auth

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 19, 2019 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidLengthCert = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowCert   = fmt.Errorf("proto: integer overflow")
)
View Source
var TlsParameters_TlsProtocol_name = map[int32]string{
	0: "TLS_AUTO",
	1: "TLSv1_0",
	2: "TLSv1_1",
	3: "TLSv1_2",
	4: "TLSv1_3",
}
View Source
var TlsParameters_TlsProtocol_value = map[string]int32{
	"TLS_AUTO": 0,
	"TLSv1_0":  1,
	"TLSv1_1":  2,
	"TLSv1_2":  3,
	"TLSv1_3":  4,
}

Functions

This section is empty.

Types

type CertificateValidationContext

type CertificateValidationContext struct {
	// TLS certificate data containing certificate authority certificates to use in verifying
	// a presented peer certificate (e.g. server certificate for clusters or client certificate
	// for listeners). If not specified and a peer certificate is presented it will not be
	// verified. By default, a client certificate is optional, unless one of the additional
	// options (:ref:`require_client_certificate
	// <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`,
	// :ref:`verify_certificate_spki
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>`,
	// :ref:`verify_certificate_hash
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or
	// :ref:`verify_subject_alt_name
	// <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also
	// specified.
	//
	// It can optionally contain certificate revocation lists, in which case Envoy will verify
	// that the presented peer certificate has not been revoked by one of the included CRLs.
	//
	// See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common
	// system CA locations.
	TrustedCa *core.DataSource `protobuf:"bytes,1,opt,name=trusted_ca,json=trustedCa,proto3" json:"trusted_ca,omitempty"`
	// An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the
	// SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate
	// matches one of the specified values.
	//
	// A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate
	// can be generated with the following command:
	//
	// .. code-block:: bash
	//
	//   $ openssl x509 -in path/to/client.crt -noout -pubkey \
	//     | openssl pkey -pubin -outform DER \
	//     | openssl dgst -sha256 -binary \
	//     | openssl enc -base64
	//   NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A=
	//
	// This is the format used in HTTP Public Key Pinning.
	//
	// When both:
	// :ref:`verify_certificate_hash
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and
	// :ref:`verify_certificate_spki
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified,
	// a hash matching value from either of the lists will result in the certificate being accepted.
	//
	// .. attention::
	//
	//   This option is preferred over :ref:`verify_certificate_hash
	//   <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`,
	//   because SPKI is tied to a private key, so it doesn't change when the certificate
	//   is renewed using the same private key.
	VerifyCertificateSpki []string `` /* 126-byte string literal not displayed */
	// An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that
	// the SHA-256 of the DER-encoded presented certificate matches one of the specified values.
	//
	// A hex-encoded SHA-256 of the certificate can be generated with the following command:
	//
	// .. code-block:: bash
	//
	//   $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2
	//   df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a
	//
	// A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate
	// can be generated with the following command:
	//
	// .. code-block:: bash
	//
	//   $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2
	//   DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A
	//
	// Both of those formats are acceptable.
	//
	// When both:
	// :ref:`verify_certificate_hash
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and
	// :ref:`verify_certificate_spki
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified,
	// a hash matching value from either of the lists will result in the certificate being accepted.
	VerifyCertificateHash []string `` /* 126-byte string literal not displayed */
	// An optional list of Subject Alternative Names. If specified, Envoy will verify that the
	// Subject Alternative Name of the presented certificate matches one of the specified values.
	//
	// .. attention::
	//
	//   Subject Alternative Names are easily spoofable and verifying only them is insecure,
	//   therefore this option must be used together with :ref:`trusted_ca
	//   <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`.
	VerifySubjectAltName []string `protobuf:"bytes,4,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"`
	// [#not-implemented-hide:] Must present a signed time-stamped OCSP response.
	RequireOcspStaple *types.BoolValue `protobuf:"bytes,5,opt,name=require_ocsp_staple,json=requireOcspStaple,proto3" json:"require_ocsp_staple,omitempty"`
	// [#not-implemented-hide:] Must present signed certificate time-stamp.
	RequireSignedCertificateTimestamp *types.BoolValue `` /* 164-byte string literal not displayed */
	// An optional `certificate revocation list
	// <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
	// (in PEM format). If specified, Envoy will verify that the presented peer
	// certificate has not been revoked by this CRL. If this DataSource contains
	// multiple CRLs, all of them will be used.
	Crl *core.DataSource `protobuf:"bytes,7,opt,name=crl,proto3" json:"crl,omitempty"`
	// If specified, Envoy will not reject expired certificates.
	AllowExpiredCertificate bool     `` /* 133-byte string literal not displayed */
	XXX_NoUnkeyedLiteral    struct{} `json:"-"`
	XXX_unrecognized        []byte   `json:"-"`
	XXX_sizecache           int32    `json:"-"`
}

func (*CertificateValidationContext) Descriptor

func (*CertificateValidationContext) Descriptor() ([]byte, []int)

func (*CertificateValidationContext) Equal

func (this *CertificateValidationContext) Equal(that interface{}) bool

func (*CertificateValidationContext) GetAllowExpiredCertificate

func (m *CertificateValidationContext) GetAllowExpiredCertificate() bool

func (*CertificateValidationContext) GetCrl

func (*CertificateValidationContext) GetRequireOcspStaple

func (m *CertificateValidationContext) GetRequireOcspStaple() *types.BoolValue

func (*CertificateValidationContext) GetRequireSignedCertificateTimestamp

func (m *CertificateValidationContext) GetRequireSignedCertificateTimestamp() *types.BoolValue

func (*CertificateValidationContext) GetTrustedCa

func (m *CertificateValidationContext) GetTrustedCa() *core.DataSource

func (*CertificateValidationContext) GetVerifyCertificateHash

func (m *CertificateValidationContext) GetVerifyCertificateHash() []string

func (*CertificateValidationContext) GetVerifyCertificateSpki

func (m *CertificateValidationContext) GetVerifyCertificateSpki() []string

func (*CertificateValidationContext) GetVerifySubjectAltName

func (m *CertificateValidationContext) GetVerifySubjectAltName() []string

func (*CertificateValidationContext) Marshal

func (m *CertificateValidationContext) Marshal() (dAtA []byte, err error)

func (*CertificateValidationContext) MarshalTo

func (m *CertificateValidationContext) MarshalTo(dAtA []byte) (int, error)

func (*CertificateValidationContext) ProtoMessage

func (*CertificateValidationContext) ProtoMessage()

func (*CertificateValidationContext) Reset

func (m *CertificateValidationContext) Reset()

func (*CertificateValidationContext) Size

func (m *CertificateValidationContext) Size() (n int)

func (*CertificateValidationContext) String

func (*CertificateValidationContext) Unmarshal

func (m *CertificateValidationContext) Unmarshal(dAtA []byte) error

func (*CertificateValidationContext) Validate

func (m *CertificateValidationContext) Validate() error

Validate checks the field values on CertificateValidationContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*CertificateValidationContext) XXX_DiscardUnknown

func (m *CertificateValidationContext) XXX_DiscardUnknown()

func (*CertificateValidationContext) XXX_Marshal

func (m *CertificateValidationContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CertificateValidationContext) XXX_Merge

func (m *CertificateValidationContext) XXX_Merge(src proto.Message)

func (*CertificateValidationContext) XXX_Size

func (m *CertificateValidationContext) XXX_Size() int

func (*CertificateValidationContext) XXX_Unmarshal

func (m *CertificateValidationContext) XXX_Unmarshal(b []byte) error

type CertificateValidationContextValidationError

type CertificateValidationContextValidationError struct {
	// contains filtered or unexported fields
}

CertificateValidationContextValidationError is the validation error returned by CertificateValidationContext.Validate if the designated constraints aren't met.

func (CertificateValidationContextValidationError) Cause

Cause function returns cause value.

func (CertificateValidationContextValidationError) Error

Error satisfies the builtin error interface

func (CertificateValidationContextValidationError) ErrorName added in v0.7.0

ErrorName returns error name.

func (CertificateValidationContextValidationError) Field

Field function returns field value.

func (CertificateValidationContextValidationError) Key

Key function returns key value.

func (CertificateValidationContextValidationError) Reason

Reason function returns reason value.

type CommonTlsContext

type CommonTlsContext struct {
	// TLS protocol versions, cipher suites etc.
	TlsParams *TlsParameters `protobuf:"bytes,1,opt,name=tls_params,json=tlsParams,proto3" json:"tls_params,omitempty"`
	// :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
	// same context to allow both RSA and ECDSA certificates.
	//
	// Only a single TLS certificate is supported in client contexts. In server contexts, the first
	// RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
	// used for clients that support ECDSA.
	TlsCertificates []*TlsCertificate `protobuf:"bytes,2,rep,name=tls_certificates,json=tlsCertificates,proto3" json:"tls_certificates,omitempty"`
	// Configs for fetching TLS certificates via SDS API.
	TlsCertificateSdsSecretConfigs []*SdsSecretConfig `` /* 157-byte string literal not displayed */
	// Types that are valid to be assigned to ValidationContextType:
	//	*CommonTlsContext_ValidationContext
	//	*CommonTlsContext_ValidationContextSdsSecretConfig
	//	*CommonTlsContext_CombinedValidationContext
	ValidationContextType isCommonTlsContext_ValidationContextType `protobuf_oneof:"validation_context_type"`
	// Supplies the list of ALPN protocols that the listener should expose. In
	// practice this is likely to be set to one of two values (see the
	// :ref:`codec_type
	// <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.codec_type>`
	// parameter in the HTTP connection manager for more information):
	//
	// * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
	// * "http/1.1" If the listener is only going to support HTTP/1.1.
	//
	// There is no default for this parameter. If empty, Envoy will not expose ALPN.
	AlpnProtocols        []string `protobuf:"bytes,4,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TLS context shared by both client and server TLS contexts.

func (*CommonTlsContext) Descriptor

func (*CommonTlsContext) Descriptor() ([]byte, []int)

func (*CommonTlsContext) Equal

func (this *CommonTlsContext) Equal(that interface{}) bool

func (*CommonTlsContext) GetAlpnProtocols

func (m *CommonTlsContext) GetAlpnProtocols() []string

func (*CommonTlsContext) GetCombinedValidationContext added in v0.6.3

func (*CommonTlsContext) GetTlsCertificateSdsSecretConfigs

func (m *CommonTlsContext) GetTlsCertificateSdsSecretConfigs() []*SdsSecretConfig

func (*CommonTlsContext) GetTlsCertificates

func (m *CommonTlsContext) GetTlsCertificates() []*TlsCertificate

func (*CommonTlsContext) GetTlsParams

func (m *CommonTlsContext) GetTlsParams() *TlsParameters

func (*CommonTlsContext) GetValidationContext

func (m *CommonTlsContext) GetValidationContext() *CertificateValidationContext

func (*CommonTlsContext) GetValidationContextSdsSecretConfig

func (m *CommonTlsContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig

func (*CommonTlsContext) GetValidationContextType

func (m *CommonTlsContext) GetValidationContextType() isCommonTlsContext_ValidationContextType

func (*CommonTlsContext) Marshal

func (m *CommonTlsContext) Marshal() (dAtA []byte, err error)

func (*CommonTlsContext) MarshalTo

func (m *CommonTlsContext) MarshalTo(dAtA []byte) (int, error)

func (*CommonTlsContext) ProtoMessage

func (*CommonTlsContext) ProtoMessage()

func (*CommonTlsContext) Reset

func (m *CommonTlsContext) Reset()

func (*CommonTlsContext) Size

func (m *CommonTlsContext) Size() (n int)

func (*CommonTlsContext) String

func (m *CommonTlsContext) String() string

func (*CommonTlsContext) Unmarshal

func (m *CommonTlsContext) Unmarshal(dAtA []byte) error

func (*CommonTlsContext) Validate

func (m *CommonTlsContext) Validate() error

Validate checks the field values on CommonTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*CommonTlsContext) XXX_DiscardUnknown

func (m *CommonTlsContext) XXX_DiscardUnknown()

func (*CommonTlsContext) XXX_Marshal

func (m *CommonTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CommonTlsContext) XXX_Merge

func (m *CommonTlsContext) XXX_Merge(src proto.Message)

func (*CommonTlsContext) XXX_OneofFuncs

func (*CommonTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*CommonTlsContext) XXX_Size

func (m *CommonTlsContext) XXX_Size() int

func (*CommonTlsContext) XXX_Unmarshal

func (m *CommonTlsContext) XXX_Unmarshal(b []byte) error

type CommonTlsContextValidationError

type CommonTlsContextValidationError struct {
	// contains filtered or unexported fields
}

CommonTlsContextValidationError is the validation error returned by CommonTlsContext.Validate if the designated constraints aren't met.

func (CommonTlsContextValidationError) Cause

Cause function returns cause value.

func (CommonTlsContextValidationError) Error

Error satisfies the builtin error interface

func (CommonTlsContextValidationError) ErrorName added in v0.7.0

ErrorName returns error name.

func (CommonTlsContextValidationError) Field

Field function returns field value.

func (CommonTlsContextValidationError) Key

Key function returns key value.

func (CommonTlsContextValidationError) Reason

Reason function returns reason value.

type CommonTlsContext_CombinedCertificateValidationContext added in v0.6.3

type CommonTlsContext_CombinedCertificateValidationContext struct {
	// How to validate peer certificates.
	DefaultValidationContext *CertificateValidationContext `` /* 135-byte string literal not displayed */
	// Config for fetching validation context via SDS API.
	ValidationContextSdsSecretConfig *SdsSecretConfig `` /* 163-byte string literal not displayed */
	XXX_NoUnkeyedLiteral             struct{}         `json:"-"`
	XXX_unrecognized                 []byte           `json:"-"`
	XXX_sizecache                    int32            `json:"-"`
}

func (*CommonTlsContext_CombinedCertificateValidationContext) Descriptor added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) Equal added in v0.6.3

func (this *CommonTlsContext_CombinedCertificateValidationContext) Equal(that interface{}) bool

func (*CommonTlsContext_CombinedCertificateValidationContext) GetDefaultValidationContext added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextSdsSecretConfig added in v0.6.3

func (m *CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig

func (*CommonTlsContext_CombinedCertificateValidationContext) Marshal added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) MarshalTo added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) ProtoMessage added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) Reset added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) Size added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) String added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) Unmarshal added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) Validate added in v0.6.3

Validate checks the field values on CommonTlsContext_CombinedCertificateValidationContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_DiscardUnknown added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Marshal added in v0.6.3

func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Merge added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Size added in v0.6.3

func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Unmarshal added in v0.6.3

type CommonTlsContext_CombinedCertificateValidationContextValidationError added in v0.6.3

type CommonTlsContext_CombinedCertificateValidationContextValidationError struct {
	// contains filtered or unexported fields
}

CommonTlsContext_CombinedCertificateValidationContextValidationError is the validation error returned by CommonTlsContext_CombinedCertificateValidationContext.Validate if the designated constraints aren't met.

func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Cause added in v0.6.3

Cause function returns cause value.

func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Error added in v0.6.3

Error satisfies the builtin error interface

func (CommonTlsContext_CombinedCertificateValidationContextValidationError) ErrorName added in v0.7.0

ErrorName returns error name.

func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Field added in v0.6.3

Field function returns field value.

func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Key added in v0.6.3

Key function returns key value.

func (CommonTlsContext_CombinedCertificateValidationContextValidationError) Reason added in v0.6.3

Reason function returns reason value.

type CommonTlsContext_CombinedValidationContext added in v0.6.3

type CommonTlsContext_CombinedValidationContext struct {
	CombinedValidationContext *CommonTlsContext_CombinedCertificateValidationContext `protobuf:"bytes,8,opt,name=combined_validation_context,json=combinedValidationContext,proto3,oneof"`
}

func (*CommonTlsContext_CombinedValidationContext) Equal added in v0.6.3

func (this *CommonTlsContext_CombinedValidationContext) Equal(that interface{}) bool

func (*CommonTlsContext_CombinedValidationContext) MarshalTo added in v0.6.3

func (m *CommonTlsContext_CombinedValidationContext) MarshalTo(dAtA []byte) (int, error)

func (*CommonTlsContext_CombinedValidationContext) Size added in v0.6.3

type CommonTlsContext_ValidationContext

type CommonTlsContext_ValidationContext struct {
	ValidationContext *CertificateValidationContext `protobuf:"bytes,3,opt,name=validation_context,json=validationContext,proto3,oneof"`
}

func (*CommonTlsContext_ValidationContext) Equal

func (this *CommonTlsContext_ValidationContext) Equal(that interface{}) bool

func (*CommonTlsContext_ValidationContext) MarshalTo

func (m *CommonTlsContext_ValidationContext) MarshalTo(dAtA []byte) (int, error)

func (*CommonTlsContext_ValidationContext) Size

type CommonTlsContext_ValidationContextSdsSecretConfig

type CommonTlsContext_ValidationContextSdsSecretConfig struct {
	ValidationContextSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,7,opt,name=validation_context_sds_secret_config,json=validationContextSdsSecretConfig,proto3,oneof"`
}

func (*CommonTlsContext_ValidationContextSdsSecretConfig) Equal

func (this *CommonTlsContext_ValidationContextSdsSecretConfig) Equal(that interface{}) bool

func (*CommonTlsContext_ValidationContextSdsSecretConfig) MarshalTo

func (*CommonTlsContext_ValidationContextSdsSecretConfig) Size

type DownstreamTlsContext

type DownstreamTlsContext struct {
	// Common TLS context settings.
	CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext,proto3" json:"common_tls_context,omitempty"`
	// If specified, Envoy will reject connections without a valid client
	// certificate.
	RequireClientCertificate *types.BoolValue `` /* 135-byte string literal not displayed */
	// If specified, Envoy will reject connections without a valid and matching SNI.
	// [#not-implemented-hide:]
	RequireSni *types.BoolValue `protobuf:"bytes,3,opt,name=require_sni,json=requireSni,proto3" json:"require_sni,omitempty"`
	// Types that are valid to be assigned to SessionTicketKeysType:
	//	*DownstreamTlsContext_SessionTicketKeys
	//	*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig
	SessionTicketKeysType isDownstreamTlsContext_SessionTicketKeysType `protobuf_oneof:"session_ticket_keys_type"`
	XXX_NoUnkeyedLiteral  struct{}                                     `json:"-"`
	XXX_unrecognized      []byte                                       `json:"-"`
	XXX_sizecache         int32                                        `json:"-"`
}

func (*DownstreamTlsContext) Descriptor

func (*DownstreamTlsContext) Descriptor() ([]byte, []int)

func (*DownstreamTlsContext) Equal

func (this *DownstreamTlsContext) Equal(that interface{}) bool

func (*DownstreamTlsContext) GetCommonTlsContext

func (m *DownstreamTlsContext) GetCommonTlsContext() *CommonTlsContext

func (*DownstreamTlsContext) GetRequireClientCertificate

func (m *DownstreamTlsContext) GetRequireClientCertificate() *types.BoolValue

func (*DownstreamTlsContext) GetRequireSni

func (m *DownstreamTlsContext) GetRequireSni() *types.BoolValue

func (*DownstreamTlsContext) GetSessionTicketKeys

func (m *DownstreamTlsContext) GetSessionTicketKeys() *TlsSessionTicketKeys

func (*DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig

func (m *DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig() *SdsSecretConfig

func (*DownstreamTlsContext) GetSessionTicketKeysType

func (m *DownstreamTlsContext) GetSessionTicketKeysType() isDownstreamTlsContext_SessionTicketKeysType

func (*DownstreamTlsContext) Marshal

func (m *DownstreamTlsContext) Marshal() (dAtA []byte, err error)

func (*DownstreamTlsContext) MarshalTo

func (m *DownstreamTlsContext) MarshalTo(dAtA []byte) (int, error)

func (*DownstreamTlsContext) ProtoMessage

func (*DownstreamTlsContext) ProtoMessage()

func (*DownstreamTlsContext) Reset

func (m *DownstreamTlsContext) Reset()

func (*DownstreamTlsContext) Size

func (m *DownstreamTlsContext) Size() (n int)

func (*DownstreamTlsContext) String

func (m *DownstreamTlsContext) String() string

func (*DownstreamTlsContext) Unmarshal

func (m *DownstreamTlsContext) Unmarshal(dAtA []byte) error

func (*DownstreamTlsContext) Validate

func (m *DownstreamTlsContext) Validate() error

Validate checks the field values on DownstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*DownstreamTlsContext) XXX_DiscardUnknown

func (m *DownstreamTlsContext) XXX_DiscardUnknown()

func (*DownstreamTlsContext) XXX_Marshal

func (m *DownstreamTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DownstreamTlsContext) XXX_Merge

func (m *DownstreamTlsContext) XXX_Merge(src proto.Message)

func (*DownstreamTlsContext) XXX_OneofFuncs

func (*DownstreamTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*DownstreamTlsContext) XXX_Size

func (m *DownstreamTlsContext) XXX_Size() int

func (*DownstreamTlsContext) XXX_Unmarshal

func (m *DownstreamTlsContext) XXX_Unmarshal(b []byte) error

type DownstreamTlsContextValidationError

type DownstreamTlsContextValidationError struct {
	// contains filtered or unexported fields
}

DownstreamTlsContextValidationError is the validation error returned by DownstreamTlsContext.Validate if the designated constraints aren't met.

func (DownstreamTlsContextValidationError) Cause

Cause function returns cause value.

func (DownstreamTlsContextValidationError) Error

Error satisfies the builtin error interface

func (DownstreamTlsContextValidationError) ErrorName added in v0.7.0

ErrorName returns error name.

func (DownstreamTlsContextValidationError) Field

Field function returns field value.

func (DownstreamTlsContextValidationError) Key

Key function returns key value.

func (DownstreamTlsContextValidationError) Reason

Reason function returns reason value.

type DownstreamTlsContext_SessionTicketKeys

type DownstreamTlsContext_SessionTicketKeys struct {
	SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,4,opt,name=session_ticket_keys,json=sessionTicketKeys,proto3,oneof"`
}

func (*DownstreamTlsContext_SessionTicketKeys) Equal

func (this *DownstreamTlsContext_SessionTicketKeys) Equal(that interface{}) bool

func (*DownstreamTlsContext_SessionTicketKeys) MarshalTo

func (m *DownstreamTlsContext_SessionTicketKeys) MarshalTo(dAtA []byte) (int, error)

func (*DownstreamTlsContext_SessionTicketKeys) Size

type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig

type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig struct {
	SessionTicketKeysSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,5,opt,name=session_ticket_keys_sds_secret_config,json=sessionTicketKeysSdsSecretConfig,proto3,oneof"`
}

func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Equal

func (this *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Equal(that interface{}) bool

func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) MarshalTo

func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Size

type SdsSecretConfig

type SdsSecretConfig struct {
	// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
	// When both name and config are specified, then secret can be fetched and/or reloaded via SDS.
	// When only name is specified, then secret will be loaded from static resources [V2-API-DIFF].
	Name                 string             `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	SdsConfig            *core.ConfigSource `protobuf:"bytes,2,opt,name=sds_config,json=sdsConfig,proto3" json:"sds_config,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

[#proto-status: experimental]

func (*SdsSecretConfig) Descriptor

func (*SdsSecretConfig) Descriptor() ([]byte, []int)

func (*SdsSecretConfig) Equal

func (this *SdsSecretConfig) Equal(that interface{}) bool

func (*SdsSecretConfig) GetName

func (m *SdsSecretConfig) GetName() string

func (*SdsSecretConfig) GetSdsConfig

func (m *SdsSecretConfig) GetSdsConfig() *core.ConfigSource

func (*SdsSecretConfig) Marshal

func (m *SdsSecretConfig) Marshal() (dAtA []byte, err error)

func (*SdsSecretConfig) MarshalTo

func (m *SdsSecretConfig) MarshalTo(dAtA []byte) (int, error)

func (*SdsSecretConfig) ProtoMessage

func (*SdsSecretConfig) ProtoMessage()

func (*SdsSecretConfig) Reset

func (m *SdsSecretConfig) Reset()

func (*SdsSecretConfig) Size

func (m *SdsSecretConfig) Size() (n int)

func (*SdsSecretConfig) String

func (m *SdsSecretConfig) String() string

func (*SdsSecretConfig) Unmarshal

func (m *SdsSecretConfig) Unmarshal(dAtA []byte) error

func (*SdsSecretConfig) Validate

func (m *SdsSecretConfig) Validate() error

Validate checks the field values on SdsSecretConfig with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*SdsSecretConfig) XXX_DiscardUnknown

func (m *SdsSecretConfig) XXX_DiscardUnknown()

func (*SdsSecretConfig) XXX_Marshal

func (m *SdsSecretConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SdsSecretConfig) XXX_Merge

func (m *SdsSecretConfig) XXX_Merge(src proto.Message)

func (*SdsSecretConfig) XXX_Size

func (m *SdsSecretConfig) XXX_Size() int

func (*SdsSecretConfig) XXX_Unmarshal

func (m *SdsSecretConfig) XXX_Unmarshal(b []byte) error

type SdsSecretConfigValidationError

type SdsSecretConfigValidationError struct {
	// contains filtered or unexported fields
}

SdsSecretConfigValidationError is the validation error returned by SdsSecretConfig.Validate if the designated constraints aren't met.

func (SdsSecretConfigValidationError) Cause

Cause function returns cause value.

func (SdsSecretConfigValidationError) Error

Error satisfies the builtin error interface

func (SdsSecretConfigValidationError) ErrorName added in v0.7.0

func (e SdsSecretConfigValidationError) ErrorName() string

ErrorName returns error name.

func (SdsSecretConfigValidationError) Field

Field function returns field value.

func (SdsSecretConfigValidationError) Key

Key function returns key value.

func (SdsSecretConfigValidationError) Reason

Reason function returns reason value.

type Secret

type Secret struct {
	// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Types that are valid to be assigned to Type:
	//	*Secret_TlsCertificate
	//	*Secret_SessionTicketKeys
	//	*Secret_ValidationContext
	Type                 isSecret_Type `protobuf_oneof:"type"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

[#proto-status: experimental]

func (*Secret) Descriptor

func (*Secret) Descriptor() ([]byte, []int)

func (*Secret) Equal

func (this *Secret) Equal(that interface{}) bool

func (*Secret) GetName

func (m *Secret) GetName() string

func (*Secret) GetSessionTicketKeys

func (m *Secret) GetSessionTicketKeys() *TlsSessionTicketKeys

func (*Secret) GetTlsCertificate

func (m *Secret) GetTlsCertificate() *TlsCertificate

func (*Secret) GetType

func (m *Secret) GetType() isSecret_Type

func (*Secret) GetValidationContext

func (m *Secret) GetValidationContext() *CertificateValidationContext

func (*Secret) Marshal

func (m *Secret) Marshal() (dAtA []byte, err error)

func (*Secret) MarshalTo

func (m *Secret) MarshalTo(dAtA []byte) (int, error)

func (*Secret) ProtoMessage

func (*Secret) ProtoMessage()

func (*Secret) Reset

func (m *Secret) Reset()

func (*Secret) Size

func (m *Secret) Size() (n int)

func (*Secret) String

func (m *Secret) String() string

func (*Secret) Unmarshal

func (m *Secret) Unmarshal(dAtA []byte) error

func (*Secret) Validate

func (m *Secret) Validate() error

Validate checks the field values on Secret with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Secret) XXX_DiscardUnknown

func (m *Secret) XXX_DiscardUnknown()

func (*Secret) XXX_Marshal

func (m *Secret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Secret) XXX_Merge

func (m *Secret) XXX_Merge(src proto.Message)

func (*Secret) XXX_OneofFuncs

func (*Secret) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*Secret) XXX_Size

func (m *Secret) XXX_Size() int

func (*Secret) XXX_Unmarshal

func (m *Secret) XXX_Unmarshal(b []byte) error

type SecretValidationError

type SecretValidationError struct {
	// contains filtered or unexported fields
}

SecretValidationError is the validation error returned by Secret.Validate if the designated constraints aren't met.

func (SecretValidationError) Cause

func (e SecretValidationError) Cause() error

Cause function returns cause value.

func (SecretValidationError) Error

func (e SecretValidationError) Error() string

Error satisfies the builtin error interface

func (SecretValidationError) ErrorName added in v0.7.0

func (e SecretValidationError) ErrorName() string

ErrorName returns error name.

func (SecretValidationError) Field

func (e SecretValidationError) Field() string

Field function returns field value.

func (SecretValidationError) Key

func (e SecretValidationError) Key() bool

Key function returns key value.

func (SecretValidationError) Reason

func (e SecretValidationError) Reason() string

Reason function returns reason value.

type Secret_SessionTicketKeys

type Secret_SessionTicketKeys struct {
	SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,3,opt,name=session_ticket_keys,json=sessionTicketKeys,proto3,oneof"`
}

func (*Secret_SessionTicketKeys) Equal

func (this *Secret_SessionTicketKeys) Equal(that interface{}) bool

func (*Secret_SessionTicketKeys) MarshalTo

func (m *Secret_SessionTicketKeys) MarshalTo(dAtA []byte) (int, error)

func (*Secret_SessionTicketKeys) Size

func (m *Secret_SessionTicketKeys) Size() (n int)

type Secret_TlsCertificate

type Secret_TlsCertificate struct {
	TlsCertificate *TlsCertificate `protobuf:"bytes,2,opt,name=tls_certificate,json=tlsCertificate,proto3,oneof"`
}

func (*Secret_TlsCertificate) Equal

func (this *Secret_TlsCertificate) Equal(that interface{}) bool

func (*Secret_TlsCertificate) MarshalTo

func (m *Secret_TlsCertificate) MarshalTo(dAtA []byte) (int, error)

func (*Secret_TlsCertificate) Size

func (m *Secret_TlsCertificate) Size() (n int)

type Secret_ValidationContext

type Secret_ValidationContext struct {
	ValidationContext *CertificateValidationContext `protobuf:"bytes,4,opt,name=validation_context,json=validationContext,proto3,oneof"`
}

func (*Secret_ValidationContext) Equal

func (this *Secret_ValidationContext) Equal(that interface{}) bool

func (*Secret_ValidationContext) MarshalTo

func (m *Secret_ValidationContext) MarshalTo(dAtA []byte) (int, error)

func (*Secret_ValidationContext) Size

func (m *Secret_ValidationContext) Size() (n int)

type TlsCertificate

type TlsCertificate struct {
	// The TLS certificate chain.
	CertificateChain *core.DataSource `protobuf:"bytes,1,opt,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
	// The TLS private key.
	PrivateKey *core.DataSource `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
	// The password to decrypt the TLS private key. If this field is not set, it is assumed that the
	// TLS private key is not password encrypted.
	Password *core.DataSource `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
	// [#not-implemented-hide:]
	OcspStaple *core.DataSource `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"`
	// [#not-implemented-hide:]
	SignedCertificateTimestamp []*core.DataSource `` /* 141-byte string literal not displayed */
	XXX_NoUnkeyedLiteral       struct{}           `json:"-"`
	XXX_unrecognized           []byte             `json:"-"`
	XXX_sizecache              int32              `json:"-"`
}

func (*TlsCertificate) Descriptor

func (*TlsCertificate) Descriptor() ([]byte, []int)

func (*TlsCertificate) Equal

func (this *TlsCertificate) Equal(that interface{}) bool

func (*TlsCertificate) GetCertificateChain

func (m *TlsCertificate) GetCertificateChain() *core.DataSource

func (*TlsCertificate) GetOcspStaple

func (m *TlsCertificate) GetOcspStaple() *core.DataSource

func (*TlsCertificate) GetPassword

func (m *TlsCertificate) GetPassword() *core.DataSource

func (*TlsCertificate) GetPrivateKey

func (m *TlsCertificate) GetPrivateKey() *core.DataSource

func (*TlsCertificate) GetSignedCertificateTimestamp

func (m *TlsCertificate) GetSignedCertificateTimestamp() []*core.DataSource

func (*TlsCertificate) Marshal

func (m *TlsCertificate) Marshal() (dAtA []byte, err error)

func (*TlsCertificate) MarshalTo

func (m *TlsCertificate) MarshalTo(dAtA []byte) (int, error)

func (*TlsCertificate) ProtoMessage

func (*TlsCertificate) ProtoMessage()

func (*TlsCertificate) Reset

func (m *TlsCertificate) Reset()

func (*TlsCertificate) Size

func (m *TlsCertificate) Size() (n int)

func (*TlsCertificate) String

func (m *TlsCertificate) String() string

func (*TlsCertificate) Unmarshal

func (m *TlsCertificate) Unmarshal(dAtA []byte) error

func (*TlsCertificate) Validate

func (m *TlsCertificate) Validate() error

Validate checks the field values on TlsCertificate with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*TlsCertificate) XXX_DiscardUnknown

func (m *TlsCertificate) XXX_DiscardUnknown()

func (*TlsCertificate) XXX_Marshal

func (m *TlsCertificate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TlsCertificate) XXX_Merge

func (m *TlsCertificate) XXX_Merge(src proto.Message)

func (*TlsCertificate) XXX_Size

func (m *TlsCertificate) XXX_Size() int

func (*TlsCertificate) XXX_Unmarshal

func (m *TlsCertificate) XXX_Unmarshal(b []byte) error

type TlsCertificateValidationError

type TlsCertificateValidationError struct {
	// contains filtered or unexported fields
}

TlsCertificateValidationError is the validation error returned by TlsCertificate.Validate if the designated constraints aren't met.

func (TlsCertificateValidationError) Cause

Cause function returns cause value.

func (TlsCertificateValidationError) Error

Error satisfies the builtin error interface

func (TlsCertificateValidationError) ErrorName added in v0.7.0

func (e TlsCertificateValidationError) ErrorName() string

ErrorName returns error name.

func (TlsCertificateValidationError) Field

Field function returns field value.

func (TlsCertificateValidationError) Key

Key function returns key value.

func (TlsCertificateValidationError) Reason

Reason function returns reason value.

type TlsParameters

type TlsParameters struct {
	// Minimum TLS protocol version. By default, it's “TLSv1_0“.
	TlsMinimumProtocolVersion TlsParameters_TlsProtocol `` /* 190-byte string literal not displayed */
	// Maximum TLS protocol version. By default, it's “TLSv1_3“ for servers in non-FIPS builds, and
	// “TLSv1_2“ for clients and for servers using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`.
	TlsMaximumProtocolVersion TlsParameters_TlsProtocol `` /* 190-byte string literal not displayed */
	// If specified, the TLS listener will only support the specified `cipher list
	// <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
	// when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not
	// specified, the default list will be used.
	//
	// In non-FIPS builds, the default cipher list is:
	//
	// .. code-block:: none
	//
	//   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
	//   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
	//   ECDHE-ECDSA-AES128-SHA
	//   ECDHE-RSA-AES128-SHA
	//   AES128-GCM-SHA256
	//   AES128-SHA
	//   ECDHE-ECDSA-AES256-GCM-SHA384
	//   ECDHE-RSA-AES256-GCM-SHA384
	//   ECDHE-ECDSA-AES256-SHA
	//   ECDHE-RSA-AES256-SHA
	//   AES256-GCM-SHA384
	//   AES256-SHA
	//
	// In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:
	//
	// .. code-block:: none
	//
	//   ECDHE-ECDSA-AES128-GCM-SHA256
	//   ECDHE-RSA-AES128-GCM-SHA256
	//   ECDHE-ECDSA-AES128-SHA
	//   ECDHE-RSA-AES128-SHA
	//   AES128-GCM-SHA256
	//   AES128-SHA
	//   ECDHE-ECDSA-AES256-GCM-SHA384
	//   ECDHE-RSA-AES256-GCM-SHA384
	//   ECDHE-ECDSA-AES256-SHA
	//   ECDHE-RSA-AES256-SHA
	//   AES256-GCM-SHA384
	//   AES256-SHA
	CipherSuites []string `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"`
	// If specified, the TLS connection will only support the specified ECDH
	// curves. If not specified, the default curves will be used.
	//
	// In non-FIPS builds, the default curves are:
	//
	// .. code-block:: none
	//
	//   X25519
	//   P-256
	//
	// In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
	//
	// .. code-block:: none
	//
	//   P-256
	EcdhCurves           []string `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*TlsParameters) Descriptor

func (*TlsParameters) Descriptor() ([]byte, []int)

func (*TlsParameters) Equal

func (this *TlsParameters) Equal(that interface{}) bool

func (*TlsParameters) GetCipherSuites

func (m *TlsParameters) GetCipherSuites() []string

func (*TlsParameters) GetEcdhCurves

func (m *TlsParameters) GetEcdhCurves() []string

func (*TlsParameters) GetTlsMaximumProtocolVersion

func (m *TlsParameters) GetTlsMaximumProtocolVersion() TlsParameters_TlsProtocol

func (*TlsParameters) GetTlsMinimumProtocolVersion

func (m *TlsParameters) GetTlsMinimumProtocolVersion() TlsParameters_TlsProtocol

func (*TlsParameters) Marshal

func (m *TlsParameters) Marshal() (dAtA []byte, err error)

func (*TlsParameters) MarshalTo

func (m *TlsParameters) MarshalTo(dAtA []byte) (int, error)

func (*TlsParameters) ProtoMessage

func (*TlsParameters) ProtoMessage()

func (*TlsParameters) Reset

func (m *TlsParameters) Reset()

func (*TlsParameters) Size

func (m *TlsParameters) Size() (n int)

func (*TlsParameters) String

func (m *TlsParameters) String() string

func (*TlsParameters) Unmarshal

func (m *TlsParameters) Unmarshal(dAtA []byte) error

func (*TlsParameters) Validate

func (m *TlsParameters) Validate() error

Validate checks the field values on TlsParameters with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*TlsParameters) XXX_DiscardUnknown

func (m *TlsParameters) XXX_DiscardUnknown()

func (*TlsParameters) XXX_Marshal

func (m *TlsParameters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TlsParameters) XXX_Merge

func (m *TlsParameters) XXX_Merge(src proto.Message)

func (*TlsParameters) XXX_Size

func (m *TlsParameters) XXX_Size() int

func (*TlsParameters) XXX_Unmarshal

func (m *TlsParameters) XXX_Unmarshal(b []byte) error

type TlsParametersValidationError

type TlsParametersValidationError struct {
	// contains filtered or unexported fields
}

TlsParametersValidationError is the validation error returned by TlsParameters.Validate if the designated constraints aren't met.

func (TlsParametersValidationError) Cause

Cause function returns cause value.

func (TlsParametersValidationError) Error

Error satisfies the builtin error interface

func (TlsParametersValidationError) ErrorName added in v0.7.0

func (e TlsParametersValidationError) ErrorName() string

ErrorName returns error name.

func (TlsParametersValidationError) Field

Field function returns field value.

func (TlsParametersValidationError) Key

Key function returns key value.

func (TlsParametersValidationError) Reason

Reason function returns reason value.

type TlsParameters_TlsProtocol

type TlsParameters_TlsProtocol int32
const (
	// Envoy will choose the optimal TLS version.
	TlsParameters_TLS_AUTO TlsParameters_TlsProtocol = 0
	// TLS 1.0
	TlsParameters_TLSv1_0 TlsParameters_TlsProtocol = 1
	// TLS 1.1
	TlsParameters_TLSv1_1 TlsParameters_TlsProtocol = 2
	// TLS 1.2
	TlsParameters_TLSv1_2 TlsParameters_TlsProtocol = 3
	// TLS 1.3
	TlsParameters_TLSv1_3 TlsParameters_TlsProtocol = 4
)

func (TlsParameters_TlsProtocol) EnumDescriptor

func (TlsParameters_TlsProtocol) EnumDescriptor() ([]byte, []int)

func (TlsParameters_TlsProtocol) String

func (x TlsParameters_TlsProtocol) String() string

type TlsSessionTicketKeys

type TlsSessionTicketKeys struct {
	// Keys for encrypting and decrypting TLS session tickets. The
	// first key in the array contains the key to encrypt all new sessions created by this context.
	// All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
	// by, for example, putting the new key first, and the previous key second.
	//
	// If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
	// is not specified, the TLS library will still support resuming sessions via tickets, but it will
	// use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
	// or on different hosts.
	//
	// Each key must contain exactly 80 bytes of cryptographically-secure random data. For
	// example, the output of “openssl rand 80“.
	//
	// .. attention::
	//
	//   Using this feature has serious security considerations and risks. Improper handling of keys
	//   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
	//   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
	//   discussion. To minimize the risk, you must:
	//
	//   * Keep the session ticket keys at least as secure as your TLS certificate private keys
	//   * Rotate session ticket keys at least daily, and preferably hourly
	//   * Always generate keys using a cryptographically-secure random data source
	Keys                 []*core.DataSource `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

func (*TlsSessionTicketKeys) Descriptor

func (*TlsSessionTicketKeys) Descriptor() ([]byte, []int)

func (*TlsSessionTicketKeys) Equal

func (this *TlsSessionTicketKeys) Equal(that interface{}) bool

func (*TlsSessionTicketKeys) GetKeys

func (m *TlsSessionTicketKeys) GetKeys() []*core.DataSource

func (*TlsSessionTicketKeys) Marshal

func (m *TlsSessionTicketKeys) Marshal() (dAtA []byte, err error)

func (*TlsSessionTicketKeys) MarshalTo

func (m *TlsSessionTicketKeys) MarshalTo(dAtA []byte) (int, error)

func (*TlsSessionTicketKeys) ProtoMessage

func (*TlsSessionTicketKeys) ProtoMessage()

func (*TlsSessionTicketKeys) Reset

func (m *TlsSessionTicketKeys) Reset()

func (*TlsSessionTicketKeys) Size

func (m *TlsSessionTicketKeys) Size() (n int)

func (*TlsSessionTicketKeys) String

func (m *TlsSessionTicketKeys) String() string

func (*TlsSessionTicketKeys) Unmarshal

func (m *TlsSessionTicketKeys) Unmarshal(dAtA []byte) error

func (*TlsSessionTicketKeys) Validate

func (m *TlsSessionTicketKeys) Validate() error

Validate checks the field values on TlsSessionTicketKeys with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*TlsSessionTicketKeys) XXX_DiscardUnknown

func (m *TlsSessionTicketKeys) XXX_DiscardUnknown()

func (*TlsSessionTicketKeys) XXX_Marshal

func (m *TlsSessionTicketKeys) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TlsSessionTicketKeys) XXX_Merge

func (m *TlsSessionTicketKeys) XXX_Merge(src proto.Message)

func (*TlsSessionTicketKeys) XXX_Size

func (m *TlsSessionTicketKeys) XXX_Size() int

func (*TlsSessionTicketKeys) XXX_Unmarshal

func (m *TlsSessionTicketKeys) XXX_Unmarshal(b []byte) error

type TlsSessionTicketKeysValidationError

type TlsSessionTicketKeysValidationError struct {
	// contains filtered or unexported fields
}

TlsSessionTicketKeysValidationError is the validation error returned by TlsSessionTicketKeys.Validate if the designated constraints aren't met.

func (TlsSessionTicketKeysValidationError) Cause

Cause function returns cause value.

func (TlsSessionTicketKeysValidationError) Error

Error satisfies the builtin error interface

func (TlsSessionTicketKeysValidationError) ErrorName added in v0.7.0

ErrorName returns error name.

func (TlsSessionTicketKeysValidationError) Field

Field function returns field value.

func (TlsSessionTicketKeysValidationError) Key

Key function returns key value.

func (TlsSessionTicketKeysValidationError) Reason

Reason function returns reason value.

type UpstreamTlsContext

type UpstreamTlsContext struct {
	// Common TLS context settings.
	CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext,proto3" json:"common_tls_context,omitempty"`
	// SNI string to use when creating TLS backend connections.
	Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"`
	// If true, server-initiated TLS renegotiation will be allowed.
	//
	// .. attention::
	//
	//   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
	AllowRenegotiation bool `protobuf:"varint,3,opt,name=allow_renegotiation,json=allowRenegotiation,proto3" json:"allow_renegotiation,omitempty"`
	// Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
	// for TLSv1.2 and older) to store for the purpose of session resumption.
	//
	// Defaults to 1, setting this to 0 disables session resumption.
	MaxSessionKeys       *types.UInt32Value `protobuf:"bytes,4,opt,name=max_session_keys,json=maxSessionKeys,proto3" json:"max_session_keys,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

func (*UpstreamTlsContext) Descriptor

func (*UpstreamTlsContext) Descriptor() ([]byte, []int)

func (*UpstreamTlsContext) Equal

func (this *UpstreamTlsContext) Equal(that interface{}) bool

func (*UpstreamTlsContext) GetAllowRenegotiation

func (m *UpstreamTlsContext) GetAllowRenegotiation() bool

func (*UpstreamTlsContext) GetCommonTlsContext

func (m *UpstreamTlsContext) GetCommonTlsContext() *CommonTlsContext

func (*UpstreamTlsContext) GetMaxSessionKeys added in v0.6.4

func (m *UpstreamTlsContext) GetMaxSessionKeys() *types.UInt32Value

func (*UpstreamTlsContext) GetSni

func (m *UpstreamTlsContext) GetSni() string

func (*UpstreamTlsContext) Marshal

func (m *UpstreamTlsContext) Marshal() (dAtA []byte, err error)

func (*UpstreamTlsContext) MarshalTo

func (m *UpstreamTlsContext) MarshalTo(dAtA []byte) (int, error)

func (*UpstreamTlsContext) ProtoMessage

func (*UpstreamTlsContext) ProtoMessage()

func (*UpstreamTlsContext) Reset

func (m *UpstreamTlsContext) Reset()

func (*UpstreamTlsContext) Size

func (m *UpstreamTlsContext) Size() (n int)

func (*UpstreamTlsContext) String

func (m *UpstreamTlsContext) String() string

func (*UpstreamTlsContext) Unmarshal

func (m *UpstreamTlsContext) Unmarshal(dAtA []byte) error

func (*UpstreamTlsContext) Validate

func (m *UpstreamTlsContext) Validate() error

Validate checks the field values on UpstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*UpstreamTlsContext) XXX_DiscardUnknown

func (m *UpstreamTlsContext) XXX_DiscardUnknown()

func (*UpstreamTlsContext) XXX_Marshal

func (m *UpstreamTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UpstreamTlsContext) XXX_Merge

func (m *UpstreamTlsContext) XXX_Merge(src proto.Message)

func (*UpstreamTlsContext) XXX_Size

func (m *UpstreamTlsContext) XXX_Size() int

func (*UpstreamTlsContext) XXX_Unmarshal

func (m *UpstreamTlsContext) XXX_Unmarshal(b []byte) error

type UpstreamTlsContextValidationError

type UpstreamTlsContextValidationError struct {
	// contains filtered or unexported fields
}

UpstreamTlsContextValidationError is the validation error returned by UpstreamTlsContext.Validate if the designated constraints aren't met.

func (UpstreamTlsContextValidationError) Cause

Cause function returns cause value.

func (UpstreamTlsContextValidationError) Error

Error satisfies the builtin error interface

func (UpstreamTlsContextValidationError) ErrorName added in v0.7.0

ErrorName returns error name.

func (UpstreamTlsContextValidationError) Field

Field function returns field value.

func (UpstreamTlsContextValidationError) Key

Key function returns key value.

func (UpstreamTlsContextValidationError) Reason

Reason function returns reason value.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL