Documentation ¶
Index ¶
- Variables
- type BufferSettings
- func (*BufferSettings) Descriptor() ([]byte, []int)deprecated
- func (m *BufferSettings) Equal(that interface{}) bool
- func (x *BufferSettings) GetAllowPartialMessage() bool
- func (x *BufferSettings) GetMaxRequestBytes() uint32
- func (x *BufferSettings) GetPackAsBytes() bool
- func (*BufferSettings) ProtoMessage()
- func (x *BufferSettings) ProtoReflect() protoreflect.Message
- func (x *BufferSettings) Reset()
- func (x *BufferSettings) String() string
- type CustomAuth
- func (*CustomAuth) Descriptor() ([]byte, []int)deprecated
- func (m *CustomAuth) Equal(that interface{}) bool
- func (x *CustomAuth) GetContextExtensions() map[string]string
- func (*CustomAuth) ProtoMessage()
- func (x *CustomAuth) ProtoReflect() protoreflect.Message
- func (x *CustomAuth) Reset()
- func (x *CustomAuth) String() string
- type GatewayExtauth
- func (*GatewayExtauth) Descriptor() ([]byte, []int)deprecated
- func (m *GatewayExtauth) Equal(that interface{}) bool
- func (x *GatewayExtauth) GetClearRouteCache() bool
- func (x *GatewayExtauth) GetExtauthzRef() *v1.ObjectRef
- func (x *GatewayExtauth) GetFailureModeAllow() bool
- func (x *GatewayExtauth) GetHttpService() *HttpService
- func (x *GatewayExtauth) GetRequestBody() *BufferSettings
- func (x *GatewayExtauth) GetRequestTimeout() *duration.Duration
- func (x *GatewayExtauth) GetStatPrefix() string
- func (x *GatewayExtauth) GetStatusOnError() uint32
- func (x *GatewayExtauth) GetTransportApiVersion() GatewayExtauth_ApiVersion
- func (*GatewayExtauth) ProtoMessage()
- func (x *GatewayExtauth) ProtoReflect() protoreflect.Message
- func (x *GatewayExtauth) Reset()
- func (x *GatewayExtauth) String() string
- type GatewayExtauth_ApiVersion
- func (GatewayExtauth_ApiVersion) Descriptor() protoreflect.EnumDescriptor
- func (x GatewayExtauth_ApiVersion) Enum() *GatewayExtauth_ApiVersion
- func (GatewayExtauth_ApiVersion) EnumDescriptor() ([]byte, []int)deprecated
- func (x GatewayExtauth_ApiVersion) Number() protoreflect.EnumNumber
- func (x GatewayExtauth_ApiVersion) String() string
- func (GatewayExtauth_ApiVersion) Type() protoreflect.EnumType
- type HttpService
- func (*HttpService) Descriptor() ([]byte, []int)deprecated
- func (m *HttpService) Equal(that interface{}) bool
- func (x *HttpService) GetPathPrefix() string
- func (x *HttpService) GetRequest() *HttpService_Request
- func (x *HttpService) GetResponse() *HttpService_Response
- func (*HttpService) ProtoMessage()
- func (x *HttpService) ProtoReflect() protoreflect.Message
- func (x *HttpService) Reset()
- func (x *HttpService) String() string
- type HttpService_Request
- func (*HttpService_Request) Descriptor() ([]byte, []int)deprecated
- func (m *HttpService_Request) Equal(that interface{}) bool
- func (x *HttpService_Request) GetAllowedHeaders() []string
- func (x *HttpService_Request) GetHeadersToAdd() map[string]string
- func (*HttpService_Request) ProtoMessage()
- func (x *HttpService_Request) ProtoReflect() protoreflect.Message
- func (x *HttpService_Request) Reset()
- func (x *HttpService_Request) String() string
- type HttpService_Response
- func (*HttpService_Response) Descriptor() ([]byte, []int)deprecated
- func (m *HttpService_Response) Equal(that interface{}) bool
- func (x *HttpService_Response) GetAllowedClientHeaders() []string
- func (x *HttpService_Response) GetAllowedUpstreamHeaders() []string
- func (*HttpService_Response) ProtoMessage()
- func (x *HttpService_Response) ProtoReflect() protoreflect.Message
- func (x *HttpService_Response) Reset()
- func (x *HttpService_Response) String() string
- type RouteExtauth
- func (*RouteExtauth) Descriptor() ([]byte, []int)deprecated
- func (m *RouteExtauth) Equal(that interface{}) bool
- func (x *RouteExtauth) GetConfigRef() *v1.ObjectRef
- func (x *RouteExtauth) GetCustomAuth() *CustomAuth
- func (x *RouteExtauth) GetDisable() bool
- func (m *RouteExtauth) GetSpec() isRouteExtauth_Spec
- func (*RouteExtauth) ProtoMessage()
- func (x *RouteExtauth) ProtoReflect() protoreflect.Message
- func (x *RouteExtauth) Reset()
- func (x *RouteExtauth) String() string
- type RouteExtauth_ConfigRef
- type RouteExtauth_CustomAuth
- type RouteExtauth_Disable
Constants ¶
This section is empty.
Variables ¶
var ( GatewayExtauth_ApiVersion_name = map[int32]string{ 0: "GLOO_MESH_AUTO", 1: "ENVOY_AUTO", 2: "V3", } GatewayExtauth_ApiVersion_value = map[string]int32{ "GLOO_MESH_AUTO": 0, "ENVOY_AUTO": 1, "V3": 2, } )
Enum value maps for GatewayExtauth_ApiVersion.
var File_github_com_solo_io_gloo_mesh_api_networking_v1_extauth_extauth_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type BufferSettings ¶
type BufferSettings struct { // Sets the maximum size of a message body that the filter will hold in memory. Envoy will return // *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number // set in this field. Note that this setting will have precedence over failure_mode_allow. // Defaults to 4KB. MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"` // When this field is true, Envoy will buffer the message until *max_request_bytes* is reached. // The authorization request will be dispatched and no 413 HTTP error will be returned by the // filter. AllowPartialMessage bool `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"` // When this field is true, Envoy will send the body sent to the external authorization service with raw bytes. PackAsBytes bool `protobuf:"varint,3,opt,name=pack_as_bytes,json=packAsBytes,proto3" json:"pack_as_bytes,omitempty"` // contains filtered or unexported fields }
Configuration for buffering the request data.
func (*BufferSettings) Descriptor
deprecated
func (*BufferSettings) Descriptor() ([]byte, []int)
Deprecated: Use BufferSettings.ProtoReflect.Descriptor instead.
func (*BufferSettings) GetAllowPartialMessage ¶
func (x *BufferSettings) GetAllowPartialMessage() bool
func (*BufferSettings) GetMaxRequestBytes ¶
func (x *BufferSettings) GetMaxRequestBytes() uint32
func (*BufferSettings) GetPackAsBytes ¶
func (x *BufferSettings) GetPackAsBytes() bool
func (*BufferSettings) ProtoMessage ¶
func (*BufferSettings) ProtoMessage()
func (*BufferSettings) ProtoReflect ¶
func (x *BufferSettings) ProtoReflect() protoreflect.Message
func (*BufferSettings) Reset ¶
func (x *BufferSettings) Reset()
func (*BufferSettings) String ¶
func (x *BufferSettings) String() string
type CustomAuth ¶
type CustomAuth struct { // When a request matches the route or traffic policy on which this configuration is defined, // Gloo Mesh will add the given context_extensions to the request that is sent to the external authorization server. // This allows the server to base the auth decision on metadata that you define on the source of the request. // // This attribute is analogous to Envoy's config.filter.http.ext_authz.v2.CheckSettings. See the official // [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/ext_authz/v2/ext_authz.proto.html?highlight=ext_authz#config-filter-http-ext-authz-v2-checksettings) // for more details. ContextExtensions map[string]string `` /* 200-byte string literal not displayed */ // contains filtered or unexported fields }
Gloo Mesh is not expected to configure the ext auth server in this case. This is used with custom auth servers.
func (*CustomAuth) Descriptor
deprecated
func (*CustomAuth) Descriptor() ([]byte, []int)
Deprecated: Use CustomAuth.ProtoReflect.Descriptor instead.
func (*CustomAuth) GetContextExtensions ¶
func (x *CustomAuth) GetContextExtensions() map[string]string
func (*CustomAuth) ProtoMessage ¶
func (*CustomAuth) ProtoMessage()
func (*CustomAuth) ProtoReflect ¶
func (x *CustomAuth) ProtoReflect() protoreflect.Message
func (*CustomAuth) Reset ¶
func (x *CustomAuth) Reset()
func (*CustomAuth) String ¶
func (x *CustomAuth) String() string
type GatewayExtauth ¶
type GatewayExtauth struct { // The destination ref for the envoy external authentication service to ask about auth decisions. // // The fqdn used by envoy for extauth requests is derived from the kube service or is the first hostname // in an external service destination. // IMPORTANT: Envoy's extauth requests go to the port chosen from the destination that has the name or protocol of // the extauth service protocol (i.e., grpc or http). In practice, this means the port handling extauth requests // should be named grpc and/or have protocol GRPC (both case-insensitive), unless `http_service` is configured. // // The provided ref will be used to search for a service of the given name/namespace on each cluster // that a Gateway will be created. // // If omitted, Gloo Mesh will search for a service with the name ext-auth-service in each namespace on each cluster // that a Gateway will be created. ExtauthzRef *v1.ObjectRef `protobuf:"bytes,1,opt,name=extauthz_ref,json=extauthzRef,proto3" json:"extauthz_ref,omitempty"` // If this is set, communication to the upstream will be via HTTP and not GRPC. HttpService *HttpService `protobuf:"bytes,2,opt,name=http_service,json=httpService,proto3" json:"http_service,omitempty"` // Timeout for the ext auth service to respond. Defaults to 2000ms. (OIDC requests to external IDPs can be slow) // For latency critical applications, this value should be tuned much lower, as extauth is on the request path. RequestTimeout *duration.Duration `protobuf:"bytes,3,opt,name=request_timeout,json=requestTimeout,proto3" json:"request_timeout,omitempty"` // In case of a failure or timeout querying the auth server, normally a request is denied. // if this is set to true, the request will be allowed. FailureModeAllow bool `protobuf:"varint,4,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"` // Set this if you also want to send the body of the request, and not just the headers. RequestBody *BufferSettings `protobuf:"bytes,5,opt,name=request_body,json=requestBody,proto3" json:"request_body,omitempty"` // Clears route cache in order to allow the external authorization service to correctly affect // routing decisions. Filter clears all cached routes when: // // 1. The field is set to *true*. // // 2. The status returned from the authorization service is a HTTP 200 or gRPC 0. // // 3. At least one *authorization response header* is added to the client request, or is used for // altering another client request header. // ClearRouteCache bool `protobuf:"varint,6,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"` // Sets the HTTP status that is returned to the client when there is a network error between the // filter and the authorization server. The default status is HTTP 403 Forbidden. // If set, this must be one of the following: // - 100 // - 200 201 202 203 204 205 206 207 208 226 // - 300 301 302 303 304 305 307 308 // - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431 // - 500 501 502 503 504 505 506 507 508 510 511 StatusOnError uint32 `protobuf:"varint,7,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"` // Determines the API version for the `ext_authz` transport protocol that will be used by Envoy // to communicate with the auth server. Defaults to `V3`. For more info, see the `transport_api_version` field // [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_authz/v3/ext_authz.proto#extensions-filters-http-ext-authz-v3-extauthz). TransportApiVersion GatewayExtauth_ApiVersion `` /* 189-byte string literal not displayed */ // Optional additional prefix to use when emitting statistics. // This allows to distinguish emitted statistics between configured ext_authz filters in an HTTP filter chain. StatPrefix string `protobuf:"bytes,9,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"` // contains filtered or unexported fields }
Enterprise-Only: Configure the Extauth Filter on a Gateway
func (*GatewayExtauth) Descriptor
deprecated
func (*GatewayExtauth) Descriptor() ([]byte, []int)
Deprecated: Use GatewayExtauth.ProtoReflect.Descriptor instead.
func (*GatewayExtauth) GetClearRouteCache ¶
func (x *GatewayExtauth) GetClearRouteCache() bool
func (*GatewayExtauth) GetExtauthzRef ¶
func (x *GatewayExtauth) GetExtauthzRef() *v1.ObjectRef
func (*GatewayExtauth) GetFailureModeAllow ¶
func (x *GatewayExtauth) GetFailureModeAllow() bool
func (*GatewayExtauth) GetHttpService ¶
func (x *GatewayExtauth) GetHttpService() *HttpService
func (*GatewayExtauth) GetRequestBody ¶
func (x *GatewayExtauth) GetRequestBody() *BufferSettings
func (*GatewayExtauth) GetRequestTimeout ¶
func (x *GatewayExtauth) GetRequestTimeout() *duration.Duration
func (*GatewayExtauth) GetStatPrefix ¶
func (x *GatewayExtauth) GetStatPrefix() string
func (*GatewayExtauth) GetStatusOnError ¶
func (x *GatewayExtauth) GetStatusOnError() uint32
func (*GatewayExtauth) GetTransportApiVersion ¶
func (x *GatewayExtauth) GetTransportApiVersion() GatewayExtauth_ApiVersion
func (*GatewayExtauth) ProtoMessage ¶
func (*GatewayExtauth) ProtoMessage()
func (*GatewayExtauth) ProtoReflect ¶
func (x *GatewayExtauth) ProtoReflect() protoreflect.Message
func (*GatewayExtauth) Reset ¶
func (x *GatewayExtauth) Reset()
func (*GatewayExtauth) String ¶
func (x *GatewayExtauth) String() string
type GatewayExtauth_ApiVersion ¶
type GatewayExtauth_ApiVersion int32
Describes the transport protocol version to use when envoy connects to the ext auth server.
const ( // Use transport version that matches the version the default enterprise ext-auth-service uses. GatewayExtauth_GLOO_MESH_AUTO GatewayExtauth_ApiVersion = 0 // Use envoy's auto transport version. This will change as envoy cycles through transport api versions. GatewayExtauth_ENVOY_AUTO GatewayExtauth_ApiVersion = 1 // Use v3 API. GatewayExtauth_V3 GatewayExtauth_ApiVersion = 2 )
func (GatewayExtauth_ApiVersion) Descriptor ¶
func (GatewayExtauth_ApiVersion) Descriptor() protoreflect.EnumDescriptor
func (GatewayExtauth_ApiVersion) Enum ¶
func (x GatewayExtauth_ApiVersion) Enum() *GatewayExtauth_ApiVersion
func (GatewayExtauth_ApiVersion) EnumDescriptor
deprecated
func (GatewayExtauth_ApiVersion) EnumDescriptor() ([]byte, []int)
Deprecated: Use GatewayExtauth_ApiVersion.Descriptor instead.
func (GatewayExtauth_ApiVersion) Number ¶
func (x GatewayExtauth_ApiVersion) Number() protoreflect.EnumNumber
func (GatewayExtauth_ApiVersion) String ¶
func (x GatewayExtauth_ApiVersion) String() string
func (GatewayExtauth_ApiVersion) Type ¶
func (GatewayExtauth_ApiVersion) Type() protoreflect.EnumType
type HttpService ¶
type HttpService struct { // Sets a prefix to the value of authorization request header *Path*. PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` Request *HttpService_Request `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` Response *HttpService_Response `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"` // contains filtered or unexported fields }
func (*HttpService) Descriptor
deprecated
func (*HttpService) Descriptor() ([]byte, []int)
Deprecated: Use HttpService.ProtoReflect.Descriptor instead.
func (*HttpService) GetPathPrefix ¶
func (x *HttpService) GetPathPrefix() string
func (*HttpService) GetRequest ¶
func (x *HttpService) GetRequest() *HttpService_Request
func (*HttpService) GetResponse ¶
func (x *HttpService) GetResponse() *HttpService_Response
func (*HttpService) ProtoMessage ¶
func (*HttpService) ProtoMessage()
func (*HttpService) ProtoReflect ¶
func (x *HttpService) ProtoReflect() protoreflect.Message
func (*HttpService) Reset ¶
func (x *HttpService) Reset()
func (*HttpService) String ¶
func (x *HttpService) String() string
type HttpService_Request ¶
type HttpService_Request struct { // These headers will be copied from the incoming request to the request going // to the auth server. Note that in addition to the user's supplied matchers: // // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list. // // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have // a message body. AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"` // These headers that will be included to the request to authorization service. Note that // client request of the same key will be overridden. HeadersToAdd map[string]string `` /* 187-byte string literal not displayed */ // contains filtered or unexported fields }
func (*HttpService_Request) Descriptor
deprecated
func (*HttpService_Request) Descriptor() ([]byte, []int)
Deprecated: Use HttpService_Request.ProtoReflect.Descriptor instead.
func (*HttpService_Request) Equal ¶
func (m *HttpService_Request) Equal(that interface{}) bool
Equal function
func (*HttpService_Request) GetAllowedHeaders ¶
func (x *HttpService_Request) GetAllowedHeaders() []string
func (*HttpService_Request) GetHeadersToAdd ¶
func (x *HttpService_Request) GetHeadersToAdd() map[string]string
func (*HttpService_Request) ProtoMessage ¶
func (*HttpService_Request) ProtoMessage()
func (*HttpService_Request) ProtoReflect ¶
func (x *HttpService_Request) ProtoReflect() protoreflect.Message
func (*HttpService_Request) Reset ¶
func (x *HttpService_Request) Reset()
func (*HttpService_Request) String ¶
func (x *HttpService_Request) String() string
type HttpService_Response ¶
type HttpService_Response struct { // When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream. // Note that coexistent headers will be overridden. AllowedUpstreamHeaders []string `` /* 129-byte string literal not displayed */ // When this. is set, authorization response headers that will be added to the client's response when auth request is denied. // Note that when this list is *not* set, all the authorization response headers, except *Authority // (Host)* will be in the response to the client. When a header is included in this list, *Path*, // *Status*, *Content-Length*, *WWW-Authenticate* and *Location* are automatically added. AllowedClientHeaders []string `protobuf:"bytes,2,rep,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"` // contains filtered or unexported fields }
func (*HttpService_Response) Descriptor
deprecated
func (*HttpService_Response) Descriptor() ([]byte, []int)
Deprecated: Use HttpService_Response.ProtoReflect.Descriptor instead.
func (*HttpService_Response) Equal ¶
func (m *HttpService_Response) Equal(that interface{}) bool
Equal function
func (*HttpService_Response) GetAllowedClientHeaders ¶
func (x *HttpService_Response) GetAllowedClientHeaders() []string
func (*HttpService_Response) GetAllowedUpstreamHeaders ¶
func (x *HttpService_Response) GetAllowedUpstreamHeaders() []string
func (*HttpService_Response) ProtoMessage ¶
func (*HttpService_Response) ProtoMessage()
func (*HttpService_Response) ProtoReflect ¶
func (x *HttpService_Response) ProtoReflect() protoreflect.Message
func (*HttpService_Response) Reset ¶
func (x *HttpService_Response) Reset()
func (*HttpService_Response) String ¶
func (x *HttpService_Response) String() string
type RouteExtauth ¶
type RouteExtauth struct { // Types that are assignable to Spec: // *RouteExtauth_Disable // *RouteExtauth_ConfigRef // *RouteExtauth_CustomAuth Spec isRouteExtauth_Spec `protobuf_oneof:"spec"` // contains filtered or unexported fields }
Extauth configuration for a Route or TrafficPolicy. Configures extauth for individual HTTP routes
func (*RouteExtauth) Descriptor
deprecated
func (*RouteExtauth) Descriptor() ([]byte, []int)
Deprecated: Use RouteExtauth.ProtoReflect.Descriptor instead.
func (*RouteExtauth) GetConfigRef ¶
func (x *RouteExtauth) GetConfigRef() *v1.ObjectRef
func (*RouteExtauth) GetCustomAuth ¶
func (x *RouteExtauth) GetCustomAuth() *CustomAuth
func (*RouteExtauth) GetDisable ¶
func (x *RouteExtauth) GetDisable() bool
func (*RouteExtauth) GetSpec ¶
func (m *RouteExtauth) GetSpec() isRouteExtauth_Spec
func (*RouteExtauth) ProtoMessage ¶
func (*RouteExtauth) ProtoMessage()
func (*RouteExtauth) ProtoReflect ¶
func (x *RouteExtauth) ProtoReflect() protoreflect.Message
func (*RouteExtauth) Reset ¶
func (x *RouteExtauth) Reset()
func (*RouteExtauth) String ¶
func (x *RouteExtauth) String() string
type RouteExtauth_ConfigRef ¶
type RouteExtauth_ConfigRef struct { // A reference to an AuthConfig. This is used to configure the mesh clients to identify themselves by // matching their client identifier to the extauth server config for the same AuthConfig. ConfigRef *v1.ObjectRef `protobuf:"bytes,2,opt,name=config_ref,json=configRef,proto3,oneof"` }
type RouteExtauth_CustomAuth ¶
type RouteExtauth_CustomAuth struct { // Use this field if you are running your own custom extauth server. CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof"` }
type RouteExtauth_Disable ¶
type RouteExtauth_Disable struct { // Set to true to disable auth on the route. Disable bool `protobuf:"varint,1,opt,name=disable,proto3,oneof"` }