oidc

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_v1_oidc_config_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type LogoutConfig 

type LogoutConfig struct {

	// A http request path that the Authservice matches against to initiate logout.
	// Whenever a request is made to that path, the Authservice will remove the Authservice-specific
	// cookies and respond with a redirect to the configured `redirect_uri`. Removing the cookies
	// causes the user to be unauthenticated in future requests.
	// If the service application has its own logout controller, then it may be desirable to have its
	// logout controller redirect to this path. If the service application does not need its own logout
	// controller, then the application's logout button/link's href can GET or POST directly to this path.
	// Required.
	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
	// A URI specifying the destination to which the Authservice will redirect any request made to the
	// logout `path`. For example, it may be desirable to redirect the logged out user to the homepage
	// of the service application, or to the
	// [logout endpoint of the OIDC Provider](https://openid.net/specs/openid-connect-session-1_0.html#RPLogout).
	// As with all redirects, the user's browser will perform a GET to this URI.
	// Required when the OIDC discovery is not used or when the OIDC discovery does not provide the
	// `end_session_endpoint`.
	RedirectUri string `protobuf:"bytes,2,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"`
	// contains filtered or unexported fields
}

When specified, the Authservice will destroy the Authservice session when a request is made to the configured path.

func (*LogoutConfig) Descriptor deprecated 

func (*LogoutConfig) Descriptor() ([]byte, []int)

Deprecated: Use LogoutConfig.ProtoReflect.Descriptor instead.

func (*LogoutConfig) GetPath 

func (x *LogoutConfig) GetPath() string

func (*LogoutConfig) GetRedirectUri 

func (x *LogoutConfig) GetRedirectUri() string

func (*LogoutConfig) ProtoMessage 

func (*LogoutConfig) ProtoMessage()

func (*LogoutConfig) ProtoReflect 

func (x *LogoutConfig) ProtoReflect() protoreflect.Message

func (*LogoutConfig) Reset 

func (x *LogoutConfig) Reset()

func (*LogoutConfig) String 

func (x *LogoutConfig) String() string

func (*LogoutConfig) Validate 

func (m *LogoutConfig) Validate() error

Validate checks the field values on LogoutConfig with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*LogoutConfig) ValidateAll 

func (m *LogoutConfig) ValidateAll() error

ValidateAll checks the field values on LogoutConfig with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in LogoutConfigMultiError, or nil if none found.

type LogoutConfigMultiError 

type LogoutConfigMultiError []error

LogoutConfigMultiError is an error wrapping multiple validation errors returned by LogoutConfig.ValidateAll() if the designated constraints aren't met.

func (LogoutConfigMultiError) AllErrors 

func (m LogoutConfigMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (LogoutConfigMultiError) Error 

func (m LogoutConfigMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type LogoutConfigValidationError 

type LogoutConfigValidationError struct {
	// contains filtered or unexported fields
}

LogoutConfigValidationError is the validation error returned by LogoutConfig.Validate if the designated constraints aren't met.

func (LogoutConfigValidationError) Cause 

func (e LogoutConfigValidationError) Cause() error

Cause function returns cause value.

func (LogoutConfigValidationError) Error 

func (e LogoutConfigValidationError) Error() string

Error satisfies the builtin error interface

func (LogoutConfigValidationError) ErrorName 

func (e LogoutConfigValidationError) ErrorName() string

ErrorName returns error name.

func (LogoutConfigValidationError) Field 

func (e LogoutConfigValidationError) Field() string

Field function returns field value.

func (LogoutConfigValidationError) Key 

func (e LogoutConfigValidationError) Key() bool

Key function returns key value.

func (LogoutConfigValidationError) Reason 

func (e LogoutConfigValidationError) Reason() string

Reason function returns reason value.

type OIDCConfig 

type OIDCConfig struct {

	// The OIDC Provider's [issuer identifier](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig).
	// If this is set, the endpoints will be dynamically retrieved from the OIDC Provider's configuration endpoint.
	ConfigurationUri string `protobuf:"bytes,19,opt,name=configuration_uri,json=configurationUri,proto3" json:"configuration_uri,omitempty"`
	// The OIDC Provider's [authorization endpoint](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint).
	// Required if `configuration_uri` is not set.
	AuthorizationUri string `protobuf:"bytes,1,opt,name=authorization_uri,json=authorizationUri,proto3" json:"authorization_uri,omitempty"`
	// The OIDC Provider's [token endpoint](https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint).
	// Required if `configuration_uri` is not set.
	TokenUri string `protobuf:"bytes,2,opt,name=token_uri,json=tokenUri,proto3" json:"token_uri,omitempty"`
	// This value will be used as the `redirect_uri` param of the authorization code grant
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// This URL must be one of the Redirection URI values for the Client pre-registered at the OIDC provider.
	// Note: The Istio gateway's VirtualService must be prepared to ensure that this URL will get routed to
	// the service so that the Authservice can intercept the request and handle it
	// (see [example](https://github.com/istio-ecosystem/authservice/blob/master/bookinfo-example/config/bookinfo-gateway.yaml)).
	// Required.
	CallbackUri string `protobuf:"bytes,3,opt,name=callback_uri,json=callbackUri,proto3" json:"callback_uri,omitempty"`
	// Types that are assignable to JwksConfig:
	//
	//	*OIDCConfig_Jwks
	//	*OIDCConfig_JwksFetcher
	JwksConfig isOIDCConfig_JwksConfig `protobuf_oneof:"jwks_config"`
	// The OIDC client ID assigned to the filter to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// Required.
	// The client ID is used to authenticate to the Token endpoint using HTTP Basic Auth and it
	// must not contain a colon (":") character.
	ClientId string `protobuf:"bytes,5,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// Types that are assignable to ClientSecretConfig:
	//
	//	*OIDCConfig_ClientSecret
	//	*OIDCConfig_ClientSecretRef
	ClientSecretConfig isOIDCConfig_ClientSecretConfig `protobuf_oneof:"client_secret_config"`
	// Additional scopes passed to the OIDC Provider in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// The `openid` scope is always sent to the OIDC Provider, and does not need to be specified here.
	// Required, but an empty array is allowed.
	Scopes []string `protobuf:"bytes,7,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// A unique identifier of the Authservice's browser cookies. Can be any string.
	// Needed when multiple services in the same domain are each protected by
	// their own Authservice, in which case each service's Authservice should have
	// a unique value to avoid cookie name conflicts. Also needed when an Authservice
	// is configured with multiple `oidc` filters (across multiple `chains`), each
	// sharing a Redis server for their session storage, to avoid having those
	// `oidc` filters read/write the same sessions in Redis.
	// Optional.
	CookieNamePrefix string `protobuf:"bytes,8,opt,name=cookie_name_prefix,json=cookieNamePrefix,proto3" json:"cookie_name_prefix,omitempty"`
	// The configuration for adding ID Tokens as headers to requests forwarded to a service.
	// Required.
	IdToken *TokenConfig `protobuf:"bytes,9,opt,name=id_token,json=idToken,proto3" json:"id_token,omitempty"`
	// The configuration for adding Access Tokens as headers to requests forwarded to a service.
	// Optional.
	AccessToken *TokenConfig `protobuf:"bytes,10,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	// When specified, the Authservice will destroy the Authservice session when a request is
	// made to the configured path.
	// Optional.
	Logout *LogoutConfig `protobuf:"bytes,11,opt,name=logout,proto3" json:"logout,omitempty"`
	// The Authservice associates obtained OIDC tokens with a session ID in a session store.
	// It also stores some temporary information during the login process into the session store,
	// which will be removed when the user finishes the login.
	// This configuration option sets the number of seconds since a user's session with the Authservice has started
	// until that session should expire.
	// When configured to `0`, which is the default value, the session will never timeout based on the time
	// that it was started, but can still timeout due to being idle.
	// When both `absolute_session_timeout` and `idle_session_timeout` are zero, then sessions will never
	// expire. These settings do not affect how quickly the OIDC tokens contained inside the user's session expire.
	// Optional.
	AbsoluteSessionTimeout uint32 `` /* 131-byte string literal not displayed */
	// The Authservice associates obtained OIDC tokens with a session ID in a session store.
	// It also stores some temporary information during the login process into the session store,
	// which will be removed when the user finishes the login.
	// This configuration option sets the number of seconds since the most recent incoming request from that user
	// until the user's session with the Authservice should expire.
	// When configured to `0`, which is the default value, session expiration will not consider idle time,
	// but can still consider timeout based on maximum absolute time since added.
	// When both `absolute_session_timeout` and `idle_session_timeout` are zero, then sessions will never
	// expire. These settings do not affect how quickly the OIDC tokens contained inside the user's session expire.
	// Optional.
	IdleSessionTimeout uint32 `protobuf:"varint,13,opt,name=idle_session_timeout,json=idleSessionTimeout,proto3" json:"idle_session_timeout,omitempty"`
	// When specified, the Authservice will trust the specified Certificate Authority when performing HTTPS calls to
	// the OIDC Identity Provider.
	//
	// Types that are assignable to TrustedCaConfig:
	//
	//	*OIDCConfig_TrustedCertificateAuthority
	//	*OIDCConfig_TrustedCertificateAuthorityFile
	TrustedCaConfig isOIDCConfig_TrustedCaConfig `protobuf_oneof:"trusted_ca_config"`
	// The duration between refreshes of the trusted certificate authority if `trusted_certificate_authority_file` is set.
	// Unset or 0 (the default) disables the refresh, useful is no rotation is expected.
	// Is a String that ends in `s` to indicate seconds and is preceded by the number of seconds, e.g. `120s` (represents 2 minutes).
	// Optional.
	TrustedCertificateAuthorityRefreshInterval *durationpb.Duration `` /* 194-byte string literal not displayed */
	// The Authservice makes two kinds of direct network connections directly to the OIDC Provider.
	// Both are POST requests to the configured `token_uri` of the OIDC Provider.
	// The first is to exchange the authorization code for tokens, and the other is to use the
	// refresh token to obtain new tokens. Configure the `proxy_uri` when
	// both of these requests should be made through a web proxy. The format of `proxy_uri` is
	// `http://proxyserver.example.com:8080`, where `:<port_number>` is optional.
	// Userinfo (usernames and passwords) in the `proxy_uri` setting are not yet supported.
	// The `proxy_uri` should always start with `http://`.
	// The Authservice will upgrade the connection to the OIDC provider to HTTPS using
	// an HTTP CONNECT request to the proxy server. The proxy server will see the hostname and port number
	// of the OIDC provider in plain text in the CONNECT request, but all other communication will occur
	// over an encrypted HTTPS connection negotiated directly between the Authservice and
	// the OIDC provider. See also the related `trusted_certificate_authority` configuration option.
	// Optional.
	ProxyUri string `protobuf:"bytes,15,opt,name=proxy_uri,json=proxyUri,proto3" json:"proxy_uri,omitempty"`
	// When specified, the Authservice will use the configured Redis server to store session data.
	// Optional.
	RedisSessionStoreConfig *RedisConfig `` /* 135-byte string literal not displayed */
	// If set to true, the verification of the destination certificate will be skipped when
	// making a request to the Token Endpoint. This option is useful when you want to use a
	// self-signed certificate for testing purposes, but basically should not be set to true
	// in any other cases.
	// Optional.
	SkipVerifyPeerCert *structpb.Value `protobuf:"bytes,18,opt,name=skip_verify_peer_cert,json=skipVerifyPeerCert,proto3" json:"skip_verify_peer_cert,omitempty"` // keep this field out from the trusted_ca_config one of for backward compatibility.
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect filter that can be used to retrieve identity and access tokens via the standard authorization code grant flow from an OIDC Provider.

func (*OIDCConfig) Descriptor deprecated 

func (*OIDCConfig) Descriptor() ([]byte, []int)

Deprecated: Use OIDCConfig.ProtoReflect.Descriptor instead.

func (*OIDCConfig) GetAbsoluteSessionTimeout 

func (x *OIDCConfig) GetAbsoluteSessionTimeout() uint32

func (*OIDCConfig) GetAccessToken 

func (x *OIDCConfig) GetAccessToken() *TokenConfig

func (*OIDCConfig) GetAuthorizationUri 

func (x *OIDCConfig) GetAuthorizationUri() string

func (*OIDCConfig) GetCallbackUri 

func (x *OIDCConfig) GetCallbackUri() string

func (*OIDCConfig) GetClientId 

func (x *OIDCConfig) GetClientId() string

func (*OIDCConfig) GetClientSecret 

func (x *OIDCConfig) GetClientSecret() string

func (*OIDCConfig) GetClientSecretConfig 

func (m *OIDCConfig) GetClientSecretConfig() isOIDCConfig_ClientSecretConfig

func (*OIDCConfig) GetClientSecretRef 

func (x *OIDCConfig) GetClientSecretRef() *OIDCConfig_SecretReference

func (*OIDCConfig) GetConfigurationUri 

func (x *OIDCConfig) GetConfigurationUri() string

func (*OIDCConfig) GetCookieNamePrefix 

func (x *OIDCConfig) GetCookieNamePrefix() string

func (*OIDCConfig) GetIdToken 

func (x *OIDCConfig) GetIdToken() *TokenConfig

func (*OIDCConfig) GetIdleSessionTimeout 

func (x *OIDCConfig) GetIdleSessionTimeout() uint32

func (*OIDCConfig) GetJwks 

func (x *OIDCConfig) GetJwks() string

func (*OIDCConfig) GetJwksConfig 

func (m *OIDCConfig) GetJwksConfig() isOIDCConfig_JwksConfig

func (*OIDCConfig) GetJwksFetcher 

func (x *OIDCConfig) GetJwksFetcher() *OIDCConfig_JwksFetcherConfig

func (*OIDCConfig) GetLogout 

func (x *OIDCConfig) GetLogout() *LogoutConfig

func (*OIDCConfig) GetProxyUri 

func (x *OIDCConfig) GetProxyUri() string

func (*OIDCConfig) GetRedisSessionStoreConfig 

func (x *OIDCConfig) GetRedisSessionStoreConfig() *RedisConfig

func (*OIDCConfig) GetScopes 

func (x *OIDCConfig) GetScopes() []string

func (*OIDCConfig) GetSkipVerifyPeerCert 

func (x *OIDCConfig) GetSkipVerifyPeerCert() *structpb.Value

func (*OIDCConfig) GetTokenUri 

func (x *OIDCConfig) GetTokenUri() string

func (*OIDCConfig) GetTrustedCaConfig 

func (m *OIDCConfig) GetTrustedCaConfig() isOIDCConfig_TrustedCaConfig

func (*OIDCConfig) GetTrustedCertificateAuthority 

func (x *OIDCConfig) GetTrustedCertificateAuthority() string

func (*OIDCConfig) GetTrustedCertificateAuthorityFile 

func (x *OIDCConfig) GetTrustedCertificateAuthorityFile() string

func (*OIDCConfig) GetTrustedCertificateAuthorityRefreshInterval 

func (x *OIDCConfig) GetTrustedCertificateAuthorityRefreshInterval() *durationpb.Duration

func (*OIDCConfig) ProtoMessage 

func (*OIDCConfig) ProtoMessage()

func (*OIDCConfig) ProtoReflect 

func (x *OIDCConfig) ProtoReflect() protoreflect.Message

func (*OIDCConfig) Reset 

func (x *OIDCConfig) Reset()

func (*OIDCConfig) String 

func (x *OIDCConfig) String() string

func (*OIDCConfig) Validate 

func (m *OIDCConfig) Validate() error

Validate checks the field values on OIDCConfig with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*OIDCConfig) ValidateAll 

func (m *OIDCConfig) ValidateAll() error

ValidateAll checks the field values on OIDCConfig with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in OIDCConfigMultiError, or nil if none found.

type OIDCConfigMultiError 

type OIDCConfigMultiError []error

OIDCConfigMultiError is an error wrapping multiple validation errors returned by OIDCConfig.ValidateAll() if the designated constraints aren't met.

func (OIDCConfigMultiError) AllErrors 

func (m OIDCConfigMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (OIDCConfigMultiError) Error 

func (m OIDCConfigMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type OIDCConfigValidationError 

type OIDCConfigValidationError struct {
	// contains filtered or unexported fields
}

OIDCConfigValidationError is the validation error returned by OIDCConfig.Validate if the designated constraints aren't met.

func (OIDCConfigValidationError) Cause 

func (e OIDCConfigValidationError) Cause() error

Cause function returns cause value.

func (OIDCConfigValidationError) Error 

func (e OIDCConfigValidationError) Error() string

Error satisfies the builtin error interface

func (OIDCConfigValidationError) ErrorName 

func (e OIDCConfigValidationError) ErrorName() string

ErrorName returns error name.

func (OIDCConfigValidationError) Field 

func (e OIDCConfigValidationError) Field() string

Field function returns field value.

func (OIDCConfigValidationError) Key 

func (e OIDCConfigValidationError) Key() bool

Key function returns key value.

func (OIDCConfigValidationError) Reason 

func (e OIDCConfigValidationError) Reason() string

Reason function returns reason value.

type OIDCConfig_ClientSecret 

type OIDCConfig_ClientSecret struct {
	// The OIDC client secret assigned to the filter to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// This field keeps the client secret in plain text. Recommend to use `client_secret_ref` instead
	// when running in a Kubernetes cluster.
	ClientSecret string `protobuf:"bytes,6,opt,name=client_secret,json=clientSecret,proto3,oneof"`
}

type OIDCConfig_ClientSecretRef 

type OIDCConfig_ClientSecretRef struct {
	// The Kubernetes secret that contains the OIDC client secret assigned to the filter to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	//
	// This is an Opaque secret. The client secret should be stored in the key "client-secret".
	// This filed is only valid when running in a Kubernetes cluster.
	ClientSecretRef *OIDCConfig_SecretReference `protobuf:"bytes,21,opt,name=client_secret_ref,json=clientSecretRef,proto3,oneof"`
}

type OIDCConfig_Jwks 

type OIDCConfig_Jwks struct {
	// The JSON JWKS response from the OIDC provider’s `jwks_uri` URI which can be found in
	// the OIDC provider's
	// [configuration response](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse).
	// Note that this JSON value must be escaped when embedded in a json configmap
	// (see [example](https://github.com/istio-ecosystem/authservice/blob/master/bookinfo-example/config/authservice-configmap-template.yaml)).
	// Used during token verification.
	Jwks string `protobuf:"bytes,4,opt,name=jwks,proto3,oneof"`
}

type OIDCConfig_JwksFetcher 

type OIDCConfig_JwksFetcher struct {
	// Configuration to allow JWKs to be retrieved and updated asynchronously at regular intervals.
	JwksFetcher *OIDCConfig_JwksFetcherConfig `protobuf:"bytes,17,opt,name=jwks_fetcher,json=jwksFetcher,proto3,oneof"`
}

type OIDCConfig_JwksFetcherConfig 

type OIDCConfig_JwksFetcherConfig struct {

	// Request URI that has the JWKs.
	// Required if `configuration_uri` is not set.
	JwksUri string `protobuf:"bytes,1,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"`
	// Request interval to check whether new JWKs are available. If not specified,
	// default to 1200 seconds, 20min.
	// Optional.
	PeriodicFetchIntervalSec uint32 `` /* 138-byte string literal not displayed */
	// If set to true, the verification of the destination certificate will be skipped when
	// making a request to the JWKs URI. This option is useful when you want to use a
	// self-signed certificate for testing purposes, but basically should not be set to
	// true in any other cases.
	// Optional.
	// Deprecated: Use the one from the OIDCConfig instead.
	//
	// Deprecated: Marked as deprecated in v1/oidc/config.proto.
	SkipVerifyPeerCert *structpb.Value `protobuf:"bytes,3,opt,name=skip_verify_peer_cert,json=skipVerifyPeerCert,proto3" json:"skip_verify_peer_cert,omitempty"`
	// contains filtered or unexported fields
}

This message defines a setting to allow asynchronous retrieval and update of the JWK for JWT validation at regular intervals.

func (*OIDCConfig_JwksFetcherConfig) Descriptor deprecated 

func (*OIDCConfig_JwksFetcherConfig) Descriptor() ([]byte, []int)

Deprecated: Use OIDCConfig_JwksFetcherConfig.ProtoReflect.Descriptor instead.

func (*OIDCConfig_JwksFetcherConfig) GetJwksUri 

func (x *OIDCConfig_JwksFetcherConfig) GetJwksUri() string

func (*OIDCConfig_JwksFetcherConfig) GetPeriodicFetchIntervalSec 

func (x *OIDCConfig_JwksFetcherConfig) GetPeriodicFetchIntervalSec() uint32

func (*OIDCConfig_JwksFetcherConfig) GetSkipVerifyPeerCert deprecated 

func (x *OIDCConfig_JwksFetcherConfig) GetSkipVerifyPeerCert() *structpb.Value

Deprecated: Marked as deprecated in v1/oidc/config.proto.

func (*OIDCConfig_JwksFetcherConfig) ProtoMessage 

func (*OIDCConfig_JwksFetcherConfig) ProtoMessage()

func (*OIDCConfig_JwksFetcherConfig) ProtoReflect 

func (x *OIDCConfig_JwksFetcherConfig) ProtoReflect() protoreflect.Message

func (*OIDCConfig_JwksFetcherConfig) Reset 

func (x *OIDCConfig_JwksFetcherConfig) Reset()

func (*OIDCConfig_JwksFetcherConfig) String 

func (x *OIDCConfig_JwksFetcherConfig) String() string

func (*OIDCConfig_JwksFetcherConfig) Validate 

func (m *OIDCConfig_JwksFetcherConfig) Validate() error

Validate checks the field values on OIDCConfig_JwksFetcherConfig with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*OIDCConfig_JwksFetcherConfig) ValidateAll 

func (m *OIDCConfig_JwksFetcherConfig) ValidateAll() error

ValidateAll checks the field values on OIDCConfig_JwksFetcherConfig with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in OIDCConfig_JwksFetcherConfigMultiError, or nil if none found.

type OIDCConfig_JwksFetcherConfigMultiError 

type OIDCConfig_JwksFetcherConfigMultiError []error

OIDCConfig_JwksFetcherConfigMultiError is an error wrapping multiple validation errors returned by OIDCConfig_JwksFetcherConfig.ValidateAll() if the designated constraints aren't met.

func (OIDCConfig_JwksFetcherConfigMultiError) AllErrors 

func (m OIDCConfig_JwksFetcherConfigMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (OIDCConfig_JwksFetcherConfigMultiError) Error 

func (m OIDCConfig_JwksFetcherConfigMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type OIDCConfig_JwksFetcherConfigValidationError 

type OIDCConfig_JwksFetcherConfigValidationError struct {
	// contains filtered or unexported fields
}

OIDCConfig_JwksFetcherConfigValidationError is the validation error returned by OIDCConfig_JwksFetcherConfig.Validate if the designated constraints aren't met.

func (OIDCConfig_JwksFetcherConfigValidationError) Cause 

func (e OIDCConfig_JwksFetcherConfigValidationError) Cause() error

Cause function returns cause value.

func (OIDCConfig_JwksFetcherConfigValidationError) Error 

func (e OIDCConfig_JwksFetcherConfigValidationError) Error() string

Error satisfies the builtin error interface

func (OIDCConfig_JwksFetcherConfigValidationError) ErrorName 

func (e OIDCConfig_JwksFetcherConfigValidationError) ErrorName() string

ErrorName returns error name.

func (OIDCConfig_JwksFetcherConfigValidationError) Field 

func (e OIDCConfig_JwksFetcherConfigValidationError) Field() string

Field function returns field value.

func (OIDCConfig_JwksFetcherConfigValidationError) Key 

func (e OIDCConfig_JwksFetcherConfigValidationError) Key() bool

Key function returns key value.

func (OIDCConfig_JwksFetcherConfigValidationError) Reason 

func (e OIDCConfig_JwksFetcherConfigValidationError) Reason() string

Reason function returns reason value.

type OIDCConfig_SecretReference 

type OIDCConfig_SecretReference struct {

	// The namespace of the referenced Secret, if not set, default to "default" namespace.
	Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// The name of the referenced Secret.
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

This message defines a reference to a Kubernetes Secret resource.

func (*OIDCConfig_SecretReference) Descriptor deprecated 

func (*OIDCConfig_SecretReference) Descriptor() ([]byte, []int)

Deprecated: Use OIDCConfig_SecretReference.ProtoReflect.Descriptor instead.

func (*OIDCConfig_SecretReference) GetName 

func (x *OIDCConfig_SecretReference) GetName() string

func (*OIDCConfig_SecretReference) GetNamespace 

func (x *OIDCConfig_SecretReference) GetNamespace() string

func (*OIDCConfig_SecretReference) ProtoMessage 

func (*OIDCConfig_SecretReference) ProtoMessage()

func (*OIDCConfig_SecretReference) ProtoReflect 

func (x *OIDCConfig_SecretReference) ProtoReflect() protoreflect.Message

func (*OIDCConfig_SecretReference) Reset 

func (x *OIDCConfig_SecretReference) Reset()

func (*OIDCConfig_SecretReference) String 

func (x *OIDCConfig_SecretReference) String() string

func (*OIDCConfig_SecretReference) Validate 

func (m *OIDCConfig_SecretReference) Validate() error

Validate checks the field values on OIDCConfig_SecretReference with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*OIDCConfig_SecretReference) ValidateAll 

func (m *OIDCConfig_SecretReference) ValidateAll() error

ValidateAll checks the field values on OIDCConfig_SecretReference with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in OIDCConfig_SecretReferenceMultiError, or nil if none found.

type OIDCConfig_SecretReferenceMultiError 

type OIDCConfig_SecretReferenceMultiError []error

OIDCConfig_SecretReferenceMultiError is an error wrapping multiple validation errors returned by OIDCConfig_SecretReference.ValidateAll() if the designated constraints aren't met.

func (OIDCConfig_SecretReferenceMultiError) AllErrors 

func (m OIDCConfig_SecretReferenceMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (OIDCConfig_SecretReferenceMultiError) Error 

func (m OIDCConfig_SecretReferenceMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type OIDCConfig_SecretReferenceValidationError 

type OIDCConfig_SecretReferenceValidationError struct {
	// contains filtered or unexported fields
}

OIDCConfig_SecretReferenceValidationError is the validation error returned by OIDCConfig_SecretReference.Validate if the designated constraints aren't met.

func (OIDCConfig_SecretReferenceValidationError) Cause 

func (e OIDCConfig_SecretReferenceValidationError) Cause() error

Cause function returns cause value.

func (OIDCConfig_SecretReferenceValidationError) Error 

func (e OIDCConfig_SecretReferenceValidationError) Error() string

Error satisfies the builtin error interface

func (OIDCConfig_SecretReferenceValidationError) ErrorName 

func (e OIDCConfig_SecretReferenceValidationError) ErrorName() string

ErrorName returns error name.

func (OIDCConfig_SecretReferenceValidationError) Field 

func (e OIDCConfig_SecretReferenceValidationError) Field() string

Field function returns field value.

func (OIDCConfig_SecretReferenceValidationError) Key 

func (e OIDCConfig_SecretReferenceValidationError) Key() bool

Key function returns key value.

func (OIDCConfig_SecretReferenceValidationError) Reason 

func (e OIDCConfig_SecretReferenceValidationError) Reason() string

Reason function returns reason value.

type OIDCConfig_TrustedCertificateAuthority 

type OIDCConfig_TrustedCertificateAuthority struct {
	// String PEM-encoded certificate authority to trust when performing HTTPS calls to the OIDC Identity Provider.
	// Optional.
	TrustedCertificateAuthority string `protobuf:"bytes,14,opt,name=trusted_certificate_authority,json=trustedCertificateAuthority,proto3,oneof"`
}

type OIDCConfig_TrustedCertificateAuthorityFile 

type OIDCConfig_TrustedCertificateAuthorityFile struct {
	// The file path to the PEM-encoded certificate authority to trust when performing HTTPS calls to the OIDC Identity Provider.
	// Optional.
	TrustedCertificateAuthorityFile string `protobuf:"bytes,20,opt,name=trusted_certificate_authority_file,json=trustedCertificateAuthorityFile,proto3,oneof"`
}

type RedisConfig 

type RedisConfig struct {

	// The Redis server uri, e.g. "tcp://127.0.0.1:6379"
	ServerUri string `protobuf:"bytes,1,opt,name=server_uri,json=serverUri,proto3" json:"server_uri,omitempty"`
	// contains filtered or unexported fields
}

When specified, the Authservice will use the configured Redis server to store session data

func (*RedisConfig) Descriptor deprecated 

func (*RedisConfig) Descriptor() ([]byte, []int)

Deprecated: Use RedisConfig.ProtoReflect.Descriptor instead.

func (*RedisConfig) GetServerUri 

func (x *RedisConfig) GetServerUri() string

func (*RedisConfig) ProtoMessage 

func (*RedisConfig) ProtoMessage()

func (*RedisConfig) ProtoReflect 

func (x *RedisConfig) ProtoReflect() protoreflect.Message

func (*RedisConfig) Reset 

func (x *RedisConfig) Reset()

func (*RedisConfig) String 

func (x *RedisConfig) String() string

func (*RedisConfig) Validate 

func (m *RedisConfig) Validate() error

Validate checks the field values on RedisConfig with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*RedisConfig) ValidateAll 

func (m *RedisConfig) ValidateAll() error

ValidateAll checks the field values on RedisConfig with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in RedisConfigMultiError, or nil if none found.

type RedisConfigMultiError 

type RedisConfigMultiError []error

RedisConfigMultiError is an error wrapping multiple validation errors returned by RedisConfig.ValidateAll() if the designated constraints aren't met.

func (RedisConfigMultiError) AllErrors 

func (m RedisConfigMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (RedisConfigMultiError) Error 

func (m RedisConfigMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type RedisConfigValidationError 

type RedisConfigValidationError struct {
	// contains filtered or unexported fields
}

RedisConfigValidationError is the validation error returned by RedisConfig.Validate if the designated constraints aren't met.

func (RedisConfigValidationError) Cause 

func (e RedisConfigValidationError) Cause() error

Cause function returns cause value.

func (RedisConfigValidationError) Error 

func (e RedisConfigValidationError) Error() string

Error satisfies the builtin error interface

func (RedisConfigValidationError) ErrorName 

func (e RedisConfigValidationError) ErrorName() string

ErrorName returns error name.

func (RedisConfigValidationError) Field 

func (e RedisConfigValidationError) Field() string

Field function returns field value.

func (RedisConfigValidationError) Key 

func (e RedisConfigValidationError) Key() bool

Key function returns key value.

func (RedisConfigValidationError) Reason 

func (e RedisConfigValidationError) Reason() string

Reason function returns reason value.

type TokenConfig 

type TokenConfig struct {

	// The name of the header that Authservice adds to the request when forwarding to services.
	// The value of this header will contain the `preamble` and the token.
	// This value is case-insensitive, as http header names are case-insensitive.
	// Note that this value must be `Authorization` for the
	// [Istio Authentication Policy](https://istio.io/docs/tasks/security/authn-policy/)
	// to inspect the token.
	// Required.
	Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
	// The authentication scheme of the token.
	// For example, when the preamble is `Bearer` and `header` is `Authorization`, the following
	// header will be added to the request to the service: `Authorization: Bearer ID_TOKEN_VALUE`.
	// Note that this value must be `Bearer`, case-sensitive, when header is `Authorization`.
	// Optional.
	Preamble string `protobuf:"bytes,2,opt,name=preamble,proto3" json:"preamble,omitempty"`
	// contains filtered or unexported fields
}

Defines how a token obtained through an OIDC flow is forwarded to services.

func (*TokenConfig) Descriptor deprecated 

func (*TokenConfig) Descriptor() ([]byte, []int)

Deprecated: Use TokenConfig.ProtoReflect.Descriptor instead.

func (*TokenConfig) GetHeader 

func (x *TokenConfig) GetHeader() string

func (*TokenConfig) GetPreamble 

func (x *TokenConfig) GetPreamble() string

func (*TokenConfig) ProtoMessage 

func (*TokenConfig) ProtoMessage()

func (*TokenConfig) ProtoReflect 

func (x *TokenConfig) ProtoReflect() protoreflect.Message

func (*TokenConfig) Reset 

func (x *TokenConfig) Reset()

func (*TokenConfig) String 

func (x *TokenConfig) String() string

func (*TokenConfig) Validate 

func (m *TokenConfig) Validate() error

Validate checks the field values on TokenConfig with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*TokenConfig) ValidateAll 

func (m *TokenConfig) ValidateAll() error

ValidateAll checks the field values on TokenConfig with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in TokenConfigMultiError, or nil if none found.

type TokenConfigMultiError 

type TokenConfigMultiError []error

TokenConfigMultiError is an error wrapping multiple validation errors returned by TokenConfig.ValidateAll() if the designated constraints aren't met.

func (TokenConfigMultiError) AllErrors 

func (m TokenConfigMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (TokenConfigMultiError) Error 

func (m TokenConfigMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type TokenConfigValidationError 

type TokenConfigValidationError struct {
	// contains filtered or unexported fields
}

TokenConfigValidationError is the validation error returned by TokenConfig.Validate if the designated constraints aren't met.

func (TokenConfigValidationError) Cause 

func (e TokenConfigValidationError) Cause() error

Cause function returns cause value.

func (TokenConfigValidationError) Error 

func (e TokenConfigValidationError) Error() string

Error satisfies the builtin error interface

func (TokenConfigValidationError) ErrorName 

func (e TokenConfigValidationError) ErrorName() string

ErrorName returns error name.

func (TokenConfigValidationError) Field 

func (e TokenConfigValidationError) Field() string

Field function returns field value.

func (TokenConfigValidationError) Key 

func (e TokenConfigValidationError) Key() bool

Key function returns key value.

func (TokenConfigValidationError) Reason 

func (e TokenConfigValidationError) Reason() string

Reason function returns reason value.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.