authv3

package
v3.4.0-dev Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 2, 2022 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_envoy_service_auth_v3_attribute_context_proto protoreflect.FileDescriptor
View Source 
var File_envoy_service_auth_v3_external_auth_proto protoreflect.FileDescriptor

Functions

func RegisterAuthorizationServer 

func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer)

Types

type AttributeContext 

type AttributeContext struct {

	// The source of a network activity, such as starting a TCP connection.
	// In a multi hop network activity, the source represents the sender of the
	// last hop.
	Source *AttributeContext_Peer `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
	// The destination of a network activity, such as accepting a TCP connection.
	// In a multi hop network activity, the destination represents the receiver of
	// the last hop.
	Destination *AttributeContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"`
	// Represents a network request, such as an HTTP request.
	Request *AttributeContext_Request `protobuf:"bytes,4,opt,name=request,proto3" json:"request,omitempty"`
	// This is analogous to http_request.headers, however these contents will not be sent to the
	// upstream server. Context_extensions provide an extension mechanism for sending additional
	// information to the auth server without modifying the proto definition. It maps to the
	// internal opaque context in the filter chain.
	ContextExtensions map[string]string `` /* 201-byte string literal not displayed */
	// Dynamic metadata associated with the request.
	MetadataContext *v3.Metadata `protobuf:"bytes,11,opt,name=metadata_context,json=metadataContext,proto3" json:"metadata_context,omitempty"`
	// contains filtered or unexported fields
}

An attribute is a piece of metadata that describes an activity on a network. For example, the size of an HTTP request, or the status code of an HTTP response.

Each attribute has a type and a name, which is logically defined as a proto message field of the “AttributeContext“. The “AttributeContext“ is a collection of individual attributes supported by Envoy authorization system. [#comment: The following items are left out of this proto Request.Auth field for jwt tokens Request.Api for api management Origin peer that originated the request Caching Protocol request_context return values to inject back into the filter chain peer.claims -- from X.509 extensions Configuration - field mask to send - which return values from request_context are copied back - which return values are copied into request_headers] [#next-free-field: 12]

func (*AttributeContext) Descriptor deprecated 

func (*AttributeContext) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead.

func (*AttributeContext) GetContextExtensions 

func (x *AttributeContext) GetContextExtensions() map[string]string

func (*AttributeContext) GetDestination 

func (x *AttributeContext) GetDestination() *AttributeContext_Peer

func (*AttributeContext) GetMetadataContext 

func (x *AttributeContext) GetMetadataContext() *v3.Metadata

func (*AttributeContext) GetRequest 

func (x *AttributeContext) GetRequest() *AttributeContext_Request

func (*AttributeContext) GetSource 

func (x *AttributeContext) GetSource() *AttributeContext_Peer

func (*AttributeContext) ProtoMessage 

func (*AttributeContext) ProtoMessage()

func (*AttributeContext) ProtoReflect 

func (x *AttributeContext) ProtoReflect() protoreflect.Message

func (*AttributeContext) Reset 

func (x *AttributeContext) Reset()

func (*AttributeContext) String 

func (x *AttributeContext) String() string

func (*AttributeContext) Validate 

func (m *AttributeContext) Validate() error

Validate checks the field values on AttributeContext with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext) ValidateAll 

func (m *AttributeContext) ValidateAll() error

ValidateAll checks the field values on AttributeContext with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContextMultiError, or nil if none found.

type AttributeContextMultiError 

type AttributeContextMultiError []error

AttributeContextMultiError is an error wrapping multiple validation errors returned by AttributeContext.ValidateAll() if the designated constraints aren't met.

func (AttributeContextMultiError) AllErrors 

func (m AttributeContextMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AttributeContextMultiError) Error 

func (m AttributeContextMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type AttributeContextValidationError 

type AttributeContextValidationError struct {
	// contains filtered or unexported fields
}

AttributeContextValidationError is the validation error returned by AttributeContext.Validate if the designated constraints aren't met.

func (AttributeContextValidationError) Cause 

func (e AttributeContextValidationError) Cause() error

Cause function returns cause value.

func (AttributeContextValidationError) Error 

func (e AttributeContextValidationError) Error() string

Error satisfies the builtin error interface

func (AttributeContextValidationError) ErrorName 

func (e AttributeContextValidationError) ErrorName() string

ErrorName returns error name.

func (AttributeContextValidationError) Field 

func (e AttributeContextValidationError) Field() string

Field function returns field value.

func (AttributeContextValidationError) Key 

func (e AttributeContextValidationError) Key() bool

Key function returns key value.

func (AttributeContextValidationError) Reason 

func (e AttributeContextValidationError) Reason() string

Reason function returns reason value.

type AttributeContext_HttpRequest 

type AttributeContext_HttpRequest struct {

	// The unique ID for a request, which can be propagated to downstream
	// systems. The ID should have low probability of collision
	// within a single day for a specific service.
	// For HTTP requests, it should be X-Request-ID or equivalent.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// The HTTP request method, such as “GET“, “POST“.
	Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"`
	// The HTTP request headers. If multiple headers share the same key, they
	// must be merged according to the HTTP spec. All header keys must be
	// lower-cased, because HTTP header keys are case-insensitive.
	Headers map[string]string `` /* 155-byte string literal not displayed */
	// The request target, as it appears in the first line of the HTTP request. This includes
	// the URL path and query-string. No decoding is performed.
	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
	// The HTTP request “Host“ or '`Authority“ header value.
	Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"`
	// The HTTP URL scheme, such as “http“ and “https“.
	Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The HTTP URL query is
	// included in “path“ field.
	Query string `protobuf:"bytes,7,opt,name=query,proto3" json:"query,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The URL fragment is
	// not submitted as part of HTTP requests; it is unknowable.
	Fragment string `protobuf:"bytes,8,opt,name=fragment,proto3" json:"fragment,omitempty"`
	// The HTTP request size in bytes. If unknown, it must be -1.
	Size int64 `protobuf:"varint,9,opt,name=size,proto3" json:"size,omitempty"`
	// The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2".
	//
	// See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all
	// possible values.
	Protocol string `protobuf:"bytes,10,opt,name=protocol,proto3" json:"protocol,omitempty"`
	// The HTTP request body.
	Body string `protobuf:"bytes,11,opt,name=body,proto3" json:"body,omitempty"`
	// The HTTP request body in bytes. This is used instead of
	// :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when
	// :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>`
	// is set to true.
	RawBody []byte `protobuf:"bytes,12,opt,name=raw_body,json=rawBody,proto3" json:"raw_body,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for an HTTP request. HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests. [#next-free-field: 13]

func (*AttributeContext_HttpRequest) Descriptor deprecated 

func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_HttpRequest.ProtoReflect.Descriptor instead.

func (*AttributeContext_HttpRequest) GetBody 

func (x *AttributeContext_HttpRequest) GetBody() string

func (*AttributeContext_HttpRequest) GetFragment 

func (x *AttributeContext_HttpRequest) GetFragment() string

func (*AttributeContext_HttpRequest) GetHeaders 

func (x *AttributeContext_HttpRequest) GetHeaders() map[string]string

func (*AttributeContext_HttpRequest) GetHost 

func (x *AttributeContext_HttpRequest) GetHost() string

func (*AttributeContext_HttpRequest) GetId 

func (x *AttributeContext_HttpRequest) GetId() string

func (*AttributeContext_HttpRequest) GetMethod 

func (x *AttributeContext_HttpRequest) GetMethod() string

func (*AttributeContext_HttpRequest) GetPath 

func (x *AttributeContext_HttpRequest) GetPath() string

func (*AttributeContext_HttpRequest) GetProtocol 

func (x *AttributeContext_HttpRequest) GetProtocol() string

func (*AttributeContext_HttpRequest) GetQuery 

func (x *AttributeContext_HttpRequest) GetQuery() string

func (*AttributeContext_HttpRequest) GetRawBody 

func (x *AttributeContext_HttpRequest) GetRawBody() []byte

func (*AttributeContext_HttpRequest) GetScheme 

func (x *AttributeContext_HttpRequest) GetScheme() string

func (*AttributeContext_HttpRequest) GetSize 

func (x *AttributeContext_HttpRequest) GetSize() int64

func (*AttributeContext_HttpRequest) ProtoMessage 

func (*AttributeContext_HttpRequest) ProtoMessage()

func (*AttributeContext_HttpRequest) ProtoReflect 

func (x *AttributeContext_HttpRequest) ProtoReflect() protoreflect.Message

func (*AttributeContext_HttpRequest) Reset 

func (x *AttributeContext_HttpRequest) Reset()

func (*AttributeContext_HttpRequest) String 

func (x *AttributeContext_HttpRequest) String() string

func (*AttributeContext_HttpRequest) Validate 

func (m *AttributeContext_HttpRequest) Validate() error

Validate checks the field values on AttributeContext_HttpRequest with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext_HttpRequest) ValidateAll 

func (m *AttributeContext_HttpRequest) ValidateAll() error

ValidateAll checks the field values on AttributeContext_HttpRequest with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContext_HttpRequestMultiError, or nil if none found.

type AttributeContext_HttpRequestMultiError 

type AttributeContext_HttpRequestMultiError []error

AttributeContext_HttpRequestMultiError is an error wrapping multiple validation errors returned by AttributeContext_HttpRequest.ValidateAll() if the designated constraints aren't met.

func (AttributeContext_HttpRequestMultiError) AllErrors 

func (m AttributeContext_HttpRequestMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AttributeContext_HttpRequestMultiError) Error 

func (m AttributeContext_HttpRequestMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type AttributeContext_HttpRequestValidationError 

type AttributeContext_HttpRequestValidationError struct {
	// contains filtered or unexported fields
}

AttributeContext_HttpRequestValidationError is the validation error returned by AttributeContext_HttpRequest.Validate if the designated constraints aren't met.

func (AttributeContext_HttpRequestValidationError) Cause 

func (e AttributeContext_HttpRequestValidationError) Cause() error

Cause function returns cause value.

func (AttributeContext_HttpRequestValidationError) Error 

func (e AttributeContext_HttpRequestValidationError) Error() string

Error satisfies the builtin error interface

func (AttributeContext_HttpRequestValidationError) ErrorName 

func (e AttributeContext_HttpRequestValidationError) ErrorName() string

ErrorName returns error name.

func (AttributeContext_HttpRequestValidationError) Field 

func (e AttributeContext_HttpRequestValidationError) Field() string

Field function returns field value.

func (AttributeContext_HttpRequestValidationError) Key 

func (e AttributeContext_HttpRequestValidationError) Key() bool

Key function returns key value.

func (AttributeContext_HttpRequestValidationError) Reason 

func (e AttributeContext_HttpRequestValidationError) Reason() string

Reason function returns reason value.

type AttributeContext_Peer 

type AttributeContext_Peer struct {

	// The address of the peer, this is typically the IP address.
	// It can also be UDS path, or others.
	Address *v3.Address `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// The canonical service name of the peer.
	// It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster
	// <config_http_conn_man_headers_downstream-service-cluster>`
	// If a more trusted source of the service name is available through mTLS/secure naming, it
	// should be used.
	Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
	// The labels associated with the peer.
	// These could be pod labels for Kubernetes or tags for VMs.
	// The source of the labels could be an X.509 certificate or other configuration.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// The authenticated identity of this peer.
	// For example, the identity associated with the workload such as a service account.
	// If an X.509 certificate is used to assert the identity this field should be sourced from
	// “URI Subject Alternative Names“, “DNS Subject Alternate Names“ or “Subject“ in that order.
	// The primary identity should be the principal. The principal format is issuer specific.
	//
	// Example:
	// *    SPIFFE format is “spiffe://trust-domain/path“
	// *    Google account format is “https://accounts.google.com/{userid}“
	Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"`
	// The X.509 certificate used to authenticate the identify of this peer.
	// When present, the certificate contents are encoded in URL and PEM format.
	Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in the “service“, “principal“, and “labels“ as appropriate. [#next-free-field: 6]

func (*AttributeContext_Peer) Descriptor deprecated 

func (*AttributeContext_Peer) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_Peer.ProtoReflect.Descriptor instead.

func (*AttributeContext_Peer) GetAddress 

func (x *AttributeContext_Peer) GetAddress() *v3.Address

func (*AttributeContext_Peer) GetCertificate 

func (x *AttributeContext_Peer) GetCertificate() string

func (*AttributeContext_Peer) GetLabels 

func (x *AttributeContext_Peer) GetLabels() map[string]string

func (*AttributeContext_Peer) GetPrincipal 

func (x *AttributeContext_Peer) GetPrincipal() string

func (*AttributeContext_Peer) GetService 

func (x *AttributeContext_Peer) GetService() string

func (*AttributeContext_Peer) ProtoMessage 

func (*AttributeContext_Peer) ProtoMessage()

func (*AttributeContext_Peer) ProtoReflect 

func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message

func (*AttributeContext_Peer) Reset 

func (x *AttributeContext_Peer) Reset()

func (*AttributeContext_Peer) String 

func (x *AttributeContext_Peer) String() string

func (*AttributeContext_Peer) Validate 

func (m *AttributeContext_Peer) Validate() error

Validate checks the field values on AttributeContext_Peer with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext_Peer) ValidateAll 

func (m *AttributeContext_Peer) ValidateAll() error

ValidateAll checks the field values on AttributeContext_Peer with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContext_PeerMultiError, or nil if none found.

type AttributeContext_PeerMultiError 

type AttributeContext_PeerMultiError []error

AttributeContext_PeerMultiError is an error wrapping multiple validation errors returned by AttributeContext_Peer.ValidateAll() if the designated constraints aren't met.

func (AttributeContext_PeerMultiError) AllErrors 

func (m AttributeContext_PeerMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AttributeContext_PeerMultiError) Error 

func (m AttributeContext_PeerMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type AttributeContext_PeerValidationError 

type AttributeContext_PeerValidationError struct {
	// contains filtered or unexported fields
}

AttributeContext_PeerValidationError is the validation error returned by AttributeContext_Peer.Validate if the designated constraints aren't met.

func (AttributeContext_PeerValidationError) Cause 

func (e AttributeContext_PeerValidationError) Cause() error

Cause function returns cause value.

func (AttributeContext_PeerValidationError) Error 

func (e AttributeContext_PeerValidationError) Error() string

Error satisfies the builtin error interface

func (AttributeContext_PeerValidationError) ErrorName 

func (e AttributeContext_PeerValidationError) ErrorName() string

ErrorName returns error name.

func (AttributeContext_PeerValidationError) Field 

func (e AttributeContext_PeerValidationError) Field() string

Field function returns field value.

func (AttributeContext_PeerValidationError) Key 

func (e AttributeContext_PeerValidationError) Key() bool

Key function returns key value.

func (AttributeContext_PeerValidationError) Reason 

func (e AttributeContext_PeerValidationError) Reason() string

Reason function returns reason value.

type AttributeContext_Request 

type AttributeContext_Request struct {

	// The timestamp when the proxy receives the first byte of the request.
	Time *timestamp.Timestamp `protobuf:"bytes,1,opt,name=time,proto3" json:"time,omitempty"`
	// Represents an HTTP request or an HTTP-like request.
	Http *AttributeContext_HttpRequest `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"`
	// contains filtered or unexported fields
}

Represents a network request, such as an HTTP request.

func (*AttributeContext_Request) Descriptor deprecated 

func (*AttributeContext_Request) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead.

func (*AttributeContext_Request) GetHttp 

func (x *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest

func (*AttributeContext_Request) GetTime 

func (x *AttributeContext_Request) GetTime() *timestamp.Timestamp

func (*AttributeContext_Request) ProtoMessage 

func (*AttributeContext_Request) ProtoMessage()

func (*AttributeContext_Request) ProtoReflect 

func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message

func (*AttributeContext_Request) Reset 

func (x *AttributeContext_Request) Reset()

func (*AttributeContext_Request) String 

func (x *AttributeContext_Request) String() string

func (*AttributeContext_Request) Validate 

func (m *AttributeContext_Request) Validate() error

Validate checks the field values on AttributeContext_Request with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AttributeContext_Request) ValidateAll 

func (m *AttributeContext_Request) ValidateAll() error

ValidateAll checks the field values on AttributeContext_Request with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AttributeContext_RequestMultiError, or nil if none found.

type AttributeContext_RequestMultiError 

type AttributeContext_RequestMultiError []error

AttributeContext_RequestMultiError is an error wrapping multiple validation errors returned by AttributeContext_Request.ValidateAll() if the designated constraints aren't met.

func (AttributeContext_RequestMultiError) AllErrors 

func (m AttributeContext_RequestMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AttributeContext_RequestMultiError) Error 

func (m AttributeContext_RequestMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type AttributeContext_RequestValidationError 

type AttributeContext_RequestValidationError struct {
	// contains filtered or unexported fields
}

AttributeContext_RequestValidationError is the validation error returned by AttributeContext_Request.Validate if the designated constraints aren't met.

func (AttributeContext_RequestValidationError) Cause 

func (e AttributeContext_RequestValidationError) Cause() error

Cause function returns cause value.

func (AttributeContext_RequestValidationError) Error 

func (e AttributeContext_RequestValidationError) Error() string

Error satisfies the builtin error interface

func (AttributeContext_RequestValidationError) ErrorName 

func (e AttributeContext_RequestValidationError) ErrorName() string

ErrorName returns error name.

func (AttributeContext_RequestValidationError) Field 

func (e AttributeContext_RequestValidationError) Field() string

Field function returns field value.

func (AttributeContext_RequestValidationError) Key 

func (e AttributeContext_RequestValidationError) Key() bool

Key function returns key value.

func (AttributeContext_RequestValidationError) Reason 

func (e AttributeContext_RequestValidationError) Reason() string

Reason function returns reason value.

type AuthorizationClient 

type AuthorizationClient interface {
	// Performs authorization check based on the attributes associated with the
	// incoming request, and returns status `OK` or not `OK`.
	Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error)
}

AuthorizationClient is the client API for Authorization service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewAuthorizationClient 

func NewAuthorizationClient(cc grpc.ClientConnInterface) AuthorizationClient

type AuthorizationServer 

type AuthorizationServer interface {
	// Performs authorization check based on the attributes associated with the
	// incoming request, and returns status `OK` or not `OK`.
	Check(context.Context, *CheckRequest) (*CheckResponse, error)
}

AuthorizationServer is the server API for Authorization service.

type CheckRequest 

type CheckRequest struct {

	// The request attributes.
	Attributes *AttributeContext `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"`
	// contains filtered or unexported fields
}

func (*CheckRequest) Descriptor deprecated 

func (*CheckRequest) Descriptor() ([]byte, []int)

Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead.

func (*CheckRequest) GetAttributes 

func (x *CheckRequest) GetAttributes() *AttributeContext

func (*CheckRequest) ProtoMessage 

func (*CheckRequest) ProtoMessage()

func (*CheckRequest) ProtoReflect 

func (x *CheckRequest) ProtoReflect() protoreflect.Message

func (*CheckRequest) Reset 

func (x *CheckRequest) Reset()

func (*CheckRequest) String 

func (x *CheckRequest) String() string

func (*CheckRequest) Validate 

func (m *CheckRequest) Validate() error

Validate checks the field values on CheckRequest with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*CheckRequest) ValidateAll 

func (m *CheckRequest) ValidateAll() error

ValidateAll checks the field values on CheckRequest with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in CheckRequestMultiError, or nil if none found.

type CheckRequestMultiError 

type CheckRequestMultiError []error

CheckRequestMultiError is an error wrapping multiple validation errors returned by CheckRequest.ValidateAll() if the designated constraints aren't met.

func (CheckRequestMultiError) AllErrors 

func (m CheckRequestMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (CheckRequestMultiError) Error 

func (m CheckRequestMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type CheckRequestValidationError 

type CheckRequestValidationError struct {
	// contains filtered or unexported fields
}

CheckRequestValidationError is the validation error returned by CheckRequest.Validate if the designated constraints aren't met.

func (CheckRequestValidationError) Cause 

func (e CheckRequestValidationError) Cause() error

Cause function returns cause value.

func (CheckRequestValidationError) Error 

func (e CheckRequestValidationError) Error() string

Error satisfies the builtin error interface

func (CheckRequestValidationError) ErrorName 

func (e CheckRequestValidationError) ErrorName() string

ErrorName returns error name.

func (CheckRequestValidationError) Field 

func (e CheckRequestValidationError) Field() string

Field function returns field value.

func (CheckRequestValidationError) Key 

func (e CheckRequestValidationError) Key() bool

Key function returns key value.

func (CheckRequestValidationError) Reason 

func (e CheckRequestValidationError) Reason() string

Reason function returns reason value.

type CheckResponse 

type CheckResponse struct {

	// Status “OK“ allows the request. Any other status indicates the request should be denied, and
	// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
	// Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *status.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// An message that contains HTTP response attributes. This message is
	// used when the authorization service needs to send custom responses to the
	// downstream client or, to modify/add request headers being dispatched to the upstream.
	//
	// Types that are assignable to HttpResponse:
	//	*CheckResponse_DeniedResponse
	//	*CheckResponse_OkResponse
	HttpResponse isCheckResponse_HttpResponse `protobuf_oneof:"http_response"`
	// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
	// filter. This metadata lives in a namespace specified by the canonical name of extension filter
	// that requires it:
	//
	// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
	// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
	DynamicMetadata *_struct.Struct `protobuf:"bytes,4,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// contains filtered or unexported fields
}

Intended for gRPC and Network Authorization servers “only“.

func (*CheckResponse) Descriptor deprecated 

func (*CheckResponse) Descriptor() ([]byte, []int)

Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead.

func (*CheckResponse) GetDeniedResponse 

func (x *CheckResponse) GetDeniedResponse() *DeniedHttpResponse

func (*CheckResponse) GetDynamicMetadata 

func (x *CheckResponse) GetDynamicMetadata() *_struct.Struct

func (*CheckResponse) GetHttpResponse 

func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse

func (*CheckResponse) GetOkResponse 

func (x *CheckResponse) GetOkResponse() *OkHttpResponse

func (*CheckResponse) GetStatus 

func (x *CheckResponse) GetStatus() *status.Status

func (*CheckResponse) ProtoMessage 

func (*CheckResponse) ProtoMessage()

func (*CheckResponse) ProtoReflect 

func (x *CheckResponse) ProtoReflect() protoreflect.Message

func (*CheckResponse) Reset 

func (x *CheckResponse) Reset()

func (*CheckResponse) String 

func (x *CheckResponse) String() string

func (*CheckResponse) Validate 

func (m *CheckResponse) Validate() error

Validate checks the field values on CheckResponse with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*CheckResponse) ValidateAll 

func (m *CheckResponse) ValidateAll() error

ValidateAll checks the field values on CheckResponse with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in CheckResponseMultiError, or nil if none found.

type CheckResponseMultiError 

type CheckResponseMultiError []error

CheckResponseMultiError is an error wrapping multiple validation errors returned by CheckResponse.ValidateAll() if the designated constraints aren't met.

func (CheckResponseMultiError) AllErrors 

func (m CheckResponseMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (CheckResponseMultiError) Error 

func (m CheckResponseMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type CheckResponseValidationError 

type CheckResponseValidationError struct {
	// contains filtered or unexported fields
}

CheckResponseValidationError is the validation error returned by CheckResponse.Validate if the designated constraints aren't met.

func (CheckResponseValidationError) Cause 

func (e CheckResponseValidationError) Cause() error

Cause function returns cause value.

func (CheckResponseValidationError) Error 

func (e CheckResponseValidationError) Error() string

Error satisfies the builtin error interface

func (CheckResponseValidationError) ErrorName 

func (e CheckResponseValidationError) ErrorName() string

ErrorName returns error name.

func (CheckResponseValidationError) Field 

func (e CheckResponseValidationError) Field() string

Field function returns field value.

func (CheckResponseValidationError) Key 

func (e CheckResponseValidationError) Key() bool

Key function returns key value.

func (CheckResponseValidationError) Reason 

func (e CheckResponseValidationError) Reason() string

Reason function returns reason value.

type CheckResponse_DeniedResponse 

type CheckResponse_DeniedResponse struct {
	// Supplies http attributes for a denied response.
	DeniedResponse *DeniedHttpResponse `protobuf:"bytes,2,opt,name=denied_response,json=deniedResponse,proto3,oneof"`
}

type CheckResponse_OkResponse 

type CheckResponse_OkResponse struct {
	// Supplies http attributes for an ok response.
	OkResponse *OkHttpResponse `protobuf:"bytes,3,opt,name=ok_response,json=okResponse,proto3,oneof"`
}

type DeniedHttpResponse 

type DeniedHttpResponse struct {

	// This field allows the authorization service to send an HTTP response status code to the
	// downstream client. If not set, Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *v3.HttpStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// This field allows the authorization service to send a response body data
	// to the downstream client.
	Body string `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"`
	// contains filtered or unexported fields
}

HTTP attributes for a denied response.

func (*DeniedHttpResponse) Descriptor deprecated 

func (*DeniedHttpResponse) Descriptor() ([]byte, []int)

Deprecated: Use DeniedHttpResponse.ProtoReflect.Descriptor instead.

func (*DeniedHttpResponse) GetBody 

func (x *DeniedHttpResponse) GetBody() string

func (*DeniedHttpResponse) GetHeaders 

func (x *DeniedHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*DeniedHttpResponse) GetStatus 

func (x *DeniedHttpResponse) GetStatus() *v3.HttpStatus

func (*DeniedHttpResponse) ProtoMessage 

func (*DeniedHttpResponse) ProtoMessage()

func (*DeniedHttpResponse) ProtoReflect 

func (x *DeniedHttpResponse) ProtoReflect() protoreflect.Message

func (*DeniedHttpResponse) Reset 

func (x *DeniedHttpResponse) Reset()

func (*DeniedHttpResponse) String 

func (x *DeniedHttpResponse) String() string

func (*DeniedHttpResponse) Validate 

func (m *DeniedHttpResponse) Validate() error

Validate checks the field values on DeniedHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*DeniedHttpResponse) ValidateAll 

func (m *DeniedHttpResponse) ValidateAll() error

ValidateAll checks the field values on DeniedHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in DeniedHttpResponseMultiError, or nil if none found.

type DeniedHttpResponseMultiError 

type DeniedHttpResponseMultiError []error

DeniedHttpResponseMultiError is an error wrapping multiple validation errors returned by DeniedHttpResponse.ValidateAll() if the designated constraints aren't met.

func (DeniedHttpResponseMultiError) AllErrors 

func (m DeniedHttpResponseMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (DeniedHttpResponseMultiError) Error 

func (m DeniedHttpResponseMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type DeniedHttpResponseValidationError 

type DeniedHttpResponseValidationError struct {
	// contains filtered or unexported fields
}

DeniedHttpResponseValidationError is the validation error returned by DeniedHttpResponse.Validate if the designated constraints aren't met.

func (DeniedHttpResponseValidationError) Cause 

func (e DeniedHttpResponseValidationError) Cause() error

Cause function returns cause value.

func (DeniedHttpResponseValidationError) Error 

func (e DeniedHttpResponseValidationError) Error() string

Error satisfies the builtin error interface

func (DeniedHttpResponseValidationError) ErrorName 

func (e DeniedHttpResponseValidationError) ErrorName() string

ErrorName returns error name.

func (DeniedHttpResponseValidationError) Field 

func (e DeniedHttpResponseValidationError) Field() string

Field function returns field value.

func (DeniedHttpResponseValidationError) Key 

func (e DeniedHttpResponseValidationError) Key() bool

Key function returns key value.

func (DeniedHttpResponseValidationError) Reason 

func (e DeniedHttpResponseValidationError) Reason() string

Reason function returns reason value.

type OkHttpResponse 

type OkHttpResponse struct {

	// HTTP entity headers in addition to the original request headers. This allows the authorization
	// service to append, to add or to override headers from the original request before
	// dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message. By setting the “append“ field to “true“,
	// the filter will append the correspondent header value to the matched request header.
	// By leaving “append“ as false, the filter will either add a new header, or override an existing
	// one if there is a match.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// HTTP entity headers to remove from the original request before dispatching
	// it to the upstream. This allows the authorization service to act on auth
	// related headers (like “Authorization“), process them, and consume them.
	// Under this model, the upstream will either receive the request (if it's
	// authorized) or not receive it (if it's not), but will not see headers
	// containing authorization credentials.
	//
	// Pseudo headers (such as “:authority“, “:method“, “:path“ etc), as well as
	// the header “Host“, may not be removed as that would make the request
	// malformed. If mentioned in “headers_to_remove“ these special headers will
	// be ignored.
	//
	// When using the HTTP service this must instead be set by the HTTP
	// authorization service as a comma separated list like so:
	// “x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header“.
	HeadersToRemove []string `protobuf:"bytes,5,rep,name=headers_to_remove,json=headersToRemove,proto3" json:"headers_to_remove,omitempty"`
	// This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
	// setting this field overrides :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
	//
	// Deprecated: Do not use.
	DynamicMetadata *_struct.Struct `protobuf:"bytes,3,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
	// defaults to false when used in this message.
	ResponseHeadersToAdd []*v31.HeaderValueOption `protobuf:"bytes,6,rep,name=response_headers_to_add,json=responseHeadersToAdd,proto3" json:"response_headers_to_add,omitempty"`
	// This field allows the authorization service to set (and overwrite) query
	// string parameters on the original request before it is sent upstream.
	QueryParametersToSet []*v31.QueryParameter `protobuf:"bytes,7,rep,name=query_parameters_to_set,json=queryParametersToSet,proto3" json:"query_parameters_to_set,omitempty"`
	// This field allows the authorization service to specify which query parameters
	// should be removed from the original request before it is sent upstream. Each
	// element in this list is a case-sensitive query parameter name to be removed.
	QueryParametersToRemove []string `` /* 134-byte string literal not displayed */
	// contains filtered or unexported fields
}

HTTP attributes for an OK response. [#next-free-field: 9]

func (*OkHttpResponse) Descriptor deprecated 

func (*OkHttpResponse) Descriptor() ([]byte, []int)

Deprecated: Use OkHttpResponse.ProtoReflect.Descriptor instead.

func (*OkHttpResponse) GetDynamicMetadata deprecated 

func (x *OkHttpResponse) GetDynamicMetadata() *_struct.Struct

Deprecated: Do not use.

func (*OkHttpResponse) GetHeaders 

func (x *OkHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*OkHttpResponse) GetHeadersToRemove 

func (x *OkHttpResponse) GetHeadersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToRemove 

func (x *OkHttpResponse) GetQueryParametersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToSet 

func (x *OkHttpResponse) GetQueryParametersToSet() []*v31.QueryParameter

func (*OkHttpResponse) GetResponseHeadersToAdd 

func (x *OkHttpResponse) GetResponseHeadersToAdd() []*v31.HeaderValueOption

func (*OkHttpResponse) ProtoMessage 

func (*OkHttpResponse) ProtoMessage()

func (*OkHttpResponse) ProtoReflect 

func (x *OkHttpResponse) ProtoReflect() protoreflect.Message

func (*OkHttpResponse) Reset 

func (x *OkHttpResponse) Reset()

func (*OkHttpResponse) String 

func (x *OkHttpResponse) String() string

func (*OkHttpResponse) Validate 

func (m *OkHttpResponse) Validate() error

Validate checks the field values on OkHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*OkHttpResponse) ValidateAll 

func (m *OkHttpResponse) ValidateAll() error

ValidateAll checks the field values on OkHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in OkHttpResponseMultiError, or nil if none found.

type OkHttpResponseMultiError 

type OkHttpResponseMultiError []error

OkHttpResponseMultiError is an error wrapping multiple validation errors returned by OkHttpResponse.ValidateAll() if the designated constraints aren't met.

func (OkHttpResponseMultiError) AllErrors 

func (m OkHttpResponseMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (OkHttpResponseMultiError) Error 

func (m OkHttpResponseMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type OkHttpResponseValidationError 

type OkHttpResponseValidationError struct {
	// contains filtered or unexported fields
}

OkHttpResponseValidationError is the validation error returned by OkHttpResponse.Validate if the designated constraints aren't met.

func (OkHttpResponseValidationError) Cause 

func (e OkHttpResponseValidationError) Cause() error

Cause function returns cause value.

func (OkHttpResponseValidationError) Error 

func (e OkHttpResponseValidationError) Error() string

Error satisfies the builtin error interface

func (OkHttpResponseValidationError) ErrorName 

func (e OkHttpResponseValidationError) ErrorName() string

ErrorName returns error name.

func (OkHttpResponseValidationError) Field 

func (e OkHttpResponseValidationError) Field() string

Field function returns field value.

func (OkHttpResponseValidationError) Key 

func (e OkHttpResponseValidationError) Key() bool

Key function returns key value.

func (OkHttpResponseValidationError) Reason 

func (e OkHttpResponseValidationError) Reason() string

Reason function returns reason value.

type UnimplementedAuthorizationServer 

type UnimplementedAuthorizationServer struct {
}

UnimplementedAuthorizationServer can be embedded to have forward compatible implementations.

func (*UnimplementedAuthorizationServer) Check 

func (*UnimplementedAuthorizationServer) Check(context.Context, *CheckRequest) (*CheckResponse, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.