Documentation ¶
Index ¶
- Variables
- type FilterStateRule
- func (*FilterStateRule) Descriptor() ([]byte, []int)deprecated
- func (x *FilterStateRule) GetName() string
- func (x *FilterStateRule) GetRequires() map[string]*JwtRequirement
- func (*FilterStateRule) ProtoMessage()
- func (x *FilterStateRule) ProtoReflect() protoreflect.Message
- func (x *FilterStateRule) Reset()
- func (x *FilterStateRule) String() string
- func (m *FilterStateRule) Validate() error
- type FilterStateRuleValidationError
- func (e FilterStateRuleValidationError) Cause() error
- func (e FilterStateRuleValidationError) Error() string
- func (e FilterStateRuleValidationError) ErrorName() string
- func (e FilterStateRuleValidationError) Field() string
- func (e FilterStateRuleValidationError) Key() bool
- func (e FilterStateRuleValidationError) Reason() string
- type JwtAuthentication
- func (*JwtAuthentication) Descriptor() ([]byte, []int)deprecated
- func (x *JwtAuthentication) GetBypassCorsPreflight() bool
- func (x *JwtAuthentication) GetFilterStateRules() *FilterStateRule
- func (x *JwtAuthentication) GetProviders() map[string]*JwtProvider
- func (x *JwtAuthentication) GetRequirementMap() map[string]*JwtRequirement
- func (x *JwtAuthentication) GetRules() []*RequirementRule
- func (*JwtAuthentication) ProtoMessage()
- func (x *JwtAuthentication) ProtoReflect() protoreflect.Message
- func (x *JwtAuthentication) Reset()
- func (x *JwtAuthentication) String() string
- func (m *JwtAuthentication) Validate() error
- type JwtAuthenticationValidationError
- func (e JwtAuthenticationValidationError) Cause() error
- func (e JwtAuthenticationValidationError) Error() string
- func (e JwtAuthenticationValidationError) ErrorName() string
- func (e JwtAuthenticationValidationError) Field() string
- func (e JwtAuthenticationValidationError) Key() bool
- func (e JwtAuthenticationValidationError) Reason() string
- type JwtHeader
- func (*JwtHeader) Descriptor() ([]byte, []int)deprecated
- func (x *JwtHeader) GetName() string
- func (x *JwtHeader) GetValuePrefix() string
- func (*JwtHeader) ProtoMessage()
- func (x *JwtHeader) ProtoReflect() protoreflect.Message
- func (x *JwtHeader) Reset()
- func (x *JwtHeader) String() string
- func (m *JwtHeader) Validate() error
- type JwtHeaderValidationError
- type JwtProvider
- func (*JwtProvider) Descriptor() ([]byte, []int)deprecated
- func (x *JwtProvider) GetAudiences() []string
- func (x *JwtProvider) GetClockSkewSeconds() uint32
- func (x *JwtProvider) GetForward() bool
- func (x *JwtProvider) GetForwardPayloadHeader() string
- func (x *JwtProvider) GetFromHeaders() []*JwtHeader
- func (x *JwtProvider) GetFromParams() []string
- func (x *JwtProvider) GetIssuer() string
- func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier
- func (x *JwtProvider) GetLocalJwks() *v3.DataSource
- func (x *JwtProvider) GetPayloadInMetadata() string
- func (x *JwtProvider) GetRemoteJwks() *RemoteJwks
- func (*JwtProvider) ProtoMessage()
- func (x *JwtProvider) ProtoReflect() protoreflect.Message
- func (x *JwtProvider) Reset()
- func (x *JwtProvider) String() string
- func (m *JwtProvider) Validate() error
- type JwtProviderValidationError
- func (e JwtProviderValidationError) Cause() error
- func (e JwtProviderValidationError) Error() string
- func (e JwtProviderValidationError) ErrorName() string
- func (e JwtProviderValidationError) Field() string
- func (e JwtProviderValidationError) Key() bool
- func (e JwtProviderValidationError) Reason() string
- type JwtProvider_LocalJwks
- type JwtProvider_RemoteJwks
- type JwtRequirement
- func (*JwtRequirement) Descriptor() ([]byte, []int)deprecated
- func (x *JwtRequirement) GetAllowMissing() *emptypb.Empty
- func (x *JwtRequirement) GetAllowMissingOrFailed() *emptypb.Empty
- func (x *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences
- func (x *JwtRequirement) GetProviderName() string
- func (x *JwtRequirement) GetRequiresAll() *JwtRequirementAndList
- func (x *JwtRequirement) GetRequiresAny() *JwtRequirementOrList
- func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType
- func (*JwtRequirement) ProtoMessage()
- func (x *JwtRequirement) ProtoReflect() protoreflect.Message
- func (x *JwtRequirement) Reset()
- func (x *JwtRequirement) String() string
- func (m *JwtRequirement) Validate() error
- type JwtRequirementAndList
- func (*JwtRequirementAndList) Descriptor() ([]byte, []int)deprecated
- func (x *JwtRequirementAndList) GetRequirements() []*JwtRequirement
- func (*JwtRequirementAndList) ProtoMessage()
- func (x *JwtRequirementAndList) ProtoReflect() protoreflect.Message
- func (x *JwtRequirementAndList) Reset()
- func (x *JwtRequirementAndList) String() string
- func (m *JwtRequirementAndList) Validate() error
- type JwtRequirementAndListValidationError
- func (e JwtRequirementAndListValidationError) Cause() error
- func (e JwtRequirementAndListValidationError) Error() string
- func (e JwtRequirementAndListValidationError) ErrorName() string
- func (e JwtRequirementAndListValidationError) Field() string
- func (e JwtRequirementAndListValidationError) Key() bool
- func (e JwtRequirementAndListValidationError) Reason() string
- type JwtRequirementOrList
- func (*JwtRequirementOrList) Descriptor() ([]byte, []int)deprecated
- func (x *JwtRequirementOrList) GetRequirements() []*JwtRequirement
- func (*JwtRequirementOrList) ProtoMessage()
- func (x *JwtRequirementOrList) ProtoReflect() protoreflect.Message
- func (x *JwtRequirementOrList) Reset()
- func (x *JwtRequirementOrList) String() string
- func (m *JwtRequirementOrList) Validate() error
- type JwtRequirementOrListValidationError
- func (e JwtRequirementOrListValidationError) Cause() error
- func (e JwtRequirementOrListValidationError) Error() string
- func (e JwtRequirementOrListValidationError) ErrorName() string
- func (e JwtRequirementOrListValidationError) Field() string
- func (e JwtRequirementOrListValidationError) Key() bool
- func (e JwtRequirementOrListValidationError) Reason() string
- type JwtRequirementValidationError
- func (e JwtRequirementValidationError) Cause() error
- func (e JwtRequirementValidationError) Error() string
- func (e JwtRequirementValidationError) ErrorName() string
- func (e JwtRequirementValidationError) Field() string
- func (e JwtRequirementValidationError) Key() bool
- func (e JwtRequirementValidationError) Reason() string
- type JwtRequirement_AllowMissing
- type JwtRequirement_AllowMissingOrFailed
- type JwtRequirement_ProviderAndAudiences
- type JwtRequirement_ProviderName
- type JwtRequirement_RequiresAll
- type JwtRequirement_RequiresAny
- type PerRouteConfig
- func (*PerRouteConfig) Descriptor() ([]byte, []int)deprecated
- func (x *PerRouteConfig) GetDisabled() bool
- func (x *PerRouteConfig) GetRequirementName() string
- func (m *PerRouteConfig) GetRequirementSpecifier() isPerRouteConfig_RequirementSpecifier
- func (*PerRouteConfig) ProtoMessage()
- func (x *PerRouteConfig) ProtoReflect() protoreflect.Message
- func (x *PerRouteConfig) Reset()
- func (x *PerRouteConfig) String() string
- func (m *PerRouteConfig) Validate() error
- type PerRouteConfigValidationError
- func (e PerRouteConfigValidationError) Cause() error
- func (e PerRouteConfigValidationError) Error() string
- func (e PerRouteConfigValidationError) ErrorName() string
- func (e PerRouteConfigValidationError) Field() string
- func (e PerRouteConfigValidationError) Key() bool
- func (e PerRouteConfigValidationError) Reason() string
- type PerRouteConfig_Disabled
- type PerRouteConfig_RequirementName
- type ProviderWithAudiences
- func (*ProviderWithAudiences) Descriptor() ([]byte, []int)deprecated
- func (x *ProviderWithAudiences) GetAudiences() []string
- func (x *ProviderWithAudiences) GetProviderName() string
- func (*ProviderWithAudiences) ProtoMessage()
- func (x *ProviderWithAudiences) ProtoReflect() protoreflect.Message
- func (x *ProviderWithAudiences) Reset()
- func (x *ProviderWithAudiences) String() string
- func (m *ProviderWithAudiences) Validate() error
- type ProviderWithAudiencesValidationError
- func (e ProviderWithAudiencesValidationError) Cause() error
- func (e ProviderWithAudiencesValidationError) Error() string
- func (e ProviderWithAudiencesValidationError) ErrorName() string
- func (e ProviderWithAudiencesValidationError) Field() string
- func (e ProviderWithAudiencesValidationError) Key() bool
- func (e ProviderWithAudiencesValidationError) Reason() string
- type RemoteJwks
- func (*RemoteJwks) Descriptor() ([]byte, []int)deprecated
- func (x *RemoteJwks) GetCacheDuration() *duration.Duration
- func (x *RemoteJwks) GetHttpUri() *v3.HttpUri
- func (*RemoteJwks) ProtoMessage()
- func (x *RemoteJwks) ProtoReflect() protoreflect.Message
- func (x *RemoteJwks) Reset()
- func (x *RemoteJwks) String() string
- func (m *RemoteJwks) Validate() error
- type RemoteJwksValidationError
- type RequirementRule
- func (*RequirementRule) Descriptor() ([]byte, []int)deprecated
- func (x *RequirementRule) GetMatch() *v31.RouteMatch
- func (x *RequirementRule) GetRequirementName() string
- func (m *RequirementRule) GetRequirementType() isRequirementRule_RequirementType
- func (x *RequirementRule) GetRequires() *JwtRequirement
- func (*RequirementRule) ProtoMessage()
- func (x *RequirementRule) ProtoReflect() protoreflect.Message
- func (x *RequirementRule) Reset()
- func (x *RequirementRule) String() string
- func (m *RequirementRule) Validate() error
- type RequirementRuleValidationError
- func (e RequirementRuleValidationError) Cause() error
- func (e RequirementRuleValidationError) Error() string
- func (e RequirementRuleValidationError) ErrorName() string
- func (e RequirementRuleValidationError) Field() string
- func (e RequirementRuleValidationError) Key() bool
- func (e RequirementRuleValidationError) Reason() string
- type RequirementRule_RequirementName
- type RequirementRule_Requires
Constants ¶
This section is empty.
Variables ¶
var File_envoy_extensions_filters_http_jwt_authn_v3_config_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type FilterStateRule ¶
type FilterStateRule struct { // The filter state name to retrieve the `Router::StringAccessor` object. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // A map of string keys to requirements. The string key is the string value // in the FilterState with the name specified in the *name* field above. Requires map[string]*JwtRequirement `` /* 157-byte string literal not displayed */ // contains filtered or unexported fields }
This message specifies Jwt requirements based on stream_info.filterState. This FilterState should use `Router::StringAccessor` object to set a string value. Other HTTP filters can use it to specify Jwt requirements dynamically.
Example:
.. code-block:: yaml
name: jwt_selector requires: issuer_1: provider_name: issuer1 issuer_2: provider_name: issuer2
If a filter set "jwt_selector" with "issuer_1" to FilterState for a request, jwt_authn filter will use JwtRequirement{"provider_name": "issuer1"} to verify.
func (*FilterStateRule) Descriptor
deprecated
func (*FilterStateRule) Descriptor() ([]byte, []int)
Deprecated: Use FilterStateRule.ProtoReflect.Descriptor instead.
func (*FilterStateRule) GetName ¶
func (x *FilterStateRule) GetName() string
func (*FilterStateRule) GetRequires ¶
func (x *FilterStateRule) GetRequires() map[string]*JwtRequirement
func (*FilterStateRule) ProtoMessage ¶
func (*FilterStateRule) ProtoMessage()
func (*FilterStateRule) ProtoReflect ¶
func (x *FilterStateRule) ProtoReflect() protoreflect.Message
func (*FilterStateRule) Reset ¶
func (x *FilterStateRule) Reset()
func (*FilterStateRule) String ¶
func (x *FilterStateRule) String() string
func (*FilterStateRule) Validate ¶
func (m *FilterStateRule) Validate() error
Validate checks the field values on FilterStateRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type FilterStateRuleValidationError ¶
type FilterStateRuleValidationError struct {
// contains filtered or unexported fields
}
FilterStateRuleValidationError is the validation error returned by FilterStateRule.Validate if the designated constraints aren't met.
func (FilterStateRuleValidationError) Cause ¶
func (e FilterStateRuleValidationError) Cause() error
Cause function returns cause value.
func (FilterStateRuleValidationError) Error ¶
func (e FilterStateRuleValidationError) Error() string
Error satisfies the builtin error interface
func (FilterStateRuleValidationError) ErrorName ¶
func (e FilterStateRuleValidationError) ErrorName() string
ErrorName returns error name.
func (FilterStateRuleValidationError) Field ¶
func (e FilterStateRuleValidationError) Field() string
Field function returns field value.
func (FilterStateRuleValidationError) Key ¶
func (e FilterStateRuleValidationError) Key() bool
Key function returns key value.
func (FilterStateRuleValidationError) Reason ¶
func (e FilterStateRuleValidationError) Reason() string
Reason function returns reason value.
type JwtAuthentication ¶
type JwtAuthentication struct { // Map of provider names to JwtProviders. // // .. code-block:: yaml // // providers: // provider1: // issuer: issuer1 // audiences: // - audience1 // - audience2 // remote_jwks: // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster // timeout: 1s // provider2: // issuer: provider2 // local_jwks: // inline_string: jwks_string // Providers map[string]*JwtProvider `` /* 159-byte string literal not displayed */ // Specifies requirements based on the route matches. The first matched requirement will be // applied. If there are overlapped match conditions, please put the most specific match first. // // Examples // // .. code-block:: yaml // // rules: // - match: // prefix: /healthz // - match: // prefix: /baz // requires: // provider_name: provider1 // - match: // prefix: /foo // requires: // requires_any: // requirements: // - provider_name: provider1 // - provider_name: provider2 // - match: // prefix: /bar // requires: // requires_all: // requirements: // - provider_name: provider1 // - provider_name: provider2 // Rules []*RequirementRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"` // This message specifies Jwt requirements based on stream_info.filterState. // Other HTTP filters can use it to specify Jwt requirements dynamically. // The *rules* field above is checked first, if it could not find any matches, // check this one. FilterStateRules *FilterStateRule `protobuf:"bytes,3,opt,name=filter_state_rules,json=filterStateRules,proto3" json:"filter_state_rules,omitempty"` // When set to true, bypass the `CORS preflight request // <http://www.w3.org/TR/cors/#cross-origin-request-with-preflight>`_ regardless of JWT // requirements specified in the rules. BypassCorsPreflight bool `protobuf:"varint,4,opt,name=bypass_cors_preflight,json=bypassCorsPreflight,proto3" json:"bypass_cors_preflight,omitempty"` // A map of unique requirement_names to JwtRequirements. // :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>` // in `PerRouteConfig` uses this map to specify a JwtRequirement. RequirementMap map[string]*JwtRequirement `` /* 191-byte string literal not displayed */ // contains filtered or unexported fields }
This is the Envoy HTTP filter config for JWT authentication.
For example:
.. code-block:: yaml
providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster timeout: 1s provider2: issuer: issuer2 local_jwks: inline_string: jwks_string rules: # Not jwt verification is required for /health path - match: prefix: /health # Jwt verification for provider1 is required for path prefixed with "prefix" - match: prefix: /prefix requires: provider_name: provider1 # Jwt verification for either provider1 or provider2 is required for all other requests. - match: prefix: / requires: requires_any: requirements: - provider_name: provider1 - provider_name: provider2
[#next-free-field: 6]
func (*JwtAuthentication) Descriptor
deprecated
func (*JwtAuthentication) Descriptor() ([]byte, []int)
Deprecated: Use JwtAuthentication.ProtoReflect.Descriptor instead.
func (*JwtAuthentication) GetBypassCorsPreflight ¶
func (x *JwtAuthentication) GetBypassCorsPreflight() bool
func (*JwtAuthentication) GetFilterStateRules ¶
func (x *JwtAuthentication) GetFilterStateRules() *FilterStateRule
func (*JwtAuthentication) GetProviders ¶
func (x *JwtAuthentication) GetProviders() map[string]*JwtProvider
func (*JwtAuthentication) GetRequirementMap ¶
func (x *JwtAuthentication) GetRequirementMap() map[string]*JwtRequirement
func (*JwtAuthentication) GetRules ¶
func (x *JwtAuthentication) GetRules() []*RequirementRule
func (*JwtAuthentication) ProtoMessage ¶
func (*JwtAuthentication) ProtoMessage()
func (*JwtAuthentication) ProtoReflect ¶
func (x *JwtAuthentication) ProtoReflect() protoreflect.Message
func (*JwtAuthentication) Reset ¶
func (x *JwtAuthentication) Reset()
func (*JwtAuthentication) String ¶
func (x *JwtAuthentication) String() string
func (*JwtAuthentication) Validate ¶
func (m *JwtAuthentication) Validate() error
Validate checks the field values on JwtAuthentication with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type JwtAuthenticationValidationError ¶
type JwtAuthenticationValidationError struct {
// contains filtered or unexported fields
}
JwtAuthenticationValidationError is the validation error returned by JwtAuthentication.Validate if the designated constraints aren't met.
func (JwtAuthenticationValidationError) Cause ¶
func (e JwtAuthenticationValidationError) Cause() error
Cause function returns cause value.
func (JwtAuthenticationValidationError) Error ¶
func (e JwtAuthenticationValidationError) Error() string
Error satisfies the builtin error interface
func (JwtAuthenticationValidationError) ErrorName ¶
func (e JwtAuthenticationValidationError) ErrorName() string
ErrorName returns error name.
func (JwtAuthenticationValidationError) Field ¶
func (e JwtAuthenticationValidationError) Field() string
Field function returns field value.
func (JwtAuthenticationValidationError) Key ¶
func (e JwtAuthenticationValidationError) Key() bool
Key function returns key value.
func (JwtAuthenticationValidationError) Reason ¶
func (e JwtAuthenticationValidationError) Reason() string
Reason function returns reason value.
type JwtHeader ¶
type JwtHeader struct { // The HTTP header name. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The value prefix. The value format is "value_prefix<token>" // For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the // end. ValuePrefix string `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"` // contains filtered or unexported fields }
This message specifies a header location to extract JWT token.
func (*JwtHeader) Descriptor
deprecated
func (*JwtHeader) GetValuePrefix ¶
func (*JwtHeader) ProtoMessage ¶
func (*JwtHeader) ProtoMessage()
func (*JwtHeader) ProtoReflect ¶
func (x *JwtHeader) ProtoReflect() protoreflect.Message
type JwtHeaderValidationError ¶
type JwtHeaderValidationError struct {
// contains filtered or unexported fields
}
JwtHeaderValidationError is the validation error returned by JwtHeader.Validate if the designated constraints aren't met.
func (JwtHeaderValidationError) Cause ¶
func (e JwtHeaderValidationError) Cause() error
Cause function returns cause value.
func (JwtHeaderValidationError) Error ¶
func (e JwtHeaderValidationError) Error() string
Error satisfies the builtin error interface
func (JwtHeaderValidationError) ErrorName ¶
func (e JwtHeaderValidationError) ErrorName() string
ErrorName returns error name.
func (JwtHeaderValidationError) Field ¶
func (e JwtHeaderValidationError) Field() string
Field function returns field value.
func (JwtHeaderValidationError) Key ¶
func (e JwtHeaderValidationError) Key() bool
Key function returns key value.
func (JwtHeaderValidationError) Reason ¶
func (e JwtHeaderValidationError) Reason() string
Reason function returns reason value.
type JwtProvider ¶
type JwtProvider struct { // Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued // the JWT, usually a URL or an email address. // // It is optional. If specified, it has to match the *iss* field in JWT. // // If a JWT has *iss* field and this field is specified, they have to match, otherwise the // JWT *iss* field is not checked. // // Note: *JwtRequirement* :ref:`allow_missing <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtRequirement.allow_missing>` // and :ref:`allow_missing_or_failed <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtRequirement.allow_missing_or_failed>` // are implemented differently than other *JwtRequirements*. Hence the usage of this field // is different as follows if *allow_missing* or *allow_missing_or_failed* is used: // // * If a JWT has *iss* field, it needs to be specified by this field in one of *JwtProviders*. // * If a JWT doesn't have *iss* field, one of *JwtProviders* should fill this field empty. // * Multiple *JwtProviders* should not have same value in this field. // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com // Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` // The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are // allowed to access. A JWT containing any of these audiences will be accepted. If not specified, // will not check audiences in the token. // // Example: // // .. code-block:: yaml // // audiences: // - bookstore_android.apps.googleusercontent.com // - bookstore_web.apps.googleusercontent.com // Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // `JSON Web Key Set (JWKS) <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed to // validate signature of a JWT. This field specifies where to fetch JWKS. // // Types that are assignable to JwksSourceSpecifier: // *JwtProvider_RemoteJwks // *JwtProvider_LocalJwks JwksSourceSpecifier isJwtProvider_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"` // If false, the JWT is removed in the request after a success verification. If true, the JWT is // not removed in the request. Default value is false. Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"` // Two fields below define where to extract the JWT from an HTTP request. // // If no explicit location is specified, the following default locations are tried in order: // // 1. The Authorization header using the `Bearer schema // <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example:: // // Authorization: Bearer <token>. // // 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter. // // Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations // its provider specified or from the default locations. // // Specify the HTTP headers to extract JWT token. For examples, following config: // // .. code-block:: yaml // // from_headers: // - name: x-goog-iap-jwt-assertion // // can be used to extract token from header:: // // “x-goog-iap-jwt-assertion: <JWT>“. // FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders,proto3" json:"from_headers,omitempty"` // JWT is sent in a query parameter. `jwt_params` represents the query parameter names. // // For example, if config is: // // .. code-block:: yaml // // from_params: // - jwt_token // // The JWT format in query parameter is:: // // /path?jwt_token=<JWT> // FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams,proto3" json:"from_params,omitempty"` // This field specifies the header name to forward a successfully verified JWT payload to the // backend. The forwarded data is:: // // base64url_encoded(jwt_payload_in_JSON) // // If it is not specified, the payload will not be forwarded. ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"` // If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata // in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** // The value is the *protobuf::Struct*. The value of this field will be the key for its *fields* // and the value is the *protobuf::Struct* converted from JWT JSON payload. // // For example, if payload_in_metadata is *my_payload*: // // .. code-block:: yaml // // envoy.filters.http.jwt_authn: // my_payload: // iss: https://example.com // sub: test@example.com // aud: https://example.com // exp: 1501281058 // PayloadInMetadata string `protobuf:"bytes,9,opt,name=payload_in_metadata,json=payloadInMetadata,proto3" json:"payload_in_metadata,omitempty"` // Specify the clock skew in seconds when verifying JWT time constraint, // such as `exp`, and `nbf`. If not specified, default is 60 seconds. ClockSkewSeconds uint32 `protobuf:"varint,10,opt,name=clock_skew_seconds,json=clockSkewSeconds,proto3" json:"clock_skew_seconds,omitempty"` // contains filtered or unexported fields }
Please see following for JWT authentication flow:
* `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_ * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_ * `OpenID Connect <http://openid.net/connect>`_
A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:
* issuer: the principal that issues the JWT. If specified, it has to match the *iss* field in JWT. * allowed audiences: the ones in the token have to be listed here. * how to fetch public key JWKS to verify the token signature. * how to extract JWT token in the request. * how to pass successfully verified token payload.
Example:
.. code-block:: yaml
issuer: https://example.com audiences: - bookstore_android.apps.googleusercontent.com - bookstore_web.apps.googleusercontent.com remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster timeout: 1s cache_duration: seconds: 300
[#next-free-field: 11]
func (*JwtProvider) Descriptor
deprecated
func (*JwtProvider) Descriptor() ([]byte, []int)
Deprecated: Use JwtProvider.ProtoReflect.Descriptor instead.
func (*JwtProvider) GetAudiences ¶
func (x *JwtProvider) GetAudiences() []string
func (*JwtProvider) GetClockSkewSeconds ¶
func (x *JwtProvider) GetClockSkewSeconds() uint32
func (*JwtProvider) GetForward ¶
func (x *JwtProvider) GetForward() bool
func (*JwtProvider) GetForwardPayloadHeader ¶
func (x *JwtProvider) GetForwardPayloadHeader() string
func (*JwtProvider) GetFromHeaders ¶
func (x *JwtProvider) GetFromHeaders() []*JwtHeader
func (*JwtProvider) GetFromParams ¶
func (x *JwtProvider) GetFromParams() []string
func (*JwtProvider) GetIssuer ¶
func (x *JwtProvider) GetIssuer() string
func (*JwtProvider) GetJwksSourceSpecifier ¶
func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier
func (*JwtProvider) GetLocalJwks ¶
func (x *JwtProvider) GetLocalJwks() *v3.DataSource
func (*JwtProvider) GetPayloadInMetadata ¶
func (x *JwtProvider) GetPayloadInMetadata() string
func (*JwtProvider) GetRemoteJwks ¶
func (x *JwtProvider) GetRemoteJwks() *RemoteJwks
func (*JwtProvider) ProtoMessage ¶
func (*JwtProvider) ProtoMessage()
func (*JwtProvider) ProtoReflect ¶
func (x *JwtProvider) ProtoReflect() protoreflect.Message
func (*JwtProvider) Reset ¶
func (x *JwtProvider) Reset()
func (*JwtProvider) String ¶
func (x *JwtProvider) String() string
func (*JwtProvider) Validate ¶
func (m *JwtProvider) Validate() error
Validate checks the field values on JwtProvider with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type JwtProviderValidationError ¶
type JwtProviderValidationError struct {
// contains filtered or unexported fields
}
JwtProviderValidationError is the validation error returned by JwtProvider.Validate if the designated constraints aren't met.
func (JwtProviderValidationError) Cause ¶
func (e JwtProviderValidationError) Cause() error
Cause function returns cause value.
func (JwtProviderValidationError) Error ¶
func (e JwtProviderValidationError) Error() string
Error satisfies the builtin error interface
func (JwtProviderValidationError) ErrorName ¶
func (e JwtProviderValidationError) ErrorName() string
ErrorName returns error name.
func (JwtProviderValidationError) Field ¶
func (e JwtProviderValidationError) Field() string
Field function returns field value.
func (JwtProviderValidationError) Key ¶
func (e JwtProviderValidationError) Key() bool
Key function returns key value.
func (JwtProviderValidationError) Reason ¶
func (e JwtProviderValidationError) Reason() string
Reason function returns reason value.
type JwtProvider_LocalJwks ¶
type JwtProvider_LocalJwks struct { // JWKS is in local data source. It could be either in a local file or embedded in the // inline_string. // // Example: local file // // .. code-block:: yaml // // local_jwks: // filename: /etc/envoy/jwks/jwks1.txt // // Example: inline_string // // .. code-block:: yaml // // local_jwks: // inline_string: ACADADADADA // LocalJwks *v3.DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,proto3,oneof"` }
type JwtProvider_RemoteJwks ¶
type JwtProvider_RemoteJwks struct { // JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP // URI and how the fetched JWKS should be cached. // // Example: // // .. code-block:: yaml // // remote_jwks: // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 // timeout: 1s // cache_duration: // seconds: 300 // RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"` }
type JwtRequirement ¶
type JwtRequirement struct { // Types that are assignable to RequiresType: // *JwtRequirement_ProviderName // *JwtRequirement_ProviderAndAudiences // *JwtRequirement_RequiresAny // *JwtRequirement_RequiresAll // *JwtRequirement_AllowMissingOrFailed // *JwtRequirement_AllowMissing RequiresType isJwtRequirement_RequiresType `protobuf_oneof:"requires_type"` // contains filtered or unexported fields }
This message specifies a Jwt requirement. An empty message means JWT verification is not required. Here are some config examples:
.. code-block:: yaml
# Example 1: not required with an empty message # Example 2: require A provider_name: provider-A # Example 3: require A or B requires_any: requirements: - provider_name: provider-A - provider_name: provider-B # Example 4: require A and B requires_all: requirements: - provider_name: provider-A - provider_name: provider-B # Example 5: require A and (B or C) requires_all: requirements: - provider_name: provider-A - requires_any: requirements: - provider_name: provider-B - provider_name: provider-C # Example 6: require A or (B and C) requires_any: requirements: - provider_name: provider-A - requires_all: requirements: - provider_name: provider-B - provider_name: provider-C # Example 7: A is optional (if token from A is provided, it must be valid, but also allows missing token.) requires_any: requirements: - provider_name: provider-A - allow_missing: {} # Example 8: A is optional and B is required. requires_all: requirements: - requires_any: requirements: - provider_name: provider-A - allow_missing: {} - provider_name: provider-B
[#next-free-field: 7]
func (*JwtRequirement) Descriptor
deprecated
func (*JwtRequirement) Descriptor() ([]byte, []int)
Deprecated: Use JwtRequirement.ProtoReflect.Descriptor instead.
func (*JwtRequirement) GetAllowMissing ¶
func (x *JwtRequirement) GetAllowMissing() *emptypb.Empty
func (*JwtRequirement) GetAllowMissingOrFailed ¶
func (x *JwtRequirement) GetAllowMissingOrFailed() *emptypb.Empty
func (*JwtRequirement) GetProviderAndAudiences ¶
func (x *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences
func (*JwtRequirement) GetProviderName ¶
func (x *JwtRequirement) GetProviderName() string
func (*JwtRequirement) GetRequiresAll ¶
func (x *JwtRequirement) GetRequiresAll() *JwtRequirementAndList
func (*JwtRequirement) GetRequiresAny ¶
func (x *JwtRequirement) GetRequiresAny() *JwtRequirementOrList
func (*JwtRequirement) GetRequiresType ¶
func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType
func (*JwtRequirement) ProtoMessage ¶
func (*JwtRequirement) ProtoMessage()
func (*JwtRequirement) ProtoReflect ¶
func (x *JwtRequirement) ProtoReflect() protoreflect.Message
func (*JwtRequirement) Reset ¶
func (x *JwtRequirement) Reset()
func (*JwtRequirement) String ¶
func (x *JwtRequirement) String() string
func (*JwtRequirement) Validate ¶
func (m *JwtRequirement) Validate() error
Validate checks the field values on JwtRequirement with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type JwtRequirementAndList ¶
type JwtRequirementAndList struct { // Specify a list of JwtRequirement. Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"` // contains filtered or unexported fields }
This message specifies a list of RequiredProvider. Their results are AND-ed; all of them must pass, if one of them fails or missing, it fails.
func (*JwtRequirementAndList) Descriptor
deprecated
func (*JwtRequirementAndList) Descriptor() ([]byte, []int)
Deprecated: Use JwtRequirementAndList.ProtoReflect.Descriptor instead.
func (*JwtRequirementAndList) GetRequirements ¶
func (x *JwtRequirementAndList) GetRequirements() []*JwtRequirement
func (*JwtRequirementAndList) ProtoMessage ¶
func (*JwtRequirementAndList) ProtoMessage()
func (*JwtRequirementAndList) ProtoReflect ¶
func (x *JwtRequirementAndList) ProtoReflect() protoreflect.Message
func (*JwtRequirementAndList) Reset ¶
func (x *JwtRequirementAndList) Reset()
func (*JwtRequirementAndList) String ¶
func (x *JwtRequirementAndList) String() string
func (*JwtRequirementAndList) Validate ¶
func (m *JwtRequirementAndList) Validate() error
Validate checks the field values on JwtRequirementAndList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type JwtRequirementAndListValidationError ¶
type JwtRequirementAndListValidationError struct {
// contains filtered or unexported fields
}
JwtRequirementAndListValidationError is the validation error returned by JwtRequirementAndList.Validate if the designated constraints aren't met.
func (JwtRequirementAndListValidationError) Cause ¶
func (e JwtRequirementAndListValidationError) Cause() error
Cause function returns cause value.
func (JwtRequirementAndListValidationError) Error ¶
func (e JwtRequirementAndListValidationError) Error() string
Error satisfies the builtin error interface
func (JwtRequirementAndListValidationError) ErrorName ¶
func (e JwtRequirementAndListValidationError) ErrorName() string
ErrorName returns error name.
func (JwtRequirementAndListValidationError) Field ¶
func (e JwtRequirementAndListValidationError) Field() string
Field function returns field value.
func (JwtRequirementAndListValidationError) Key ¶
func (e JwtRequirementAndListValidationError) Key() bool
Key function returns key value.
func (JwtRequirementAndListValidationError) Reason ¶
func (e JwtRequirementAndListValidationError) Reason() string
Reason function returns reason value.
type JwtRequirementOrList ¶
type JwtRequirementOrList struct { // Specify a list of JwtRequirement. Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"` // contains filtered or unexported fields }
This message specifies a list of RequiredProvider. Their results are OR-ed; if any one of them passes, the result is passed
func (*JwtRequirementOrList) Descriptor
deprecated
func (*JwtRequirementOrList) Descriptor() ([]byte, []int)
Deprecated: Use JwtRequirementOrList.ProtoReflect.Descriptor instead.
func (*JwtRequirementOrList) GetRequirements ¶
func (x *JwtRequirementOrList) GetRequirements() []*JwtRequirement
func (*JwtRequirementOrList) ProtoMessage ¶
func (*JwtRequirementOrList) ProtoMessage()
func (*JwtRequirementOrList) ProtoReflect ¶
func (x *JwtRequirementOrList) ProtoReflect() protoreflect.Message
func (*JwtRequirementOrList) Reset ¶
func (x *JwtRequirementOrList) Reset()
func (*JwtRequirementOrList) String ¶
func (x *JwtRequirementOrList) String() string
func (*JwtRequirementOrList) Validate ¶
func (m *JwtRequirementOrList) Validate() error
Validate checks the field values on JwtRequirementOrList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type JwtRequirementOrListValidationError ¶
type JwtRequirementOrListValidationError struct {
// contains filtered or unexported fields
}
JwtRequirementOrListValidationError is the validation error returned by JwtRequirementOrList.Validate if the designated constraints aren't met.
func (JwtRequirementOrListValidationError) Cause ¶
func (e JwtRequirementOrListValidationError) Cause() error
Cause function returns cause value.
func (JwtRequirementOrListValidationError) Error ¶
func (e JwtRequirementOrListValidationError) Error() string
Error satisfies the builtin error interface
func (JwtRequirementOrListValidationError) ErrorName ¶
func (e JwtRequirementOrListValidationError) ErrorName() string
ErrorName returns error name.
func (JwtRequirementOrListValidationError) Field ¶
func (e JwtRequirementOrListValidationError) Field() string
Field function returns field value.
func (JwtRequirementOrListValidationError) Key ¶
func (e JwtRequirementOrListValidationError) Key() bool
Key function returns key value.
func (JwtRequirementOrListValidationError) Reason ¶
func (e JwtRequirementOrListValidationError) Reason() string
Reason function returns reason value.
type JwtRequirementValidationError ¶
type JwtRequirementValidationError struct {
// contains filtered or unexported fields
}
JwtRequirementValidationError is the validation error returned by JwtRequirement.Validate if the designated constraints aren't met.
func (JwtRequirementValidationError) Cause ¶
func (e JwtRequirementValidationError) Cause() error
Cause function returns cause value.
func (JwtRequirementValidationError) Error ¶
func (e JwtRequirementValidationError) Error() string
Error satisfies the builtin error interface
func (JwtRequirementValidationError) ErrorName ¶
func (e JwtRequirementValidationError) ErrorName() string
ErrorName returns error name.
func (JwtRequirementValidationError) Field ¶
func (e JwtRequirementValidationError) Field() string
Field function returns field value.
func (JwtRequirementValidationError) Key ¶
func (e JwtRequirementValidationError) Key() bool
Key function returns key value.
func (JwtRequirementValidationError) Reason ¶
func (e JwtRequirementValidationError) Reason() string
Reason function returns reason value.
type JwtRequirement_AllowMissing ¶
type JwtRequirement_AllowMissing struct { // The requirement is satisfied if JWT is missing, but failed if JWT is // presented but invalid. Similar to allow_missing_or_failed, this is used // to only verify JWTs and pass the verified payload to another filter. The // different is this mode will reject requests with invalid tokens. AllowMissing *emptypb.Empty `protobuf:"bytes,6,opt,name=allow_missing,json=allowMissing,proto3,oneof"` }
type JwtRequirement_AllowMissingOrFailed ¶
type JwtRequirement_AllowMissingOrFailed struct { // The requirement is always satisfied even if JWT is missing or the JWT // verification fails. A typical usage is: this filter is used to only verify // JWTs and pass the verified JWT payloads to another filter, the other filter // will make decision. In this mode, all JWT tokens will be verified. AllowMissingOrFailed *emptypb.Empty `protobuf:"bytes,5,opt,name=allow_missing_or_failed,json=allowMissingOrFailed,proto3,oneof"` }
type JwtRequirement_ProviderAndAudiences ¶
type JwtRequirement_ProviderAndAudiences struct { // Specify a required provider with audiences. ProviderAndAudiences *ProviderWithAudiences `protobuf:"bytes,2,opt,name=provider_and_audiences,json=providerAndAudiences,proto3,oneof"` }
type JwtRequirement_ProviderName ¶
type JwtRequirement_ProviderName struct { // Specify a required provider name. ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3,oneof"` }
type JwtRequirement_RequiresAll ¶
type JwtRequirement_RequiresAll struct { // Specify list of JwtRequirement. Their results are AND-ed. // All of them must pass, if one of them fails or missing, it fails. RequiresAll *JwtRequirementAndList `protobuf:"bytes,4,opt,name=requires_all,json=requiresAll,proto3,oneof"` }
type JwtRequirement_RequiresAny ¶
type JwtRequirement_RequiresAny struct { // Specify list of JwtRequirement. Their results are OR-ed. // If any one of them passes, the result is passed. RequiresAny *JwtRequirementOrList `protobuf:"bytes,3,opt,name=requires_any,json=requiresAny,proto3,oneof"` }
type PerRouteConfig ¶
type PerRouteConfig struct { // Types that are assignable to RequirementSpecifier: // *PerRouteConfig_Disabled // *PerRouteConfig_RequirementName RequirementSpecifier isPerRouteConfig_RequirementSpecifier `protobuf_oneof:"requirement_specifier"` // contains filtered or unexported fields }
Specify per-route config.
func (*PerRouteConfig) Descriptor
deprecated
func (*PerRouteConfig) Descriptor() ([]byte, []int)
Deprecated: Use PerRouteConfig.ProtoReflect.Descriptor instead.
func (*PerRouteConfig) GetDisabled ¶
func (x *PerRouteConfig) GetDisabled() bool
func (*PerRouteConfig) GetRequirementName ¶
func (x *PerRouteConfig) GetRequirementName() string
func (*PerRouteConfig) GetRequirementSpecifier ¶
func (m *PerRouteConfig) GetRequirementSpecifier() isPerRouteConfig_RequirementSpecifier
func (*PerRouteConfig) ProtoMessage ¶
func (*PerRouteConfig) ProtoMessage()
func (*PerRouteConfig) ProtoReflect ¶
func (x *PerRouteConfig) ProtoReflect() protoreflect.Message
func (*PerRouteConfig) Reset ¶
func (x *PerRouteConfig) Reset()
func (*PerRouteConfig) String ¶
func (x *PerRouteConfig) String() string
func (*PerRouteConfig) Validate ¶
func (m *PerRouteConfig) Validate() error
Validate checks the field values on PerRouteConfig with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type PerRouteConfigValidationError ¶
type PerRouteConfigValidationError struct {
// contains filtered or unexported fields
}
PerRouteConfigValidationError is the validation error returned by PerRouteConfig.Validate if the designated constraints aren't met.
func (PerRouteConfigValidationError) Cause ¶
func (e PerRouteConfigValidationError) Cause() error
Cause function returns cause value.
func (PerRouteConfigValidationError) Error ¶
func (e PerRouteConfigValidationError) Error() string
Error satisfies the builtin error interface
func (PerRouteConfigValidationError) ErrorName ¶
func (e PerRouteConfigValidationError) ErrorName() string
ErrorName returns error name.
func (PerRouteConfigValidationError) Field ¶
func (e PerRouteConfigValidationError) Field() string
Field function returns field value.
func (PerRouteConfigValidationError) Key ¶
func (e PerRouteConfigValidationError) Key() bool
Key function returns key value.
func (PerRouteConfigValidationError) Reason ¶
func (e PerRouteConfigValidationError) Reason() string
Reason function returns reason value.
type PerRouteConfig_Disabled ¶
type PerRouteConfig_Disabled struct { // Disable Jwt Authentication for this route. Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3,oneof"` }
type PerRouteConfig_RequirementName ¶
type PerRouteConfig_RequirementName struct { // Use requirement_name to specify a JwtRequirement. // This requirement_name MUST be specified at the // :ref:`requirement_map <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtAuthentication.requirement_map>` // in `JwtAuthentication`. If no, the requests using this route will be rejected with 403. RequirementName string `protobuf:"bytes,2,opt,name=requirement_name,json=requirementName,proto3,oneof"` }
type ProviderWithAudiences ¶
type ProviderWithAudiences struct { // Specify a required provider name. ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"` // This field overrides the one specified in the JwtProvider. Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // contains filtered or unexported fields }
Specify a required provider with audiences.
func (*ProviderWithAudiences) Descriptor
deprecated
func (*ProviderWithAudiences) Descriptor() ([]byte, []int)
Deprecated: Use ProviderWithAudiences.ProtoReflect.Descriptor instead.
func (*ProviderWithAudiences) GetAudiences ¶
func (x *ProviderWithAudiences) GetAudiences() []string
func (*ProviderWithAudiences) GetProviderName ¶
func (x *ProviderWithAudiences) GetProviderName() string
func (*ProviderWithAudiences) ProtoMessage ¶
func (*ProviderWithAudiences) ProtoMessage()
func (*ProviderWithAudiences) ProtoReflect ¶
func (x *ProviderWithAudiences) ProtoReflect() protoreflect.Message
func (*ProviderWithAudiences) Reset ¶
func (x *ProviderWithAudiences) Reset()
func (*ProviderWithAudiences) String ¶
func (x *ProviderWithAudiences) String() string
func (*ProviderWithAudiences) Validate ¶
func (m *ProviderWithAudiences) Validate() error
Validate checks the field values on ProviderWithAudiences with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type ProviderWithAudiencesValidationError ¶
type ProviderWithAudiencesValidationError struct {
// contains filtered or unexported fields
}
ProviderWithAudiencesValidationError is the validation error returned by ProviderWithAudiences.Validate if the designated constraints aren't met.
func (ProviderWithAudiencesValidationError) Cause ¶
func (e ProviderWithAudiencesValidationError) Cause() error
Cause function returns cause value.
func (ProviderWithAudiencesValidationError) Error ¶
func (e ProviderWithAudiencesValidationError) Error() string
Error satisfies the builtin error interface
func (ProviderWithAudiencesValidationError) ErrorName ¶
func (e ProviderWithAudiencesValidationError) ErrorName() string
ErrorName returns error name.
func (ProviderWithAudiencesValidationError) Field ¶
func (e ProviderWithAudiencesValidationError) Field() string
Field function returns field value.
func (ProviderWithAudiencesValidationError) Key ¶
func (e ProviderWithAudiencesValidationError) Key() bool
Key function returns key value.
func (ProviderWithAudiencesValidationError) Reason ¶
func (e ProviderWithAudiencesValidationError) Reason() string
Reason function returns reason value.
type RemoteJwks ¶
type RemoteJwks struct { // The HTTP URI to fetch the JWKS. For example: // // .. code-block:: yaml // // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 // timeout: 1s // HttpUri *v3.HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri,proto3" json:"http_uri,omitempty"` // Duration after which the cached JWKS should be expired. If not specified, default cache // duration is 5 minutes. CacheDuration *duration.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"` // contains filtered or unexported fields }
This message specifies how to fetch JWKS from remote and how to cache it.
func (*RemoteJwks) Descriptor
deprecated
func (*RemoteJwks) Descriptor() ([]byte, []int)
Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.
func (*RemoteJwks) GetCacheDuration ¶
func (x *RemoteJwks) GetCacheDuration() *duration.Duration
func (*RemoteJwks) GetHttpUri ¶
func (x *RemoteJwks) GetHttpUri() *v3.HttpUri
func (*RemoteJwks) ProtoMessage ¶
func (*RemoteJwks) ProtoMessage()
func (*RemoteJwks) ProtoReflect ¶
func (x *RemoteJwks) ProtoReflect() protoreflect.Message
func (*RemoteJwks) Reset ¶
func (x *RemoteJwks) Reset()
func (*RemoteJwks) String ¶
func (x *RemoteJwks) String() string
func (*RemoteJwks) Validate ¶
func (m *RemoteJwks) Validate() error
Validate checks the field values on RemoteJwks with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type RemoteJwksValidationError ¶
type RemoteJwksValidationError struct {
// contains filtered or unexported fields
}
RemoteJwksValidationError is the validation error returned by RemoteJwks.Validate if the designated constraints aren't met.
func (RemoteJwksValidationError) Cause ¶
func (e RemoteJwksValidationError) Cause() error
Cause function returns cause value.
func (RemoteJwksValidationError) Error ¶
func (e RemoteJwksValidationError) Error() string
Error satisfies the builtin error interface
func (RemoteJwksValidationError) ErrorName ¶
func (e RemoteJwksValidationError) ErrorName() string
ErrorName returns error name.
func (RemoteJwksValidationError) Field ¶
func (e RemoteJwksValidationError) Field() string
Field function returns field value.
func (RemoteJwksValidationError) Key ¶
func (e RemoteJwksValidationError) Key() bool
Key function returns key value.
func (RemoteJwksValidationError) Reason ¶
func (e RemoteJwksValidationError) Reason() string
Reason function returns reason value.
type RequirementRule ¶
type RequirementRule struct { // The route matching parameter. Only when the match is satisfied, the "requires" field will // apply. // // For example: following match will match all requests. // // .. code-block:: yaml // // match: // prefix: / // Match *v31.RouteMatch `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` // Specify a Jwt requirement. // If not specified, Jwt verification is disabled. // // Types that are assignable to RequirementType: // *RequirementRule_Requires // *RequirementRule_RequirementName RequirementType isRequirementRule_RequirementType `protobuf_oneof:"requirement_type"` // contains filtered or unexported fields }
This message specifies a Jwt requirement for a specific Route condition. Example 1:
.. code-block:: yaml
- match: prefix: /healthz
In above example, "requires" field is empty for /healthz prefix match, it means that requests matching the path prefix don't require JWT authentication.
Example 2:
.. code-block:: yaml
- match: prefix: / requires: { provider_name: provider-A }
In above example, all requests matched the path prefix require jwt authentication from "provider-A".
func (*RequirementRule) Descriptor
deprecated
func (*RequirementRule) Descriptor() ([]byte, []int)
Deprecated: Use RequirementRule.ProtoReflect.Descriptor instead.
func (*RequirementRule) GetMatch ¶
func (x *RequirementRule) GetMatch() *v31.RouteMatch
func (*RequirementRule) GetRequirementName ¶
func (x *RequirementRule) GetRequirementName() string
func (*RequirementRule) GetRequirementType ¶
func (m *RequirementRule) GetRequirementType() isRequirementRule_RequirementType
func (*RequirementRule) GetRequires ¶
func (x *RequirementRule) GetRequires() *JwtRequirement
func (*RequirementRule) ProtoMessage ¶
func (*RequirementRule) ProtoMessage()
func (*RequirementRule) ProtoReflect ¶
func (x *RequirementRule) ProtoReflect() protoreflect.Message
func (*RequirementRule) Reset ¶
func (x *RequirementRule) Reset()
func (*RequirementRule) String ¶
func (x *RequirementRule) String() string
func (*RequirementRule) Validate ¶
func (m *RequirementRule) Validate() error
Validate checks the field values on RequirementRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type RequirementRuleValidationError ¶
type RequirementRuleValidationError struct {
// contains filtered or unexported fields
}
RequirementRuleValidationError is the validation error returned by RequirementRule.Validate if the designated constraints aren't met.
func (RequirementRuleValidationError) Cause ¶
func (e RequirementRuleValidationError) Cause() error
Cause function returns cause value.
func (RequirementRuleValidationError) Error ¶
func (e RequirementRuleValidationError) Error() string
Error satisfies the builtin error interface
func (RequirementRuleValidationError) ErrorName ¶
func (e RequirementRuleValidationError) ErrorName() string
ErrorName returns error name.
func (RequirementRuleValidationError) Field ¶
func (e RequirementRuleValidationError) Field() string
Field function returns field value.
func (RequirementRuleValidationError) Key ¶
func (e RequirementRuleValidationError) Key() bool
Key function returns key value.
func (RequirementRuleValidationError) Reason ¶
func (e RequirementRuleValidationError) Reason() string
Reason function returns reason value.
type RequirementRule_RequirementName ¶
type RequirementRule_RequirementName struct { // Use requirement_name to specify a Jwt requirement. // This requirement_name MUST be specified at the // :ref:`requirement_map <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtAuthentication.requirement_map>` // in `JwtAuthentication`. RequirementName string `protobuf:"bytes,3,opt,name=requirement_name,json=requirementName,proto3,oneof"` }
type RequirementRule_Requires ¶
type RequirementRule_Requires struct { // Specify a Jwt requirement. Please see detail comment in message JwtRequirement. Requires *JwtRequirement `protobuf:"bytes,2,opt,name=requires,proto3,oneof"` }