect.Message
func (*AttributeContext_HttpRequest) Reset ¶
func (x *AttributeContext_HttpRequest) Reset()
func (*AttributeContext_HttpRequest) String ¶
func (x *AttributeContext_HttpRequest) String() string
func (*AttributeContext_HttpRequest) Validate ¶
func (m *AttributeContext_HttpRequest) Validate() error
Validate checks the field values on AttributeContext_HttpRequest with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type AttributeContext_HttpRequestValidationError ¶
type AttributeContext_HttpRequestValidationError struct {
// contains filtered or unexported fields
}
AttributeContext_HttpRequestValidationError is the validation error returned by AttributeContext_HttpRequest.Validate if the designated constraints aren't met.
func (AttributeContext_HttpRequestValidationError) Cause ¶
func (e AttributeContext_HttpRequestValidationError) Cause() error
Cause function returns cause value.
func (AttributeContext_HttpRequestValidationError) Error ¶
func (e AttributeContext_HttpRequestValidationError) Error() string
Error satisfies the builtin error interface
func (AttributeContext_HttpRequestValidationError) ErrorName ¶
func (e AttributeContext_HttpRequestValidationError) ErrorName() string
ErrorName returns error name.
func (AttributeContext_HttpRequestValidationError) Field ¶
func (e AttributeContext_HttpRequestValidationError) Field() string
Field function returns field value.
func (AttributeContext_HttpRequestValidationError) Key ¶
func (e AttributeContext_HttpRequestValidationError) Key() bool
Key function returns key value.
func (AttributeContext_HttpRequestValidationError) Reason ¶
func (e AttributeContext_HttpRequestValidationError) Reason() string
Reason function returns reason value.
type AttributeContext_Peer ¶
type AttributeContext_Peer struct { // The address of the peer, this is typically the IP address. // It can also be UDS path, or others. Address *v3.Address `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` // The canonical service name of the peer. // It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster // <config_http_conn_man_headers_downstream-service-cluster>` // If a more trusted source of the service name is available through mTLS/secure naming, it // should be used. Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` // The labels associated with the peer. // These could be pod labels for Kubernetes or tags for VMs. // The source of the labels could be an X.509 certificate or other configuration. Labels map[string]string `` /* 153-byte string literal not displayed */ // The authenticated identity of this peer. // For example, the identity associated with the workload such as a service account. // If an X.509 certificate is used to assert the identity this field should be sourced from // `URI Subject Alternative Names`, `DNS Subject Alternate Names` or `Subject` in that order. // The primary identity should be the principal. The principal format is issuer specific. // // Example: // * SPIFFE format is `spiffe://trust-domain/path` // * Google account format is `https://accounts.google.com/{userid}` Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"` // The X.509 certificate used to authenticate the identify of this peer. // When present, the certificate contents are encoded in URL and PEM format. Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"` // contains filtered or unexported fields }
This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in the `service`, `principal`, and `labels` as appropriate. [#next-free-field: 6]
func (*AttributeContext_Peer) Descriptor
deprecated
func (*AttributeContext_Peer) Descriptor() ([]byte, []int)
Deprecated: Use AttributeContext_Peer.ProtoReflect.Descriptor instead.
func (*AttributeContext_Peer) GetAddress ¶
func (x *AttributeContext_Peer) GetAddress() *v3.Address
func (*AttributeContext_Peer) GetCertificate ¶
func (x *AttributeContext_Peer) GetCertificate() string
func (*AttributeContext_Peer) GetLabels ¶
func (x *AttributeContext_Peer) GetLabels() map[string]string
func (*AttributeContext_Peer) GetPrincipal ¶
func (x *AttributeContext_Peer) GetPrincipal() string
func (*AttributeContext_Peer) GetService ¶
func (x *AttributeContext_Peer) GetService() string
func (*AttributeContext_Peer) ProtoMessage ¶
func (*AttributeContext_Peer) ProtoMessage()
func (*AttributeContext_Peer) ProtoReflect ¶
func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message
func (*AttributeContext_Peer) Reset ¶
func (x *AttributeContext_Peer) Reset()
func (*AttributeContext_Peer) String ¶
func (x *AttributeContext_Peer) String() string
func (*AttributeContext_Peer) Validate ¶
func (m *AttributeContext_Peer) Validate() error
Validate checks the field values on AttributeContext_Peer with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type AttributeContext_PeerValidationError ¶
type AttributeContext_PeerValidationError struct {
// contains filtered or unexported fields
}
AttributeContext_PeerValidationError is the validation error returned by AttributeContext_Peer.Validate if the designated constraints aren't met.
func (AttributeContext_PeerValidationError) Cause ¶
func (e AttributeContext_PeerValidationError) Cause() error
Cause function returns cause value.
func (AttributeContext_PeerValidationError) Error ¶
func (e AttributeContext_PeerValidationError) Error() string
Error satisfies the builtin error interface
func (AttributeContext_PeerValidationError) ErrorName ¶
func (e AttributeContext_PeerValidationError) ErrorName() string
ErrorName returns error name.
func (AttributeContext_PeerValidationError) Field ¶
func (e AttributeContext_PeerValidationError) Field() string
Field function returns field value.
func (AttributeContext_PeerValidationError) Key ¶
func (e AttributeContext_PeerValidationError) Key() bool
Key function returns key value.
func (AttributeContext_PeerValidationError) Reason ¶
func (e AttributeContext_PeerValidationError) Reason() string
Reason function returns reason value.
type AttributeContext_Request ¶
type AttributeContext_Request struct { // The timestamp when the proxy receives the first byte of the request. Time *timestamp.Timestamp `protobuf:"bytes,1,opt,name=time,proto3" json:"time,omitempty"` // Represents an HTTP request or an HTTP-like request. Http *AttributeContext_HttpRequest `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"` // contains filtered or unexported fields }
Represents a network request, such as an HTTP request.
func (*AttributeContext_Request) Descriptor
deprecated
func (*AttributeContext_Request) Descriptor() ([]byte, []int)
Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead.
func (*AttributeContext_Request) GetHttp ¶
func (x *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest
func (*AttributeContext_Request) GetTime ¶
func (x *AttributeContext_Request) GetTime() *timestamp.Timestamp
func (*AttributeContext_Request) ProtoMessage ¶
func (*AttributeContext_Request) ProtoMessage()
func (*AttributeContext_Request) ProtoReflect ¶
func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message
func (*AttributeContext_Request) Reset ¶
func (x *AttributeContext_Request) Reset()
func (*AttributeContext_Request) String ¶
func (x *AttributeContext_Request) String() string
func (*AttributeContext_Request) Validate ¶
func (m *AttributeContext_Request) Validate() error
Validate checks the field values on AttributeContext_Request with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type AttributeContext_RequestValidationError ¶
type AttributeContext_RequestValidationError struct {
// contains filtered or unexported fields
}
AttributeContext_RequestValidationError is the validation error returned by AttributeContext_Request.Validate if the designated constraints aren't met.
func (AttributeContext_RequestValidationError) Cause ¶
func (e AttributeContext_RequestValidationError) Cause() error
Cause function returns cause value.
func (AttributeContext_RequestValidationError) Error ¶
func (e AttributeContext_RequestValidationError) Error() string
Error satisfies the builtin error interface
func (AttributeContext_RequestValidationError) ErrorName ¶
func (e AttributeContext_RequestValidationError) ErrorName() string
ErrorName returns error name.
func (AttributeContext_RequestValidationError) Field ¶
func (e AttributeContext_RequestValidationError) Field() string
Field function returns field value.
func (AttributeContext_RequestValidationError) Key ¶
func (e AttributeContext_RequestValidationError) Key() bool
Key function returns key value.
func (AttributeContext_RequestValidationError) Reason ¶
func (e AttributeContext_RequestValidationError) Reason() string
Reason function returns reason value.
type AuthorizationClient ¶
type AuthorizationClient interface { // Performs authorization check based on the attributes associated with the // incoming request, and returns status `OK` or not `OK`. Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) }
AuthorizationClient is the client API for Authorization service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewAuthorizationClient ¶
func NewAuthorizationClient(cc grpc.ClientConnInterface) AuthorizationClient
type AuthorizationServer ¶
type AuthorizationServer interface { // Performs authorization check based on the attributes associated with the // incoming request, and returns status `OK` or not `OK`. Check(context.Context, *CheckRequest) (*CheckResponse, error) }
AuthorizationServer is the server API for Authorization service.
type CheckRequest ¶
type CheckRequest struct { // The request attributes. Attributes *AttributeContext `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` // contains filtered or unexported fields }
func (*CheckRequest) Descriptor
deprecated
func (*CheckRequest) Descriptor() ([]byte, []int)
Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead.
func (*CheckRequest) GetAttributes ¶
func (x *CheckRequest) GetAttributes() *AttributeContext
func (*CheckRequest) ProtoMessage ¶
func (*CheckRequest) ProtoMessage()
func (*CheckRequest) ProtoReflect ¶
func (x *CheckRequest) ProtoReflect() protoreflect.Message
func (*CheckRequest) Reset ¶
func (x *CheckRequest) Reset()
func (*CheckRequest) String ¶
func (x *CheckRequest) String() string
func (*CheckRequest) Validate ¶
func (m *CheckRequest) Validate() error
Validate checks the field values on CheckRequest with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type CheckRequestValidationError ¶
type CheckRequestValidationError struct {
// contains filtered or unexported fields
}
CheckRequestValidationError is the validation error returned by CheckRequest.Validate if the designated constraints aren't met.
func (CheckRequestValidationError) Cause ¶
func (e CheckRequestValidationError) Cause() error
Cause function returns cause value.
func (CheckRequestValidationError) Error ¶
func (e CheckRequestValidationError) Error() string
Error satisfies the builtin error interface
func (CheckRequestValidationError) ErrorName ¶
func (e CheckRequestValidationError) ErrorName() string
ErrorName returns error name.
func (CheckRequestValidationError) Field ¶
func (e CheckRequestValidationError) Field() string
Field function returns field value.
func (CheckRequestValidationError) Key ¶
func (e CheckRequestValidationError) Key() bool
Key function returns key value.
func (CheckRequestValidationError) Reason ¶
func (e CheckRequestValidationError) Reason() string
Reason function returns reason value.
type CheckResponse ¶
type CheckResponse struct { // Status `OK` allows the request. Any other status indicates the request should be denied. Status *status.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` // An message that contains HTTP response attributes. This message is // used when the authorization service needs to send custom responses to the // downstream client or, to modify/add request headers being dispatched to the upstream. // // Types that are assignable to HttpResponse: // *CheckResponse_DeniedResponse // *CheckResponse_OkResponse HttpResponse isCheckResponse_HttpResponse `protobuf_oneof:"http_response"` // Optional response metadata that will be emitted as dynamic metadata to be consumed by the next // filter. This metadata lives in a namespace specified by the canonical name of extension filter // that requires it: // // - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter. // - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter. DynamicMetadata *_struct.Struct `protobuf:"bytes,4,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"` // contains filtered or unexported fields }
Intended for gRPC and Network Authorization servers `only`.
func (*CheckResponse) Descriptor
deprecated
func (*CheckResponse) Descriptor() ([]byte, []int)
Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead.
func (*CheckResponse) GetDeniedResponse ¶
func (x *CheckResponse) GetDeniedResponse() *DeniedHttpResponse
func (*CheckResponse) GetDynamicMetadata ¶
func (x *CheckResponse) GetDynamicMetadata() *_struct.Struct
func (*CheckResponse) GetHttpResponse ¶
func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse
func (*CheckResponse) GetOkResponse ¶
func (x *CheckResponse) GetOkResponse() *OkHttpResponse
func (*CheckResponse) GetStatus ¶
func (x *CheckResponse) GetStatus() *status.Status
func (*CheckResponse) ProtoMessage ¶
func (*CheckResponse) ProtoMessage()
func (*CheckResponse) ProtoReflect ¶
func (x *CheckResponse) ProtoReflect() protoreflect.Message
func (*CheckResponse) Reset ¶
func (x *CheckResponse) Reset()
func (*CheckResponse) String ¶
func (x *CheckResponse) String() string
func (*CheckResponse) Validate ¶
func (m *CheckResponse) Validate() error
Validate checks the field values on CheckResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type CheckResponseValidationError ¶
type CheckResponseValidationError struct {
// contains filtered or unexported fields
}
CheckResponseValidationError is the validation error returned by CheckResponse.Validate if the designated constraints aren't met.
func (CheckResponseValidationError) Cause ¶
func (e CheckResponseValidationError) Cause() error
Cause function returns cause value.
func (CheckResponseValidationError) Error ¶
func (e CheckResponseValidationError) Error() string
Error satisfies the builtin error interface
func (CheckResponseValidationError) ErrorName ¶
func (e CheckResponseValidationError) ErrorName() string
ErrorName returns error name.
func (CheckResponseValidationError) Field ¶
func (e CheckResponseValidationError) Field() string
Field function returns field value.
func (CheckResponseValidationError) Key ¶
func (e CheckResponseValidationError) Key() bool
Key function returns key value.
func (CheckResponseValidationError) Reason ¶
func (e CheckResponseValidationError) Reason() string
Reason function returns reason value.
type CheckResponse_DeniedResponse ¶
type CheckResponse_DeniedResponse struct { // Supplies http attributes for a denied response. DeniedResponse *DeniedHttpResponse `protobuf:"bytes,2,opt,name=denied_response,json=deniedResponse,proto3,oneof"` }
type CheckResponse_OkResponse ¶
type CheckResponse_OkResponse struct { // Supplies http attributes for an ok response. OkResponse *OkHttpResponse `protobuf:"bytes,3,opt,name=ok_response,json=okResponse,proto3,oneof"` }
type DeniedHttpResponse ¶
type DeniedHttpResponse struct { // This field allows the authorization service to send a HTTP response status // code to the downstream client other than 403 (Forbidden). Status *v3.HttpStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` // This field allows the authorization service to send HTTP response headers // to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to // false when used in this message. Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"` // This field allows the authorization service to send a response body data // to the downstream client. Body string `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"` // contains filtered or unexported fields }
HTTP attributes for a denied response.
func (*DeniedHttpResponse) Descriptor
deprecated
func (*DeniedHttpResponse) Descriptor() ([]byte, []int)
Deprecated: Use DeniedHttpResponse.ProtoReflect.Descriptor instead.
func (*DeniedHttpResponse) GetBody ¶
func (x *DeniedHttpResponse) GetBody() string
func (*DeniedHttpResponse) GetHeaders ¶
func (x *DeniedHttpResponse) GetHeaders() []*v31.HeaderValueOption
func (*DeniedHttpResponse) GetStatus ¶
func (x *DeniedHttpResponse) GetStatus() *v3.HttpStatus
func (*DeniedHttpResponse) ProtoMessage ¶
func (*DeniedHttpResponse) ProtoMessage()
func (*DeniedHttpResponse) ProtoReflect ¶
func (x *DeniedHttpResponse) ProtoReflect() protoreflect.Message
func (*DeniedHttpResponse) Reset ¶
func (x *DeniedHttpResponse) Reset()
func (*DeniedHttpResponse) String ¶
func (x *DeniedHttpResponse) String() string
func (*DeniedHttpResponse) Validate ¶
func (m *DeniedHttpResponse) Validate() error
Validate checks the field values on DeniedHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type DeniedHttpResponseValidationError ¶
type DeniedHttpResponseValidationError struct {
// contains filtered or unexported fields
}
DeniedHttpResponseValidationError is the validation error returned by DeniedHttpResponse.Validate if the designated constraints aren't met.
func (DeniedHttpResponseValidationError) Cause ¶
func (e DeniedHttpResponseValidationError) Cause() error
Cause function returns cause value.
func (DeniedHttpResponseValidationError) Error ¶
func (e DeniedHttpResponseValidationError) Error() string
Error satisfies the builtin error interface
func (DeniedHttpResponseValidationError) ErrorName ¶
func (e DeniedHttpResponseValidationError) ErrorName() string
ErrorName returns error name.
func (DeniedHttpResponseValidationError) Field ¶
func (e DeniedHttpResponseValidationError) Field() string
Field function returns field value.
func (DeniedHttpResponseValidationError) Key ¶
func (e DeniedHttpResponseValidationError) Key() bool
Key function returns key value.
func (DeniedHttpResponseValidationError) Reason ¶
func (e DeniedHttpResponseValidationError) Reason() string
Reason function returns reason value.
type OkHttpResponse ¶
type OkHttpResponse struct { // HTTP entity headers in addition to the original request headers. This allows the authorization // service to append, to add or to override headers from the original request before // dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to // false when used in this message. By setting the `append` field to `true`, // the filter will append the correspondent header value to the matched request header. // By leaving `append` as false, the filter will either add a new header, or override an existing // one if there is a match. Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"` // HTTP entity headers to remove from the original request before dispatching // it to the upstream. This allows the authorization service to act on auth // related headers (like `Authorization`), process them, and consume them. // Under this model, the upstream will either receive the request (if it's // authorized) or not receive it (if it's not), but will not see headers // containing authorization credentials. // // Pseudo headers (such as `:authority`, `:method`, `:path` etc), as well as // the header `Host`, may not be removed as that would make the request // malformed. If mentioned in `headers_to_remove` these special headers will // be ignored. // // When using the HTTP service this must instead be set by the HTTP // authorization service as a comma separated list like so: // “x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header“. HeadersToRemove []string `protobuf:"bytes,5,rep,name=headers_to_remove,json=headersToRemove,proto3" json:"headers_to_remove,omitempty"` // This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata // <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed, // setting this field overrides :ref:`CheckResponse.dynamic_metadata // <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. // // Deprecated: Do not use. DynamicMetadata *_struct.Struct `protobuf:"bytes,3,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"` // This field allows the authorization service to send HTTP response headers // to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` // defaults to false when used in this message. ResponseHeadersToAdd []*v31.HeaderValueOption `protobuf:"bytes,6,rep,name=response_headers_to_add,json=responseHeadersToAdd,proto3" json:"response_headers_to_add,omitempty"` // contains filtered or unexported fields }
HTTP attributes for an OK response. [#next-free-field: 7]
func (*OkHttpResponse) Descriptor
deprecated
func (*OkHttpResponse) Descriptor() ([]byte, []int)
Deprecated: Use OkHttpResponse.ProtoReflect.Descriptor instead.
func (*OkHttpResponse) GetDynamicMetadata
deprecated
func (x *OkHttpResponse) GetDynamicMetadata() *_struct.Struct
Deprecated: Do not use.
func (*OkHttpResponse) GetHeaders ¶
func (x *OkHttpResponse) GetHeaders() []*v31.HeaderValueOption
func (*OkHttpResponse) GetHeadersToRemove ¶
func (x *OkHttpResponse) GetHeadersToRemove() []string
func (*OkHttpResponse) GetResponseHeadersToAdd ¶
func (x *OkHttpResponse) GetResponseHeadersToAdd() []*v31.HeaderValueOption
func (*OkHttpResponse) ProtoMessage ¶
func (*OkHttpResponse) ProtoMessage()
func (*OkHttpResponse) ProtoReflect ¶
func (x *OkHttpResponse) ProtoReflect() protoreflect.Message
func (*OkHttpResponse) Reset ¶
func (x *OkHttpResponse) Reset()
func (*OkHttpResponse) String ¶
func (x *OkHttpResponse) String() string
func (*OkHttpResponse) Validate ¶
func (m *OkHttpResponse) Validate() error
Validate checks the field values on OkHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type OkHttpResponseValidationError ¶
type OkHttpResponseValidationError struct {
// contains filtered or unexported fields
}
OkHttpResponseValidationError is the validation error returned by OkHttpResponse.Validate if the designated constraints aren't met.
func (OkHttpResponseValidationError) Cause ¶
func (e OkHttpResponseValidationError) Cause() error
Cause function returns cause value.
func (OkHttpResponseValidationError) Error ¶
func (e OkHttpResponseValidationError) Error() string
Error satisfies the builtin error interface
func (OkHttpResponseValidationError) ErrorName ¶
func (e OkHttpResponseValidationError) ErrorName() string
ErrorName returns error name.
func (OkHttpResponseValidationError) Field ¶
func (e OkHttpResponseValidationError) Field() string
Field function returns field value.
func (OkHttpResponseValidationError) Key ¶
func (e OkHttpResponseValidationError) Key() bool
Key function returns key value.
func (OkHttpResponseValidationError) Reason ¶
func (e OkHttpResponseValidationError) Reason() string
Reason function returns reason value.
type UnimplementedAuthorizationServer ¶
type UnimplementedAuthorizationServer struct { }
UnimplementedAuthorizationServer can be embedded to have forward compatible implementations.
func (*UnimplementedAuthorizationServer) Check ¶
func (*UnimplementedAuthorizationServer) Check(context.Context, *CheckRequest) (*CheckResponse, error)