Documentation ¶
Index ¶
- Constants
- Variables
- func NewAuthConfigHashableResource() resources.HashableResource
- func NewEnterpriseEventLoop(emitter EnterpriseSnapshotEmitter, syncer EnterpriseSyncer) eventloop.EventLoop
- func NewEnterpriseSimpleEventLoop(emitter EnterpriseSimpleEmitter, syncers ...EnterpriseSyncer) eventloop.SimpleEventLoop
- func NewExtAuthConfigClient(nodeinfo *core.Node, typedApply ApplyExtAuthConfig) client.Client
- func RegisterApiKeyServiceServer(s *grpc.Server, srv ApiKeyServiceServer)
- func RegisterExtAuthDiscoveryServiceServer(s *grpc.Server, srv ExtAuthDiscoveryServiceServer)
- type AccessTokenValidation
- func (m *AccessTokenValidation) Clone() proto.Message
- func (*AccessTokenValidation) Descriptor() ([]byte, []int)deprecated
- func (m *AccessTokenValidation) Equal(that interface{}) bool
- func (x *AccessTokenValidation) GetCacheTimeout() *duration.Duration
- func (x *AccessTokenValidation) GetDynamicMetadataFromClaims() map[string]string
- func (x *AccessTokenValidation) GetIntrospection() *IntrospectionValidation
- func (x *AccessTokenValidation) GetIntrospectionUrl() stringdeprecated
- func (x *AccessTokenValidation) GetJwt() *JwtValidation
- func (x *AccessTokenValidation) GetRequiredScopes() *AccessTokenValidation_ScopeList
- func (m *AccessTokenValidation) GetScopeValidation() isAccessTokenValidation_ScopeValidation
- func (x *AccessTokenValidation) GetUserinfoUrl() string
- func (m *AccessTokenValidation) GetValidationType() isAccessTokenValidation_ValidationType
- func (m *AccessTokenValidation) Hash(hasher hash.Hash64) (uint64, error)
- func (*AccessTokenValidation) ProtoMessage()
- func (x *AccessTokenValidation) ProtoReflect() protoreflect.Message
- func (x *AccessTokenValidation) Reset()
- func (x *AccessTokenValidation) String() string
- type AccessTokenValidation_Introspection
- type AccessTokenValidation_IntrospectionUrl
- type AccessTokenValidation_Jwt
- type AccessTokenValidation_RequiredScopes
- type AccessTokenValidation_ScopeList
- func (m *AccessTokenValidation_ScopeList) Clone() proto.Message
- func (*AccessTokenValidation_ScopeList) Descriptor() ([]byte, []int)deprecated
- func (m *AccessTokenValidation_ScopeList) Equal(that interface{}) bool
- func (x *AccessTokenValidation_ScopeList) GetScope() []string
- func (m *AccessTokenValidation_ScopeList) Hash(hasher hash.Hash64) (uint64, error)
- func (*AccessTokenValidation_ScopeList) ProtoMessage()
- func (x *AccessTokenValidation_ScopeList) ProtoReflect() protoreflect.Message
- func (x *AccessTokenValidation_ScopeList) Reset()
- func (x *AccessTokenValidation_ScopeList) String() string
- type AerospikeApiKeyStorage
- func (m *AerospikeApiKeyStorage) Clone() proto.Message
- func (*AerospikeApiKeyStorage) Descriptor() ([]byte, []int)deprecated
- func (m *AerospikeApiKeyStorage) Equal(that interface{}) bool
- func (x *AerospikeApiKeyStorage) GetAllowInsecure() bool
- func (x *AerospikeApiKeyStorage) GetBatchSize() int32
- func (x *AerospikeApiKeyStorage) GetCertPath() string
- func (x *AerospikeApiKeyStorage) GetCommitAll() uint32
- func (m *AerospikeApiKeyStorage) GetCommitLevel() isAerospikeApiKeyStorage_CommitLevel
- func (x *AerospikeApiKeyStorage) GetCommitMaster() uint32
- func (x *AerospikeApiKeyStorage) GetHostname() string
- func (x *AerospikeApiKeyStorage) GetKeyPath() string
- func (x *AerospikeApiKeyStorage) GetNamespace() string
- func (x *AerospikeApiKeyStorage) GetNodeTlsName() string
- func (x *AerospikeApiKeyStorage) GetPort() int32
- func (x *AerospikeApiKeyStorage) GetReadModeAp() *AerospikeApiKeyStorageReadModeAp
- func (x *AerospikeApiKeyStorage) GetReadModeSc() *AerospikeApiKeyStorageReadModeSc
- func (x *AerospikeApiKeyStorage) GetRootCaPath() string
- func (x *AerospikeApiKeyStorage) GetSet() string
- func (x *AerospikeApiKeyStorage) GetTlsCurveGroups() []*AerospikeApiKeyStorageTlsCurveID
- func (x *AerospikeApiKeyStorage) GetTlsVersion() string
- func (m *AerospikeApiKeyStorage) Hash(hasher hash.Hash64) (uint64, error)
- func (*AerospikeApiKeyStorage) ProtoMessage()
- func (x *AerospikeApiKeyStorage) ProtoReflect() protoreflect.Message
- func (x *AerospikeApiKeyStorage) Reset()
- func (x *AerospikeApiKeyStorage) String() string
- type AerospikeApiKeyStorageReadModeAp
- func (m *AerospikeApiKeyStorageReadModeAp) Clone() proto.Message
- func (*AerospikeApiKeyStorageReadModeAp) Descriptor() ([]byte, []int)deprecated
- func (m *AerospikeApiKeyStorageReadModeAp) Equal(that interface{}) bool
- func (m *AerospikeApiKeyStorageReadModeAp) GetReadModeAp() isAerospikeApiKeyStorageReadModeAp_ReadModeAp
- func (x *AerospikeApiKeyStorageReadModeAp) GetReadModeApAll() uint32
- func (x *AerospikeApiKeyStorageReadModeAp) GetReadModeApOne() uint32
- func (m *AerospikeApiKeyStorageReadModeAp) Hash(hasher hash.Hash64) (uint64, error)
- func (*AerospikeApiKeyStorageReadModeAp) ProtoMessage()
- func (x *AerospikeApiKeyStorageReadModeAp) ProtoReflect() protoreflect.Message
- func (x *AerospikeApiKeyStorageReadModeAp) Reset()
- func (x *AerospikeApiKeyStorageReadModeAp) String() string
- type AerospikeApiKeyStorageReadModeAp_ReadModeApAll
- type AerospikeApiKeyStorageReadModeAp_ReadModeApOne
- type AerospikeApiKeyStorageReadModeSc
- func (m *AerospikeApiKeyStorageReadModeSc) Clone() proto.Message
- func (*AerospikeApiKeyStorageReadModeSc) Descriptor() ([]byte, []int)deprecated
- func (m *AerospikeApiKeyStorageReadModeSc) Equal(that interface{}) bool
- func (m *AerospikeApiKeyStorageReadModeSc) GetReadModeSc() isAerospikeApiKeyStorageReadModeSc_ReadModeSc
- func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScAllowUnavailable() uint32
- func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScLinearize() uint32
- func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScReplica() uint32
- func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScSession() uint32
- func (m *AerospikeApiKeyStorageReadModeSc) Hash(hasher hash.Hash64) (uint64, error)
- func (*AerospikeApiKeyStorageReadModeSc) ProtoMessage()
- func (x *AerospikeApiKeyStorageReadModeSc) ProtoReflect() protoreflect.Message
- func (x *AerospikeApiKeyStorageReadModeSc) Reset()
- func (x *AerospikeApiKeyStorageReadModeSc) String() string
- type AerospikeApiKeyStorageReadModeSc_ReadModeScAllowUnavailable
- type AerospikeApiKeyStorageReadModeSc_ReadModeScLinearize
- type AerospikeApiKeyStorageReadModeSc_ReadModeScReplica
- type AerospikeApiKeyStorageReadModeSc_ReadModeScSession
- type AerospikeApiKeyStorageTlsCurveID
- func (m *AerospikeApiKeyStorageTlsCurveID) Clone() proto.Message
- func (*AerospikeApiKeyStorageTlsCurveID) Descriptor() ([]byte, []int)deprecated
- func (m *AerospikeApiKeyStorageTlsCurveID) Equal(that interface{}) bool
- func (m *AerospikeApiKeyStorageTlsCurveID) GetCurveId() isAerospikeApiKeyStorageTlsCurveID_CurveId
- func (x *AerospikeApiKeyStorageTlsCurveID) GetCurveP256() uint32
- func (x *AerospikeApiKeyStorageTlsCurveID) GetCurveP384() uint32
- func (x *AerospikeApiKeyStorageTlsCurveID) GetCurveP521() uint32
- func (x *AerospikeApiKeyStorageTlsCurveID) GetX_25519() uint32
- func (m *AerospikeApiKeyStorageTlsCurveID) Hash(hasher hash.Hash64) (uint64, error)
- func (*AerospikeApiKeyStorageTlsCurveID) ProtoMessage()
- func (x *AerospikeApiKeyStorageTlsCurveID) ProtoReflect() protoreflect.Message
- func (x *AerospikeApiKeyStorageTlsCurveID) Reset()
- func (x *AerospikeApiKeyStorageTlsCurveID) String() string
- type AerospikeApiKeyStorageTlsCurveID_CurveP256
- type AerospikeApiKeyStorageTlsCurveID_CurveP384
- type AerospikeApiKeyStorageTlsCurveID_CurveP521
- type AerospikeApiKeyStorageTlsCurveID_X_25519
- type AerospikeApiKeyStorage_CommitAll
- type AerospikeApiKeyStorage_CommitMaster
- type ApiKey
- func (m *ApiKey) Clone() proto.Message
- func (*ApiKey) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKey) Equal(that interface{}) bool
- func (x *ApiKey) GetApiKey() string
- func (x *ApiKey) GetLabels() []string
- func (x *ApiKey) GetMetadata() map[string]string
- func (x *ApiKey) GetUuid() string
- func (m *ApiKey) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKey) ProtoMessage()
- func (x *ApiKey) ProtoReflect() protoreflect.Message
- func (x *ApiKey) Reset()
- func (x *ApiKey) String() string
- type ApiKeyAuth
- func (m *ApiKeyAuth) Clone() proto.Message
- func (*ApiKeyAuth) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyAuth) Equal(that interface{}) bool
- func (x *ApiKeyAuth) GetAerospikeApikeyStorage() *AerospikeApiKeyStorage
- func (x *ApiKeyAuth) GetApiKeySecretRefs() []*core.ResourceRefdeprecated
- func (x *ApiKeyAuth) GetHeaderName() string
- func (x *ApiKeyAuth) GetHeadersFromMetadata() map[string]*ApiKeyAuth_SecretKeydeprecated
- func (x *ApiKeyAuth) GetHeadersFromMetadataEntry() map[string]*ApiKeyAuth_MetadataEntry
- func (x *ApiKeyAuth) GetK8SSecretApikeyStorage() *K8SSecretApiKeyStorage
- func (x *ApiKeyAuth) GetLabelSelector() map[string]stringdeprecated
- func (m *ApiKeyAuth) GetStorageBackend() isApiKeyAuth_StorageBackend
- func (m *ApiKeyAuth) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyAuth) ProtoMessage()
- func (x *ApiKeyAuth) ProtoReflect() protoreflect.Message
- func (x *ApiKeyAuth) Reset()
- func (x *ApiKeyAuth) String() string
- type ApiKeyAuth_AerospikeApikeyStorage
- type ApiKeyAuth_K8SSecretApikeyStorage
- type ApiKeyAuth_MetadataEntry
- func (m *ApiKeyAuth_MetadataEntry) Clone() proto.Message
- func (*ApiKeyAuth_MetadataEntry) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyAuth_MetadataEntry) Equal(that interface{}) bool
- func (x *ApiKeyAuth_MetadataEntry) GetName() string
- func (x *ApiKeyAuth_MetadataEntry) GetRequired() bool
- func (m *ApiKeyAuth_MetadataEntry) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyAuth_MetadataEntry) ProtoMessage()
- func (x *ApiKeyAuth_MetadataEntry) ProtoReflect() protoreflect.Message
- func (x *ApiKeyAuth_MetadataEntry) Reset()
- func (x *ApiKeyAuth_MetadataEntry) String() string
- type ApiKeyAuth_SecretKey
- func (m *ApiKeyAuth_SecretKey) Clone() proto.Message
- func (*ApiKeyAuth_SecretKey) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyAuth_SecretKey) Equal(that interface{}) bool
- func (x *ApiKeyAuth_SecretKey) GetName() string
- func (x *ApiKeyAuth_SecretKey) GetRequired() bool
- func (m *ApiKeyAuth_SecretKey) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyAuth_SecretKey) ProtoMessage()
- func (x *ApiKeyAuth_SecretKey) ProtoReflect() protoreflect.Message
- func (x *ApiKeyAuth_SecretKey) Reset()
- func (x *ApiKeyAuth_SecretKey) String() string
- type ApiKeyCreateRequest
- func (m *ApiKeyCreateRequest) Clone() proto.Message
- func (*ApiKeyCreateRequest) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyCreateRequest) Equal(that interface{}) bool
- func (x *ApiKeyCreateRequest) GetApiKeys() []*ApiKey
- func (x *ApiKeyCreateRequest) GetRawApiKeys() []string
- func (m *ApiKeyCreateRequest) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyCreateRequest) ProtoMessage()
- func (x *ApiKeyCreateRequest) ProtoReflect() protoreflect.Message
- func (x *ApiKeyCreateRequest) Reset()
- func (x *ApiKeyCreateRequest) String() string
- type ApiKeyCreateResponse
- func (m *ApiKeyCreateResponse) Clone() proto.Message
- func (*ApiKeyCreateResponse) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyCreateResponse) Equal(that interface{}) bool
- func (x *ApiKeyCreateResponse) GetApiKeys() []*ApiKey
- func (m *ApiKeyCreateResponse) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyCreateResponse) ProtoMessage()
- func (x *ApiKeyCreateResponse) ProtoReflect() protoreflect.Message
- func (x *ApiKeyCreateResponse) Reset()
- func (x *ApiKeyCreateResponse) String() string
- type ApiKeyDeleteRequest
- func (m *ApiKeyDeleteRequest) Clone() proto.Message
- func (*ApiKeyDeleteRequest) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyDeleteRequest) Equal(that interface{}) bool
- func (x *ApiKeyDeleteRequest) GetLabels() []string
- func (x *ApiKeyDeleteRequest) GetRawApiKeys() []string
- func (m *ApiKeyDeleteRequest) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyDeleteRequest) ProtoMessage()
- func (x *ApiKeyDeleteRequest) ProtoReflect() protoreflect.Message
- func (x *ApiKeyDeleteRequest) Reset()
- func (x *ApiKeyDeleteRequest) String() string
- type ApiKeyDeleteResponse
- func (m *ApiKeyDeleteResponse) Clone() proto.Message
- func (*ApiKeyDeleteResponse) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyDeleteResponse) Equal(that interface{}) bool
- func (m *ApiKeyDeleteResponse) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyDeleteResponse) ProtoMessage()
- func (x *ApiKeyDeleteResponse) ProtoReflect() protoreflect.Message
- func (x *ApiKeyDeleteResponse) Reset()
- func (x *ApiKeyDeleteResponse) String() string
- type ApiKeyReadRequest
- func (m *ApiKeyReadRequest) Clone() proto.Message
- func (*ApiKeyReadRequest) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyReadRequest) Equal(that interface{}) bool
- func (x *ApiKeyReadRequest) GetLabels() []string
- func (x *ApiKeyReadRequest) GetRawApiKeys() []string
- func (m *ApiKeyReadRequest) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyReadRequest) ProtoMessage()
- func (x *ApiKeyReadRequest) ProtoReflect() protoreflect.Message
- func (x *ApiKeyReadRequest) Reset()
- func (x *ApiKeyReadRequest) String() string
- type ApiKeyReadResponse
- func (m *ApiKeyReadResponse) Clone() proto.Message
- func (*ApiKeyReadResponse) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyReadResponse) Equal(that interface{}) bool
- func (x *ApiKeyReadResponse) GetApiKeys() []*ApiKey
- func (m *ApiKeyReadResponse) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyReadResponse) ProtoMessage()
- func (x *ApiKeyReadResponse) ProtoReflect() protoreflect.Message
- func (x *ApiKeyReadResponse) Reset()
- func (x *ApiKeyReadResponse) String() string
- type ApiKeySecret
- func (m *ApiKeySecret) Clone() proto.Message
- func (*ApiKeySecret) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeySecret) Equal(that interface{}) bool
- func (x *ApiKeySecret) GetApiKey() string
- func (x *ApiKeySecret) GetLabels() []string
- func (x *ApiKeySecret) GetMetadata() map[string]string
- func (m *ApiKeySecret) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeySecret) ProtoMessage()
- func (x *ApiKeySecret) ProtoReflect() protoreflect.Message
- func (x *ApiKeySecret) Reset()
- func (x *ApiKeySecret) String() string
- type ApiKeyServiceClient
- type ApiKeyServiceServer
- type ApiKeyUpdateRequest
- func (m *ApiKeyUpdateRequest) Clone() proto.Message
- func (*ApiKeyUpdateRequest) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyUpdateRequest) Equal(that interface{}) bool
- func (x *ApiKeyUpdateRequest) GetApiKeys() []*ApiKey
- func (x *ApiKeyUpdateRequest) GetRawApiKeys() []string
- func (x *ApiKeyUpdateRequest) GetUpsert() bool
- func (m *ApiKeyUpdateRequest) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyUpdateRequest) ProtoMessage()
- func (x *ApiKeyUpdateRequest) ProtoReflect() protoreflect.Message
- func (x *ApiKeyUpdateRequest) Reset()
- func (x *ApiKeyUpdateRequest) String() string
- type ApiKeyUpdateResponse
- func (m *ApiKeyUpdateResponse) Clone() proto.Message
- func (*ApiKeyUpdateResponse) Descriptor() ([]byte, []int)deprecated
- func (m *ApiKeyUpdateResponse) Equal(that interface{}) bool
- func (x *ApiKeyUpdateResponse) GetApiKeys() []*ApiKey
- func (m *ApiKeyUpdateResponse) Hash(hasher hash.Hash64) (uint64, error)
- func (*ApiKeyUpdateResponse) ProtoMessage()
- func (x *ApiKeyUpdateResponse) ProtoReflect() protoreflect.Message
- func (x *ApiKeyUpdateResponse) Reset()
- func (x *ApiKeyUpdateResponse) String() string
- type ApplyExtAuthConfig
- type AuthConfig
- func (m *AuthConfig) Clone() proto.Message
- func (o *AuthConfig) DeepCopyInto(out *AuthConfig)
- func (o *AuthConfig) DeepCopyObject() runtime.Object
- func (*AuthConfig) Descriptor() ([]byte, []int)deprecated
- func (m *AuthConfig) Equal(that interface{}) bool
- func (x *AuthConfig) GetBooleanExpr() *wrappers.StringValue
- func (x *AuthConfig) GetConfigs() []*AuthConfig_Config
- func (x *AuthConfig) GetFailOnRedirect() bool
- func (x *AuthConfig) GetMetadata() *core.Metadata
- func (x *AuthConfig) GetNamespacedStatuses() *core.NamespacedStatuses
- func (o *AuthConfig) GetObjectKind() schema.ObjectKind
- func (r *AuthConfig) GetStatus() *core.Status
- func (r *AuthConfig) GroupVersionKind() schema.GroupVersionKind
- func (m *AuthConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (r *AuthConfig) MustHash() uint64
- func (*AuthConfig) ProtoMessage()
- func (x *AuthConfig) ProtoReflect() protoreflect.Message
- func (x *AuthConfig) Reset()
- func (r *AuthConfig) SetMetadata(meta *core.Metadata)
- func (r *AuthConfig) SetNamespacedStatuses(namespacedStatuses *core.NamespacedStatuses)
- func (r *AuthConfig) SetStatus(status *core.Status)
- func (x *AuthConfig) String() string
- type AuthConfigClient
- func NewAuthConfigClient(ctx context.Context, rcFactory factory.ResourceClientFactory) (AuthConfigClient, error)
- func NewAuthConfigClientWithBase(rc clients.ResourceClient) AuthConfigClient
- func NewAuthConfigClientWithToken(ctx context.Context, rcFactory factory.ResourceClientFactory, token string) (AuthConfigClient, error)
- type AuthConfigList
- func (list AuthConfigList) AsInputResources() resources.InputResourceList
- func (list AuthConfigList) AsInterfaces() []interface{}
- func (list AuthConfigList) AsResources() resources.ResourceList
- func (list AuthConfigList) Clone() AuthConfigList
- func (list AuthConfigList) Each(f func(element *AuthConfig))
- func (list AuthConfigList) EachResource(f func(element resources.Resource))
- func (list AuthConfigList) Find(namespace, name string) (*AuthConfig, error)
- func (list AuthConfigList) Names() []string
- func (list AuthConfigList) NamespacesDotNames() []string
- func (list AuthConfigList) Sort() AuthConfigList
- type AuthConfigReconciler
- type AuthConfigWatcher
- type AuthConfig_Config
- func (m *AuthConfig_Config) Clone() proto.Message
- func (*AuthConfig_Config) Descriptor() ([]byte, []int)deprecated
- func (m *AuthConfig_Config) Equal(that interface{}) bool
- func (x *AuthConfig_Config) GetApiKeyAuth() *ApiKeyAuth
- func (m *AuthConfig_Config) GetAuthConfig() isAuthConfig_Config_AuthConfig
- func (x *AuthConfig_Config) GetBasicAuth() *BasicAuth
- func (x *AuthConfig_Config) GetHmacAuth() *HmacAuth
- func (x *AuthConfig_Config) GetJwt() *empty.Empty
- func (x *AuthConfig_Config) GetLdap() *Ldap
- func (x *AuthConfig_Config) GetName() *wrappers.StringValue
- func (x *AuthConfig_Config) GetOauth() *OAuthdeprecated
- func (x *AuthConfig_Config) GetOauth2() *OAuth2
- func (x *AuthConfig_Config) GetOpaAuth() *OpaAuth
- func (x *AuthConfig_Config) GetPassThroughAuth() *PassThroughAuth
- func (x *AuthConfig_Config) GetPluginAuth() *AuthPlugin
- func (m *AuthConfig_Config) Hash(hasher hash.Hash64) (uint64, error)
- func (*AuthConfig_Config) ProtoMessage()
- func (x *AuthConfig_Config) ProtoReflect() protoreflect.Message
- func (x *AuthConfig_Config) Reset()
- func (x *AuthConfig_Config) String() string
- type AuthConfig_Config_ApiKeyAuth
- type AuthConfig_Config_BasicAuth
- type AuthConfig_Config_HmacAuth
- type AuthConfig_Config_Jwt
- type AuthConfig_Config_Ldap
- type AuthConfig_Config_Oauth
- type AuthConfig_Config_Oauth2
- type AuthConfig_Config_OpaAuth
- type AuthConfig_Config_PassThroughAuth
- type AuthConfig_Config_PluginAuth
- type AuthPlugin
- func (m *AuthPlugin) Clone() proto.Message
- func (*AuthPlugin) Descriptor() ([]byte, []int)deprecated
- func (m *AuthPlugin) Equal(that interface{}) bool
- func (x *AuthPlugin) GetConfig() *_struct.Struct
- func (x *AuthPlugin) GetExportedSymbolName() string
- func (x *AuthPlugin) GetName() string
- func (x *AuthPlugin) GetPluginFileName() string
- func (m *AuthPlugin) Hash(hasher hash.Hash64) (uint64, error)
- func (*AuthPlugin) ProtoMessage()
- func (x *AuthPlugin) ProtoReflect() protoreflect.Message
- func (x *AuthPlugin) Reset()
- func (x *AuthPlugin) String() string
- type AutoMapFromMetadata
- func (m *AutoMapFromMetadata) Clone() proto.Message
- func (*AutoMapFromMetadata) Descriptor() ([]byte, []int)deprecated
- func (m *AutoMapFromMetadata) Equal(that interface{}) bool
- func (x *AutoMapFromMetadata) GetNamespace() string
- func (m *AutoMapFromMetadata) Hash(hasher hash.Hash64) (uint64, error)
- func (*AutoMapFromMetadata) ProtoMessage()
- func (x *AutoMapFromMetadata) ProtoReflect() protoreflect.Message
- func (x *AutoMapFromMetadata) Reset()
- func (x *AutoMapFromMetadata) String() string
- type BasicAuth
- func (m *BasicAuth) Clone() proto.Message
- func (*BasicAuth) Descriptor() ([]byte, []int)deprecated
- func (m *BasicAuth) Equal(that interface{}) bool
- func (x *BasicAuth) GetApr() *BasicAuth_Apr
- func (x *BasicAuth) GetRealm() string
- func (m *BasicAuth) Hash(hasher hash.Hash64) (uint64, error)
- func (*BasicAuth) ProtoMessage()
- func (x *BasicAuth) ProtoReflect() protoreflect.Message
- func (x *BasicAuth) Reset()
- func (x *BasicAuth) String() string
- type BasicAuth_Apr
- func (m *BasicAuth_Apr) Clone() proto.Message
- func (*BasicAuth_Apr) Descriptor() ([]byte, []int)deprecated
- func (m *BasicAuth_Apr) Equal(that interface{}) bool
- func (x *BasicAuth_Apr) GetUsers() map[string]*BasicAuth_Apr_SaltedHashedPassword
- func (m *BasicAuth_Apr) Hash(hasher hash.Hash64) (uint64, error)
- func (*BasicAuth_Apr) ProtoMessage()
- func (x *BasicAuth_Apr) ProtoReflect() protoreflect.Message
- func (x *BasicAuth_Apr) Reset()
- func (x *BasicAuth_Apr) String() string
- type BasicAuth_Apr_SaltedHashedPassword
- func (m *BasicAuth_Apr_SaltedHashedPassword) Clone() proto.Message
- func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor() ([]byte, []int)deprecated
- func (m *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool
- func (x *BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword() string
- func (x *BasicAuth_Apr_SaltedHashedPassword) GetSalt() string
- func (m *BasicAuth_Apr_SaltedHashedPassword) Hash(hasher hash.Hash64) (uint64, error)
- func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage()
- func (x *BasicAuth_Apr_SaltedHashedPassword) ProtoReflect() protoreflect.Message
- func (x *BasicAuth_Apr_SaltedHashedPassword) Reset()
- func (x *BasicAuth_Apr_SaltedHashedPassword) String() string
- type BufferSettings
- func (m *BufferSettings) Clone() proto.Message
- func (*BufferSettings) Descriptor() ([]byte, []int)deprecated
- func (m *BufferSettings) Equal(that interface{}) bool
- func (x *BufferSettings) GetAllowPartialMessage() bool
- func (x *BufferSettings) GetMaxRequestBytes() uint32
- func (x *BufferSettings) GetPackAsBytes() bool
- func (m *BufferSettings) Hash(hasher hash.Hash64) (uint64, error)
- func (*BufferSettings) ProtoMessage()
- func (x *BufferSettings) ProtoReflect() protoreflect.Message
- func (x *BufferSettings) Reset()
- func (x *BufferSettings) String() string
- type ClaimToHeader
- func (m *ClaimToHeader) Clone() proto.Message
- func (*ClaimToHeader) Descriptor() ([]byte, []int)deprecated
- func (m *ClaimToHeader) Equal(that interface{}) bool
- func (x *ClaimToHeader) GetAppend() bool
- func (x *ClaimToHeader) GetClaim() string
- func (x *ClaimToHeader) GetHeader() string
- func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)
- func (*ClaimToHeader) ProtoMessage()
- func (x *ClaimToHeader) ProtoReflect() protoreflect.Message
- func (x *ClaimToHeader) Reset()
- func (x *ClaimToHeader) String() string
- type CustomAuth
- func (m *CustomAuth) Clone() proto.Message
- func (*CustomAuth) Descriptor() ([]byte, []int)deprecated
- func (m *CustomAuth) Equal(that interface{}) bool
- func (x *CustomAuth) GetContextExtensions() map[string]string
- func (x *CustomAuth) GetName() string
- func (m *CustomAuth) Hash(hasher hash.Hash64) (uint64, error)
- func (*CustomAuth) ProtoMessage()
- func (x *CustomAuth) ProtoReflect() protoreflect.Message
- func (x *CustomAuth) Reset()
- func (x *CustomAuth) String() string
- type DiscoveryOverride
- func (m *DiscoveryOverride) Clone() proto.Message
- func (*DiscoveryOverride) Descriptor() ([]byte, []int)deprecated
- func (m *DiscoveryOverride) Equal(that interface{}) bool
- func (x *DiscoveryOverride) GetAuthEndpoint() string
- func (x *DiscoveryOverride) GetAuthMethods() []string
- func (x *DiscoveryOverride) GetClaims() []string
- func (x *DiscoveryOverride) GetEndSessionEndpoint() string
- func (x *DiscoveryOverride) GetIdTokenAlgs() []string
- func (x *DiscoveryOverride) GetJwksUri() string
- func (x *DiscoveryOverride) GetResponseTypes() []string
- func (x *DiscoveryOverride) GetRevocationEndpoint() string
- func (x *DiscoveryOverride) GetScopes() []string
- func (x *DiscoveryOverride) GetSubjects() []string
- func (x *DiscoveryOverride) GetTokenEndpoint() string
- func (m *DiscoveryOverride) Hash(hasher hash.Hash64) (uint64, error)
- func (*DiscoveryOverride) ProtoMessage()
- func (x *DiscoveryOverride) ProtoReflect() protoreflect.Message
- func (x *DiscoveryOverride) Reset()
- func (x *DiscoveryOverride) String() string
- type EndSessionProperties
- func (m *EndSessionProperties) Clone() proto.Message
- func (*EndSessionProperties) Descriptor() ([]byte, []int)deprecated
- func (m *EndSessionProperties) Equal(that interface{}) bool
- func (x *EndSessionProperties) GetMethodType() EndSessionProperties_MethodType
- func (m *EndSessionProperties) Hash(hasher hash.Hash64) (uint64, error)
- func (*EndSessionProperties) ProtoMessage()
- func (x *EndSessionProperties) ProtoReflect() protoreflect.Message
- func (x *EndSessionProperties) Reset()
- func (x *EndSessionProperties) String() string
- type EndSessionProperties_MethodType
- func (EndSessionProperties_MethodType) Descriptor() protoreflect.EnumDescriptor
- func (x EndSessionProperties_MethodType) Enum() *EndSessionProperties_MethodType
- func (EndSessionProperties_MethodType) EnumDescriptor() ([]byte, []int)deprecated
- func (x EndSessionProperties_MethodType) Number() protoreflect.EnumNumber
- func (x EndSessionProperties_MethodType) String() string
- func (EndSessionProperties_MethodType) Type() protoreflect.EnumType
- type EnterpriseEmitter
- type EnterpriseSimpleEmitter
- type EnterpriseSnapshot
- func (s EnterpriseSnapshot) Clone() EnterpriseSnapshot
- func (s *EnterpriseSnapshot) GetResourcesList(resource resources.Resource) (resources.ResourceList, error)
- func (s EnterpriseSnapshot) Hash(hasher hash.Hash64) (uint64, error)
- func (s EnterpriseSnapshot) HashFields() []zap.Field
- func (s *EnterpriseSnapshot) RemoveFromResourceList(resource resources.Resource) error
- func (s EnterpriseSnapshot) Stringer() EnterpriseSnapshotStringer
- func (s *EnterpriseSnapshot) UpsertToResourceList(resource resources.Resource) error
- type EnterpriseSnapshotEmitter
- type EnterpriseSnapshotStringer
- type EnterpriseSyncDeciderdeprecated
- type EnterpriseSyncDeciderWithContext
- type EnterpriseSyncer
- type EnterpriseSyncers
- type ExtAuthConfig
- func (m *ExtAuthConfig) Clone() proto.Message
- func (*ExtAuthConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig) GetAuthConfigRefName() string
- func (x *ExtAuthConfig) GetBooleanExpr() *wrappers.StringValue
- func (x *ExtAuthConfig) GetConfigs() []*ExtAuthConfig_Config
- func (x *ExtAuthConfig) GetFailOnRedirect() bool
- func (m *ExtAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig) ProtoMessage()
- func (x *ExtAuthConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig) Reset()
- func (x *ExtAuthConfig) String() string
- type ExtAuthConfigXdsResourceWrapper
- type ExtAuthConfig_AccessTokenValidationConfig
- func (m *ExtAuthConfig_AccessTokenValidationConfig) Clone() proto.Message
- func (*ExtAuthConfig_AccessTokenValidationConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_AccessTokenValidationConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_AccessTokenValidationConfig) GetCacheTimeout() *duration.Duration
- func (x *ExtAuthConfig_AccessTokenValidationConfig) GetIntrospection() *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation
- func (x *ExtAuthConfig_AccessTokenValidationConfig) GetIntrospectionUrl() stringdeprecated
- func (x *ExtAuthConfig_AccessTokenValidationConfig) GetJwt() *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation
- func (x *ExtAuthConfig_AccessTokenValidationConfig) GetRequiredScopes() *ExtAuthConfig_AccessTokenValidationConfig_ScopeList
- func (m *ExtAuthConfig_AccessTokenValidationConfig) GetScopeValidation() isExtAuthConfig_AccessTokenValidationConfig_ScopeValidation
- func (x *ExtAuthConfig_AccessTokenValidationConfig) GetUserinfoUrl() string
- func (m *ExtAuthConfig_AccessTokenValidationConfig) GetValidationType() isExtAuthConfig_AccessTokenValidationConfig_ValidationType
- func (m *ExtAuthConfig_AccessTokenValidationConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_AccessTokenValidationConfig) ProtoMessage()
- func (x *ExtAuthConfig_AccessTokenValidationConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_AccessTokenValidationConfig) Reset()
- func (x *ExtAuthConfig_AccessTokenValidationConfig) String() string
- type ExtAuthConfig_AccessTokenValidationConfig_Introspection
- type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionUrl
- type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation
- func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Clone() proto.Message
- func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Equal(that interface{}) bool
- func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientId() string
- func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientSecret() string
- func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetIntrospectionUrl() string
- func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetUserIdAttributeName() string
- func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoMessage()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Reset()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) String() string
- type ExtAuthConfig_AccessTokenValidationConfig_Jwt
- type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Clone() proto.Message
- func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Equal(that interface{}) bool
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetIssuer() string
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetJwksSourceSpecifier() isExtAuthConfig_AccessTokenValidationConfig_JwtValidation_JwksSourceSpecifier
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetLocalJwks() *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetRemoteJwks() *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoMessage()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Reset()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) String() string
- type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Clone() proto.Message
- func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Equal(that interface{}) bool
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) GetInlineString() string
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoMessage()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Reset()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) String() string
- type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks_
- type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Clone() proto.Message
- func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Equal(that interface{}) bool
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetRefreshInterval() *duration.Duration
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetUrl() string
- func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoMessage()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Reset()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) String() string
- type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks_
- type ExtAuthConfig_AccessTokenValidationConfig_RequiredScopes
- type ExtAuthConfig_AccessTokenValidationConfig_ScopeList
- func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Clone() proto.Message
- func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Equal(that interface{}) bool
- func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) GetScope() []string
- func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoMessage()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Reset()
- func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) String() string
- type ExtAuthConfig_ApiKeyAuthConfig
- func (m *ExtAuthConfig_ApiKeyAuthConfig) Clone() proto.Message
- func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_ApiKeyAuthConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_ApiKeyAuthConfig) GetAerospikeApikeyStorage() *AerospikeApiKeyStorage
- func (x *ExtAuthConfig_ApiKeyAuthConfig) GetHeaderName() string
- func (x *ExtAuthConfig_ApiKeyAuthConfig) GetHeadersFromKeyMetadata() map[string]string
- func (x *ExtAuthConfig_ApiKeyAuthConfig) GetK8SSecretApikeyStorage() *K8SSecretApiKeyStorage
- func (m *ExtAuthConfig_ApiKeyAuthConfig) GetStorageBackend() isExtAuthConfig_ApiKeyAuthConfig_StorageBackend
- func (x *ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeys() map[string]*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata
- func (m *ExtAuthConfig_ApiKeyAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage()
- func (x *ExtAuthConfig_ApiKeyAuthConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_ApiKeyAuthConfig) Reset()
- func (x *ExtAuthConfig_ApiKeyAuthConfig) String() string
- type ExtAuthConfig_ApiKeyAuthConfig_AerospikeApikeyStorage
- type ExtAuthConfig_ApiKeyAuthConfig_K8SSecretApikeyStorage
- type ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata
- func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Clone() proto.Message
- func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Equal(that interface{}) bool
- func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetMetadata() map[string]string
- func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetUsername() string
- func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoMessage()
- func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Reset()
- func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) String() string
- type ExtAuthConfig_Config
- func (m *ExtAuthConfig_Config) Clone() proto.Message
- func (*ExtAuthConfig_Config) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_Config) Equal(that interface{}) bool
- func (x *ExtAuthConfig_Config) GetApiKeyAuth() *ExtAuthConfig_ApiKeyAuthConfig
- func (m *ExtAuthConfig_Config) GetAuthConfig() isExtAuthConfig_Config_AuthConfig
- func (x *ExtAuthConfig_Config) GetBasicAuth() *BasicAuth
- func (x *ExtAuthConfig_Config) GetHmacAuth() *ExtAuthConfig_HmacAuthConfig
- func (x *ExtAuthConfig_Config) GetJwt() *empty.Empty
- func (x *ExtAuthConfig_Config) GetLdap() *Ldapdeprecated
- func (x *ExtAuthConfig_Config) GetLdapInternal() *ExtAuthConfig_LdapConfig
- func (x *ExtAuthConfig_Config) GetName() *wrappers.StringValue
- func (x *ExtAuthConfig_Config) GetOauth() *ExtAuthConfig_OAuthConfigdeprecated
- func (x *ExtAuthConfig_Config) GetOauth2() *ExtAuthConfig_OAuth2Config
- func (x *ExtAuthConfig_Config) GetOpaAuth() *ExtAuthConfig_OpaAuthConfig
- func (x *ExtAuthConfig_Config) GetPassThroughAuth() *PassThroughAuth
- func (x *ExtAuthConfig_Config) GetPluginAuth() *AuthPlugin
- func (m *ExtAuthConfig_Config) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_Config) ProtoMessage()
- func (x *ExtAuthConfig_Config) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_Config) Reset()
- func (x *ExtAuthConfig_Config) String() string
- type ExtAuthConfig_Config_ApiKeyAuth
- type ExtAuthConfig_Config_BasicAuth
- type ExtAuthConfig_Config_HmacAuth
- type ExtAuthConfig_Config_Jwt
- type ExtAuthConfig_Config_Ldap
- type ExtAuthConfig_Config_LdapInternal
- type ExtAuthConfig_Config_Oauth
- type ExtAuthConfig_Config_Oauth2
- type ExtAuthConfig_Config_OpaAuth
- type ExtAuthConfig_Config_PassThroughAuth
- type ExtAuthConfig_Config_PluginAuth
- type ExtAuthConfig_HmacAuthConfig
- func (m *ExtAuthConfig_HmacAuthConfig) Clone() proto.Message
- func (*ExtAuthConfig_HmacAuthConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_HmacAuthConfig) Equal(that interface{}) bool
- func (m *ExtAuthConfig_HmacAuthConfig) GetImplementationType() isExtAuthConfig_HmacAuthConfig_ImplementationType
- func (x *ExtAuthConfig_HmacAuthConfig) GetParametersInHeaders() *HmacParametersInHeaders
- func (x *ExtAuthConfig_HmacAuthConfig) GetSecretList() *ExtAuthConfig_InMemorySecretList
- func (m *ExtAuthConfig_HmacAuthConfig) GetSecretStorage() isExtAuthConfig_HmacAuthConfig_SecretStorage
- func (m *ExtAuthConfig_HmacAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_HmacAuthConfig) ProtoMessage()
- func (x *ExtAuthConfig_HmacAuthConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_HmacAuthConfig) Reset()
- func (x *ExtAuthConfig_HmacAuthConfig) String() string
- type ExtAuthConfig_HmacAuthConfig_ParametersInHeaders
- type ExtAuthConfig_HmacAuthConfig_SecretList
- type ExtAuthConfig_InMemorySecretList
- func (m *ExtAuthConfig_InMemorySecretList) Clone() proto.Message
- func (*ExtAuthConfig_InMemorySecretList) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_InMemorySecretList) Equal(that interface{}) bool
- func (x *ExtAuthConfig_InMemorySecretList) GetSecretList() map[string]string
- func (m *ExtAuthConfig_InMemorySecretList) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_InMemorySecretList) ProtoMessage()
- func (x *ExtAuthConfig_InMemorySecretList) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_InMemorySecretList) Reset()
- func (x *ExtAuthConfig_InMemorySecretList) String() string
- type ExtAuthConfig_LdapConfig
- func (m *ExtAuthConfig_LdapConfig) Clone() proto.Message
- func (*ExtAuthConfig_LdapConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_LdapConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_LdapConfig) GetAddress() string
- func (x *ExtAuthConfig_LdapConfig) GetAllowedGroups() []string
- func (x *ExtAuthConfig_LdapConfig) GetDisableGroupChecking() bool
- func (x *ExtAuthConfig_LdapConfig) GetGroupLookupSettings() *ExtAuthConfig_LdapServiceAccountConfig
- func (x *ExtAuthConfig_LdapConfig) GetMembershipAttributeName() string
- func (x *ExtAuthConfig_LdapConfig) GetPool() *Ldap_ConnectionPool
- func (x *ExtAuthConfig_LdapConfig) GetSearchFilter() string
- func (x *ExtAuthConfig_LdapConfig) GetUserDnTemplate() string
- func (m *ExtAuthConfig_LdapConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_LdapConfig) ProtoMessage()
- func (x *ExtAuthConfig_LdapConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_LdapConfig) Reset()
- func (x *ExtAuthConfig_LdapConfig) String() string
- type ExtAuthConfig_LdapServiceAccountConfig
- func (m *ExtAuthConfig_LdapServiceAccountConfig) Clone() proto.Message
- func (*ExtAuthConfig_LdapServiceAccountConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_LdapServiceAccountConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_LdapServiceAccountConfig) GetCheckGroupsWithServiceAccount() bool
- func (x *ExtAuthConfig_LdapServiceAccountConfig) GetPassword() string
- func (x *ExtAuthConfig_LdapServiceAccountConfig) GetUsername() string
- func (m *ExtAuthConfig_LdapServiceAccountConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_LdapServiceAccountConfig) ProtoMessage()
- func (x *ExtAuthConfig_LdapServiceAccountConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_LdapServiceAccountConfig) Reset()
- func (x *ExtAuthConfig_LdapServiceAccountConfig) String() string
- type ExtAuthConfig_OAuth2Config
- func (m *ExtAuthConfig_OAuth2Config) Clone() proto.Message
- func (*ExtAuthConfig_OAuth2Config) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_OAuth2Config) Equal(that interface{}) bool
- func (x *ExtAuthConfig_OAuth2Config) GetAccessTokenValidationConfig() *ExtAuthConfig_AccessTokenValidationConfig
- func (x *ExtAuthConfig_OAuth2Config) GetOauth2Config() *ExtAuthConfig_PlainOAuth2Config
- func (m *ExtAuthConfig_OAuth2Config) GetOauthType() isExtAuthConfig_OAuth2Config_OauthType
- func (x *ExtAuthConfig_OAuth2Config) GetOidcAuthorizationCode() *ExtAuthConfig_OidcAuthorizationCodeConfig
- func (m *ExtAuthConfig_OAuth2Config) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_OAuth2Config) ProtoMessage()
- func (x *ExtAuthConfig_OAuth2Config) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_OAuth2Config) Reset()
- func (x *ExtAuthConfig_OAuth2Config) String() string
- type ExtAuthConfig_OAuth2Config_AccessTokenValidationConfig
- type ExtAuthConfig_OAuth2Config_Oauth2Config
- type ExtAuthConfig_OAuth2Config_OidcAuthorizationCode
- type ExtAuthConfig_OAuthConfig
- func (m *ExtAuthConfig_OAuthConfig) Clone() proto.Message
- func (*ExtAuthConfig_OAuthConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_OAuthConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_OAuthConfig) GetAppUrl() stringdeprecated
- func (x *ExtAuthConfig_OAuthConfig) GetAuthEndpointQueryParams() map[string]stringdeprecated
- func (x *ExtAuthConfig_OAuthConfig) GetCallbackPath() stringdeprecated
- func (x *ExtAuthConfig_OAuthConfig) GetClientId() stringdeprecated
- func (x *ExtAuthConfig_OAuthConfig) GetClientSecret() stringdeprecated
- func (x *ExtAuthConfig_OAuthConfig) GetIssuerUrl() stringdeprecated
- func (x *ExtAuthConfig_OAuthConfig) GetScopes() []stringdeprecated
- func (m *ExtAuthConfig_OAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_OAuthConfig) ProtoMessage()
- func (x *ExtAuthConfig_OAuthConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_OAuthConfig) Reset()
- func (x *ExtAuthConfig_OAuthConfig) String() string
- type ExtAuthConfig_OidcAuthorizationCodeConfig
- func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Clone() proto.Message
- func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAfterLogoutUrl() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAppUrl() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAuthEndpointQueryParams() map[string]string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAutoMapFromMetadata() *AutoMapFromMetadata
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetCallbackPath() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientId() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientSecret() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryOverride() *DiscoveryOverride
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryPollInterval() *duration.Duration
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetEndSessionProperties() *EndSessionProperties
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetHeaders() *HeaderConfiguration
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetIssuerUrl() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetJwksCacheRefreshPolicy() *JwksOnDemandCacheRefreshPolicy
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetLogoutPath() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetParseCallbackPathAsRegex() bool
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetScopes() []string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetSession() *UserSessiondeprecated
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetSessionIdHeaderName() string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetTokenEndpointQueryParams() map[string]string
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetUserSession() *ExtAuthConfig_UserSessionConfig
- func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoMessage()
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) Reset()
- func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) String() string
- type ExtAuthConfig_OpaAuthConfig
- func (m *ExtAuthConfig_OpaAuthConfig) Clone() proto.Message
- func (*ExtAuthConfig_OpaAuthConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_OpaAuthConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_OpaAuthConfig) GetModules() map[string]string
- func (x *ExtAuthConfig_OpaAuthConfig) GetOptions() *OpaAuthOptions
- func (x *ExtAuthConfig_OpaAuthConfig) GetQuery() string
- func (m *ExtAuthConfig_OpaAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage()
- func (x *ExtAuthConfig_OpaAuthConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_OpaAuthConfig) Reset()
- func (x *ExtAuthConfig_OpaAuthConfig) String() string
- type ExtAuthConfig_PlainOAuth2Config
- func (m *ExtAuthConfig_PlainOAuth2Config) Clone() proto.Message
- func (*ExtAuthConfig_PlainOAuth2Config) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_PlainOAuth2Config) Equal(that interface{}) bool
- func (x *ExtAuthConfig_PlainOAuth2Config) GetAfterLogoutUrl() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetAppUrl() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetAuthEndpoint() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetAuthEndpointQueryParams() map[string]string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetCallbackPath() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetClientId() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetClientSecret() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetLogoutPath() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetRevocationEndpoint() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetScopes() []string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetSession() *UserSessiondeprecated
- func (x *ExtAuthConfig_PlainOAuth2Config) GetTokenEndpoint() string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetTokenEndpointQueryParams() map[string]string
- func (x *ExtAuthConfig_PlainOAuth2Config) GetUserSession() *ExtAuthConfig_UserSessionConfig
- func (m *ExtAuthConfig_PlainOAuth2Config) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_PlainOAuth2Config) ProtoMessage()
- func (x *ExtAuthConfig_PlainOAuth2Config) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_PlainOAuth2Config) Reset()
- func (x *ExtAuthConfig_PlainOAuth2Config) String() string
- type ExtAuthConfig_UserSessionConfig
- func (m *ExtAuthConfig_UserSessionConfig) Clone() proto.Message
- func (*ExtAuthConfig_UserSessionConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_UserSessionConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_UserSessionConfig) GetCipherConfig() *ExtAuthConfig_UserSessionConfig_CipherConfig
- func (x *ExtAuthConfig_UserSessionConfig) GetCookie() *UserSession_InternalSession
- func (x *ExtAuthConfig_UserSessionConfig) GetCookieOptions() *UserSession_CookieOptions
- func (x *ExtAuthConfig_UserSessionConfig) GetFailOnFetchFailure() bool
- func (x *ExtAuthConfig_UserSessionConfig) GetRedis() *UserSession_RedisSession
- func (m *ExtAuthConfig_UserSessionConfig) GetSession() isExtAuthConfig_UserSessionConfig_Session
- func (m *ExtAuthConfig_UserSessionConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_UserSessionConfig) ProtoMessage()
- func (x *ExtAuthConfig_UserSessionConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_UserSessionConfig) Reset()
- func (x *ExtAuthConfig_UserSessionConfig) String() string
- type ExtAuthConfig_UserSessionConfig_CipherConfig
- func (m *ExtAuthConfig_UserSessionConfig_CipherConfig) Clone() proto.Message
- func (*ExtAuthConfig_UserSessionConfig_CipherConfig) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthConfig_UserSessionConfig_CipherConfig) Equal(that interface{}) bool
- func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) GetKey() string
- func (m *ExtAuthConfig_UserSessionConfig_CipherConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthConfig_UserSessionConfig_CipherConfig) ProtoMessage()
- func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) ProtoReflect() protoreflect.Message
- func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) Reset()
- func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) String() string
- type ExtAuthConfig_UserSessionConfig_Cookie
- type ExtAuthConfig_UserSessionConfig_Redis
- type ExtAuthDiscoveryServiceClient
- type ExtAuthDiscoveryServiceServer
- type ExtAuthDiscoveryService_DeltaExtAuthConfigClient
- type ExtAuthDiscoveryService_DeltaExtAuthConfigServer
- type ExtAuthDiscoveryService_StreamExtAuthConfigClient
- type ExtAuthDiscoveryService_StreamExtAuthConfigServer
- type ExtAuthExtension
- func (m *ExtAuthExtension) Clone() proto.Message
- func (*ExtAuthExtension) Descriptor() ([]byte, []int)deprecated
- func (m *ExtAuthExtension) Equal(that interface{}) bool
- func (x *ExtAuthExtension) GetConfigRef() *core.ResourceRef
- func (x *ExtAuthExtension) GetCustomAuth() *CustomAuth
- func (x *ExtAuthExtension) GetDisable() bool
- func (m *ExtAuthExtension) GetSpec() isExtAuthExtension_Spec
- func (m *ExtAuthExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtAuthExtension) ProtoMessage()
- func (x *ExtAuthExtension) ProtoReflect() protoreflect.Message
- func (x *ExtAuthExtension) Reset()
- func (x *ExtAuthExtension) String() string
- type ExtAuthExtension_ConfigRef
- type ExtAuthExtension_CustomAuth
- type ExtAuthExtension_Disable
- type GrpcService
- func (m *GrpcService) Clone() proto.Message
- func (*GrpcService) Descriptor() ([]byte, []int)deprecated
- func (m *GrpcService) Equal(that interface{}) bool
- func (x *GrpcService) GetAuthority() string
- func (m *GrpcService) Hash(hasher hash.Hash64) (uint64, error)
- func (*GrpcService) ProtoMessage()
- func (x *GrpcService) ProtoReflect() protoreflect.Message
- func (x *GrpcService) Reset()
- func (x *GrpcService) String() string
- type HeaderConfiguration
- func (m *HeaderConfiguration) Clone() proto.Message
- func (*HeaderConfiguration) Descriptor() ([]byte, []int)deprecated
- func (m *HeaderConfiguration) Equal(that interface{}) bool
- func (x *HeaderConfiguration) GetAccessTokenHeader() string
- func (x *HeaderConfiguration) GetIdTokenHeader() string
- func (x *HeaderConfiguration) GetUseBearerSchemaForAuthorization() *wrappers.BoolValue
- func (m *HeaderConfiguration) Hash(hasher hash.Hash64) (uint64, error)
- func (*HeaderConfiguration) ProtoMessage()
- func (x *HeaderConfiguration) ProtoReflect() protoreflect.Message
- func (x *HeaderConfiguration) Reset()
- func (x *HeaderConfiguration) String() string
- type HmacAuth
- func (m *HmacAuth) Clone() proto.Message
- func (*HmacAuth) Descriptor() ([]byte, []int)deprecated
- func (m *HmacAuth) Equal(that interface{}) bool
- func (m *HmacAuth) GetImplementationType() isHmacAuth_ImplementationType
- func (x *HmacAuth) GetParametersInHeaders() *HmacParametersInHeaders
- func (x *HmacAuth) GetSecretRefs() *SecretRefList
- func (m *HmacAuth) GetSecretStorage() isHmacAuth_SecretStorage
- func (m *HmacAuth) Hash(hasher hash.Hash64) (uint64, error)
- func (*HmacAuth) ProtoMessage()
- func (x *HmacAuth) ProtoReflect() protoreflect.Message
- func (x *HmacAuth) Reset()
- func (x *HmacAuth) String() string
- type HmacAuth_ParametersInHeaders
- type HmacAuth_SecretRefs
- type HmacParametersInHeaders
- func (m *HmacParametersInHeaders) Clone() proto.Message
- func (*HmacParametersInHeaders) Descriptor() ([]byte, []int)deprecated
- func (m *HmacParametersInHeaders) Equal(that interface{}) bool
- func (m *HmacParametersInHeaders) Hash(hasher hash.Hash64) (uint64, error)
- func (*HmacParametersInHeaders) ProtoMessage()
- func (x *HmacParametersInHeaders) ProtoReflect() protoreflect.Message
- func (x *HmacParametersInHeaders) Reset()
- func (x *HmacParametersInHeaders) String() string
- type HttpService
- func (m *HttpService) Clone() proto.Message
- func (*HttpService) Descriptor() ([]byte, []int)deprecated
- func (m *HttpService) Equal(that interface{}) bool
- func (x *HttpService) GetPathPrefix() string
- func (x *HttpService) GetRequest() *HttpService_Request
- func (x *HttpService) GetResponse() *HttpService_Response
- func (m *HttpService) Hash(hasher hash.Hash64) (uint64, error)
- func (*HttpService) ProtoMessage()
- func (x *HttpService) ProtoReflect() protoreflect.Message
- func (x *HttpService) Reset()
- func (x *HttpService) String() string
- type HttpService_Request
- func (m *HttpService_Request) Clone() proto.Message
- func (*HttpService_Request) Descriptor() ([]byte, []int)deprecated
- func (m *HttpService_Request) Equal(that interface{}) bool
- func (x *HttpService_Request) GetAllowedHeaders() []string
- func (x *HttpService_Request) GetAllowedHeadersRegex() []string
- func (x *HttpService_Request) GetHeadersToAdd() map[string]string
- func (m *HttpService_Request) Hash(hasher hash.Hash64) (uint64, error)
- func (*HttpService_Request) ProtoMessage()
- func (x *HttpService_Request) ProtoReflect() protoreflect.Message
- func (x *HttpService_Request) Reset()
- func (x *HttpService_Request) String() string
- type HttpService_Response
- func (m *HttpService_Response) Clone() proto.Message
- func (*HttpService_Response) Descriptor() ([]byte, []int)deprecated
- func (m *HttpService_Response) Equal(that interface{}) bool
- func (x *HttpService_Response) GetAllowedClientHeaders() []string
- func (x *HttpService_Response) GetAllowedUpstreamHeaders() []string
- func (x *HttpService_Response) GetAllowedUpstreamHeadersToAppend() []string
- func (m *HttpService_Response) Hash(hasher hash.Hash64) (uint64, error)
- func (*HttpService_Response) ProtoMessage()
- func (x *HttpService_Response) ProtoReflect() protoreflect.Message
- func (x *HttpService_Response) Reset()
- func (x *HttpService_Response) String() string
- type IntrospectionValidation
- func (m *IntrospectionValidation) Clone() proto.Message
- func (*IntrospectionValidation) Descriptor() ([]byte, []int)deprecated
- func (m *IntrospectionValidation) Equal(that interface{}) bool
- func (x *IntrospectionValidation) GetClientId() string
- func (x *IntrospectionValidation) GetClientSecretRef() *core.ResourceRef
- func (x *IntrospectionValidation) GetDisableClientSecret() *wrappers.BoolValue
- func (x *IntrospectionValidation) GetIntrospectionUrl() string
- func (x *IntrospectionValidation) GetUserIdAttributeName() string
- func (m *IntrospectionValidation) Hash(hasher hash.Hash64) (uint64, error)
- func (*IntrospectionValidation) ProtoMessage()
- func (x *IntrospectionValidation) ProtoReflect() protoreflect.Message
- func (x *IntrospectionValidation) Reset()
- func (x *IntrospectionValidation) String() string
- type JwksOnDemandCacheRefreshPolicy
- func (m *JwksOnDemandCacheRefreshPolicy) Clone() proto.Message
- func (*JwksOnDemandCacheRefreshPolicy) Descriptor() ([]byte, []int)deprecated
- func (m *JwksOnDemandCacheRefreshPolicy) Equal(that interface{}) bool
- func (x *JwksOnDemandCacheRefreshPolicy) GetAlways() *empty.Empty
- func (x *JwksOnDemandCacheRefreshPolicy) GetMaxIdpReqPerPollingInterval() uint32
- func (x *JwksOnDemandCacheRefreshPolicy) GetNever() *empty.Empty
- func (m *JwksOnDemandCacheRefreshPolicy) GetPolicy() isJwksOnDemandCacheRefreshPolicy_Policy
- func (m *JwksOnDemandCacheRefreshPolicy) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwksOnDemandCacheRefreshPolicy) ProtoMessage()
- func (x *JwksOnDemandCacheRefreshPolicy) ProtoReflect() protoreflect.Message
- func (x *JwksOnDemandCacheRefreshPolicy) Reset()
- func (x *JwksOnDemandCacheRefreshPolicy) String() string
- type JwksOnDemandCacheRefreshPolicy_Always
- type JwksOnDemandCacheRefreshPolicy_MaxIdpReqPerPollingInterval
- type JwksOnDemandCacheRefreshPolicy_Never
- type JwtValidation
- func (m *JwtValidation) Clone() proto.Message
- func (*JwtValidation) Descriptor() ([]byte, []int)deprecated
- func (m *JwtValidation) Equal(that interface{}) bool
- func (x *JwtValidation) GetIssuer() string
- func (m *JwtValidation) GetJwksSourceSpecifier() isJwtValidation_JwksSourceSpecifier
- func (x *JwtValidation) GetLocalJwks() *JwtValidation_LocalJwks
- func (x *JwtValidation) GetRemoteJwks() *JwtValidation_RemoteJwks
- func (m *JwtValidation) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtValidation) ProtoMessage()
- func (x *JwtValidation) ProtoReflect() protoreflect.Message
- func (x *JwtValidation) Reset()
- func (x *JwtValidation) String() string
- type JwtValidation_LocalJwks
- func (m *JwtValidation_LocalJwks) Clone() proto.Message
- func (*JwtValidation_LocalJwks) Descriptor() ([]byte, []int)deprecated
- func (m *JwtValidation_LocalJwks) Equal(that interface{}) bool
- func (x *JwtValidation_LocalJwks) GetInlineString() string
- func (m *JwtValidation_LocalJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtValidation_LocalJwks) ProtoMessage()
- func (x *JwtValidation_LocalJwks) ProtoReflect() protoreflect.Message
- func (x *JwtValidation_LocalJwks) Reset()
- func (x *JwtValidation_LocalJwks) String() string
- type JwtValidation_LocalJwks_
- type JwtValidation_RemoteJwks
- func (m *JwtValidation_RemoteJwks) Clone() proto.Message
- func (*JwtValidation_RemoteJwks) Descriptor() ([]byte, []int)deprecated
- func (m *JwtValidation_RemoteJwks) Equal(that interface{}) bool
- func (x *JwtValidation_RemoteJwks) GetRefreshInterval() *duration.Duration
- func (x *JwtValidation_RemoteJwks) GetUrl() string
- func (m *JwtValidation_RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtValidation_RemoteJwks) ProtoMessage()
- func (x *JwtValidation_RemoteJwks) ProtoReflect() protoreflect.Message
- func (x *JwtValidation_RemoteJwks) Reset()
- func (x *JwtValidation_RemoteJwks) String() string
- type JwtValidation_RemoteJwks_
- type K8SSecretApiKeyStorage
- func (m *K8SSecretApiKeyStorage) Clone() proto.Message
- func (*K8SSecretApiKeyStorage) Descriptor() ([]byte, []int)deprecated
- func (m *K8SSecretApiKeyStorage) Equal(that interface{}) bool
- func (x *K8SSecretApiKeyStorage) GetApiKeySecretRefs() []*core.ResourceRef
- func (x *K8SSecretApiKeyStorage) GetLabelSelector() map[string]string
- func (m *K8SSecretApiKeyStorage) Hash(hasher hash.Hash64) (uint64, error)
- func (*K8SSecretApiKeyStorage) ProtoMessage()
- func (x *K8SSecretApiKeyStorage) ProtoReflect() protoreflect.Message
- func (x *K8SSecretApiKeyStorage) Reset()
- func (x *K8SSecretApiKeyStorage) String() string
- type Ldap
- func (m *Ldap) Clone() proto.Message
- func (*Ldap) Descriptor() ([]byte, []int)deprecated
- func (m *Ldap) Equal(that interface{}) bool
- func (x *Ldap) GetAddress() string
- func (x *Ldap) GetAllowedGroups() []string
- func (x *Ldap) GetDisableGroupChecking() bool
- func (x *Ldap) GetGroupLookupSettings() *LdapServiceAccount
- func (x *Ldap) GetMembershipAttributeName() string
- func (x *Ldap) GetPool() *Ldap_ConnectionPool
- func (x *Ldap) GetSearchFilter() string
- func (x *Ldap) GetUserDnTemplate() string
- func (m *Ldap) Hash(hasher hash.Hash64) (uint64, error)
- func (*Ldap) ProtoMessage()
- func (x *Ldap) ProtoReflect() protoreflect.Message
- func (x *Ldap) Reset()
- func (x *Ldap) String() string
- type LdapServiceAccount
- func (m *LdapServiceAccount) Clone() proto.Message
- func (*LdapServiceAccount) Descriptor() ([]byte, []int)deprecated
- func (m *LdapServiceAccount) Equal(that interface{}) bool
- func (x *LdapServiceAccount) GetCheckGroupsWithServiceAccount() bool
- func (x *LdapServiceAccount) GetCredentialsSecretRef() *core.ResourceRef
- func (m *LdapServiceAccount) Hash(hasher hash.Hash64) (uint64, error)
- func (*LdapServiceAccount) ProtoMessage()
- func (x *LdapServiceAccount) ProtoReflect() protoreflect.Message
- func (x *LdapServiceAccount) Reset()
- func (x *LdapServiceAccount) String() string
- type Ldap_ConnectionPool
- func (m *Ldap_ConnectionPool) Clone() proto.Message
- func (*Ldap_ConnectionPool) Descriptor() ([]byte, []int)deprecated
- func (m *Ldap_ConnectionPool) Equal(that interface{}) bool
- func (x *Ldap_ConnectionPool) GetInitialSize() *wrappers.UInt32Value
- func (x *Ldap_ConnectionPool) GetMaxSize() *wrappers.UInt32Value
- func (m *Ldap_ConnectionPool) Hash(hasher hash.Hash64) (uint64, error)
- func (*Ldap_ConnectionPool) ProtoMessage()
- func (x *Ldap_ConnectionPool) ProtoReflect() protoreflect.Message
- func (x *Ldap_ConnectionPool) Reset()
- func (x *Ldap_ConnectionPool) String() string
- type OAuthdeprecated
- func (m *OAuth) Clone() proto.Message
- func (*OAuth) Descriptor() ([]byte, []int)deprecated
- func (m *OAuth) Equal(that interface{}) bool
- func (x *OAuth) GetAppUrl() stringdeprecated
- func (x *OAuth) GetAuthEndpointQueryParams() map[string]stringdeprecated
- func (x *OAuth) GetCallbackPath() stringdeprecated
- func (x *OAuth) GetClientId() stringdeprecated
- func (x *OAuth) GetClientSecretRef() *core.ResourceRefdeprecated
- func (x *OAuth) GetIssuerUrl() stringdeprecated
- func (x *OAuth) GetScopes() []stringdeprecated
- func (m *OAuth) Hash(hasher hash.Hash64) (uint64, error)
- func (*OAuth) ProtoMessage()
- func (x *OAuth) ProtoReflect() protoreflect.Message
- func (x *OAuth) Reset()
- func (x *OAuth) String() string
- type OAuth2
- func (m *OAuth2) Clone() proto.Message
- func (*OAuth2) Descriptor() ([]byte, []int)deprecated
- func (m *OAuth2) Equal(that interface{}) bool
- func (x *OAuth2) GetAccessTokenValidation() *AccessTokenValidation
- func (x *OAuth2) GetOauth2() *PlainOAuth2
- func (m *OAuth2) GetOauthType() isOAuth2_OauthType
- func (x *OAuth2) GetOidcAuthorizationCode() *OidcAuthorizationCode
- func (m *OAuth2) Hash(hasher hash.Hash64) (uint64, error)
- func (*OAuth2) ProtoMessage()
- func (x *OAuth2) ProtoReflect() protoreflect.Message
- func (x *OAuth2) Reset()
- func (x *OAuth2) String() string
- type OAuth2_AccessTokenValidation
- type OAuth2_Oauth2
- type OAuth2_OidcAuthorizationCode
- type OauthSecret
- func (m *OauthSecret) Clone() proto.Message
- func (*OauthSecret) Descriptor() ([]byte, []int)deprecated
- func (m *OauthSecret) Equal(that interface{}) bool
- func (x *OauthSecret) GetClientSecret() string
- func (m *OauthSecret) Hash(hasher hash.Hash64) (uint64, error)
- func (*OauthSecret) ProtoMessage()
- func (x *OauthSecret) ProtoReflect() protoreflect.Message
- func (x *OauthSecret) Reset()
- func (x *OauthSecret) String() string
- type OidcAuthorizationCode
- func (m *OidcAuthorizationCode) Clone() proto.Message
- func (*OidcAuthorizationCode) Descriptor() ([]byte, []int)deprecated
- func (m *OidcAuthorizationCode) Equal(that interface{}) bool
- func (x *OidcAuthorizationCode) GetAccessToken() *OidcAuthorizationCode_AccessToken
- func (x *OidcAuthorizationCode) GetAfterLogoutUrl() string
- func (x *OidcAuthorizationCode) GetAppUrl() string
- func (x *OidcAuthorizationCode) GetAuthEndpointQueryParams() map[string]string
- func (x *OidcAuthorizationCode) GetAutoMapFromMetadata() *AutoMapFromMetadata
- func (x *OidcAuthorizationCode) GetCallbackPath() string
- func (x *OidcAuthorizationCode) GetClientId() string
- func (x *OidcAuthorizationCode) GetClientSecretRef() *core.ResourceRef
- func (x *OidcAuthorizationCode) GetDisableClientSecret() *wrappers.BoolValue
- func (x *OidcAuthorizationCode) GetDiscoveryOverride() *DiscoveryOverride
- func (x *OidcAuthorizationCode) GetDiscoveryPollInterval() *duration.Duration
- func (x *OidcAuthorizationCode) GetDynamicMetadataFromClaims() map[string]string
- func (x *OidcAuthorizationCode) GetEndSessionProperties() *EndSessionProperties
- func (x *OidcAuthorizationCode) GetHeaders() *HeaderConfiguration
- func (x *OidcAuthorizationCode) GetIdentityToken() *OidcAuthorizationCode_IdentityToken
- func (x *OidcAuthorizationCode) GetIssuerUrl() string
- func (x *OidcAuthorizationCode) GetJwksCacheRefreshPolicy() *JwksOnDemandCacheRefreshPolicy
- func (x *OidcAuthorizationCode) GetLogoutPath() string
- func (x *OidcAuthorizationCode) GetParseCallbackPathAsRegex() bool
- func (x *OidcAuthorizationCode) GetScopes() []string
- func (x *OidcAuthorizationCode) GetSession() *UserSession
- func (x *OidcAuthorizationCode) GetSessionIdHeaderName() stringdeprecated
- func (x *OidcAuthorizationCode) GetTokenEndpointQueryParams() map[string]string
- func (m *OidcAuthorizationCode) Hash(hasher hash.Hash64) (uint64, error)
- func (*OidcAuthorizationCode) ProtoMessage()
- func (x *OidcAuthorizationCode) ProtoReflect() protoreflect.Message
- func (x *OidcAuthorizationCode) Reset()
- func (x *OidcAuthorizationCode) String() string
- type OidcAuthorizationCode_AccessToken
- func (m *OidcAuthorizationCode_AccessToken) Clone() proto.Message
- func (*OidcAuthorizationCode_AccessToken) Descriptor() ([]byte, []int)deprecated
- func (m *OidcAuthorizationCode_AccessToken) Equal(that interface{}) bool
- func (x *OidcAuthorizationCode_AccessToken) GetClaimsToHeaders() []*ClaimToHeader
- func (m *OidcAuthorizationCode_AccessToken) Hash(hasher hash.Hash64) (uint64, error)
- func (*OidcAuthorizationCode_AccessToken) ProtoMessage()
- func (x *OidcAuthorizationCode_AccessToken) ProtoReflect() protoreflect.Message
- func (x *OidcAuthorizationCode_AccessToken) Reset()
- func (x *OidcAuthorizationCode_AccessToken) String() string
- type OidcAuthorizationCode_IdentityToken
- func (m *OidcAuthorizationCode_IdentityToken) Clone() proto.Message
- func (*OidcAuthorizationCode_IdentityToken) Descriptor() ([]byte, []int)deprecated
- func (m *OidcAuthorizationCode_IdentityToken) Equal(that interface{}) bool
- func (x *OidcAuthorizationCode_IdentityToken) GetClaimsToHeaders() []*ClaimToHeader
- func (m *OidcAuthorizationCode_IdentityToken) Hash(hasher hash.Hash64) (uint64, error)
- func (*OidcAuthorizationCode_IdentityToken) ProtoMessage()
- func (x *OidcAuthorizationCode_IdentityToken) ProtoReflect() protoreflect.Message
- func (x *OidcAuthorizationCode_IdentityToken) Reset()
- func (x *OidcAuthorizationCode_IdentityToken) String() string
- type OpaAuth
- func (m *OpaAuth) Clone() proto.Message
- func (*OpaAuth) Descriptor() ([]byte, []int)deprecated
- func (m *OpaAuth) Equal(that interface{}) bool
- func (x *OpaAuth) GetModules() []*core.ResourceRef
- func (x *OpaAuth) GetOptions() *OpaAuthOptions
- func (x *OpaAuth) GetQuery() string
- func (m *OpaAuth) Hash(hasher hash.Hash64) (uint64, error)
- func (*OpaAuth) ProtoMessage()
- func (x *OpaAuth) ProtoReflect() protoreflect.Message
- func (x *OpaAuth) Reset()
- func (x *OpaAuth) String() string
- type OpaAuthOptions
- func (m *OpaAuthOptions) Clone() proto.Message
- func (*OpaAuthOptions) Descriptor() ([]byte, []int)deprecated
- func (m *OpaAuthOptions) Equal(that interface{}) bool
- func (x *OpaAuthOptions) GetFastInputConversion() bool
- func (x *OpaAuthOptions) GetReturnDecisionReason() bool
- func (m *OpaAuthOptions) Hash(hasher hash.Hash64) (uint64, error)
- func (*OpaAuthOptions) ProtoMessage()
- func (x *OpaAuthOptions) ProtoReflect() protoreflect.Message
- func (x *OpaAuthOptions) Reset()
- func (x *OpaAuthOptions) String() string
- type PassThroughAuth
- func (m *PassThroughAuth) Clone() proto.Message
- func (*PassThroughAuth) Descriptor() ([]byte, []int)deprecated
- func (m *PassThroughAuth) Equal(that interface{}) bool
- func (x *PassThroughAuth) GetConfig() *_struct.Struct
- func (x *PassThroughAuth) GetFailureModeAllow() bool
- func (x *PassThroughAuth) GetGrpc() *PassThroughGrpc
- func (x *PassThroughAuth) GetHttp() *PassThroughHttp
- func (m *PassThroughAuth) GetProtocol() isPassThroughAuth_Protocol
- func (m *PassThroughAuth) Hash(hasher hash.Hash64) (uint64, error)
- func (*PassThroughAuth) ProtoMessage()
- func (x *PassThroughAuth) ProtoReflect() protoreflect.Message
- func (x *PassThroughAuth) Reset()
- func (x *PassThroughAuth) String() string
- type PassThroughAuth_Grpc
- type PassThroughAuth_Http
- type PassThroughGrpc
- func (m *PassThroughGrpc) Clone() proto.Message
- func (*PassThroughGrpc) Descriptor() ([]byte, []int)deprecated
- func (m *PassThroughGrpc) Equal(that interface{}) bool
- func (x *PassThroughGrpc) GetAddress() string
- func (x *PassThroughGrpc) GetConnectionTimeout() *duration.Duration
- func (x *PassThroughGrpc) GetTlsConfig() *PassThroughGrpcTLSConfig
- func (m *PassThroughGrpc) Hash(hasher hash.Hash64) (uint64, error)
- func (*PassThroughGrpc) ProtoMessage()
- func (x *PassThroughGrpc) ProtoReflect() protoreflect.Message
- func (x *PassThroughGrpc) Reset()
- func (x *PassThroughGrpc) String() string
- type PassThroughGrpcTLSConfig
- func (m *PassThroughGrpcTLSConfig) Clone() proto.Message
- func (*PassThroughGrpcTLSConfig) Descriptor() ([]byte, []int)deprecated
- func (m *PassThroughGrpcTLSConfig) Equal(that interface{}) bool
- func (m *PassThroughGrpcTLSConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*PassThroughGrpcTLSConfig) ProtoMessage()
- func (x *PassThroughGrpcTLSConfig) ProtoReflect() protoreflect.Message
- func (x *PassThroughGrpcTLSConfig) Reset()
- func (x *PassThroughGrpcTLSConfig) String() string
- type PassThroughHttp
- func (m *PassThroughHttp) Clone() proto.Message
- func (*PassThroughHttp) Descriptor() ([]byte, []int)deprecated
- func (m *PassThroughHttp) Equal(that interface{}) bool
- func (x *PassThroughHttp) GetConnectionTimeout() *duration.Duration
- func (x *PassThroughHttp) GetRequest() *PassThroughHttp_Request
- func (x *PassThroughHttp) GetResponse() *PassThroughHttp_Response
- func (x *PassThroughHttp) GetUrl() string
- func (m *PassThroughHttp) Hash(hasher hash.Hash64) (uint64, error)
- func (*PassThroughHttp) ProtoMessage()
- func (x *PassThroughHttp) ProtoReflect() protoreflect.Message
- func (x *PassThroughHttp) Reset()
- func (x *PassThroughHttp) String() string
- type PassThroughHttp_Request
- func (m *PassThroughHttp_Request) Clone() proto.Message
- func (*PassThroughHttp_Request) Descriptor() ([]byte, []int)deprecated
- func (m *PassThroughHttp_Request) Equal(that interface{}) bool
- func (x *PassThroughHttp_Request) GetAllowedHeaders() []string
- func (x *PassThroughHttp_Request) GetHeadersToAdd() map[string]string
- func (x *PassThroughHttp_Request) GetPassThroughBody() bool
- func (x *PassThroughHttp_Request) GetPassThroughFilterMetadata() bool
- func (x *PassThroughHttp_Request) GetPassThroughState() bool
- func (m *PassThroughHttp_Request) Hash(hasher hash.Hash64) (uint64, error)
- func (*PassThroughHttp_Request) ProtoMessage()
- func (x *PassThroughHttp_Request) ProtoReflect() protoreflect.Message
- func (x *PassThroughHttp_Request) Reset()
- func (x *PassThroughHttp_Request) String() string
- type PassThroughHttp_Response
- func (m *PassThroughHttp_Response) Clone() proto.Message
- func (*PassThroughHttp_Response) Descriptor() ([]byte, []int)deprecated
- func (m *PassThroughHttp_Response) Equal(that interface{}) bool
- func (x *PassThroughHttp_Response) GetAllowedClientHeadersOnDenied() []string
- func (x *PassThroughHttp_Response) GetAllowedUpstreamHeaders() []string
- func (x *PassThroughHttp_Response) GetAllowedUpstreamHeadersToOverwrite() []string
- func (x *PassThroughHttp_Response) GetReadStateFromResponse() bool
- func (m *PassThroughHttp_Response) Hash(hasher hash.Hash64) (uint64, error)
- func (*PassThroughHttp_Response) ProtoMessage()
- func (x *PassThroughHttp_Response) ProtoReflect() protoreflect.Message
- func (x *PassThroughHttp_Response) Reset()
- func (x *PassThroughHttp_Response) String() string
- type PlainOAuth2
- func (m *PlainOAuth2) Clone() proto.Message
- func (*PlainOAuth2) Descriptor() ([]byte, []int)deprecated
- func (m *PlainOAuth2) Equal(that interface{}) bool
- func (x *PlainOAuth2) GetAfterLogoutUrl() string
- func (x *PlainOAuth2) GetAppUrl() string
- func (x *PlainOAuth2) GetAuthEndpoint() string
- func (x *PlainOAuth2) GetAuthEndpointQueryParams() map[string]string
- func (x *PlainOAuth2) GetCallbackPath() string
- func (x *PlainOAuth2) GetClientId() string
- func (x *PlainOAuth2) GetClientSecretRef() *core.ResourceRef
- func (x *PlainOAuth2) GetDisableClientSecret() *wrappers.BoolValue
- func (x *PlainOAuth2) GetLogoutPath() string
- func (x *PlainOAuth2) GetRevocationEndpoint() string
- func (x *PlainOAuth2) GetScopes() []string
- func (x *PlainOAuth2) GetSession() *UserSession
- func (x *PlainOAuth2) GetTokenEndpoint() string
- func (x *PlainOAuth2) GetTokenEndpointQueryParams() map[string]string
- func (m *PlainOAuth2) Hash(hasher hash.Hash64) (uint64, error)
- func (*PlainOAuth2) ProtoMessage()
- func (x *PlainOAuth2) ProtoReflect() protoreflect.Message
- func (x *PlainOAuth2) Reset()
- func (x *PlainOAuth2) String() string
- type RedisOptions
- func (m *RedisOptions) Clone() proto.Message
- func (*RedisOptions) Descriptor() ([]byte, []int)deprecated
- func (m *RedisOptions) Equal(that interface{}) bool
- func (x *RedisOptions) GetDb() int32
- func (x *RedisOptions) GetHost() string
- func (x *RedisOptions) GetPoolSize() int32
- func (x *RedisOptions) GetSocketType() RedisOptions_SocketType
- func (x *RedisOptions) GetTlsCertMountPath() string
- func (m *RedisOptions) Hash(hasher hash.Hash64) (uint64, error)
- func (*RedisOptions) ProtoMessage()
- func (x *RedisOptions) ProtoReflect() protoreflect.Message
- func (x *RedisOptions) Reset()
- func (x *RedisOptions) String() string
- type RedisOptions_SocketType
- func (RedisOptions_SocketType) Descriptor() protoreflect.EnumDescriptor
- func (x RedisOptions_SocketType) Enum() *RedisOptions_SocketType
- func (RedisOptions_SocketType) EnumDescriptor() ([]byte, []int)deprecated
- func (x RedisOptions_SocketType) Number() protoreflect.EnumNumber
- func (x RedisOptions_SocketType) String() string
- func (RedisOptions_SocketType) Type() protoreflect.EnumType
- type SecretRefList
- func (m *SecretRefList) Clone() proto.Message
- func (*SecretRefList) Descriptor() ([]byte, []int)deprecated
- func (m *SecretRefList) Equal(that interface{}) bool
- func (x *SecretRefList) GetSecretRefs() []*core.ResourceRef
- func (m *SecretRefList) Hash(hasher hash.Hash64) (uint64, error)
- func (*SecretRefList) ProtoMessage()
- func (x *SecretRefList) ProtoReflect() protoreflect.Message
- func (x *SecretRefList) Reset()
- func (x *SecretRefList) String() string
- type Settings
- func (m *Settings) Clone() proto.Message
- func (*Settings) Descriptor() ([]byte, []int)deprecated
- func (m *Settings) Equal(that interface{}) bool
- func (x *Settings) GetClearRouteCache() bool
- func (x *Settings) GetExtauthzServerRef() *core.ResourceRef
- func (x *Settings) GetFailureModeAllow() bool
- func (x *Settings) GetGrpcService() *GrpcService
- func (x *Settings) GetHttpService() *HttpService
- func (x *Settings) GetRequestBody() *BufferSettings
- func (x *Settings) GetRequestTimeout() *duration.Duration
- func (m *Settings) GetServiceType() isSettings_ServiceType
- func (x *Settings) GetStatPrefix() string
- func (x *Settings) GetStatusOnError() uint32
- func (x *Settings) GetTransportApiVersion() Settings_ApiVersion
- func (x *Settings) GetUserIdHeader() string
- func (m *Settings) Hash(hasher hash.Hash64) (uint64, error)
- func (*Settings) ProtoMessage()
- func (x *Settings) ProtoReflect() protoreflect.Message
- func (x *Settings) Reset()
- func (x *Settings) String() string
- type Settings_ApiVersion
- func (Settings_ApiVersion) Descriptor() protoreflect.EnumDescriptor
- func (x Settings_ApiVersion) Enum() *Settings_ApiVersion
- func (Settings_ApiVersion) EnumDescriptor() ([]byte, []int)deprecated
- func (x Settings_ApiVersion) Number() protoreflect.EnumNumber
- func (x Settings_ApiVersion) String() string
- func (Settings_ApiVersion) Type() protoreflect.EnumType
- type Settings_GrpcService
- type Settings_HttpService
- type TransitionAuthConfigFunc
- type UnimplementedApiKeyServiceServer
- func (*UnimplementedApiKeyServiceServer) Create(context.Context, *ApiKeyCreateRequest) (*ApiKeyCreateResponse, error)
- func (*UnimplementedApiKeyServiceServer) Delete(context.Context, *ApiKeyDeleteRequest) (*ApiKeyDeleteResponse, error)
- func (*UnimplementedApiKeyServiceServer) Read(context.Context, *ApiKeyReadRequest) (*ApiKeyReadResponse, error)
- func (*UnimplementedApiKeyServiceServer) Update(context.Context, *ApiKeyUpdateRequest) (*ApiKeyUpdateResponse, error)
- type UnimplementedExtAuthDiscoveryServiceServer
- func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig(ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error
- func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig(context.Context, *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)
- func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig(ExtAuthDiscoveryService_StreamExtAuthConfigServer) error
- type UserSession
- func (m *UserSession) Clone() proto.Message
- func (*UserSession) Descriptor() ([]byte, []int)deprecated
- func (m *UserSession) Equal(that interface{}) bool
- func (x *UserSession) GetCipherConfig() *UserSession_CipherConfig
- func (x *UserSession) GetCookie() *UserSession_InternalSession
- func (x *UserSession) GetCookieOptions() *UserSession_CookieOptions
- func (x *UserSession) GetFailOnFetchFailure() bool
- func (x *UserSession) GetRedis() *UserSession_RedisSession
- func (m *UserSession) GetSession() isUserSession_Session
- func (m *UserSession) Hash(hasher hash.Hash64) (uint64, error)
- func (*UserSession) ProtoMessage()
- func (x *UserSession) ProtoReflect() protoreflect.Message
- func (x *UserSession) Reset()
- func (x *UserSession) String() string
- type UserSession_CipherConfig
- func (m *UserSession_CipherConfig) Clone() proto.Message
- func (*UserSession_CipherConfig) Descriptor() ([]byte, []int)deprecated
- func (m *UserSession_CipherConfig) Equal(that interface{}) bool
- func (m *UserSession_CipherConfig) GetKey() isUserSession_CipherConfig_Key
- func (x *UserSession_CipherConfig) GetKeyRef() *core.ResourceRef
- func (m *UserSession_CipherConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*UserSession_CipherConfig) ProtoMessage()
- func (x *UserSession_CipherConfig) ProtoReflect() protoreflect.Message
- func (x *UserSession_CipherConfig) Reset()
- func (x *UserSession_CipherConfig) String() string
- type UserSession_CipherConfig_KeyRef
- type UserSession_Cookie
- type UserSession_CookieOptions
- func (m *UserSession_CookieOptions) Clone() proto.Message
- func (*UserSession_CookieOptions) Descriptor() ([]byte, []int)deprecated
- func (m *UserSession_CookieOptions) Equal(that interface{}) bool
- func (x *UserSession_CookieOptions) GetDomain() string
- func (x *UserSession_CookieOptions) GetHttpOnly() *wrappers.BoolValue
- func (x *UserSession_CookieOptions) GetMaxAge() *wrappers.UInt32Value
- func (x *UserSession_CookieOptions) GetNotSecure() bool
- func (x *UserSession_CookieOptions) GetPath() *wrappers.StringValue
- func (x *UserSession_CookieOptions) GetSameSite() UserSession_CookieOptions_SameSite
- func (m *UserSession_CookieOptions) Hash(hasher hash.Hash64) (uint64, error)
- func (*UserSession_CookieOptions) ProtoMessage()
- func (x *UserSession_CookieOptions) ProtoReflect() protoreflect.Message
- func (x *UserSession_CookieOptions) Reset()
- func (x *UserSession_CookieOptions) String() string
- type UserSession_CookieOptions_SameSite
- func (UserSession_CookieOptions_SameSite) Descriptor() protoreflect.EnumDescriptor
- func (x UserSession_CookieOptions_SameSite) Enum() *UserSession_CookieOptions_SameSite
- func (UserSession_CookieOptions_SameSite) EnumDescriptor() ([]byte, []int)deprecated
- func (x UserSession_CookieOptions_SameSite) Number() protoreflect.EnumNumber
- func (x UserSession_CookieOptions_SameSite) String() string
- func (UserSession_CookieOptions_SameSite) Type() protoreflect.EnumType
- type UserSession_InternalSession
- func (m *UserSession_InternalSession) Clone() proto.Message
- func (*UserSession_InternalSession) Descriptor() ([]byte, []int)deprecated
- func (m *UserSession_InternalSession) Equal(that interface{}) bool
- func (x *UserSession_InternalSession) GetAllowRefreshing() *wrappers.BoolValue
- func (x *UserSession_InternalSession) GetKeyPrefix() string
- func (x *UserSession_InternalSession) GetTargetDomain() string
- func (m *UserSession_InternalSession) Hash(hasher hash.Hash64) (uint64, error)
- func (*UserSession_InternalSession) ProtoMessage()
- func (x *UserSession_InternalSession) ProtoReflect() protoreflect.Message
- func (x *UserSession_InternalSession) Reset()
- func (x *UserSession_InternalSession) String() string
- type UserSession_Redis
- type UserSession_RedisSession
- func (m *UserSession_RedisSession) Clone() proto.Message
- func (*UserSession_RedisSession) Descriptor() ([]byte, []int)deprecated
- func (m *UserSession_RedisSession) Equal(that interface{}) bool
- func (x *UserSession_RedisSession) GetAllowRefreshing() *wrappers.BoolValue
- func (x *UserSession_RedisSession) GetCookieName() string
- func (x *UserSession_RedisSession) GetHeaderName() string
- func (x *UserSession_RedisSession) GetKeyPrefix() string
- func (x *UserSession_RedisSession) GetOptions() *RedisOptions
- func (x *UserSession_RedisSession) GetPreExpiryBuffer() *duration.Duration
- func (x *UserSession_RedisSession) GetTargetDomain() string
- func (m *UserSession_RedisSession) Hash(hasher hash.Hash64) (uint64, error)
- func (*UserSession_RedisSession) ProtoMessage()
- func (x *UserSession_RedisSession) ProtoReflect() protoreflect.Message
- func (x *UserSession_RedisSession) Reset()
- func (x *UserSession_RedisSession) String() string
Constants ¶
const ExtAuthConfigType = types.TypePrefix + "/enterprise.gloo.solo.io.ExtAuthConfig"
Variables ¶
var ( Settings_ApiVersion_name = map[int32]string{ 0: "V3", } Settings_ApiVersion_value = map[string]int32{ "V3": 0, } )
Enum value maps for Settings_ApiVersion.
var ( RedisOptions_SocketType_name = map[int32]string{ 0: "TCP", 1: "TLS", } RedisOptions_SocketType_value = map[string]int32{ "TCP": 0, "TLS": 1, } )
Enum value maps for RedisOptions_SocketType.
var ( UserSession_CookieOptions_SameSite_name = map[int32]string{ 0: "DefaultMode", 1: "LaxMode", 2: "StrictMode", 3: "NoneMode", } UserSession_CookieOptions_SameSite_value = map[string]int32{ "DefaultMode": 0, "LaxMode": 1, "StrictMode": 2, "NoneMode": 3, } )
Enum value maps for UserSession_CookieOptions_SameSite.
var ( EndSessionProperties_MethodType_name = map[int32]string{ 0: "GetMethod", 1: "PostMethod", } EndSessionProperties_MethodType_value = map[string]int32{ "GetMethod": 0, "PostMethod": 1, } )
Enum value maps for EndSessionProperties_MethodType.
var ( AuthConfigCrd = crd.NewCrd( "authconfigs", AuthConfigGVK.Group, AuthConfigGVK.Version, AuthConfigGVK.Kind, "ac", false, &AuthConfig{}) )
var (
AuthConfigGVK = schema.GroupVersionKind{
Version: "v1",
Group: "enterprise.gloo.solo.io",
Kind: "AuthConfig",
}
)
var EnterpriseGvkToHashableResource = map[schema.GroupVersionKind]func() resources.HashableResource{ AuthConfigGVK: NewAuthConfigHashableResource, }
var ExtAuthConfigTypeRecord = client.NewTypeRecord( ExtAuthConfigType, func() cache.ResourceProto { return &ExtAuthConfig{} }, func(r cache.ResourceProto) cache.Resource { return &ExtAuthConfigXdsResourceWrapper{Resource: r.(*ExtAuthConfig)} }, )
Define a type record. This is used by the generic client library.
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_extauth_v1_extauth_proto protoreflect.FileDescriptor
Functions ¶
func NewAuthConfigHashableResource ¶ added in v1.11.50
func NewAuthConfigHashableResource() resources.HashableResource
func NewEnterpriseEventLoop ¶ added in v1.3.33
func NewEnterpriseEventLoop(emitter EnterpriseSnapshotEmitter, syncer EnterpriseSyncer) eventloop.EventLoop
func NewEnterpriseSimpleEventLoop ¶ added in v1.3.33
func NewEnterpriseSimpleEventLoop(emitter EnterpriseSimpleEmitter, syncers ...EnterpriseSyncer) eventloop.SimpleEventLoop
func NewExtAuthConfigClient ¶
func NewExtAuthConfigClient(nodeinfo *core.Node, typedApply ApplyExtAuthConfig) client.Client
func RegisterApiKeyServiceServer ¶ added in v1.13.0
func RegisterApiKeyServiceServer(s *grpc.Server, srv ApiKeyServiceServer)
func RegisterExtAuthDiscoveryServiceServer ¶
func RegisterExtAuthDiscoveryServiceServer(s *grpc.Server, srv ExtAuthDiscoveryServiceServer)
Types ¶
type AccessTokenValidation ¶ added in v1.5.0
type AccessTokenValidation struct { // Types that are assignable to ValidationType: // // *AccessTokenValidation_IntrospectionUrl // *AccessTokenValidation_Jwt // *AccessTokenValidation_Introspection ValidationType isAccessTokenValidation_ValidationType `protobuf_oneof:"validation_type"` // The URL for the OIDC userinfo endpoint. // If provided, the (opaque) access token provided or received from the oauth endpoint // will be queried and the userinfo response (or cached response) will be added to the // `AuthorizationRequest` state under the "introspection" key. // This can be useful to leverage the userinfo response in, for example, an external auth server plugin. UserinfoUrl string `protobuf:"bytes,4,opt,name=userinfo_url,json=userinfoUrl,proto3" json:"userinfo_url,omitempty"` // How long the token introspection and userinfo endpoint response for a specific access token should be kept // in the in-memory cache. The result will be invalidated at this timeout, or at "exp" time from the introspection // result, whichever comes sooner. If omitted, defaults to 10 minutes. If zero, then no caching will be done. CacheTimeout *duration.Duration `protobuf:"bytes,5,opt,name=cache_timeout,json=cacheTimeout,proto3" json:"cache_timeout,omitempty"` // Optional criteria for validating the scopes of a token. // // Types that are assignable to ScopeValidation: // // *AccessTokenValidation_RequiredScopes ScopeValidation isAccessTokenValidation_ScopeValidation `protobuf_oneof:"scope_validation"` // Map of metadata key to claim. Ie: // dynamic_metadata_from_claims: // // issuer: iss // email: email // // When specified, the matching claims from the access token will be emitted as dynamic metadata. // Note that metadata keys must be unique, and the claim names must be alphanumeric and use `-` or `_` as separators. // Works when the access token is a JWT or when the access token is opaque, in which case the claims will refer to field in the response from the token introspection endpoint. // The metadata will live in a namespace specified by the canonical name of the ext auth filter (in our case `envoy.filters.http.ext_authz`), // and the structure of the claim value will be preserved in the metadata struct. DynamicMetadataFromClaims map[string]string `` /* 228-byte string literal not displayed */ // contains filtered or unexported fields }
func (*AccessTokenValidation) Clone ¶ added in v1.8.24
func (m *AccessTokenValidation) Clone() proto.Message
Clone function
func (*AccessTokenValidation) Descriptor
deprecated
added in
v1.5.0
func (*AccessTokenValidation) Descriptor() ([]byte, []int)
Deprecated: Use AccessTokenValidation.ProtoReflect.Descriptor instead.
func (*AccessTokenValidation) Equal ¶ added in v1.5.0
func (m *AccessTokenValidation) Equal(that interface{}) bool
Equal function
func (*AccessTokenValidation) GetCacheTimeout ¶ added in v1.5.0
func (x *AccessTokenValidation) GetCacheTimeout() *duration.Duration
func (*AccessTokenValidation) GetDynamicMetadataFromClaims ¶ added in v1.15.0
func (x *AccessTokenValidation) GetDynamicMetadataFromClaims() map[string]string
func (*AccessTokenValidation) GetIntrospection ¶ added in v1.7.0
func (x *AccessTokenValidation) GetIntrospection() *IntrospectionValidation
func (*AccessTokenValidation) GetIntrospectionUrl
deprecated
added in
v1.5.0
func (x *AccessTokenValidation) GetIntrospectionUrl() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*AccessTokenValidation) GetJwt ¶ added in v1.6.11
func (x *AccessTokenValidation) GetJwt() *JwtValidation
func (*AccessTokenValidation) GetRequiredScopes ¶ added in v1.6.11
func (x *AccessTokenValidation) GetRequiredScopes() *AccessTokenValidation_ScopeList
func (*AccessTokenValidation) GetScopeValidation ¶ added in v1.6.11
func (m *AccessTokenValidation) GetScopeValidation() isAccessTokenValidation_ScopeValidation
func (*AccessTokenValidation) GetUserinfoUrl ¶ added in v1.5.0
func (x *AccessTokenValidation) GetUserinfoUrl() string
func (*AccessTokenValidation) GetValidationType ¶ added in v1.5.0
func (m *AccessTokenValidation) GetValidationType() isAccessTokenValidation_ValidationType
func (*AccessTokenValidation) Hash ¶ added in v1.5.0
func (m *AccessTokenValidation) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AccessTokenValidation) ProtoMessage ¶ added in v1.5.0
func (*AccessTokenValidation) ProtoMessage()
func (*AccessTokenValidation) ProtoReflect ¶ added in v1.6.0
func (x *AccessTokenValidation) ProtoReflect() protoreflect.Message
func (*AccessTokenValidation) Reset ¶ added in v1.5.0
func (x *AccessTokenValidation) Reset()
func (*AccessTokenValidation) String ¶ added in v1.5.0
func (x *AccessTokenValidation) String() string
type AccessTokenValidation_Introspection ¶ added in v1.7.0
type AccessTokenValidation_Introspection struct { // Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated // [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) specification. Introspection *IntrospectionValidation `protobuf:"bytes,3,opt,name=introspection,proto3,oneof"` }
type AccessTokenValidation_IntrospectionUrl ¶ added in v1.5.0
type AccessTokenValidation_IntrospectionUrl struct { // The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint. // If provided, the (opaque) access token provided or received from the oauth authorization endpoint // will be validated against this endpoint, or locally cached responses for this access token. // This field is deprecated as it does not support authenticated introspection requests // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3,oneof"` }
type AccessTokenValidation_Jwt ¶ added in v1.6.11
type AccessTokenValidation_Jwt struct { // Validate access tokens that conform to the // [JSON Web Token (JWT)](https://datatracker.ietf.org/doc/rfc7662/) specification. Jwt *JwtValidation `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"` }
type AccessTokenValidation_RequiredScopes ¶ added in v1.6.11
type AccessTokenValidation_RequiredScopes struct { // Require access token to have all of the scopes in the given list. // This configuration applies to both opaque and JWT tokens. In the case of opaque tokens, // this will check the scopes returned in the "scope" member of introspection response // (as described in [Section 2.2 of RFC7662](https://tools.ietf.org/html/rfc7662#section-2.2). // In case of JWTs the scopes to be validated are expected to be contained in the "scope" claim of the // token in the form of a space-separated string. // Omitting this field means that scope validation will be skipped. RequiredScopes *AccessTokenValidation_ScopeList `protobuf:"bytes,6,opt,name=required_scopes,json=requiredScopes,proto3,oneof"` }
type AccessTokenValidation_ScopeList ¶ added in v1.6.11
type AccessTokenValidation_ScopeList struct { Scope []string `protobuf:"bytes,1,rep,name=scope,proto3" json:"scope,omitempty"` // contains filtered or unexported fields }
func (*AccessTokenValidation_ScopeList) Clone ¶ added in v1.8.24
func (m *AccessTokenValidation_ScopeList) Clone() proto.Message
Clone function
func (*AccessTokenValidation_ScopeList) Descriptor
deprecated
added in
v1.6.11
func (*AccessTokenValidation_ScopeList) Descriptor() ([]byte, []int)
Deprecated: Use AccessTokenValidation_ScopeList.ProtoReflect.Descriptor instead.
func (*AccessTokenValidation_ScopeList) Equal ¶ added in v1.6.11
func (m *AccessTokenValidation_ScopeList) Equal(that interface{}) bool
Equal function
func (*AccessTokenValidation_ScopeList) GetScope ¶ added in v1.6.11
func (x *AccessTokenValidation_ScopeList) GetScope() []string
func (*AccessTokenValidation_ScopeList) Hash ¶ added in v1.6.11
func (m *AccessTokenValidation_ScopeList) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AccessTokenValidation_ScopeList) ProtoMessage ¶ added in v1.6.11
func (*AccessTokenValidation_ScopeList) ProtoMessage()
func (*AccessTokenValidation_ScopeList) ProtoReflect ¶ added in v1.6.11
func (x *AccessTokenValidation_ScopeList) ProtoReflect() protoreflect.Message
func (*AccessTokenValidation_ScopeList) Reset ¶ added in v1.6.11
func (x *AccessTokenValidation_ScopeList) Reset()
func (*AccessTokenValidation_ScopeList) String ¶ added in v1.6.11
func (x *AccessTokenValidation_ScopeList) String() string
type AerospikeApiKeyStorage ¶ added in v1.13.0
type AerospikeApiKeyStorage struct { // The IP address or hostname of one of the cluster members of your Aerospike database. The address must be reachable from Gloo Edge, such as in a virtual machine with a public IP address or in a pod in the cluster. // The client automatically discovers other members of the cluster after establishing a connection. Hostname string `protobuf:"bytes,1,opt,name=hostname,proto3" json:"hostname,omitempty"` // The Aerospike namespace of the database. Defaults to "solo-namespace". Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` // The Aerospike set to use for storage of API keys. Defaults to "apikeys". Set string `protobuf:"bytes,3,opt,name=set,proto3" json:"set,omitempty"` // The port on which to connect to the Aerospike server. Defaults to 3000. Port int32 `protobuf:"varint,4,opt,name=port,proto3" json:"port,omitempty"` // The size of the batch, which is the number of keys sent in the request. Defaults to 5000. BatchSize int32 `protobuf:"varint,5,opt,name=batch_size,json=batchSize,proto3" json:"batch_size,omitempty"` // The write settings for guaranteed consistency when committing a transaction on the Aerospike server. For more information, see the [Aerospike commit policy](https://github.com/aerospike/aerospike-client-go/blob/master/commit_policy.go). // Defaults to "commit_all". // // Types that are assignable to CommitLevel: // // *AerospikeApiKeyStorage_CommitAll // *AerospikeApiKeyStorage_CommitMaster CommitLevel isAerospikeApiKeyStorage_CommitLevel `protobuf_oneof:"commit_level"` // The read settings for strong consistency (SC). For possible values, see the [Aerospike read mode SC](https://github.com/aerospike/aerospike-client-go/blob/master/read_mode_sc.go). // Defaults to "read_mode_sc_session". ReadModeSc *AerospikeApiKeyStorageReadModeSc `protobuf:"bytes,8,opt,name=read_mode_sc,json=readModeSc,proto3" json:"read_mode_sc,omitempty"` // The read settings for availability (AP). For possible values, see the [Aerospike read mode AP](https://github.com/aerospike/aerospike-client-go/blob/master/read_mode_ap.go). // Defaults to "read_mode_ap_one". ReadModeAp *AerospikeApiKeyStorageReadModeAp `protobuf:"bytes,9,opt,name=read_mode_ap,json=readModeAp,proto3" json:"read_mode_ap,omitempty"` // TLS settings to enable mutual TLS (mTLS) on the server side. These configuration options must match what you configured in your Aerospike setup. For more information, see the Aerospike [security](https://docs.aerospike.com/server/guide/security/tls) and [network TLS](https://docs.aerospike.com/server/operations/configure/network/tls) guides. // The subject name of the TLS authority. For more information, see the [Aerospike docs](https://docs.aerospike.com/reference/configuration#tls-name). NodeTlsName string `protobuf:"bytes,10,opt,name=node_tls_name,json=nodeTlsName,proto3" json:"node_tls_name,omitempty"` // The path to the TLS certfiicate. CertPath string `protobuf:"bytes,11,opt,name=cert_path,json=certPath,proto3" json:"cert_path,omitempty"` // The path to the key. KeyPath string `protobuf:"bytes,12,opt,name=key_path,json=keyPath,proto3" json:"key_path,omitempty"` // The TLS insecure setting. If set to `true`, the authority of the certificate on the client's end is not authenticated. You might use insecure mode in non-production environments when the certificate is not known. AllowInsecure bool `protobuf:"varint,13,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"` // If the root certificate authority (CA) is not set, add the system certs by default. RootCaPath string `protobuf:"bytes,14,opt,name=root_ca_path,json=rootCaPath,proto3" json:"root_ca_path,omitempty"` // The TLS version. Versions 1.0, 1.1, 1.2, and 1.3 are supported. Defaults to 1.3 TlsVersion string `protobuf:"bytes,15,opt,name=tls_version,json=tlsVersion,proto3" json:"tls_version,omitempty"` // The TLS identifier for an elliptic curve. For more information, see [TLS supported groups](https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8). TlsCurveGroups []*AerospikeApiKeyStorageTlsCurveID `protobuf:"bytes,16,rep,name=tls_curve_groups,json=tlsCurveGroups,proto3" json:"tls_curve_groups,omitempty"` // contains filtered or unexported fields }
func (*AerospikeApiKeyStorage) Clone ¶ added in v1.13.0
func (m *AerospikeApiKeyStorage) Clone() proto.Message
Clone function
func (*AerospikeApiKeyStorage) Descriptor
deprecated
added in
v1.13.0
func (*AerospikeApiKeyStorage) Descriptor() ([]byte, []int)
Deprecated: Use AerospikeApiKeyStorage.ProtoReflect.Descriptor instead.
func (*AerospikeApiKeyStorage) Equal ¶ added in v1.13.0
func (m *AerospikeApiKeyStorage) Equal(that interface{}) bool
Equal function
func (*AerospikeApiKeyStorage) GetAllowInsecure ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetAllowInsecure() bool
func (*AerospikeApiKeyStorage) GetBatchSize ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetBatchSize() int32
func (*AerospikeApiKeyStorage) GetCertPath ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetCertPath() string
func (*AerospikeApiKeyStorage) GetCommitAll ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetCommitAll() uint32
func (*AerospikeApiKeyStorage) GetCommitLevel ¶ added in v1.13.0
func (m *AerospikeApiKeyStorage) GetCommitLevel() isAerospikeApiKeyStorage_CommitLevel
func (*AerospikeApiKeyStorage) GetCommitMaster ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetCommitMaster() uint32
func (*AerospikeApiKeyStorage) GetHostname ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetHostname() string
func (*AerospikeApiKeyStorage) GetKeyPath ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetKeyPath() string
func (*AerospikeApiKeyStorage) GetNamespace ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetNamespace() string
func (*AerospikeApiKeyStorage) GetNodeTlsName ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetNodeTlsName() string
func (*AerospikeApiKeyStorage) GetPort ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetPort() int32
func (*AerospikeApiKeyStorage) GetReadModeAp ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetReadModeAp() *AerospikeApiKeyStorageReadModeAp
func (*AerospikeApiKeyStorage) GetReadModeSc ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetReadModeSc() *AerospikeApiKeyStorageReadModeSc
func (*AerospikeApiKeyStorage) GetRootCaPath ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetRootCaPath() string
func (*AerospikeApiKeyStorage) GetSet ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetSet() string
func (*AerospikeApiKeyStorage) GetTlsCurveGroups ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetTlsCurveGroups() []*AerospikeApiKeyStorageTlsCurveID
func (*AerospikeApiKeyStorage) GetTlsVersion ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) GetTlsVersion() string
func (*AerospikeApiKeyStorage) Hash ¶ added in v1.13.0
func (m *AerospikeApiKeyStorage) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AerospikeApiKeyStorage) ProtoMessage ¶ added in v1.13.0
func (*AerospikeApiKeyStorage) ProtoMessage()
func (*AerospikeApiKeyStorage) ProtoReflect ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) ProtoReflect() protoreflect.Message
func (*AerospikeApiKeyStorage) Reset ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) Reset()
func (*AerospikeApiKeyStorage) String ¶ added in v1.13.0
func (x *AerospikeApiKeyStorage) String() string
type AerospikeApiKeyStorageReadModeAp ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeAp struct { // Types that are assignable to ReadModeAp: // // *AerospikeApiKeyStorageReadModeAp_ReadModeApOne // *AerospikeApiKeyStorageReadModeAp_ReadModeApAll ReadModeAp isAerospikeApiKeyStorageReadModeAp_ReadModeAp `protobuf_oneof:"read_mode_ap"` // contains filtered or unexported fields }
func (*AerospikeApiKeyStorageReadModeAp) Clone ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeAp) Clone() proto.Message
Clone function
func (*AerospikeApiKeyStorageReadModeAp) Descriptor
deprecated
added in
v1.13.0
func (*AerospikeApiKeyStorageReadModeAp) Descriptor() ([]byte, []int)
Deprecated: Use AerospikeApiKeyStorageReadModeAp.ProtoReflect.Descriptor instead.
func (*AerospikeApiKeyStorageReadModeAp) Equal ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeAp) Equal(that interface{}) bool
Equal function
func (*AerospikeApiKeyStorageReadModeAp) GetReadModeAp ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeAp) GetReadModeAp() isAerospikeApiKeyStorageReadModeAp_ReadModeAp
func (*AerospikeApiKeyStorageReadModeAp) GetReadModeApAll ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeAp) GetReadModeApAll() uint32
func (*AerospikeApiKeyStorageReadModeAp) GetReadModeApOne ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeAp) GetReadModeApOne() uint32
func (*AerospikeApiKeyStorageReadModeAp) Hash ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeAp) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AerospikeApiKeyStorageReadModeAp) ProtoMessage ¶ added in v1.13.0
func (*AerospikeApiKeyStorageReadModeAp) ProtoMessage()
func (*AerospikeApiKeyStorageReadModeAp) ProtoReflect ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeAp) ProtoReflect() protoreflect.Message
func (*AerospikeApiKeyStorageReadModeAp) Reset ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeAp) Reset()
func (*AerospikeApiKeyStorageReadModeAp) String ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeAp) String() string
type AerospikeApiKeyStorageReadModeAp_ReadModeApAll ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeAp_ReadModeApAll struct { // "all" indicates that all duplicate nodes are consulted in // the read operation. ReadModeApAll uint32 `protobuf:"varint,2,opt,name=read_mode_ap_all,json=readModeApAll,proto3,oneof"` }
type AerospikeApiKeyStorageReadModeAp_ReadModeApOne ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeAp_ReadModeApOne struct { // "one" indicates that a single node is involved in the read operation. ReadModeApOne uint32 `protobuf:"varint,1,opt,name=read_mode_ap_one,json=readModeApOne,proto3,oneof"` }
type AerospikeApiKeyStorageReadModeSc ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeSc struct { // Types that are assignable to ReadModeSc: // // *AerospikeApiKeyStorageReadModeSc_ReadModeScSession // *AerospikeApiKeyStorageReadModeSc_ReadModeScLinearize // *AerospikeApiKeyStorageReadModeSc_ReadModeScReplica // *AerospikeApiKeyStorageReadModeSc_ReadModeScAllowUnavailable ReadModeSc isAerospikeApiKeyStorageReadModeSc_ReadModeSc `protobuf_oneof:"read_mode_sc"` // contains filtered or unexported fields }
func (*AerospikeApiKeyStorageReadModeSc) Clone ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeSc) Clone() proto.Message
Clone function
func (*AerospikeApiKeyStorageReadModeSc) Descriptor
deprecated
added in
v1.13.0
func (*AerospikeApiKeyStorageReadModeSc) Descriptor() ([]byte, []int)
Deprecated: Use AerospikeApiKeyStorageReadModeSc.ProtoReflect.Descriptor instead.
func (*AerospikeApiKeyStorageReadModeSc) Equal ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeSc) Equal(that interface{}) bool
Equal function
func (*AerospikeApiKeyStorageReadModeSc) GetReadModeSc ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeSc) GetReadModeSc() isAerospikeApiKeyStorageReadModeSc_ReadModeSc
func (*AerospikeApiKeyStorageReadModeSc) GetReadModeScAllowUnavailable ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScAllowUnavailable() uint32
func (*AerospikeApiKeyStorageReadModeSc) GetReadModeScLinearize ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScLinearize() uint32
func (*AerospikeApiKeyStorageReadModeSc) GetReadModeScReplica ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScReplica() uint32
func (*AerospikeApiKeyStorageReadModeSc) GetReadModeScSession ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeSc) GetReadModeScSession() uint32
func (*AerospikeApiKeyStorageReadModeSc) Hash ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageReadModeSc) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AerospikeApiKeyStorageReadModeSc) ProtoMessage ¶ added in v1.13.0
func (*AerospikeApiKeyStorageReadModeSc) ProtoMessage()
func (*AerospikeApiKeyStorageReadModeSc) ProtoReflect ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeSc) ProtoReflect() protoreflect.Message
func (*AerospikeApiKeyStorageReadModeSc) Reset ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeSc) Reset()
func (*AerospikeApiKeyStorageReadModeSc) String ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageReadModeSc) String() string
type AerospikeApiKeyStorageReadModeSc_ReadModeScAllowUnavailable ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeSc_ReadModeScAllowUnavailable struct { // partitions. An increasing sequence of record versions is not guaranteed. ReadModeScAllowUnavailable uint32 `protobuf:"varint,4,opt,name=read_mode_sc_allow_unavailable,json=readModeScAllowUnavailable,proto3,oneof"` }
type AerospikeApiKeyStorageReadModeSc_ReadModeScLinearize ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeSc_ReadModeScLinearize struct { // "linearize" ensures that ALL clients see only an increasing sequence of record versions. // "server" reads only from master. ReadModeScLinearize uint32 `protobuf:"varint,2,opt,name=read_mode_sc_linearize,json=readModeScLinearize,proto3,oneof"` }
type AerospikeApiKeyStorageReadModeSc_ReadModeScReplica ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeSc_ReadModeScReplica struct { // "replica" indicates that the server can read from master or any full (non-migrating) replica. // An increasing sequence of record versions is not guaranteed. ReadModeScReplica uint32 `protobuf:"varint,3,opt,name=read_mode_sc_replica,json=readModeScReplica,proto3,oneof"` }
type AerospikeApiKeyStorageReadModeSc_ReadModeScSession ¶ added in v1.13.0
type AerospikeApiKeyStorageReadModeSc_ReadModeScSession struct { // The session ensures this client sees only an increasing sequence of record versions. // Server reads only from master, which is the default. ReadModeScSession uint32 `protobuf:"varint,1,opt,name=read_mode_sc_session,json=readModeScSession,proto3,oneof"` }
type AerospikeApiKeyStorageTlsCurveID ¶ added in v1.13.0
type AerospikeApiKeyStorageTlsCurveID struct { // Types that are assignable to CurveId: // // *AerospikeApiKeyStorageTlsCurveID_CurveP256 // *AerospikeApiKeyStorageTlsCurveID_CurveP384 // *AerospikeApiKeyStorageTlsCurveID_CurveP521 // *AerospikeApiKeyStorageTlsCurveID_X_25519 CurveId isAerospikeApiKeyStorageTlsCurveID_CurveId `protobuf_oneof:"curve_id"` // contains filtered or unexported fields }
func (*AerospikeApiKeyStorageTlsCurveID) Clone ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageTlsCurveID) Clone() proto.Message
Clone function
func (*AerospikeApiKeyStorageTlsCurveID) Descriptor
deprecated
added in
v1.13.0
func (*AerospikeApiKeyStorageTlsCurveID) Descriptor() ([]byte, []int)
Deprecated: Use AerospikeApiKeyStorageTlsCurveID.ProtoReflect.Descriptor instead.
func (*AerospikeApiKeyStorageTlsCurveID) Equal ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageTlsCurveID) Equal(that interface{}) bool
Equal function
func (*AerospikeApiKeyStorageTlsCurveID) GetCurveId ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageTlsCurveID) GetCurveId() isAerospikeApiKeyStorageTlsCurveID_CurveId
func (*AerospikeApiKeyStorageTlsCurveID) GetCurveP256 ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageTlsCurveID) GetCurveP256() uint32
func (*AerospikeApiKeyStorageTlsCurveID) GetCurveP384 ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageTlsCurveID) GetCurveP384() uint32
func (*AerospikeApiKeyStorageTlsCurveID) GetCurveP521 ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageTlsCurveID) GetCurveP521() uint32
func (*AerospikeApiKeyStorageTlsCurveID) GetX_25519 ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageTlsCurveID) GetX_25519() uint32
func (*AerospikeApiKeyStorageTlsCurveID) Hash ¶ added in v1.13.0
func (m *AerospikeApiKeyStorageTlsCurveID) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AerospikeApiKeyStorageTlsCurveID) ProtoMessage ¶ added in v1.13.0
func (*AerospikeApiKeyStorageTlsCurveID) ProtoMessage()
func (*AerospikeApiKeyStorageTlsCurveID) ProtoReflect ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageTlsCurveID) ProtoReflect() protoreflect.Message
func (*AerospikeApiKeyStorageTlsCurveID) Reset ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageTlsCurveID) Reset()
func (*AerospikeApiKeyStorageTlsCurveID) String ¶ added in v1.13.0
func (x *AerospikeApiKeyStorageTlsCurveID) String() string
type AerospikeApiKeyStorageTlsCurveID_CurveP256 ¶ added in v1.13.0
type AerospikeApiKeyStorageTlsCurveID_CurveP256 struct {
CurveP256 uint32 `protobuf:"varint,1,opt,name=curve_p256,json=curveP256,proto3,oneof"`
}
type AerospikeApiKeyStorageTlsCurveID_CurveP384 ¶ added in v1.13.0
type AerospikeApiKeyStorageTlsCurveID_CurveP384 struct {
CurveP384 uint32 `protobuf:"varint,2,opt,name=curve_p384,json=curveP384,proto3,oneof"`
}
type AerospikeApiKeyStorageTlsCurveID_CurveP521 ¶ added in v1.13.0
type AerospikeApiKeyStorageTlsCurveID_CurveP521 struct {
CurveP521 uint32 `protobuf:"varint,3,opt,name=curve_p521,json=curveP521,proto3,oneof"`
}
type AerospikeApiKeyStorageTlsCurveID_X_25519 ¶ added in v1.13.0
type AerospikeApiKeyStorageTlsCurveID_X_25519 struct {
X_25519 uint32 `protobuf:"varint,4,opt,name=x_25519,json=x25519,proto3,oneof"`
}
type AerospikeApiKeyStorage_CommitAll ¶ added in v1.13.0
type AerospikeApiKeyStorage_CommitAll struct { // "commit_all" indicates that the server waits until successfully committing the master and all replicas. CommitAll uint32 `protobuf:"varint,6,opt,name=commit_all,json=commitAll,proto3,oneof"` }
type AerospikeApiKeyStorage_CommitMaster ¶ added in v1.13.0
type AerospikeApiKeyStorage_CommitMaster struct { // "commit_master" indicates that the server waits until successfully committing the master only. CommitMaster uint32 `protobuf:"varint,7,opt,name=commit_master,json=commitMaster,proto3,oneof"` }
type ApiKey ¶ added in v1.13.0
type ApiKey struct { // The string value of the API key. ApiKey string `protobuf:"bytes,2,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"` // A list of labels (key=value) for the apikey secret. // These labels are used by the storage driver to facilitate lookups by label Labels []string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` // additional data the client needs associated with this API key Metadata map[string]string `` /* 157-byte string literal not displayed */ // Optional: Unique identifier for the API key Uuid string `protobuf:"bytes,5,opt,name=uuid,proto3" json:"uuid,omitempty"` // contains filtered or unexported fields }
func (*ApiKey) Descriptor
deprecated
added in
v1.13.0
func (*ApiKey) GetMetadata ¶ added in v1.13.0
func (*ApiKey) ProtoMessage ¶ added in v1.13.0
func (*ApiKey) ProtoMessage()
func (*ApiKey) ProtoReflect ¶ added in v1.13.0
func (x *ApiKey) ProtoReflect() protoreflect.Message
type ApiKeyAuth ¶
type ApiKeyAuth struct { // DEPRECATED: use K8sSecretApiKeyStorage to configure secrets storage backend. Values here // will be overwritten if values are specified in the storage backend. // Identify all valid API key secrets that match the provided label selector. // API key secrets must be in one of the watch namespaces for gloo to locate them. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. LabelSelector map[string]string `` /* 188-byte string literal not displayed */ // DEPRECATED: use K8sSecretApiKeyStorage to configure secrets storage backend. Values here // will be overwritten if values are specified in the storage backend. // A way to directly reference API key secrets. This configuration can be useful for testing, // but in general the more flexible label selector should be preferred. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. ApiKeySecretRefs []*core.ResourceRef `protobuf:"bytes,2,rep,name=api_key_secret_refs,json=apiKeySecretRefs,proto3" json:"api_key_secret_refs,omitempty"` // When receiving a request, the Gloo Edge Enterprise external auth server will look for an API key in a header // with this name. This field is optional; if not provided it defaults to `api-key`. HeaderName string `protobuf:"bytes,3,opt,name=header_name,json=headerName,proto3" json:"header_name,omitempty"` // DEPRECATED: use headers_from_metadata_entry // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. HeadersFromMetadata map[string]*ApiKeyAuth_SecretKey `` /* 208-byte string literal not displayed */ // API key structures might contain additional data (e.g. the ID of the user that the API key belongs to) // in the form of extra fields included in the API key metadata structure. // This configuration can be used to add this data to the headers of successfully authenticated requests. // Each key in the map represents the name of header to be added; the corresponding value determines the key // in the API key metadata structure that will be inspected to determine the value for the header. // // When the provided API key token has been successfully validated, and this field has been configured, then // any extra API key metadata fields that were able to be discovered will be added to the `AuthorizationRequest` // state under the key name that was configured. For example, using the `x-user-name` string as the header name, // and referencing an existing "user-email" API key metadata entry will result in the value of this "user-email" // metadata entry being accessable in other auth modules in the `AuthorizationRequest.State["x-user-name"]` key. // This behavior allows other modules (e.g. OPA) to build more powerful rules to further validate the contents // of the extra API key metadata than what's possible using the standalone API key module. HeadersFromMetadataEntry map[string]*ApiKeyAuth_MetadataEntry `` /* 225-byte string literal not displayed */ // Types that are assignable to StorageBackend: // // *ApiKeyAuth_K8SSecretApikeyStorage // *ApiKeyAuth_AerospikeApikeyStorage StorageBackend isApiKeyAuth_StorageBackend `protobuf_oneof:"storage_backend"` // contains filtered or unexported fields }
Defines how API keys are validated.
When the provided API key token has been successfully validated, it's token will be added to the `AuthorizationRequest` state under the "api_key_value" key name.
func (*ApiKeyAuth) Clone ¶ added in v1.8.24
func (m *ApiKeyAuth) Clone() proto.Message
Clone function
func (*ApiKeyAuth) Descriptor
deprecated
func (*ApiKeyAuth) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyAuth.ProtoReflect.Descriptor instead.
func (*ApiKeyAuth) GetAerospikeApikeyStorage ¶ added in v1.13.0
func (x *ApiKeyAuth) GetAerospikeApikeyStorage() *AerospikeApiKeyStorage
func (*ApiKeyAuth) GetApiKeySecretRefs
deprecated
func (x *ApiKeyAuth) GetApiKeySecretRefs() []*core.ResourceRef
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ApiKeyAuth) GetHeaderName ¶ added in v1.5.0
func (x *ApiKeyAuth) GetHeaderName() string
func (*ApiKeyAuth) GetHeadersFromMetadata
deprecated
added in
v1.5.0
func (x *ApiKeyAuth) GetHeadersFromMetadata() map[string]*ApiKeyAuth_SecretKey
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ApiKeyAuth) GetHeadersFromMetadataEntry ¶ added in v1.13.0
func (x *ApiKeyAuth) GetHeadersFromMetadataEntry() map[string]*ApiKeyAuth_MetadataEntry
func (*ApiKeyAuth) GetK8SSecretApikeyStorage ¶ added in v1.13.0
func (x *ApiKeyAuth) GetK8SSecretApikeyStorage() *K8SSecretApiKeyStorage
func (*ApiKeyAuth) GetLabelSelector
deprecated
func (x *ApiKeyAuth) GetLabelSelector() map[string]string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ApiKeyAuth) GetStorageBackend ¶ added in v1.13.0
func (m *ApiKeyAuth) GetStorageBackend() isApiKeyAuth_StorageBackend
func (*ApiKeyAuth) Hash ¶ added in v1.2.13
func (m *ApiKeyAuth) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyAuth) ProtoMessage ¶
func (*ApiKeyAuth) ProtoMessage()
func (*ApiKeyAuth) ProtoReflect ¶ added in v1.6.0
func (x *ApiKeyAuth) ProtoReflect() protoreflect.Message
func (*ApiKeyAuth) Reset ¶
func (x *ApiKeyAuth) Reset()
func (*ApiKeyAuth) String ¶
func (x *ApiKeyAuth) String() string
type ApiKeyAuth_AerospikeApikeyStorage ¶ added in v1.13.0
type ApiKeyAuth_AerospikeApikeyStorage struct {
AerospikeApikeyStorage *AerospikeApiKeyStorage `protobuf:"bytes,7,opt,name=aerospike_apikey_storage,json=aerospikeApikeyStorage,proto3,oneof"`
}
type ApiKeyAuth_K8SSecretApikeyStorage ¶ added in v1.13.0
type ApiKeyAuth_K8SSecretApikeyStorage struct {
K8SSecretApikeyStorage *K8SSecretApiKeyStorage `protobuf:"bytes,6,opt,name=k8s_secret_apikey_storage,json=k8sSecretApikeyStorage,proto3,oneof"`
}
type ApiKeyAuth_MetadataEntry ¶ added in v1.13.0
type ApiKeyAuth_MetadataEntry struct { // (Required) The key of the API key metadata entry to inspect. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // If this field is set to `true`, Gloo will reject an API key structure that does not contain data for the given key. // Defaults to `false`. In this case, if an API key structure does not contain the requested data, no header will be added // to the request. Required bool `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty"` // contains filtered or unexported fields }
For the K8s secret backend, this data is stored as key-value data in the secret itself. For the Aerospike backend, this data is stored as bins on the key's record
func (*ApiKeyAuth_MetadataEntry) Clone ¶ added in v1.13.0
func (m *ApiKeyAuth_MetadataEntry) Clone() proto.Message
Clone function
func (*ApiKeyAuth_MetadataEntry) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyAuth_MetadataEntry) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyAuth_MetadataEntry.ProtoReflect.Descriptor instead.
func (*ApiKeyAuth_MetadataEntry) Equal ¶ added in v1.13.0
func (m *ApiKeyAuth_MetadataEntry) Equal(that interface{}) bool
Equal function
func (*ApiKeyAuth_MetadataEntry) GetName ¶ added in v1.13.0
func (x *ApiKeyAuth_MetadataEntry) GetName() string
func (*ApiKeyAuth_MetadataEntry) GetRequired ¶ added in v1.13.0
func (x *ApiKeyAuth_MetadataEntry) GetRequired() bool
func (*ApiKeyAuth_MetadataEntry) Hash ¶ added in v1.13.0
func (m *ApiKeyAuth_MetadataEntry) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyAuth_MetadataEntry) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyAuth_MetadataEntry) ProtoMessage()
func (*ApiKeyAuth_MetadataEntry) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyAuth_MetadataEntry) ProtoReflect() protoreflect.Message
func (*ApiKeyAuth_MetadataEntry) Reset ¶ added in v1.13.0
func (x *ApiKeyAuth_MetadataEntry) Reset()
func (*ApiKeyAuth_MetadataEntry) String ¶ added in v1.13.0
func (x *ApiKeyAuth_MetadataEntry) String() string
type ApiKeyAuth_SecretKey ¶ added in v1.5.0
type ApiKeyAuth_SecretKey struct { // DEPRECATED // (Required) The key of the API key metadata entry to inspect. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // DEPRECATED // If this field is set to `true`, Gloo will reject an API key structure that does not contain data for the given key. // Defaults to `false`. In this case, if an API key structure does not contain the requested data, no header will be added // to the request. Required bool `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty"` // contains filtered or unexported fields }
DEPRECATED: use generalized MetadataEntry
func (*ApiKeyAuth_SecretKey) Clone ¶ added in v1.8.24
func (m *ApiKeyAuth_SecretKey) Clone() proto.Message
Clone function
func (*ApiKeyAuth_SecretKey) Descriptor
deprecated
added in
v1.5.0
func (*ApiKeyAuth_SecretKey) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyAuth_SecretKey.ProtoReflect.Descriptor instead.
func (*ApiKeyAuth_SecretKey) Equal ¶ added in v1.5.0
func (m *ApiKeyAuth_SecretKey) Equal(that interface{}) bool
Equal function
func (*ApiKeyAuth_SecretKey) GetName ¶ added in v1.5.0
func (x *ApiKeyAuth_SecretKey) GetName() string
func (*ApiKeyAuth_SecretKey) GetRequired ¶ added in v1.5.0
func (x *ApiKeyAuth_SecretKey) GetRequired() bool
func (*ApiKeyAuth_SecretKey) Hash ¶ added in v1.5.0
func (m *ApiKeyAuth_SecretKey) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyAuth_SecretKey) ProtoMessage ¶ added in v1.5.0
func (*ApiKeyAuth_SecretKey) ProtoMessage()
func (*ApiKeyAuth_SecretKey) ProtoReflect ¶ added in v1.6.0
func (x *ApiKeyAuth_SecretKey) ProtoReflect() protoreflect.Message
func (*ApiKeyAuth_SecretKey) Reset ¶ added in v1.5.0
func (x *ApiKeyAuth_SecretKey) Reset()
func (*ApiKeyAuth_SecretKey) String ¶ added in v1.5.0
func (x *ApiKeyAuth_SecretKey) String() string
type ApiKeyCreateRequest ¶ added in v1.13.0
type ApiKeyCreateRequest struct { ApiKeys []*ApiKey `protobuf:"bytes,1,rep,name=api_keys,json=apiKeys,proto3" json:"api_keys,omitempty"` RawApiKeys []string `protobuf:"bytes,2,rep,name=raw_api_keys,json=rawApiKeys,proto3" json:"raw_api_keys,omitempty"` // contains filtered or unexported fields }
func (*ApiKeyCreateRequest) Clone ¶ added in v1.13.0
func (m *ApiKeyCreateRequest) Clone() proto.Message
Clone function
func (*ApiKeyCreateRequest) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyCreateRequest) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyCreateRequest.ProtoReflect.Descriptor instead.
func (*ApiKeyCreateRequest) Equal ¶ added in v1.13.0
func (m *ApiKeyCreateRequest) Equal(that interface{}) bool
Equal function
func (*ApiKeyCreateRequest) GetApiKeys ¶ added in v1.13.0
func (x *ApiKeyCreateRequest) GetApiKeys() []*ApiKey
func (*ApiKeyCreateRequest) GetRawApiKeys ¶ added in v1.13.0
func (x *ApiKeyCreateRequest) GetRawApiKeys() []string
func (*ApiKeyCreateRequest) Hash ¶ added in v1.13.0
func (m *ApiKeyCreateRequest) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyCreateRequest) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyCreateRequest) ProtoMessage()
func (*ApiKeyCreateRequest) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyCreateRequest) ProtoReflect() protoreflect.Message
func (*ApiKeyCreateRequest) Reset ¶ added in v1.13.0
func (x *ApiKeyCreateRequest) Reset()
func (*ApiKeyCreateRequest) String ¶ added in v1.13.0
func (x *ApiKeyCreateRequest) String() string
type ApiKeyCreateResponse ¶ added in v1.13.0
type ApiKeyCreateResponse struct { ApiKeys []*ApiKey `protobuf:"bytes,1,rep,name=api_keys,json=apiKeys,proto3" json:"api_keys,omitempty"` // contains filtered or unexported fields }
func (*ApiKeyCreateResponse) Clone ¶ added in v1.13.0
func (m *ApiKeyCreateResponse) Clone() proto.Message
Clone function
func (*ApiKeyCreateResponse) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyCreateResponse) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyCreateResponse.ProtoReflect.Descriptor instead.
func (*ApiKeyCreateResponse) Equal ¶ added in v1.13.0
func (m *ApiKeyCreateResponse) Equal(that interface{}) bool
Equal function
func (*ApiKeyCreateResponse) GetApiKeys ¶ added in v1.13.0
func (x *ApiKeyCreateResponse) GetApiKeys() []*ApiKey
func (*ApiKeyCreateResponse) Hash ¶ added in v1.13.0
func (m *ApiKeyCreateResponse) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyCreateResponse) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyCreateResponse) ProtoMessage()
func (*ApiKeyCreateResponse) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyCreateResponse) ProtoReflect() protoreflect.Message
func (*ApiKeyCreateResponse) Reset ¶ added in v1.13.0
func (x *ApiKeyCreateResponse) Reset()
func (*ApiKeyCreateResponse) String ¶ added in v1.13.0
func (x *ApiKeyCreateResponse) String() string
type ApiKeyDeleteRequest ¶ added in v1.13.0
type ApiKeyDeleteRequest struct { RawApiKeys []string `protobuf:"bytes,1,rep,name=raw_api_keys,json=rawApiKeys,proto3" json:"raw_api_keys,omitempty"` Labels []string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty"` // contains filtered or unexported fields }
func (*ApiKeyDeleteRequest) Clone ¶ added in v1.13.0
func (m *ApiKeyDeleteRequest) Clone() proto.Message
Clone function
func (*ApiKeyDeleteRequest) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyDeleteRequest) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyDeleteRequest.ProtoReflect.Descriptor instead.
func (*ApiKeyDeleteRequest) Equal ¶ added in v1.13.0
func (m *ApiKeyDeleteRequest) Equal(that interface{}) bool
Equal function
func (*ApiKeyDeleteRequest) GetLabels ¶ added in v1.13.0
func (x *ApiKeyDeleteRequest) GetLabels() []string
func (*ApiKeyDeleteRequest) GetRawApiKeys ¶ added in v1.13.0
func (x *ApiKeyDeleteRequest) GetRawApiKeys() []string
func (*ApiKeyDeleteRequest) Hash ¶ added in v1.13.0
func (m *ApiKeyDeleteRequest) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyDeleteRequest) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyDeleteRequest) ProtoMessage()
func (*ApiKeyDeleteRequest) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyDeleteRequest) ProtoReflect() protoreflect.Message
func (*ApiKeyDeleteRequest) Reset ¶ added in v1.13.0
func (x *ApiKeyDeleteRequest) Reset()
func (*ApiKeyDeleteRequest) String ¶ added in v1.13.0
func (x *ApiKeyDeleteRequest) String() string
type ApiKeyDeleteResponse ¶ added in v1.13.0
type ApiKeyDeleteResponse struct {
// contains filtered or unexported fields
}
func (*ApiKeyDeleteResponse) Clone ¶ added in v1.13.0
func (m *ApiKeyDeleteResponse) Clone() proto.Message
Clone function
func (*ApiKeyDeleteResponse) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyDeleteResponse) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyDeleteResponse.ProtoReflect.Descriptor instead.
func (*ApiKeyDeleteResponse) Equal ¶ added in v1.13.0
func (m *ApiKeyDeleteResponse) Equal(that interface{}) bool
Equal function
func (*ApiKeyDeleteResponse) Hash ¶ added in v1.13.0
func (m *ApiKeyDeleteResponse) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyDeleteResponse) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyDeleteResponse) ProtoMessage()
func (*ApiKeyDeleteResponse) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyDeleteResponse) ProtoReflect() protoreflect.Message
func (*ApiKeyDeleteResponse) Reset ¶ added in v1.13.0
func (x *ApiKeyDeleteResponse) Reset()
func (*ApiKeyDeleteResponse) String ¶ added in v1.13.0
func (x *ApiKeyDeleteResponse) String() string
type ApiKeyReadRequest ¶ added in v1.13.0
type ApiKeyReadRequest struct { RawApiKeys []string `protobuf:"bytes,1,rep,name=raw_api_keys,json=rawApiKeys,proto3" json:"raw_api_keys,omitempty"` Labels []string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty"` // contains filtered or unexported fields }
func (*ApiKeyReadRequest) Clone ¶ added in v1.13.0
func (m *ApiKeyReadRequest) Clone() proto.Message
Clone function
func (*ApiKeyReadRequest) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyReadRequest) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyReadRequest.ProtoReflect.Descriptor instead.
func (*ApiKeyReadRequest) Equal ¶ added in v1.13.0
func (m *ApiKeyReadRequest) Equal(that interface{}) bool
Equal function
func (*ApiKeyReadRequest) GetLabels ¶ added in v1.13.0
func (x *ApiKeyReadRequest) GetLabels() []string
func (*ApiKeyReadRequest) GetRawApiKeys ¶ added in v1.13.0
func (x *ApiKeyReadRequest) GetRawApiKeys() []string
func (*ApiKeyReadRequest) Hash ¶ added in v1.13.0
func (m *ApiKeyReadRequest) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyReadRequest) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyReadRequest) ProtoMessage()
func (*ApiKeyReadRequest) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyReadRequest) ProtoReflect() protoreflect.Message
func (*ApiKeyReadRequest) Reset ¶ added in v1.13.0
func (x *ApiKeyReadRequest) Reset()
func (*ApiKeyReadRequest) String ¶ added in v1.13.0
func (x *ApiKeyReadRequest) String() string
type ApiKeyReadResponse ¶ added in v1.13.0
type ApiKeyReadResponse struct { ApiKeys []*ApiKey `protobuf:"bytes,1,rep,name=api_keys,json=apiKeys,proto3" json:"api_keys,omitempty"` // contains filtered or unexported fields }
func (*ApiKeyReadResponse) Clone ¶ added in v1.13.0
func (m *ApiKeyReadResponse) Clone() proto.Message
Clone function
func (*ApiKeyReadResponse) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyReadResponse) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyReadResponse.ProtoReflect.Descriptor instead.
func (*ApiKeyReadResponse) Equal ¶ added in v1.13.0
func (m *ApiKeyReadResponse) Equal(that interface{}) bool
Equal function
func (*ApiKeyReadResponse) GetApiKeys ¶ added in v1.13.0
func (x *ApiKeyReadResponse) GetApiKeys() []*ApiKey
func (*ApiKeyReadResponse) Hash ¶ added in v1.13.0
func (m *ApiKeyReadResponse) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyReadResponse) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyReadResponse) ProtoMessage()
func (*ApiKeyReadResponse) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyReadResponse) ProtoReflect() protoreflect.Message
func (*ApiKeyReadResponse) Reset ¶ added in v1.13.0
func (x *ApiKeyReadResponse) Reset()
func (*ApiKeyReadResponse) String ¶ added in v1.13.0
func (x *ApiKeyReadResponse) String() string
type ApiKeySecret ¶
type ApiKeySecret struct { // The string value of the API key. ApiKey string `protobuf:"bytes,2,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"` // A list of labels (key=value) for the apikey secret. // These labels are used by the storage driver to facilitate lookups by label Labels []string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` // additional data the client needs associated with this API key Metadata map[string]string `` /* 157-byte string literal not displayed */ // contains filtered or unexported fields }
DEPRECATED: use ApiKey
func (*ApiKeySecret) Clone ¶ added in v1.8.24
func (m *ApiKeySecret) Clone() proto.Message
Clone function
func (*ApiKeySecret) Descriptor
deprecated
func (*ApiKeySecret) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeySecret.ProtoReflect.Descriptor instead.
func (*ApiKeySecret) GetApiKey ¶
func (x *ApiKeySecret) GetApiKey() string
func (*ApiKeySecret) GetLabels ¶
func (x *ApiKeySecret) GetLabels() []string
func (*ApiKeySecret) GetMetadata ¶ added in v1.5.0
func (x *ApiKeySecret) GetMetadata() map[string]string
func (*ApiKeySecret) Hash ¶ added in v1.2.13
func (m *ApiKeySecret) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeySecret) ProtoMessage ¶
func (*ApiKeySecret) ProtoMessage()
func (*ApiKeySecret) ProtoReflect ¶ added in v1.6.0
func (x *ApiKeySecret) ProtoReflect() protoreflect.Message
func (*ApiKeySecret) Reset ¶
func (x *ApiKeySecret) Reset()
func (*ApiKeySecret) String ¶
func (x *ApiKeySecret) String() string
type ApiKeyServiceClient ¶ added in v1.13.0
type ApiKeyServiceClient interface { Create(ctx context.Context, in *ApiKeyCreateRequest, opts ...grpc.CallOption) (*ApiKeyCreateResponse, error) Read(ctx context.Context, in *ApiKeyReadRequest, opts ...grpc.CallOption) (*ApiKeyReadResponse, error) Update(ctx context.Context, in *ApiKeyUpdateRequest, opts ...grpc.CallOption) (*ApiKeyUpdateResponse, error) Delete(ctx context.Context, in *ApiKeyDeleteRequest, opts ...grpc.CallOption) (*ApiKeyDeleteResponse, error) }
ApiKeyServiceClient is the client API for ApiKeyService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewApiKeyServiceClient ¶ added in v1.13.0
func NewApiKeyServiceClient(cc grpc.ClientConnInterface) ApiKeyServiceClient
type ApiKeyServiceServer ¶ added in v1.13.0
type ApiKeyServiceServer interface { Create(context.Context, *ApiKeyCreateRequest) (*ApiKeyCreateResponse, error) Read(context.Context, *ApiKeyReadRequest) (*ApiKeyReadResponse, error) Update(context.Context, *ApiKeyUpdateRequest) (*ApiKeyUpdateResponse, error) Delete(context.Context, *ApiKeyDeleteRequest) (*ApiKeyDeleteResponse, error) }
ApiKeyServiceServer is the server API for ApiKeyService service.
type ApiKeyUpdateRequest ¶ added in v1.13.0
type ApiKeyUpdateRequest struct { Upsert bool `protobuf:"varint,1,opt,name=upsert,proto3" json:"upsert,omitempty"` ApiKeys []*ApiKey `protobuf:"bytes,2,rep,name=api_keys,json=apiKeys,proto3" json:"api_keys,omitempty"` RawApiKeys []string `protobuf:"bytes,3,rep,name=raw_api_keys,json=rawApiKeys,proto3" json:"raw_api_keys,omitempty"` // contains filtered or unexported fields }
func (*ApiKeyUpdateRequest) Clone ¶ added in v1.13.0
func (m *ApiKeyUpdateRequest) Clone() proto.Message
Clone function
func (*ApiKeyUpdateRequest) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyUpdateRequest) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyUpdateRequest.ProtoReflect.Descriptor instead.
func (*ApiKeyUpdateRequest) Equal ¶ added in v1.13.0
func (m *ApiKeyUpdateRequest) Equal(that interface{}) bool
Equal function
func (*ApiKeyUpdateRequest) GetApiKeys ¶ added in v1.13.0
func (x *ApiKeyUpdateRequest) GetApiKeys() []*ApiKey
func (*ApiKeyUpdateRequest) GetRawApiKeys ¶ added in v1.13.0
func (x *ApiKeyUpdateRequest) GetRawApiKeys() []string
func (*ApiKeyUpdateRequest) GetUpsert ¶ added in v1.13.0
func (x *ApiKeyUpdateRequest) GetUpsert() bool
func (*ApiKeyUpdateRequest) Hash ¶ added in v1.13.0
func (m *ApiKeyUpdateRequest) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyUpdateRequest) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyUpdateRequest) ProtoMessage()
func (*ApiKeyUpdateRequest) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyUpdateRequest) ProtoReflect() protoreflect.Message
func (*ApiKeyUpdateRequest) Reset ¶ added in v1.13.0
func (x *ApiKeyUpdateRequest) Reset()
func (*ApiKeyUpdateRequest) String ¶ added in v1.13.0
func (x *ApiKeyUpdateRequest) String() string
type ApiKeyUpdateResponse ¶ added in v1.13.0
type ApiKeyUpdateResponse struct { ApiKeys []*ApiKey `protobuf:"bytes,1,rep,name=api_keys,json=apiKeys,proto3" json:"api_keys,omitempty"` // contains filtered or unexported fields }
func (*ApiKeyUpdateResponse) Clone ¶ added in v1.13.0
func (m *ApiKeyUpdateResponse) Clone() proto.Message
Clone function
func (*ApiKeyUpdateResponse) Descriptor
deprecated
added in
v1.13.0
func (*ApiKeyUpdateResponse) Descriptor() ([]byte, []int)
Deprecated: Use ApiKeyUpdateResponse.ProtoReflect.Descriptor instead.
func (*ApiKeyUpdateResponse) Equal ¶ added in v1.13.0
func (m *ApiKeyUpdateResponse) Equal(that interface{}) bool
Equal function
func (*ApiKeyUpdateResponse) GetApiKeys ¶ added in v1.13.0
func (x *ApiKeyUpdateResponse) GetApiKeys() []*ApiKey
func (*ApiKeyUpdateResponse) Hash ¶ added in v1.13.0
func (m *ApiKeyUpdateResponse) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ApiKeyUpdateResponse) ProtoMessage ¶ added in v1.13.0
func (*ApiKeyUpdateResponse) ProtoMessage()
func (*ApiKeyUpdateResponse) ProtoReflect ¶ added in v1.13.0
func (x *ApiKeyUpdateResponse) ProtoReflect() protoreflect.Message
func (*ApiKeyUpdateResponse) Reset ¶ added in v1.13.0
func (x *ApiKeyUpdateResponse) Reset()
func (*ApiKeyUpdateResponse) String ¶ added in v1.13.0
func (x *ApiKeyUpdateResponse) String() string
type ApplyExtAuthConfig ¶
type ApplyExtAuthConfig func(version string, resources []*ExtAuthConfig) error
The apply functions receives resources and returns an error if they were applied correctly. In theory the configuration can become valid in the future (i.e. eventually consistent), but I don't think we need to worry about that now As our current use cases only have one configuration resource, so no interactions are expected.
type AuthConfig ¶
type AuthConfig struct { // NamespacedStatuses indicates the validation status of this resource. // NamespacedStatuses is read-only by clients, and set by gloo during validation NamespacedStatuses *core.NamespacedStatuses `protobuf:"bytes,13,opt,name=namespaced_statuses,json=namespacedStatuses,proto3" json:"namespaced_statuses,omitempty"` // Metadata contains the object metadata for this resource Metadata *core.Metadata `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata,omitempty"` // List of auth configs to be checked for requests on a route referencing this auth config, // By default, every config must be authorized for the entire request to be authorized. This // behavior can be changed by defining names for each config and defining `boolean_expr` below. // // State is shared between successful requests on the chain, i.e., the headers returned from each // successful auth service get appended into the final auth response. Configs []*AuthConfig_Config `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"` // How to handle processing of named configs within an auth config chain. // An example config might be: `( basic1 || basic2 || (oidc1 && !oidc2) )` // The boolean expression is evaluated left to right but honors parenthesis and short-circuiting. BooleanExpr *wrappers.StringValue `protobuf:"bytes,10,opt,name=boolean_expr,json=booleanExpr,proto3" json:"boolean_expr,omitempty"` // How the service should handle a redirect response from an OIDC issuer. In the default false mode, // the redirect will be considered a successful response, and the client will receive a 302 with a location header. // If this is set to true, the client will instead receive a 401 unauthorized response. This is useful in cases where // API calls are being made or other such occurrences where the client cannot handle the redirect. FailOnRedirect bool `protobuf:"varint,11,opt,name=fail_on_redirect,json=failOnRedirect,proto3" json:"fail_on_redirect,omitempty"` // contains filtered or unexported fields }
This is the user-facing auth configuration. When processed by Gloo, certain configuration types (i.a. oauth, opa) will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the final config format that will be included in the extauth snapshot.
func NewAuthConfig ¶
func NewAuthConfig(namespace, name string) *AuthConfig
func (*AuthConfig) Clone ¶ added in v1.8.24
func (m *AuthConfig) Clone() proto.Message
Clone function
func (*AuthConfig) DeepCopyInto ¶
func (o *AuthConfig) DeepCopyInto(out *AuthConfig)
func (*AuthConfig) DeepCopyObject ¶
func (o *AuthConfig) DeepCopyObject() runtime.Object
func (*AuthConfig) Descriptor
deprecated
func (*AuthConfig) Descriptor() ([]byte, []int)
Deprecated: Use AuthConfig.ProtoReflect.Descriptor instead.
func (*AuthConfig) GetBooleanExpr ¶ added in v1.5.0
func (x *AuthConfig) GetBooleanExpr() *wrappers.StringValue
func (*AuthConfig) GetConfigs ¶
func (x *AuthConfig) GetConfigs() []*AuthConfig_Config
func (*AuthConfig) GetFailOnRedirect ¶ added in v1.9.25
func (x *AuthConfig) GetFailOnRedirect() bool
func (*AuthConfig) GetMetadata ¶
func (x *AuthConfig) GetMetadata() *core.Metadata
func (*AuthConfig) GetNamespacedStatuses ¶ added in v1.9.0
func (x *AuthConfig) GetNamespacedStatuses() *core.NamespacedStatuses
func (*AuthConfig) GetObjectKind ¶
func (o *AuthConfig) GetObjectKind() schema.ObjectKind
func (*AuthConfig) GroupVersionKind ¶
func (r *AuthConfig) GroupVersionKind() schema.GroupVersionKind
func (*AuthConfig) Hash ¶
func (m *AuthConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AuthConfig) MustHash ¶ added in v1.2.13
func (r *AuthConfig) MustHash() uint64
func (*AuthConfig) ProtoMessage ¶
func (*AuthConfig) ProtoMessage()
func (*AuthConfig) ProtoReflect ¶ added in v1.6.0
func (x *AuthConfig) ProtoReflect() protoreflect.Message
func (*AuthConfig) Reset ¶
func (x *AuthConfig) Reset()
func (*AuthConfig) SetMetadata ¶
func (r *AuthConfig) SetMetadata(meta *core.Metadata)
func (*AuthConfig) SetNamespacedStatuses ¶ added in v1.9.0
func (r *AuthConfig) SetNamespacedStatuses(namespacedStatuses *core.NamespacedStatuses)
func (*AuthConfig) String ¶
func (x *AuthConfig) String() string
type AuthConfigClient ¶
type AuthConfigClient interface { BaseClient() clients.ResourceClient Register() error Read(namespace, name string, opts clients.ReadOpts) (*AuthConfig, error) Write(resource *AuthConfig, opts clients.WriteOpts) (*AuthConfig, error) Delete(namespace, name string, opts clients.DeleteOpts) error List(namespace string, opts clients.ListOpts) (AuthConfigList, error) AuthConfigWatcher }
func NewAuthConfigClient ¶
func NewAuthConfigClient(ctx context.Context, rcFactory factory.ResourceClientFactory) (AuthConfigClient, error)
func NewAuthConfigClientWithBase ¶
func NewAuthConfigClientWithBase(rc clients.ResourceClient) AuthConfigClient
func NewAuthConfigClientWithToken ¶
func NewAuthConfigClientWithToken(ctx context.Context, rcFactory factory.ResourceClientFactory, token string) (AuthConfigClient, error)
type AuthConfigList ¶
type AuthConfigList []*AuthConfig
func (AuthConfigList) AsInputResources ¶
func (list AuthConfigList) AsInputResources() resources.InputResourceList
func (AuthConfigList) AsInterfaces ¶
func (list AuthConfigList) AsInterfaces() []interface{}
func (AuthConfigList) AsResources ¶
func (list AuthConfigList) AsResources() resources.ResourceList
func (AuthConfigList) Clone ¶
func (list AuthConfigList) Clone() AuthConfigList
func (AuthConfigList) Each ¶
func (list AuthConfigList) Each(f func(element *AuthConfig))
func (AuthConfigList) EachResource ¶
func (list AuthConfigList) EachResource(f func(element resources.Resource))
func (AuthConfigList) Find ¶
func (list AuthConfigList) Find(namespace, name string) (*AuthConfig, error)
func (AuthConfigList) Names ¶
func (list AuthConfigList) Names() []string
func (AuthConfigList) NamespacesDotNames ¶
func (list AuthConfigList) NamespacesDotNames() []string
func (AuthConfigList) Sort ¶
func (list AuthConfigList) Sort() AuthConfigList
type AuthConfigReconciler ¶
type AuthConfigReconciler interface {
Reconcile(namespace string, desiredResources AuthConfigList, transition TransitionAuthConfigFunc, opts clients.ListOpts) error
}
func NewAuthConfigReconciler ¶
func NewAuthConfigReconciler(client AuthConfigClient, statusSetter resources.StatusSetter) AuthConfigReconciler
type AuthConfigWatcher ¶
type AuthConfig_Config ¶
type AuthConfig_Config struct { // optional: used when defining complex boolean logic, if `boolean_expr` is defined below. Also used // in logging. If omitted, an automatically generated name will be used (e.g. config_0, of the // pattern 'config_$INDEX_IN_CHAIN'). In the case of plugin auth, this field is ignored in favor of // the name assigned on the plugin config itself. Name *wrappers.StringValue `protobuf:"bytes,9,opt,name=name,proto3" json:"name,omitempty"` // Types that are assignable to AuthConfig: // // *AuthConfig_Config_BasicAuth // *AuthConfig_Config_Oauth // *AuthConfig_Config_Oauth2 // *AuthConfig_Config_ApiKeyAuth // *AuthConfig_Config_PluginAuth // *AuthConfig_Config_OpaAuth // *AuthConfig_Config_Ldap // *AuthConfig_Config_Jwt // *AuthConfig_Config_PassThroughAuth // *AuthConfig_Config_HmacAuth AuthConfig isAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"` // contains filtered or unexported fields }
func (*AuthConfig_Config) Clone ¶ added in v1.8.24
func (m *AuthConfig_Config) Clone() proto.Message
Clone function
func (*AuthConfig_Config) Descriptor
deprecated
func (*AuthConfig_Config) Descriptor() ([]byte, []int)
Deprecated: Use AuthConfig_Config.ProtoReflect.Descriptor instead.
func (*AuthConfig_Config) Equal ¶
func (m *AuthConfig_Config) Equal(that interface{}) bool
Equal function
func (*AuthConfig_Config) GetApiKeyAuth ¶
func (x *AuthConfig_Config) GetApiKeyAuth() *ApiKeyAuth
func (*AuthConfig_Config) GetAuthConfig ¶
func (m *AuthConfig_Config) GetAuthConfig() isAuthConfig_Config_AuthConfig
func (*AuthConfig_Config) GetBasicAuth ¶
func (x *AuthConfig_Config) GetBasicAuth() *BasicAuth
func (*AuthConfig_Config) GetHmacAuth ¶ added in v1.14.0
func (x *AuthConfig_Config) GetHmacAuth() *HmacAuth
func (*AuthConfig_Config) GetJwt ¶ added in v1.6.0
func (x *AuthConfig_Config) GetJwt() *empty.Empty
func (*AuthConfig_Config) GetLdap ¶
func (x *AuthConfig_Config) GetLdap() *Ldap
func (*AuthConfig_Config) GetName ¶ added in v1.5.0
func (x *AuthConfig_Config) GetName() *wrappers.StringValue
func (*AuthConfig_Config) GetOauth
deprecated
func (x *AuthConfig_Config) GetOauth() *OAuth
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*AuthConfig_Config) GetOauth2 ¶ added in v1.5.0
func (x *AuthConfig_Config) GetOauth2() *OAuth2
func (*AuthConfig_Config) GetOpaAuth ¶
func (x *AuthConfig_Config) GetOpaAuth() *OpaAuth
func (*AuthConfig_Config) GetPassThroughAuth ¶ added in v1.6.0
func (x *AuthConfig_Config) GetPassThroughAuth() *PassThroughAuth
func (*AuthConfig_Config) GetPluginAuth ¶
func (x *AuthConfig_Config) GetPluginAuth() *AuthPlugin
func (*AuthConfig_Config) Hash ¶ added in v1.2.13
func (m *AuthConfig_Config) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AuthConfig_Config) ProtoMessage ¶
func (*AuthConfig_Config) ProtoMessage()
func (*AuthConfig_Config) ProtoReflect ¶ added in v1.6.0
func (x *AuthConfig_Config) ProtoReflect() protoreflect.Message
func (*AuthConfig_Config) Reset ¶
func (x *AuthConfig_Config) Reset()
func (*AuthConfig_Config) String ¶
func (x *AuthConfig_Config) String() string
type AuthConfig_Config_ApiKeyAuth ¶
type AuthConfig_Config_ApiKeyAuth struct {
ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof"`
}
type AuthConfig_Config_BasicAuth ¶
type AuthConfig_Config_BasicAuth struct {
BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof"`
}
type AuthConfig_Config_HmacAuth ¶ added in v1.14.0
type AuthConfig_Config_HmacAuth struct {
HmacAuth *HmacAuth `protobuf:"bytes,13,opt,name=hmac_auth,json=hmacAuth,proto3,oneof"`
}
type AuthConfig_Config_Jwt ¶ added in v1.6.0
type AuthConfig_Config_Jwt struct { // This is a "dummy" extauth service which can be used to support multiple auth mechanisms with JWT authentication. // If Jwt authentication is to be used in the [boolean expression](https://docs.solo.io/gloo-edge/latest/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk/#authconfig) in an AuthConfig, you can use this auth config type to include Jwt as an Auth config. // In addition, `allow_missing_or_failed_jwt` must be set on the Virtual Host or Route that uses JWT auth or else the JWT filter will short circuit this behaviour. Jwt *empty.Empty `protobuf:"bytes,11,opt,name=jwt,proto3,oneof"` }
type AuthConfig_Config_Ldap ¶
type AuthConfig_Config_Ldap struct {
Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof"`
}
type AuthConfig_Config_Oauth ¶
type AuthConfig_Config_Oauth struct { // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof"` }
type AuthConfig_Config_Oauth2 ¶ added in v1.5.0
type AuthConfig_Config_Oauth2 struct {
Oauth2 *OAuth2 `protobuf:"bytes,8,opt,name=oauth2,proto3,oneof"`
}
type AuthConfig_Config_OpaAuth ¶
type AuthConfig_Config_OpaAuth struct {
OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof"`
}
type AuthConfig_Config_PassThroughAuth ¶ added in v1.6.0
type AuthConfig_Config_PassThroughAuth struct {
PassThroughAuth *PassThroughAuth `protobuf:"bytes,12,opt,name=pass_through_auth,json=passThroughAuth,proto3,oneof"`
}
type AuthConfig_Config_PluginAuth ¶
type AuthConfig_Config_PluginAuth struct {
PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof"`
}
type AuthPlugin ¶
type AuthPlugin struct { // Name of the plugin Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Name of the compiled plugin file. If not specified, Gloo Edge will look for an ".so" file with same name as the plugin. PluginFileName string `protobuf:"bytes,2,opt,name=plugin_file_name,json=pluginFileName,proto3" json:"plugin_file_name,omitempty"` // Name of the exported symbol that implements the plugin interface in the plugin. // If not specified, defaults to the name of the plugin ExportedSymbolName string `protobuf:"bytes,3,opt,name=exported_symbol_name,json=exportedSymbolName,proto3" json:"exported_symbol_name,omitempty"` Config *_struct.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"` // contains filtered or unexported fields }
func (*AuthPlugin) Clone ¶ added in v1.8.24
func (m *AuthPlugin) Clone() proto.Message
Clone function
func (*AuthPlugin) Descriptor
deprecated
func (*AuthPlugin) Descriptor() ([]byte, []int)
Deprecated: Use AuthPlugin.ProtoReflect.Descriptor instead.
func (*AuthPlugin) GetConfig ¶
func (x *AuthPlugin) GetConfig() *_struct.Struct
func (*AuthPlugin) GetExportedSymbolName ¶
func (x *AuthPlugin) GetExportedSymbolName() string
func (*AuthPlugin) GetName ¶
func (x *AuthPlugin) GetName() string
func (*AuthPlugin) GetPluginFileName ¶
func (x *AuthPlugin) GetPluginFileName() string
func (*AuthPlugin) Hash ¶ added in v1.2.13
func (m *AuthPlugin) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AuthPlugin) ProtoMessage ¶
func (*AuthPlugin) ProtoMessage()
func (*AuthPlugin) ProtoReflect ¶ added in v1.6.0
func (x *AuthPlugin) ProtoReflect() protoreflect.Message
func (*AuthPlugin) Reset ¶
func (x *AuthPlugin) Reset()
func (*AuthPlugin) String ¶
func (x *AuthPlugin) String() string
type AutoMapFromMetadata ¶ added in v1.9.25
type AutoMapFromMetadata struct { // The namespace from which to map metadata Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // contains filtered or unexported fields }
func (*AutoMapFromMetadata) Clone ¶ added in v1.9.25
func (m *AutoMapFromMetadata) Clone() proto.Message
Clone function
func (*AutoMapFromMetadata) Descriptor
deprecated
added in
v1.9.25
func (*AutoMapFromMetadata) Descriptor() ([]byte, []int)
Deprecated: Use AutoMapFromMetadata.ProtoReflect.Descriptor instead.
func (*AutoMapFromMetadata) Equal ¶ added in v1.9.25
func (m *AutoMapFromMetadata) Equal(that interface{}) bool
Equal function
func (*AutoMapFromMetadata) GetNamespace ¶ added in v1.9.25
func (x *AutoMapFromMetadata) GetNamespace() string
func (*AutoMapFromMetadata) Hash ¶ added in v1.9.25
func (m *AutoMapFromMetadata) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*AutoMapFromMetadata) ProtoMessage ¶ added in v1.9.25
func (*AutoMapFromMetadata) ProtoMessage()
func (*AutoMapFromMetadata) ProtoReflect ¶ added in v1.9.25
func (x *AutoMapFromMetadata) ProtoReflect() protoreflect.Message
func (*AutoMapFromMetadata) Reset ¶ added in v1.9.25
func (x *AutoMapFromMetadata) Reset()
func (*AutoMapFromMetadata) String ¶ added in v1.9.25
func (x *AutoMapFromMetadata) String() string
type BasicAuth ¶
type BasicAuth struct { Realm string `protobuf:"bytes,1,opt,name=realm,proto3" json:"realm,omitempty"` Apr *BasicAuth_Apr `protobuf:"bytes,2,opt,name=apr,proto3" json:"apr,omitempty"` // contains filtered or unexported fields }
func (*BasicAuth) Descriptor
deprecated
func (*BasicAuth) GetApr ¶
func (x *BasicAuth) GetApr() *BasicAuth_Apr
func (*BasicAuth) ProtoMessage ¶
func (*BasicAuth) ProtoMessage()
func (*BasicAuth) ProtoReflect ¶ added in v1.6.0
func (x *BasicAuth) ProtoReflect() protoreflect.Message
type BasicAuth_Apr ¶
type BasicAuth_Apr struct { Users map[string]*BasicAuth_Apr_SaltedHashedPassword `` /* 151-byte string literal not displayed */ // contains filtered or unexported fields }
func (*BasicAuth_Apr) Clone ¶ added in v1.8.24
func (m *BasicAuth_Apr) Clone() proto.Message
Clone function
func (*BasicAuth_Apr) Descriptor
deprecated
func (*BasicAuth_Apr) Descriptor() ([]byte, []int)
Deprecated: Use BasicAuth_Apr.ProtoReflect.Descriptor instead.
func (*BasicAuth_Apr) GetUsers ¶
func (x *BasicAuth_Apr) GetUsers() map[string]*BasicAuth_Apr_SaltedHashedPassword
func (*BasicAuth_Apr) Hash ¶ added in v1.2.13
func (m *BasicAuth_Apr) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*BasicAuth_Apr) ProtoMessage ¶
func (*BasicAuth_Apr) ProtoMessage()
func (*BasicAuth_Apr) ProtoReflect ¶ added in v1.6.0
func (x *BasicAuth_Apr) ProtoReflect() protoreflect.Message
func (*BasicAuth_Apr) Reset ¶
func (x *BasicAuth_Apr) Reset()
func (*BasicAuth_Apr) String ¶
func (x *BasicAuth_Apr) String() string
type BasicAuth_Apr_SaltedHashedPassword ¶
type BasicAuth_Apr_SaltedHashedPassword struct { Salt string `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"` HashedPassword string `protobuf:"bytes,2,opt,name=hashed_password,json=hashedPassword,proto3" json:"hashed_password,omitempty"` // contains filtered or unexported fields }
func (*BasicAuth_Apr_SaltedHashedPassword) Clone ¶ added in v1.8.24
func (m *BasicAuth_Apr_SaltedHashedPassword) Clone() proto.Message
Clone function
func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor
deprecated
func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor() ([]byte, []int)
Deprecated: Use BasicAuth_Apr_SaltedHashedPassword.ProtoReflect.Descriptor instead.
func (*BasicAuth_Apr_SaltedHashedPassword) Equal ¶
func (m *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool
Equal function
func (*BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword ¶
func (x *BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword() string
func (*BasicAuth_Apr_SaltedHashedPassword) GetSalt ¶
func (x *BasicAuth_Apr_SaltedHashedPassword) GetSalt() string
func (*BasicAuth_Apr_SaltedHashedPassword) Hash ¶ added in v1.2.13
func (m *BasicAuth_Apr_SaltedHashedPassword) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage ¶
func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage()
func (*BasicAuth_Apr_SaltedHashedPassword) ProtoReflect ¶ added in v1.6.0
func (x *BasicAuth_Apr_SaltedHashedPassword) ProtoReflect() protoreflect.Message
func (*BasicAuth_Apr_SaltedHashedPassword) Reset ¶
func (x *BasicAuth_Apr_SaltedHashedPassword) Reset()
func (*BasicAuth_Apr_SaltedHashedPassword) String ¶
func (x *BasicAuth_Apr_SaltedHashedPassword) String() string
type BufferSettings ¶
type BufferSettings struct { // Sets the maximum size of a message body that the filter will hold in memory. Envoy will return // *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number // set in this field. Note that this setting will have precedence over failure_mode_allow. // Defaults to 4KB. MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"` // When this field is true, Envoy will buffer the message until *max_request_bytes* is reached. // The authorization request will be dispatched and no 413 HTTP error will be returned by the // filter. AllowPartialMessage bool `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"` // When this field is true, Envoy will send the body sent to the external authorization service with raw bytes. PackAsBytes bool `protobuf:"varint,3,opt,name=pack_as_bytes,json=packAsBytes,proto3" json:"pack_as_bytes,omitempty"` // contains filtered or unexported fields }
Configuration for buffering the request data.
func (*BufferSettings) Clone ¶ added in v1.8.24
func (m *BufferSettings) Clone() proto.Message
Clone function
func (*BufferSettings) Descriptor
deprecated
func (*BufferSettings) Descriptor() ([]byte, []int)
Deprecated: Use BufferSettings.ProtoReflect.Descriptor instead.
func (*BufferSettings) GetAllowPartialMessage ¶
func (x *BufferSettings) GetAllowPartialMessage() bool
func (*BufferSettings) GetMaxRequestBytes ¶
func (x *BufferSettings) GetMaxRequestBytes() uint32
func (*BufferSettings) GetPackAsBytes ¶ added in v1.6.2
func (x *BufferSettings) GetPackAsBytes() bool
func (*BufferSettings) Hash ¶ added in v1.2.13
func (m *BufferSettings) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*BufferSettings) ProtoMessage ¶
func (*BufferSettings) ProtoMessage()
func (*BufferSettings) ProtoReflect ¶ added in v1.6.0
func (x *BufferSettings) ProtoReflect() protoreflect.Message
func (*BufferSettings) Reset ¶
func (x *BufferSettings) Reset()
func (*BufferSettings) String ¶
func (x *BufferSettings) String() string
type ClaimToHeader ¶ added in v1.15.4
type ClaimToHeader struct { // The claim name from the token, such as `sub`. Claim string `protobuf:"bytes,1,opt,name=claim,proto3" json:"claim,omitempty"` // The header to copy the claim to, such as `x-sub`. Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"` // If the header exists, append the claim value to the header (true), or overwrite any existing value (false). The default behavior is to overwrite any existing value (false). Append bool `protobuf:"varint,3,opt,name=append,proto3" json:"append,omitempty"` // contains filtered or unexported fields }
Map a single claim from an OAuth2 or OIDC token to a header in the request to the upstream destination.
func (*ClaimToHeader) Clone ¶ added in v1.15.4
func (m *ClaimToHeader) Clone() proto.Message
Clone function
func (*ClaimToHeader) Descriptor
deprecated
added in
v1.15.4
func (*ClaimToHeader) Descriptor() ([]byte, []int)
Deprecated: Use ClaimToHeader.ProtoReflect.Descriptor instead.
func (*ClaimToHeader) Equal ¶ added in v1.15.4
func (m *ClaimToHeader) Equal(that interface{}) bool
Equal function
func (*ClaimToHeader) GetAppend ¶ added in v1.15.4
func (x *ClaimToHeader) GetAppend() bool
func (*ClaimToHeader) GetClaim ¶ added in v1.15.4
func (x *ClaimToHeader) GetClaim() string
func (*ClaimToHeader) GetHeader ¶ added in v1.15.4
func (x *ClaimToHeader) GetHeader() string
func (*ClaimToHeader) Hash ¶ added in v1.15.4
func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ClaimToHeader) ProtoMessage ¶ added in v1.15.4
func (*ClaimToHeader) ProtoMessage()
func (*ClaimToHeader) ProtoReflect ¶ added in v1.15.4
func (x *ClaimToHeader) ProtoReflect() protoreflect.Message
func (*ClaimToHeader) Reset ¶ added in v1.15.4
func (x *ClaimToHeader) Reset()
func (*ClaimToHeader) String ¶ added in v1.15.4
func (x *ClaimToHeader) String() string
type CustomAuth ¶
type CustomAuth struct { // When a request matches the virtual host, route, or weighted destination on which this configuration is defined, // Gloo will add the given context_extensions to the request that is sent to the external authorization server. // This allows the server to base the auth decision on metadata that you define on the source of the request. // // This attribute is analogous to Envoy's config.filter.http.ext_authz.v2.CheckSettings. See the official // [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/ext_authz/v2/ext_authz.proto.html?highlight=ext_authz#config-filter-http-ext-authz-v2-checksettings) // for more details. ContextExtensions map[string]string `` /* 200-byte string literal not displayed */ // [Enterprise-only] // Only required in the case where multiple auth servers are configured in Settings // This name must match a key in the named_extauth Settings. Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Gloo is not expected to configure the ext auth server in this case. This is used with custom auth servers.
func (*CustomAuth) Clone ¶ added in v1.8.24
func (m *CustomAuth) Clone() proto.Message
Clone function
func (*CustomAuth) Descriptor
deprecated
func (*CustomAuth) Descriptor() ([]byte, []int)
Deprecated: Use CustomAuth.ProtoReflect.Descriptor instead.
func (*CustomAuth) GetContextExtensions ¶
func (x *CustomAuth) GetContextExtensions() map[string]string
func (*CustomAuth) GetName ¶ added in v1.8.0
func (x *CustomAuth) GetName() string
func (*CustomAuth) Hash ¶ added in v1.2.13
func (m *CustomAuth) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*CustomAuth) ProtoMessage ¶
func (*CustomAuth) ProtoMessage()
func (*CustomAuth) ProtoReflect ¶ added in v1.6.0
func (x *CustomAuth) ProtoReflect() protoreflect.Message
func (*CustomAuth) Reset ¶
func (x *CustomAuth) Reset()
func (*CustomAuth) String ¶
func (x *CustomAuth) String() string
type DiscoveryOverride ¶ added in v1.6.0
type DiscoveryOverride struct { // url of the provider authorization endpoint AuthEndpoint string `protobuf:"bytes,1,opt,name=auth_endpoint,json=authEndpoint,proto3" json:"auth_endpoint,omitempty"` // url of the provider token endpoint TokenEndpoint string `protobuf:"bytes,2,opt,name=token_endpoint,json=tokenEndpoint,proto3" json:"token_endpoint,omitempty"` // url of the provider json web key set JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"` // list of scope values that the provider supports Scopes []string `protobuf:"bytes,4,rep,name=scopes,proto3" json:"scopes,omitempty"` // list of response types that the provider supports ResponseTypes []string `protobuf:"bytes,5,rep,name=response_types,json=responseTypes,proto3" json:"response_types,omitempty"` // list of subject identifier types that the provider supports Subjects []string `protobuf:"bytes,6,rep,name=subjects,proto3" json:"subjects,omitempty"` // list of json web signature signing algorithms that the provider supports for encoding claims in a jwt IdTokenAlgs []string `protobuf:"bytes,7,rep,name=id_token_algs,json=idTokenAlgs,proto3" json:"id_token_algs,omitempty"` // list of client authentication methods supported by the provider token endpoint AuthMethods []string `protobuf:"bytes,8,rep,name=auth_methods,json=authMethods,proto3" json:"auth_methods,omitempty"` // list of claim types that the provider supports Claims []string `protobuf:"bytes,9,rep,name=claims,proto3" json:"claims,omitempty"` // url of the provider token revocation endpoint RevocationEndpoint string `protobuf:"bytes,10,opt,name=revocation_endpoint,json=revocationEndpoint,proto3" json:"revocation_endpoint,omitempty"` // url of the provider end session endpoint EndSessionEndpoint string `protobuf:"bytes,11,opt,name=end_session_endpoint,json=endSessionEndpoint,proto3" json:"end_session_endpoint,omitempty"` // contains filtered or unexported fields }
OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration The discovery override defines any properties that should override this discovery configuration https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
func (*DiscoveryOverride) Clone ¶ added in v1.8.24
func (m *DiscoveryOverride) Clone() proto.Message
Clone function
func (*DiscoveryOverride) Descriptor
deprecated
added in
v1.6.0
func (*DiscoveryOverride) Descriptor() ([]byte, []int)
Deprecated: Use DiscoveryOverride.ProtoReflect.Descriptor instead.
func (*DiscoveryOverride) Equal ¶ added in v1.6.0
func (m *DiscoveryOverride) Equal(that interface{}) bool
Equal function
func (*DiscoveryOverride) GetAuthEndpoint ¶ added in v1.6.0
func (x *DiscoveryOverride) GetAuthEndpoint() string
func (*DiscoveryOverride) GetAuthMethods ¶ added in v1.6.0
func (x *DiscoveryOverride) GetAuthMethods() []string
func (*DiscoveryOverride) GetClaims ¶ added in v1.6.0
func (x *DiscoveryOverride) GetClaims() []string
func (*DiscoveryOverride) GetEndSessionEndpoint ¶ added in v1.9.25
func (x *DiscoveryOverride) GetEndSessionEndpoint() string
func (*DiscoveryOverride) GetIdTokenAlgs ¶ added in v1.6.0
func (x *DiscoveryOverride) GetIdTokenAlgs() []string
func (*DiscoveryOverride) GetJwksUri ¶ added in v1.6.0
func (x *DiscoveryOverride) GetJwksUri() string
func (*DiscoveryOverride) GetResponseTypes ¶ added in v1.6.0
func (x *DiscoveryOverride) GetResponseTypes() []string
func (*DiscoveryOverride) GetRevocationEndpoint ¶ added in v1.9.25
func (x *DiscoveryOverride) GetRevocationEndpoint() string
func (*DiscoveryOverride) GetScopes ¶ added in v1.6.0
func (x *DiscoveryOverride) GetScopes() []string
func (*DiscoveryOverride) GetSubjects ¶ added in v1.6.0
func (x *DiscoveryOverride) GetSubjects() []string
func (*DiscoveryOverride) GetTokenEndpoint ¶ added in v1.6.0
func (x *DiscoveryOverride) GetTokenEndpoint() string
func (*DiscoveryOverride) Hash ¶ added in v1.6.0
func (m *DiscoveryOverride) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*DiscoveryOverride) ProtoMessage ¶ added in v1.6.0
func (*DiscoveryOverride) ProtoMessage()
func (*DiscoveryOverride) ProtoReflect ¶ added in v1.6.0
func (x *DiscoveryOverride) ProtoReflect() protoreflect.Message
func (*DiscoveryOverride) Reset ¶ added in v1.6.0
func (x *DiscoveryOverride) Reset()
func (*DiscoveryOverride) String ¶ added in v1.6.0
func (x *DiscoveryOverride) String() string
type EndSessionProperties ¶ added in v1.9.25
type EndSessionProperties struct { // The method type used by the end session endpoint, defaults to GET. MethodType EndSessionProperties_MethodType `` /* 135-byte string literal not displayed */ // contains filtered or unexported fields }
func (*EndSessionProperties) Clone ¶ added in v1.9.25
func (m *EndSessionProperties) Clone() proto.Message
Clone function
func (*EndSessionProperties) Descriptor
deprecated
added in
v1.9.25
func (*EndSessionProperties) Descriptor() ([]byte, []int)
Deprecated: Use EndSessionProperties.ProtoReflect.Descriptor instead.
func (*EndSessionProperties) Equal ¶ added in v1.9.25
func (m *EndSessionProperties) Equal(that interface{}) bool
Equal function
func (*EndSessionProperties) GetMethodType ¶ added in v1.9.25
func (x *EndSessionProperties) GetMethodType() EndSessionProperties_MethodType
func (*EndSessionProperties) Hash ¶ added in v1.9.25
func (m *EndSessionProperties) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*EndSessionProperties) ProtoMessage ¶ added in v1.9.25
func (*EndSessionProperties) ProtoMessage()
func (*EndSessionProperties) ProtoReflect ¶ added in v1.9.25
func (x *EndSessionProperties) ProtoReflect() protoreflect.Message
func (*EndSessionProperties) Reset ¶ added in v1.9.25
func (x *EndSessionProperties) Reset()
func (*EndSessionProperties) String ¶ added in v1.9.25
func (x *EndSessionProperties) String() string
type EndSessionProperties_MethodType ¶ added in v1.9.25
type EndSessionProperties_MethodType int32
The Method used to make the request.
const ( // Uses GET method when making the request EndSessionProperties_GetMethod EndSessionProperties_MethodType = 0 // Uses POST method when making the request EndSessionProperties_PostMethod EndSessionProperties_MethodType = 1 )
func (EndSessionProperties_MethodType) Descriptor ¶ added in v1.9.25
func (EndSessionProperties_MethodType) Descriptor() protoreflect.EnumDescriptor
func (EndSessionProperties_MethodType) Enum ¶ added in v1.9.25
func (x EndSessionProperties_MethodType) Enum() *EndSessionProperties_MethodType
func (EndSessionProperties_MethodType) EnumDescriptor
deprecated
added in
v1.9.25
func (EndSessionProperties_MethodType) EnumDescriptor() ([]byte, []int)
Deprecated: Use EndSessionProperties_MethodType.Descriptor instead.
func (EndSessionProperties_MethodType) Number ¶ added in v1.9.25
func (x EndSessionProperties_MethodType) Number() protoreflect.EnumNumber
func (EndSessionProperties_MethodType) String ¶ added in v1.9.25
func (x EndSessionProperties_MethodType) String() string
func (EndSessionProperties_MethodType) Type ¶ added in v1.9.25
func (EndSessionProperties_MethodType) Type() protoreflect.EnumType
type EnterpriseEmitter ¶ added in v1.3.33
type EnterpriseEmitter interface { EnterpriseSnapshotEmitter Register() error AuthConfig() AuthConfigClient }
func NewEnterpriseEmitter ¶ added in v1.3.33
func NewEnterpriseEmitter(authConfigClient AuthConfigClient) EnterpriseEmitter
func NewEnterpriseEmitterWithEmit ¶ added in v1.3.33
func NewEnterpriseEmitterWithEmit(authConfigClient AuthConfigClient, emit <-chan struct{}) EnterpriseEmitter
type EnterpriseSimpleEmitter ¶ added in v1.3.33
type EnterpriseSimpleEmitter interface {
Snapshots(ctx context.Context) (<-chan *EnterpriseSnapshot, <-chan error, error)
}
func NewEnterpriseSimpleEmitter ¶ added in v1.3.33
func NewEnterpriseSimpleEmitter(aggregatedWatch clients.ResourceWatch) EnterpriseSimpleEmitter
func NewEnterpriseSimpleEmitterWithEmit ¶ added in v1.3.33
func NewEnterpriseSimpleEmitterWithEmit(aggregatedWatch clients.ResourceWatch, emit <-chan struct{}) EnterpriseSimpleEmitter
type EnterpriseSnapshot ¶ added in v1.3.33
type EnterpriseSnapshot struct {
AuthConfigs AuthConfigList
}
func (EnterpriseSnapshot) Clone ¶ added in v1.3.33
func (s EnterpriseSnapshot) Clone() EnterpriseSnapshot
func (*EnterpriseSnapshot) GetResourcesList ¶ added in v1.11.50
func (s *EnterpriseSnapshot) GetResourcesList(resource resources.Resource) (resources.ResourceList, error)
func (EnterpriseSnapshot) Hash ¶ added in v1.3.33
func (s EnterpriseSnapshot) Hash(hasher hash.Hash64) (uint64, error)
func (EnterpriseSnapshot) HashFields ¶ added in v1.3.33
func (s EnterpriseSnapshot) HashFields() []zap.Field
func (*EnterpriseSnapshot) RemoveFromResourceList ¶ added in v1.11.50
func (s *EnterpriseSnapshot) RemoveFromResourceList(resource resources.Resource) error
func (EnterpriseSnapshot) Stringer ¶ added in v1.3.33
func (s EnterpriseSnapshot) Stringer() EnterpriseSnapshotStringer
func (*EnterpriseSnapshot) UpsertToResourceList ¶ added in v1.11.50
func (s *EnterpriseSnapshot) UpsertToResourceList(resource resources.Resource) error
type EnterpriseSnapshotEmitter ¶ added in v1.3.33
type EnterpriseSnapshotStringer ¶ added in v1.3.33
func (EnterpriseSnapshotStringer) String ¶ added in v1.3.33
func (ss EnterpriseSnapshotStringer) String() string
type EnterpriseSyncDecider
deprecated
added in
v1.3.33
type EnterpriseSyncDecider interface { EnterpriseSyncer ShouldSync(old, new *EnterpriseSnapshot) bool }
Deprecated: use EnterpriseSyncDeciderWithContext
type EnterpriseSyncDeciderWithContext ¶ added in v1.3.33
type EnterpriseSyncDeciderWithContext interface { EnterpriseSyncer ShouldSync(ctx context.Context, old, new *EnterpriseSnapshot) bool }
type EnterpriseSyncer ¶ added in v1.3.33
type EnterpriseSyncer interface {
Sync(context.Context, *EnterpriseSnapshot) error
}
type EnterpriseSyncers ¶ added in v1.3.33
type EnterpriseSyncers []EnterpriseSyncer
func (EnterpriseSyncers) Sync ¶ added in v1.3.33
func (s EnterpriseSyncers) Sync(ctx context.Context, snapshot *EnterpriseSnapshot) error
type ExtAuthConfig ¶
type ExtAuthConfig struct { // @solo-kit:resource.name // This is the identifier of the AuthConfig resource that this configuration is associated with. // Any request to the external auth server includes an identifier that is matched against this field to determine // which AuthConfig should be applied to it. AuthConfigRefName string `protobuf:"bytes,1,opt,name=auth_config_ref_name,json=authConfigRefName,proto3" json:"auth_config_ref_name,omitempty"` // List of auth configs to be checked for requests on a route referencing this auth config, // By default, every config must be authorized for the entire request to be authorized. This // behavior can be changed by defining names for each config and defining `boolean_expr` below. // // State is shared between successful requests on the chain, i.e., the headers returned from each // successful auth service get appended into the final auth response. Configs []*ExtAuthConfig_Config `protobuf:"bytes,8,rep,name=configs,proto3" json:"configs,omitempty"` // How to handle processing of named configs within an auth config chain. // An example config might be: `( basic1 || basic2 || (oidc1 && !oidc2) )` // The boolean expression is evaluated left to right but honors parenthesis and short-circuiting. // Defaults to an empty string, which is interpreted as `and`-ing the configs. BooleanExpr *wrappers.StringValue `protobuf:"bytes,10,opt,name=boolean_expr,json=booleanExpr,proto3" json:"boolean_expr,omitempty"` // How the service should handle a redirect response from an OIDC issuer. In the default false mode, // the redirect will be considered a successful response, and the client will receive a 302 with a location header. // If this is set to true, the client will instead receive a 401 unauthorized response. This is useful in cases where // API calls are being made or other such occurrences where the client cannot handle the redirect. FailOnRedirect bool `protobuf:"varint,11,opt,name=fail_on_redirect,json=failOnRedirect,proto3" json:"fail_on_redirect,omitempty"` // contains filtered or unexported fields }
@solo-kit:xds-service=ExtAuthDiscoveryService @solo-kit:resource.no_references
This is an internal API used to share configuration between gloo-ee and extauth. Although this API is only used in gloo-ee, rules about breaking changes still apply to ensure we do not get errors during upgrade and downgrade.
func (*ExtAuthConfig) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig) Descriptor
deprecated
func (*ExtAuthConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig) GetAuthConfigRefName ¶
func (x *ExtAuthConfig) GetAuthConfigRefName() string
func (*ExtAuthConfig) GetBooleanExpr ¶ added in v1.5.0
func (x *ExtAuthConfig) GetBooleanExpr() *wrappers.StringValue
func (*ExtAuthConfig) GetConfigs ¶
func (x *ExtAuthConfig) GetConfigs() []*ExtAuthConfig_Config
func (*ExtAuthConfig) GetFailOnRedirect ¶ added in v1.9.25
func (x *ExtAuthConfig) GetFailOnRedirect() bool
func (*ExtAuthConfig) Hash ¶ added in v1.2.13
func (m *ExtAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig) ProtoMessage ¶
func (*ExtAuthConfig) ProtoMessage()
func (*ExtAuthConfig) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig) Reset ¶
func (x *ExtAuthConfig) Reset()
func (*ExtAuthConfig) String ¶
func (x *ExtAuthConfig) String() string
type ExtAuthConfigXdsResourceWrapper ¶
type ExtAuthConfigXdsResourceWrapper struct { // TODO(yuval-k): This is public for mitchellh hashstructure to work properly. consider better alternatives. Resource *ExtAuthConfig }
Defined a resource - to be used by snapshot
func NewExtAuthConfigXdsResourceWrapper ¶
func NewExtAuthConfigXdsResourceWrapper(resourceProto *ExtAuthConfig) *ExtAuthConfigXdsResourceWrapper
func (*ExtAuthConfigXdsResourceWrapper) References ¶
func (e *ExtAuthConfigXdsResourceWrapper) References() []cache.XdsResourceReference
func (*ExtAuthConfigXdsResourceWrapper) ResourceProto ¶
func (e *ExtAuthConfigXdsResourceWrapper) ResourceProto() cache.ResourceProto
func (*ExtAuthConfigXdsResourceWrapper) Self ¶
func (e *ExtAuthConfigXdsResourceWrapper) Self() cache.XdsResourceReference
type ExtAuthConfig_AccessTokenValidationConfig ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig struct { // Types that are assignable to ValidationType: // // *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionUrl // *ExtAuthConfig_AccessTokenValidationConfig_Jwt // *ExtAuthConfig_AccessTokenValidationConfig_Introspection ValidationType isExtAuthConfig_AccessTokenValidationConfig_ValidationType `protobuf_oneof:"validation_type"` // The URL for the OIDC userinfo endpoint. // If provided, the (opaque) access token provided or received from the oauth endpoint // will be queried and the userinfo response (or cached response) will be added to the // `AuthorizationRequest` state under the "introspection" key. // This can be useful to leverage the userinfo response in, for example, an external auth server plugin. UserinfoUrl string `protobuf:"bytes,4,opt,name=userinfo_url,json=userinfoUrl,proto3" json:"userinfo_url,omitempty"` // How long the token introspection and userinfo endpoint response for a specific access token should be kept // in the in-memory cache. The result will be invalidated at this timeout, or at "exp" time from the introspection // result, whichever comes sooner. If omitted, defaults to 10 minutes. If zero, then no caching will be done. CacheTimeout *duration.Duration `protobuf:"bytes,5,opt,name=cache_timeout,json=cacheTimeout,proto3" json:"cache_timeout,omitempty"` // Optional criteria for validating the scopes of a token. // // Types that are assignable to ScopeValidation: // // *ExtAuthConfig_AccessTokenValidationConfig_RequiredScopes ScopeValidation isExtAuthConfig_AccessTokenValidationConfig_ScopeValidation `protobuf_oneof:"scope_validation"` // contains filtered or unexported fields }
func (*ExtAuthConfig_AccessTokenValidationConfig) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_AccessTokenValidationConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_AccessTokenValidationConfig) Descriptor
deprecated
added in
v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_AccessTokenValidationConfig) Equal ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_AccessTokenValidationConfig) GetCacheTimeout ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) GetCacheTimeout() *duration.Duration
func (*ExtAuthConfig_AccessTokenValidationConfig) GetIntrospection ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) GetIntrospection() *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation
func (*ExtAuthConfig_AccessTokenValidationConfig) GetIntrospectionUrl
deprecated
added in
v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) GetIntrospectionUrl() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_AccessTokenValidationConfig) GetRequiredScopes ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) GetRequiredScopes() *ExtAuthConfig_AccessTokenValidationConfig_ScopeList
func (*ExtAuthConfig_AccessTokenValidationConfig) GetScopeValidation ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig) GetScopeValidation() isExtAuthConfig_AccessTokenValidationConfig_ScopeValidation
func (*ExtAuthConfig_AccessTokenValidationConfig) GetUserinfoUrl ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) GetUserinfoUrl() string
func (*ExtAuthConfig_AccessTokenValidationConfig) GetValidationType ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig) GetValidationType() isExtAuthConfig_AccessTokenValidationConfig_ValidationType
func (*ExtAuthConfig_AccessTokenValidationConfig) Hash ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_AccessTokenValidationConfig) ProtoMessage ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig) ProtoMessage()
func (*ExtAuthConfig_AccessTokenValidationConfig) ProtoReflect ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_AccessTokenValidationConfig) Reset ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) Reset()
func (*ExtAuthConfig_AccessTokenValidationConfig) String ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig) String() string
type ExtAuthConfig_AccessTokenValidationConfig_Introspection ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_Introspection struct { // Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated // [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) specification. Introspection *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation `protobuf:"bytes,3,opt,name=introspection,proto3,oneof"` }
type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionUrl ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionUrl struct { // The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint. // If provided, the (opaque) access token provided or received from the oauth authorization endpoint // will be validated against this endpoint, or locally cached responses for this access token. // This field is deprecated as it does not support authenticated introspection requests // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3,oneof"` }
type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation struct { // The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint. // If provided, the (opaque) access token provided or received from the oauth authorization endpoint // will be validated against this endpoint, or locally cached responses for this access token. IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3" json:"introspection_url,omitempty"` // Your client id as registered with the issuer. // Optional: Use if the token introspection url requires client authentication. ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // Your client secret as registered with the issuer. // Optional: Use if the token introspection url requires client authentication. ClientSecret string `protobuf:"bytes,3,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` // The name of the [introspection response](https://tools.ietf.org/html/rfc7662#section-2.2) // attribute that contains the ID of the resource owner (e.g. `sub`, `username`). // If specified, the external auth server will use the value of the attribute as the identifier of the // authenticated user and add it to the request headers and/or dynamic metadata (depending on how the // server is configured); if the field is set and the attribute cannot be found, the request will be denied. // This field is optional and by default the server will not try to derive the user ID. UserIdAttributeName string `protobuf:"bytes,4,opt,name=user_id_attribute_name,json=userIdAttributeName,proto3" json:"user_id_attribute_name,omitempty"` // contains filtered or unexported fields }
Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
If the token introspection url requires client authentication, both the client_id and client_secret are required. If only one is provided, the config will be rejected. These values will be encoded in a basic auth header in order to authenticate the client.
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Clone() proto.Message
Clone function
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Descriptor
deprecated
added in
v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Equal ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientId ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientId() string
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientSecret ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientSecret() string
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetIntrospectionUrl ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetIntrospectionUrl() string
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetUserIdAttributeName ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetUserIdAttributeName() string
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Hash ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoMessage ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoMessage()
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoReflect ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Reset ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Reset()
func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) String ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) String() string
type ExtAuthConfig_AccessTokenValidationConfig_Jwt ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_Jwt struct { // Validate access tokens that conform to the // [JSON Web Token (JWT)](https://datatracker.ietf.org/doc/rfc7662/) specification. Jwt *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"` }
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation struct { // Types that are assignable to JwksSourceSpecifier: // // *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks_ // *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks_ JwksSourceSpecifier isExtAuthConfig_AccessTokenValidationConfig_JwtValidation_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"` // Allow only tokens that have been issued by this principal (i.e. whose "iss" claim matches this value). // If empty, issuer validation will be skipped. Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"` // contains filtered or unexported fields }
Defines how JSON Web Token (JWT) access tokens are validated.
Tokens are validated using a JSON Web Key Set (as defined in [Section 5 of RFC7517](https://tools.ietf.org/html/rfc7517#section-5)), which can be either inlined in the configuration or fetched from a remote location via HTTP. Any keys in the JWKS that are not intended for signature verification (i.e. whose ["use" parameter](https://tools.ietf.org/html/rfc7517#section-4.2) is not "sig") will be ignored by the system, as will keys that do not specify a ["kid" (Key ID) parameter](https://tools.ietf.org/html/rfc7517#section-4.2).
The JWT to be validated must define non-empty "kid" and "alg" headers. The "kid" header determines which key in the JWKS will be used to verify the signature of the token; if no matching key is found, the token will be rejected.
If present, the server will verify the "exp", "iat", and "nbf" standard JWT claims. Validation of the "iss" claim and of token scopes can be configured as well. If the JWT has been successfully validated, its set of claims will be added to the `AuthorizationRequest` state under the "jwtAccessToken" key.
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Clone() proto.Message
Clone function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Descriptor
deprecated
added in
v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_JwtValidation.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Equal ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetIssuer ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetIssuer() string
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetJwksSourceSpecifier ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetJwksSourceSpecifier() isExtAuthConfig_AccessTokenValidationConfig_JwtValidation_JwksSourceSpecifier
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetLocalJwks ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetRemoteJwks ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Hash ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoMessage ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoMessage()
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoReflect ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Reset ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Reset()
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) String ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) String() string
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks struct { // JWKS is embedded as a string. InlineString string `protobuf:"bytes,1,opt,name=inline_string,json=inlineString,proto3" json:"inline_string,omitempty"` // contains filtered or unexported fields }
Represents a locally available JWKS.
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Clone() proto.Message
Clone function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Descriptor
deprecated
added in
v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Equal ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) GetInlineString ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) GetInlineString() string
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Hash ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoMessage ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoMessage()
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoReflect ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Reset ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Reset()
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) String ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) String() string
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks_ ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks_ struct { // Loads the JWKS from a local data source. LocalJwks *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks `protobuf:"bytes,2,opt,name=local_jwks,json=localJwks,proto3,oneof"` }
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks struct { // The HTTP URI to fetch the JWKS. Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"` // The frequency at which the JWKS should be refreshed. // If not specified, the default value is 5 minutes. RefreshInterval *duration.Duration `protobuf:"bytes,2,opt,name=refresh_interval,json=refreshInterval,proto3" json:"refresh_interval,omitempty"` // contains filtered or unexported fields }
Specifies how to fetch JWKS from remote and how to cache it.
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Clone() proto.Message
Clone function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Descriptor
deprecated
added in
v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Equal ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetRefreshInterval ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetRefreshInterval() *duration.Duration
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetUrl ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetUrl() string
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Hash ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoMessage ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoMessage()
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoReflect ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Reset ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Reset()
func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) String ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) String() string
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks_ ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks_ struct { // Fetches the JWKS from a remote location. RemoteJwks *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks `protobuf:"bytes,1,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"` }
type ExtAuthConfig_AccessTokenValidationConfig_RequiredScopes ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_RequiredScopes struct { // Require access token to have all of the scopes in the given list. // This configuration applies to both opaque and JWT tokens. In the case of opaque tokens, // this will check the scopes returned in the "scope" member of introspection response // (as described in [Section 2.2 of RFC7662](https://tools.ietf.org/html/rfc7662#section-2.2). // In case of JWTs the scopes to be validated are expected to be contained in the "scope" claim of the // token in the form of a space-separated string. // Omitting this field means that scope validation will be skipped. RequiredScopes *ExtAuthConfig_AccessTokenValidationConfig_ScopeList `protobuf:"bytes,6,opt,name=required_scopes,json=requiredScopes,proto3,oneof"` }
type ExtAuthConfig_AccessTokenValidationConfig_ScopeList ¶ added in v1.7.0
type ExtAuthConfig_AccessTokenValidationConfig_ScopeList struct { Scope []string `protobuf:"bytes,1,rep,name=scope,proto3" json:"scope,omitempty"` // contains filtered or unexported fields }
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Clone() proto.Message
Clone function
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Descriptor
deprecated
added in
v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_ScopeList.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Equal ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) GetScope ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) GetScope() []string
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Hash ¶ added in v1.7.0
func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoMessage ¶ added in v1.7.0
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoMessage()
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoReflect ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Reset ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Reset()
func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) String ¶ added in v1.7.0
func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) String() string
type ExtAuthConfig_ApiKeyAuthConfig ¶
type ExtAuthConfig_ApiKeyAuthConfig struct { // A mapping of valid API keys to their associated metadata. // This map is automatically populated with the information from the relevant `ApiKey`s. ValidApiKeys map[string]*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata `` /* 187-byte string literal not displayed */ // (Optional) When receiving a request, the Gloo Edge Enterprise external auth server will look for an API key // in a header with this name. This field is optional; if not provided it defaults to `api-key`. HeaderName string `protobuf:"bytes,2,opt,name=header_name,json=headerName,proto3" json:"header_name,omitempty"` // Determines the key metadata that will be included as headers on the upstream request. // Each entry represents a header to add: the key is the name of the header, and the // value is the key that will be used to look up the data entry in the key metadata. HeadersFromKeyMetadata map[string]string `` /* 219-byte string literal not displayed */ // Types that are assignable to StorageBackend: // // *ExtAuthConfig_ApiKeyAuthConfig_K8SSecretApikeyStorage // *ExtAuthConfig_ApiKeyAuthConfig_AerospikeApikeyStorage StorageBackend isExtAuthConfig_ApiKeyAuthConfig_StorageBackend `protobuf_oneof:"storage_backend"` // contains filtered or unexported fields }
**NOTE: This configuration is not user-facing and will be auto generated**
func (*ExtAuthConfig_ApiKeyAuthConfig) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_ApiKeyAuthConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor
deprecated
func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_ApiKeyAuthConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_ApiKeyAuthConfig) Equal ¶
func (m *ExtAuthConfig_ApiKeyAuthConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_ApiKeyAuthConfig) GetAerospikeApikeyStorage ¶ added in v1.13.0
func (x *ExtAuthConfig_ApiKeyAuthConfig) GetAerospikeApikeyStorage() *AerospikeApiKeyStorage
func (*ExtAuthConfig_ApiKeyAuthConfig) GetHeaderName ¶ added in v1.5.0
func (x *ExtAuthConfig_ApiKeyAuthConfig) GetHeaderName() string
func (*ExtAuthConfig_ApiKeyAuthConfig) GetHeadersFromKeyMetadata ¶ added in v1.5.0
func (x *ExtAuthConfig_ApiKeyAuthConfig) GetHeadersFromKeyMetadata() map[string]string
func (*ExtAuthConfig_ApiKeyAuthConfig) GetK8SSecretApikeyStorage ¶ added in v1.13.0
func (x *ExtAuthConfig_ApiKeyAuthConfig) GetK8SSecretApikeyStorage() *K8SSecretApiKeyStorage
func (*ExtAuthConfig_ApiKeyAuthConfig) GetStorageBackend ¶ added in v1.13.0
func (m *ExtAuthConfig_ApiKeyAuthConfig) GetStorageBackend() isExtAuthConfig_ApiKeyAuthConfig_StorageBackend
func (*ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeys ¶ added in v1.5.0
func (x *ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeys() map[string]*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata
func (*ExtAuthConfig_ApiKeyAuthConfig) Hash ¶ added in v1.2.13
func (m *ExtAuthConfig_ApiKeyAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage ¶
func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage()
func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig_ApiKeyAuthConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_ApiKeyAuthConfig) Reset ¶
func (x *ExtAuthConfig_ApiKeyAuthConfig) Reset()
func (*ExtAuthConfig_ApiKeyAuthConfig) String ¶
func (x *ExtAuthConfig_ApiKeyAuthConfig) String() string
type ExtAuthConfig_ApiKeyAuthConfig_AerospikeApikeyStorage ¶ added in v1.13.0
type ExtAuthConfig_ApiKeyAuthConfig_AerospikeApikeyStorage struct {
AerospikeApikeyStorage *AerospikeApiKeyStorage `protobuf:"bytes,5,opt,name=aerospike_apikey_storage,json=aerospikeApikeyStorage,proto3,oneof"`
}
type ExtAuthConfig_ApiKeyAuthConfig_K8SSecretApikeyStorage ¶ added in v1.13.0
type ExtAuthConfig_ApiKeyAuthConfig_K8SSecretApikeyStorage struct {
K8SSecretApikeyStorage *K8SSecretApiKeyStorage `protobuf:"bytes,4,opt,name=k8s_secret_apikey_storage,json=k8sSecretApikeyStorage,proto3,oneof"`
}
type ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata ¶ added in v1.5.0
type ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata struct { // The user is mapped as the name of `Secret` which contains the `ApiKey` Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` // The metadata present on the `ApiKey`. Metadata map[string]string `` /* 157-byte string literal not displayed */ // contains filtered or unexported fields }
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Clone() proto.Message
Clone function
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Descriptor
deprecated
added in
v1.5.0
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Equal ¶ added in v1.5.0
func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetMetadata ¶ added in v1.5.0
func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetMetadata() map[string]string
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetUsername ¶ added in v1.5.0
func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetUsername() string
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Hash ¶ added in v1.5.0
func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoMessage ¶ added in v1.5.0
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoMessage()
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Reset ¶ added in v1.5.0
func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Reset()
func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) String ¶ added in v1.5.0
func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) String() string
type ExtAuthConfig_Config ¶
type ExtAuthConfig_Config struct { // optional: used when defining complex boolean logic, if `boolean_expr` is defined below. Also used // in logging. If omitted, an automatically generated name will be used (e.g. config_0, of the // pattern 'config_$INDEX_IN_CHAIN'). In the case of plugin auth, this field is ignored in favor of // the name assigned on the plugin config itself. Name *wrappers.StringValue `protobuf:"bytes,11,opt,name=name,proto3" json:"name,omitempty"` // Types that are assignable to AuthConfig: // // *ExtAuthConfig_Config_Oauth // *ExtAuthConfig_Config_Oauth2 // *ExtAuthConfig_Config_BasicAuth // *ExtAuthConfig_Config_ApiKeyAuth // *ExtAuthConfig_Config_PluginAuth // *ExtAuthConfig_Config_OpaAuth // *ExtAuthConfig_Config_Ldap // *ExtAuthConfig_Config_LdapInternal // *ExtAuthConfig_Config_Jwt // *ExtAuthConfig_Config_PassThroughAuth // *ExtAuthConfig_Config_HmacAuth AuthConfig isExtAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"` // contains filtered or unexported fields }
func (*ExtAuthConfig_Config) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_Config) Clone() proto.Message
Clone function
func (*ExtAuthConfig_Config) Descriptor
deprecated
func (*ExtAuthConfig_Config) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_Config.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_Config) Equal ¶
func (m *ExtAuthConfig_Config) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_Config) GetApiKeyAuth ¶
func (x *ExtAuthConfig_Config) GetApiKeyAuth() *ExtAuthConfig_ApiKeyAuthConfig
func (*ExtAuthConfig_Config) GetAuthConfig ¶
func (m *ExtAuthConfig_Config) GetAuthConfig() isExtAuthConfig_Config_AuthConfig
func (*ExtAuthConfig_Config) GetBasicAuth ¶
func (x *ExtAuthConfig_Config) GetBasicAuth() *BasicAuth
func (*ExtAuthConfig_Config) GetHmacAuth ¶ added in v1.14.0
func (x *ExtAuthConfig_Config) GetHmacAuth() *ExtAuthConfig_HmacAuthConfig
func (*ExtAuthConfig_Config) GetJwt ¶ added in v1.6.0
func (x *ExtAuthConfig_Config) GetJwt() *empty.Empty
func (*ExtAuthConfig_Config) GetLdap
deprecated
func (x *ExtAuthConfig_Config) GetLdap() *Ldap
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_Config) GetLdapInternal ¶ added in v1.13.0
func (x *ExtAuthConfig_Config) GetLdapInternal() *ExtAuthConfig_LdapConfig
func (*ExtAuthConfig_Config) GetName ¶ added in v1.5.0
func (x *ExtAuthConfig_Config) GetName() *wrappers.StringValue
func (*ExtAuthConfig_Config) GetOauth
deprecated
func (x *ExtAuthConfig_Config) GetOauth() *ExtAuthConfig_OAuthConfig
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_Config) GetOauth2 ¶ added in v1.5.0
func (x *ExtAuthConfig_Config) GetOauth2() *ExtAuthConfig_OAuth2Config
func (*ExtAuthConfig_Config) GetOpaAuth ¶
func (x *ExtAuthConfig_Config) GetOpaAuth() *ExtAuthConfig_OpaAuthConfig
func (*ExtAuthConfig_Config) GetPassThroughAuth ¶ added in v1.6.0
func (x *ExtAuthConfig_Config) GetPassThroughAuth() *PassThroughAuth
func (*ExtAuthConfig_Config) GetPluginAuth ¶
func (x *ExtAuthConfig_Config) GetPluginAuth() *AuthPlugin
func (*ExtAuthConfig_Config) Hash ¶ added in v1.2.13
func (m *ExtAuthConfig_Config) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_Config) ProtoMessage ¶
func (*ExtAuthConfig_Config) ProtoMessage()
func (*ExtAuthConfig_Config) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig_Config) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_Config) Reset ¶
func (x *ExtAuthConfig_Config) Reset()
func (*ExtAuthConfig_Config) String ¶
func (x *ExtAuthConfig_Config) String() string
type ExtAuthConfig_Config_ApiKeyAuth ¶
type ExtAuthConfig_Config_ApiKeyAuth struct {
ApiKeyAuth *ExtAuthConfig_ApiKeyAuthConfig `protobuf:"bytes,5,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof"`
}
type ExtAuthConfig_Config_BasicAuth ¶
type ExtAuthConfig_Config_BasicAuth struct {
BasicAuth *BasicAuth `protobuf:"bytes,4,opt,name=basic_auth,json=basicAuth,proto3,oneof"`
}
type ExtAuthConfig_Config_HmacAuth ¶ added in v1.14.0
type ExtAuthConfig_Config_HmacAuth struct {
HmacAuth *ExtAuthConfig_HmacAuthConfig `protobuf:"bytes,15,opt,name=hmac_auth,json=hmacAuth,proto3,oneof"`
}
type ExtAuthConfig_Config_Jwt ¶ added in v1.6.0
type ExtAuthConfig_Config_Jwt struct { // This is a "dummy" extauth service which can be used to support multiple auth mechanisms with JWT authentication. // If Jwt authentication is to be used in the [boolean expression](https://docs.solo.io/gloo-edge/latest/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk/#authconfig) in an AuthConfig, you can use this auth config type to include Jwt as an Auth config. // In addition, `allow_missing_or_failed_jwt` must be set on the Virtual Host or Route that uses JWT auth or else the JWT filter will short circuit this behaviour. Jwt *empty.Empty `protobuf:"bytes,12,opt,name=jwt,proto3,oneof"` }
type ExtAuthConfig_Config_Ldap ¶
type ExtAuthConfig_Config_Ldap struct { // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. Ldap *Ldap `protobuf:"bytes,8,opt,name=ldap,proto3,oneof"` }
type ExtAuthConfig_Config_LdapInternal ¶ added in v1.13.0
type ExtAuthConfig_Config_LdapInternal struct { // Used for LDAP configurations that need service account credentials saved in a secret. LdapInternal *ExtAuthConfig_LdapConfig `protobuf:"bytes,14,opt,name=ldap_internal,json=ldapInternal,proto3,oneof"` }
type ExtAuthConfig_Config_Oauth ¶
type ExtAuthConfig_Config_Oauth struct { // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. Oauth *ExtAuthConfig_OAuthConfig `protobuf:"bytes,3,opt,name=oauth,proto3,oneof"` }
type ExtAuthConfig_Config_Oauth2 ¶ added in v1.5.0
type ExtAuthConfig_Config_Oauth2 struct {
Oauth2 *ExtAuthConfig_OAuth2Config `protobuf:"bytes,9,opt,name=oauth2,proto3,oneof"`
}
type ExtAuthConfig_Config_OpaAuth ¶
type ExtAuthConfig_Config_OpaAuth struct {
OpaAuth *ExtAuthConfig_OpaAuthConfig `protobuf:"bytes,7,opt,name=opa_auth,json=opaAuth,proto3,oneof"`
}
type ExtAuthConfig_Config_PassThroughAuth ¶ added in v1.6.0
type ExtAuthConfig_Config_PassThroughAuth struct {
PassThroughAuth *PassThroughAuth `protobuf:"bytes,13,opt,name=pass_through_auth,json=passThroughAuth,proto3,oneof"`
}
type ExtAuthConfig_Config_PluginAuth ¶
type ExtAuthConfig_Config_PluginAuth struct {
PluginAuth *AuthPlugin `protobuf:"bytes,6,opt,name=plugin_auth,json=pluginAuth,proto3,oneof"`
}
type ExtAuthConfig_HmacAuthConfig ¶ added in v1.14.0
type ExtAuthConfig_HmacAuthConfig struct { // Types that are assignable to SecretStorage: // // *ExtAuthConfig_HmacAuthConfig_SecretList SecretStorage isExtAuthConfig_HmacAuthConfig_SecretStorage `protobuf_oneof:"secret_storage"` // Algorithm to use to turn the request into a hashable string // // Types that are assignable to ImplementationType: // // *ExtAuthConfig_HmacAuthConfig_ParametersInHeaders ImplementationType isExtAuthConfig_HmacAuthConfig_ImplementationType `protobuf_oneof:"implementation_type"` // contains filtered or unexported fields }
func (*ExtAuthConfig_HmacAuthConfig) Clone ¶ added in v1.14.0
func (m *ExtAuthConfig_HmacAuthConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_HmacAuthConfig) Descriptor
deprecated
added in
v1.14.0
func (*ExtAuthConfig_HmacAuthConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_HmacAuthConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_HmacAuthConfig) Equal ¶ added in v1.14.0
func (m *ExtAuthConfig_HmacAuthConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_HmacAuthConfig) GetImplementationType ¶ added in v1.14.0
func (m *ExtAuthConfig_HmacAuthConfig) GetImplementationType() isExtAuthConfig_HmacAuthConfig_ImplementationType
func (*ExtAuthConfig_HmacAuthConfig) GetParametersInHeaders ¶ added in v1.14.0
func (x *ExtAuthConfig_HmacAuthConfig) GetParametersInHeaders() *HmacParametersInHeaders
func (*ExtAuthConfig_HmacAuthConfig) GetSecretList ¶ added in v1.14.0
func (x *ExtAuthConfig_HmacAuthConfig) GetSecretList() *ExtAuthConfig_InMemorySecretList
func (*ExtAuthConfig_HmacAuthConfig) GetSecretStorage ¶ added in v1.14.0
func (m *ExtAuthConfig_HmacAuthConfig) GetSecretStorage() isExtAuthConfig_HmacAuthConfig_SecretStorage
func (*ExtAuthConfig_HmacAuthConfig) Hash ¶ added in v1.14.0
func (m *ExtAuthConfig_HmacAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_HmacAuthConfig) ProtoMessage ¶ added in v1.14.0
func (*ExtAuthConfig_HmacAuthConfig) ProtoMessage()
func (*ExtAuthConfig_HmacAuthConfig) ProtoReflect ¶ added in v1.14.0
func (x *ExtAuthConfig_HmacAuthConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_HmacAuthConfig) Reset ¶ added in v1.14.0
func (x *ExtAuthConfig_HmacAuthConfig) Reset()
func (*ExtAuthConfig_HmacAuthConfig) String ¶ added in v1.14.0
func (x *ExtAuthConfig_HmacAuthConfig) String() string
type ExtAuthConfig_HmacAuthConfig_ParametersInHeaders ¶ added in v1.14.0
type ExtAuthConfig_HmacAuthConfig_ParametersInHeaders struct {
ParametersInHeaders *HmacParametersInHeaders `protobuf:"bytes,2,opt,name=parameters_in_headers,json=parametersInHeaders,proto3,oneof"`
}
type ExtAuthConfig_HmacAuthConfig_SecretList ¶ added in v1.14.0
type ExtAuthConfig_HmacAuthConfig_SecretList struct {
SecretList *ExtAuthConfig_InMemorySecretList `protobuf:"bytes,1,opt,name=secret_list,json=secretList,proto3,oneof"`
}
type ExtAuthConfig_InMemorySecretList ¶ added in v1.14.0
type ExtAuthConfig_InMemorySecretList struct { // list of username/password pairs taken from secrets during gloo-ee translation SecretList map[string]string `` /* 179-byte string literal not displayed */ // contains filtered or unexported fields }
func (*ExtAuthConfig_InMemorySecretList) Clone ¶ added in v1.14.0
func (m *ExtAuthConfig_InMemorySecretList) Clone() proto.Message
Clone function
func (*ExtAuthConfig_InMemorySecretList) Descriptor
deprecated
added in
v1.14.0
func (*ExtAuthConfig_InMemorySecretList) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_InMemorySecretList.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_InMemorySecretList) Equal ¶ added in v1.14.0
func (m *ExtAuthConfig_InMemorySecretList) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_InMemorySecretList) GetSecretList ¶ added in v1.14.0
func (x *ExtAuthConfig_InMemorySecretList) GetSecretList() map[string]string
func (*ExtAuthConfig_InMemorySecretList) Hash ¶ added in v1.14.0
func (m *ExtAuthConfig_InMemorySecretList) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_InMemorySecretList) ProtoMessage ¶ added in v1.14.0
func (*ExtAuthConfig_InMemorySecretList) ProtoMessage()
func (*ExtAuthConfig_InMemorySecretList) ProtoReflect ¶ added in v1.14.0
func (x *ExtAuthConfig_InMemorySecretList) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_InMemorySecretList) Reset ¶ added in v1.14.0
func (x *ExtAuthConfig_InMemorySecretList) Reset()
func (*ExtAuthConfig_InMemorySecretList) String ¶ added in v1.14.0
func (x *ExtAuthConfig_InMemorySecretList) String() string
type ExtAuthConfig_LdapConfig ¶ added in v1.13.0
type ExtAuthConfig_LdapConfig struct { // Address of the LDAP server to query. Should be in the form ADDRESS:PORT, e.g. `ldap.default.svc.cluster.local:389`. Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` // Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder. // When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the // placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope). // E.g. "uid=%s,ou=people,dc=solo,dc=io" UserDnTemplate string `protobuf:"bytes,2,opt,name=userDnTemplate,proto3" json:"userDnTemplate,omitempty"` // Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look // for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided. MembershipAttributeName string `protobuf:"bytes,3,opt,name=membershipAttributeName,proto3" json:"membershipAttributeName,omitempty"` // In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must // contain at least of one of the group DNs specified via this option. // E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" } AllowedGroups []string `protobuf:"bytes,4,rep,name=allowedGroups,proto3" json:"allowedGroups,omitempty"` // Use this property to tune the pool of connections to the LDAP server that Gloo maintains. Pool *Ldap_ConnectionPool `protobuf:"bytes,5,opt,name=pool,proto3" json:"pool,omitempty"` // Use to set a custom filter when searching a member. Defaults to "(uid=*)". SearchFilter string `protobuf:"bytes,6,opt,name=searchFilter,proto3" json:"searchFilter,omitempty"` // Disables group checking, regardless of the value for allowedGroups, // and disables validation for the membership attribute of the user entry. // Group checking is enabled by default. DisableGroupChecking bool `protobuf:"varint,7,opt,name=disable_group_checking,json=disableGroupChecking,proto3" json:"disable_group_checking,omitempty"` // Settings for using a separate service account for looking up group membership // To use this, you also need to configure credentials GroupLookupSettings *ExtAuthConfig_LdapServiceAccountConfig `protobuf:"bytes,8,opt,name=group_lookup_settings,json=groupLookupSettings,proto3" json:"group_lookup_settings,omitempty"` // contains filtered or unexported fields }
func (*ExtAuthConfig_LdapConfig) Clone ¶ added in v1.13.0
func (m *ExtAuthConfig_LdapConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_LdapConfig) Descriptor
deprecated
added in
v1.13.0
func (*ExtAuthConfig_LdapConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_LdapConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_LdapConfig) Equal ¶ added in v1.13.0
func (m *ExtAuthConfig_LdapConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_LdapConfig) GetAddress ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetAddress() string
func (*ExtAuthConfig_LdapConfig) GetAllowedGroups ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetAllowedGroups() []string
func (*ExtAuthConfig_LdapConfig) GetDisableGroupChecking ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetDisableGroupChecking() bool
func (*ExtAuthConfig_LdapConfig) GetGroupLookupSettings ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetGroupLookupSettings() *ExtAuthConfig_LdapServiceAccountConfig
func (*ExtAuthConfig_LdapConfig) GetMembershipAttributeName ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetMembershipAttributeName() string
func (*ExtAuthConfig_LdapConfig) GetPool ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetPool() *Ldap_ConnectionPool
func (*ExtAuthConfig_LdapConfig) GetSearchFilter ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetSearchFilter() string
func (*ExtAuthConfig_LdapConfig) GetUserDnTemplate ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) GetUserDnTemplate() string
func (*ExtAuthConfig_LdapConfig) Hash ¶ added in v1.13.0
func (m *ExtAuthConfig_LdapConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_LdapConfig) ProtoMessage ¶ added in v1.13.0
func (*ExtAuthConfig_LdapConfig) ProtoMessage()
func (*ExtAuthConfig_LdapConfig) ProtoReflect ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_LdapConfig) Reset ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) Reset()
func (*ExtAuthConfig_LdapConfig) String ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapConfig) String() string
type ExtAuthConfig_LdapServiceAccountConfig ¶ added in v1.13.0
type ExtAuthConfig_LdapServiceAccountConfig struct { // username and password are taken from the secret during gloo-ee translation Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` // If true, Gloo will use the service account to check group membership CheckGroupsWithServiceAccount bool `` /* 155-byte string literal not displayed */ // contains filtered or unexported fields }
func (*ExtAuthConfig_LdapServiceAccountConfig) Clone ¶ added in v1.13.0
func (m *ExtAuthConfig_LdapServiceAccountConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_LdapServiceAccountConfig) Descriptor
deprecated
added in
v1.13.0
func (*ExtAuthConfig_LdapServiceAccountConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_LdapServiceAccountConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_LdapServiceAccountConfig) Equal ¶ added in v1.13.0
func (m *ExtAuthConfig_LdapServiceAccountConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_LdapServiceAccountConfig) GetCheckGroupsWithServiceAccount ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapServiceAccountConfig) GetCheckGroupsWithServiceAccount() bool
func (*ExtAuthConfig_LdapServiceAccountConfig) GetPassword ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapServiceAccountConfig) GetPassword() string
func (*ExtAuthConfig_LdapServiceAccountConfig) GetUsername ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapServiceAccountConfig) GetUsername() string
func (*ExtAuthConfig_LdapServiceAccountConfig) Hash ¶ added in v1.13.0
func (m *ExtAuthConfig_LdapServiceAccountConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_LdapServiceAccountConfig) ProtoMessage ¶ added in v1.13.0
func (*ExtAuthConfig_LdapServiceAccountConfig) ProtoMessage()
func (*ExtAuthConfig_LdapServiceAccountConfig) ProtoReflect ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapServiceAccountConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_LdapServiceAccountConfig) Reset ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapServiceAccountConfig) Reset()
func (*ExtAuthConfig_LdapServiceAccountConfig) String ¶ added in v1.13.0
func (x *ExtAuthConfig_LdapServiceAccountConfig) String() string
type ExtAuthConfig_OAuth2Config ¶ added in v1.5.0
type ExtAuthConfig_OAuth2Config struct { // Types that are assignable to OauthType: // // *ExtAuthConfig_OAuth2Config_OidcAuthorizationCode // *ExtAuthConfig_OAuth2Config_AccessTokenValidationConfig // *ExtAuthConfig_OAuth2Config_Oauth2Config OauthType isExtAuthConfig_OAuth2Config_OauthType `protobuf_oneof:"oauth_type"` // contains filtered or unexported fields }
func (*ExtAuthConfig_OAuth2Config) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_OAuth2Config) Clone() proto.Message
Clone function
func (*ExtAuthConfig_OAuth2Config) Descriptor
deprecated
added in
v1.5.0
func (*ExtAuthConfig_OAuth2Config) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_OAuth2Config.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_OAuth2Config) Equal ¶ added in v1.5.0
func (m *ExtAuthConfig_OAuth2Config) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_OAuth2Config) GetAccessTokenValidationConfig ¶ added in v1.7.0
func (x *ExtAuthConfig_OAuth2Config) GetAccessTokenValidationConfig() *ExtAuthConfig_AccessTokenValidationConfig
func (*ExtAuthConfig_OAuth2Config) GetOauth2Config ¶ added in v1.12.26
func (x *ExtAuthConfig_OAuth2Config) GetOauth2Config() *ExtAuthConfig_PlainOAuth2Config
func (*ExtAuthConfig_OAuth2Config) GetOauthType ¶ added in v1.5.0
func (m *ExtAuthConfig_OAuth2Config) GetOauthType() isExtAuthConfig_OAuth2Config_OauthType
func (*ExtAuthConfig_OAuth2Config) GetOidcAuthorizationCode ¶ added in v1.5.0
func (x *ExtAuthConfig_OAuth2Config) GetOidcAuthorizationCode() *ExtAuthConfig_OidcAuthorizationCodeConfig
func (*ExtAuthConfig_OAuth2Config) Hash ¶ added in v1.5.0
func (m *ExtAuthConfig_OAuth2Config) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_OAuth2Config) ProtoMessage ¶ added in v1.5.0
func (*ExtAuthConfig_OAuth2Config) ProtoMessage()
func (*ExtAuthConfig_OAuth2Config) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig_OAuth2Config) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_OAuth2Config) Reset ¶ added in v1.5.0
func (x *ExtAuthConfig_OAuth2Config) Reset()
func (*ExtAuthConfig_OAuth2Config) String ¶ added in v1.5.0
func (x *ExtAuthConfig_OAuth2Config) String() string
type ExtAuthConfig_OAuth2Config_AccessTokenValidationConfig ¶ added in v1.7.0
type ExtAuthConfig_OAuth2Config_AccessTokenValidationConfig struct { // provide the access token on the request and let gloo handle authorization. // // according to https://tools.ietf.org/html/rfc6750 you can pass tokens through: // - form-encoded body parameter. recommended, more likely to appear. e.g.: Authorization: Bearer mytoken123 // - URI query parameter e.g. access_token=mytoken123 // - and (preferably) secure cookies AccessTokenValidationConfig *ExtAuthConfig_AccessTokenValidationConfig `protobuf:"bytes,3,opt,name=access_token_validation_config,json=accessTokenValidationConfig,proto3,oneof"` }
type ExtAuthConfig_OAuth2Config_Oauth2Config ¶ added in v1.12.26
type ExtAuthConfig_OAuth2Config_Oauth2Config struct { // Enterprise-Only: THIS FEATURE IS IN TECH PREVIEW. APIs are versioned as alpha and subject to change. // provide issuer location and let Gloo handle Oauth2 flow for you. // requests authorized by validating the contents of access token. // Prefer to use OIDC for better security. Oauth2Config *ExtAuthConfig_PlainOAuth2Config `protobuf:"bytes,4,opt,name=oauth2_config,json=oauth2Config,proto3,oneof"` }
type ExtAuthConfig_OAuth2Config_OidcAuthorizationCode ¶ added in v1.5.0
type ExtAuthConfig_OAuth2Config_OidcAuthorizationCode struct { // provide issuer location and let gloo handle OIDC flow for you. // requests authorized by validating the contents of ID token. // can also authorize the access token if configured. OidcAuthorizationCode *ExtAuthConfig_OidcAuthorizationCodeConfig `protobuf:"bytes,1,opt,name=oidc_authorization_code,json=oidcAuthorizationCode,proto3,oneof"` }
type ExtAuthConfig_OAuthConfig ¶
type ExtAuthConfig_OAuthConfig struct { // your client id as registered with the issuer // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // your client secret as registered with the issuer // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` // The url of the issuer. We will look for OIDC information in issuerUrl+ // ".well-known/openid-configuration" // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"` // extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */ // we to redirect after successful auth, if we can't determine the original // url this should be your publicly available app url. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` // a callback path relative to app url that will be used for OIDC callbacks. // needs to not be used by the application // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` // scopes to request in addition to the openid scope. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"` // contains filtered or unexported fields }
Deprecated, prefer OAuth2Config
func (*ExtAuthConfig_OAuthConfig) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_OAuthConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_OAuthConfig) Descriptor
deprecated
func (*ExtAuthConfig_OAuthConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_OAuthConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_OAuthConfig) Equal ¶
func (m *ExtAuthConfig_OAuthConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_OAuthConfig) GetAppUrl
deprecated
func (x *ExtAuthConfig_OAuthConfig) GetAppUrl() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OAuthConfig) GetAuthEndpointQueryParams
deprecated
added in
v1.3.0
func (x *ExtAuthConfig_OAuthConfig) GetAuthEndpointQueryParams() map[string]string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OAuthConfig) GetCallbackPath
deprecated
func (x *ExtAuthConfig_OAuthConfig) GetCallbackPath() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OAuthConfig) GetClientId
deprecated
func (x *ExtAuthConfig_OAuthConfig) GetClientId() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OAuthConfig) GetClientSecret
deprecated
func (x *ExtAuthConfig_OAuthConfig) GetClientSecret() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OAuthConfig) GetIssuerUrl
deprecated
func (x *ExtAuthConfig_OAuthConfig) GetIssuerUrl() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OAuthConfig) GetScopes
deprecated
func (x *ExtAuthConfig_OAuthConfig) GetScopes() []string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OAuthConfig) Hash ¶ added in v1.2.13
func (m *ExtAuthConfig_OAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_OAuthConfig) ProtoMessage ¶
func (*ExtAuthConfig_OAuthConfig) ProtoMessage()
func (*ExtAuthConfig_OAuthConfig) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig_OAuthConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_OAuthConfig) Reset ¶
func (x *ExtAuthConfig_OAuthConfig) Reset()
func (*ExtAuthConfig_OAuthConfig) String ¶
func (x *ExtAuthConfig_OAuthConfig) String() string
type ExtAuthConfig_OidcAuthorizationCodeConfig ¶ added in v1.5.0
type ExtAuthConfig_OidcAuthorizationCodeConfig struct { // your client id as registered with the issuer ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // your client secret as registered with the issuer ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` // The url of the issuer. We will look for OIDC information in issuerUrl+ // ".well-known/openid-configuration" IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"` // extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider. // this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_challenge` and `code_challenge_method`. AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */ // extra query parameters to apply to the Ext-Auth service's token request to the identity provider. // this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_verifier`. TokenEndpointQueryParams map[string]string `` /* 226-byte string literal not displayed */ // we to redirect after successful auth, if we can't determine the original // url this should be your publicly available app url. AppUrl string `protobuf:"bytes,5,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` // a callback path relative to app url that will be used for OIDC callbacks. // needs to not be used by the application CallbackPath string `protobuf:"bytes,6,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` // a path relative to app url that will be used for logging out from an OIDC session. // should not be used by the application. // If not provided, logout functionality will be disabled. LogoutPath string `protobuf:"bytes,9,opt,name=logout_path,json=logoutPath,proto3" json:"logout_path,omitempty"` // url to redirect to after logout. // This should be a publicly available URL. If not provided, will default to the `app_url`. AfterLogoutUrl string `protobuf:"bytes,15,opt,name=after_logout_url,json=afterLogoutUrl,proto3" json:"after_logout_url,omitempty"` // scopes to request in addition to the openid scope. Scopes []string `protobuf:"bytes,7,rep,name=scopes,proto3" json:"scopes,omitempty"` // DEPRECATED: use userSessionConfig [userSession] // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. Session *UserSession `protobuf:"bytes,8,opt,name=session,proto3" json:"session,omitempty"` // Configures headers added to requests. Headers *HeaderConfiguration `protobuf:"bytes,10,opt,name=headers,proto3" json:"headers,omitempty"` // OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration // The configuration override defines any properties that should override this discovery configuration // For example, the following AuthConfig CRD could be defined as: // // “`yaml // apiVersion: enterprise.gloo.solo.io/v1 // kind: AuthConfig // metadata: // name: google-oidc // namespace: gloo-system // spec: // configs: // - oauth: // app_url: http://localhost:8080 // callback_path: /callback // client_id: $CLIENT_ID // client_secret_ref: // name: google // namespace: gloo-system // issuer_url: https://accounts.google.com // discovery_override: // token_endpoint: "https://token.url/gettoken" // “` // // And this will ensure that regardless of what value is discovered at // <issuerUrl>/.well-known/openid-configuration, "https://token.url/gettoken" will be used as the token endpoint DiscoveryOverride *DiscoveryOverride `protobuf:"bytes,11,opt,name=discovery_override,json=discoveryOverride,proto3" json:"discovery_override,omitempty"` // The interval at which OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration // If not specified, the default value is 30 minutes. DiscoveryPollInterval *duration.Duration `` /* 127-byte string literal not displayed */ // If a user executes a request with a key that is not found in the JWKS, it could be // that the keys have rotated on the remote source, and not yet in the local cache. // This policy lets you define the behavior for how to refresh the local cache during a request // where an invalid key is provided JwksCacheRefreshPolicy *JwksOnDemandCacheRefreshPolicy `` /* 132-byte string literal not displayed */ // If set, the randomly generated session id will be sent to the token endpoint as part of the code exchange // The session id is used as the key for sessions in Redis SessionIdHeaderName string `protobuf:"bytes,16,opt,name=session_id_header_name,json=sessionIdHeaderName,proto3" json:"session_id_header_name,omitempty"` // If set, CallbackPath will be evaluated as a regular expression ParseCallbackPathAsRegex bool `` /* 141-byte string literal not displayed */ // If specified, authEndpointQueryParams and tokenEndpointQueryParams will be populated using dynamic metadata values. // By default parameters will be extracted from the solo_authconfig_oidc namespace // this behavior can be overridden by explicitly specifying a namespace AutoMapFromMetadata *AutoMapFromMetadata `protobuf:"bytes,18,opt,name=auto_map_from_metadata,json=autoMapFromMetadata,proto3" json:"auto_map_from_metadata,omitempty"` // If specified, these are properties defined for the end session endpoint // specifications. Noted [here](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) // in the OIDC documentation. EndSessionProperties *EndSessionProperties `protobuf:"bytes,19,opt,name=end_session_properties,json=endSessionProperties,proto3" json:"end_session_properties,omitempty"` // Configuration related to the user session. UserSession *ExtAuthConfig_UserSessionConfig `protobuf:"bytes,20,opt,name=user_session,json=userSession,proto3" json:"user_session,omitempty"` // contains filtered or unexported fields }
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Descriptor
deprecated
added in
v1.5.0
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_OidcAuthorizationCodeConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Equal ¶ added in v1.5.0
func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetAfterLogoutUrl ¶ added in v1.8.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAfterLogoutUrl() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetAppUrl ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAppUrl() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetAuthEndpointQueryParams ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAuthEndpointQueryParams() map[string]string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetAutoMapFromMetadata ¶ added in v1.9.25
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAutoMapFromMetadata() *AutoMapFromMetadata
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetCallbackPath ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetCallbackPath() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientId ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientId() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientSecret ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientSecret() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryOverride ¶ added in v1.6.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryOverride() *DiscoveryOverride
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryPollInterval ¶ added in v1.5.17
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryPollInterval() *duration.Duration
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetEndSessionProperties ¶ added in v1.9.25
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetEndSessionProperties() *EndSessionProperties
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetHeaders ¶ added in v1.5.8
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetHeaders() *HeaderConfiguration
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetIssuerUrl ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetIssuerUrl() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetJwksCacheRefreshPolicy ¶ added in v1.5.18
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetJwksCacheRefreshPolicy() *JwksOnDemandCacheRefreshPolicy
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetLogoutPath ¶ added in v1.5.8
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetLogoutPath() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetParseCallbackPathAsRegex ¶ added in v1.9.25
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetParseCallbackPathAsRegex() bool
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetScopes ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetScopes() []string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetSession
deprecated
added in
v1.5.8
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetSession() *UserSession
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetSessionIdHeaderName ¶ added in v1.9.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetSessionIdHeaderName() string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetTokenEndpointQueryParams ¶ added in v1.7.7
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetTokenEndpointQueryParams() map[string]string
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetUserSession ¶ added in v1.14.2
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetUserSession() *ExtAuthConfig_UserSessionConfig
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Hash ¶ added in v1.5.0
func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoMessage ¶ added in v1.5.0
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoMessage()
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Reset ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) Reset()
func (*ExtAuthConfig_OidcAuthorizationCodeConfig) String ¶ added in v1.5.0
func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) String() string
type ExtAuthConfig_OpaAuthConfig ¶
type ExtAuthConfig_OpaAuthConfig struct { // An optional modules (filename, module content) maps containing modules assist in the resolution of `query`. Modules map[string]string `` /* 155-byte string literal not displayed */ // The query that determines the auth decision. The result of this query must be either a boolean // or an array with boolean as the first element. A boolean `true` value means that the request // will be authorized. Any other value, or error, means that the request will be denied. Query string `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"` // Additional Options for Opa Auth configuration. Options *OpaAuthOptions `protobuf:"bytes,3,opt,name=options,proto3" json:"options,omitempty"` // contains filtered or unexported fields }
func (*ExtAuthConfig_OpaAuthConfig) Clone ¶ added in v1.8.24
func (m *ExtAuthConfig_OpaAuthConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_OpaAuthConfig) Descriptor
deprecated
func (*ExtAuthConfig_OpaAuthConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_OpaAuthConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_OpaAuthConfig) Equal ¶
func (m *ExtAuthConfig_OpaAuthConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_OpaAuthConfig) GetModules ¶
func (x *ExtAuthConfig_OpaAuthConfig) GetModules() map[string]string
func (*ExtAuthConfig_OpaAuthConfig) GetOptions ¶ added in v1.9.0
func (x *ExtAuthConfig_OpaAuthConfig) GetOptions() *OpaAuthOptions
func (*ExtAuthConfig_OpaAuthConfig) GetQuery ¶
func (x *ExtAuthConfig_OpaAuthConfig) GetQuery() string
func (*ExtAuthConfig_OpaAuthConfig) Hash ¶ added in v1.2.13
func (m *ExtAuthConfig_OpaAuthConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage ¶
func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage()
func (*ExtAuthConfig_OpaAuthConfig) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthConfig_OpaAuthConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_OpaAuthConfig) Reset ¶
func (x *ExtAuthConfig_OpaAuthConfig) Reset()
func (*ExtAuthConfig_OpaAuthConfig) String ¶
func (x *ExtAuthConfig_OpaAuthConfig) String() string
type ExtAuthConfig_PlainOAuth2Config ¶ added in v1.12.26
type ExtAuthConfig_PlainOAuth2Config struct { // Your client ID as registered with the issuer ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // Your client secret as registered with the issuer ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` // Extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider. // These parameters can be useful for flows such as [PKCE](https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_challenge` and `code_challenge_method`. AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */ // Where to redirect after successful auth, if Gloo can't determine the original URL. // Set this field to your publicly available app URL. AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` // A callback path relative to the app URL to be used for OAuth2 callbacks. // Do not use this path in the application itself. CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` // Scopes to request for. Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"` // DEPRECATED: use userSessionConfig [userSession] // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. Session *UserSession `protobuf:"bytes,7,opt,name=session,proto3" json:"session,omitempty"` // A path relative to the app URL to use for logging out from an OAuth2 session. // Do not use this path in the application itself. // If not provided, logout functionality is disabled. LogoutPath string `protobuf:"bytes,8,opt,name=logout_path,json=logoutPath,proto3" json:"logout_path,omitempty"` // Extra query parameters to apply to the Ext-Auth service's token request to the identity provider. // These parameters can be useful for flows such as [PKCE](https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_verifier`. TokenEndpointQueryParams map[string]string `` /* 225-byte string literal not displayed */ // URL to redirect to after logout. // Set this field to a publicly available URL. If not provided, this value defaults to the `app_url` value. AfterLogoutUrl string `protobuf:"bytes,10,opt,name=after_logout_url,json=afterLogoutUrl,proto3" json:"after_logout_url,omitempty"` // The URL of the provider authorization endpoint. AuthEndpoint string `protobuf:"bytes,11,opt,name=auth_endpoint,json=authEndpoint,proto3" json:"auth_endpoint,omitempty"` // The URL of the provider token endpoint. TokenEndpoint string `protobuf:"bytes,12,opt,name=token_endpoint,json=tokenEndpoint,proto3" json:"token_endpoint,omitempty"` // The URL of the provider token revocation endpoint. // For more information, refer to https://www.rfc-editor.org/rfc/rfc7009. RevocationEndpoint string `protobuf:"bytes,13,opt,name=revocation_endpoint,json=revocationEndpoint,proto3" json:"revocation_endpoint,omitempty"` // Configuration related to the user session. UserSession *ExtAuthConfig_UserSessionConfig `protobuf:"bytes,14,opt,name=user_session,json=userSession,proto3" json:"user_session,omitempty"` // contains filtered or unexported fields }
func (*ExtAuthConfig_PlainOAuth2Config) Clone ¶ added in v1.12.26
func (m *ExtAuthConfig_PlainOAuth2Config) Clone() proto.Message
Clone function
func (*ExtAuthConfig_PlainOAuth2Config) Descriptor
deprecated
added in
v1.12.26
func (*ExtAuthConfig_PlainOAuth2Config) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_PlainOAuth2Config.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_PlainOAuth2Config) Equal ¶ added in v1.12.26
func (m *ExtAuthConfig_PlainOAuth2Config) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_PlainOAuth2Config) GetAfterLogoutUrl ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetAfterLogoutUrl() string
func (*ExtAuthConfig_PlainOAuth2Config) GetAppUrl ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetAppUrl() string
func (*ExtAuthConfig_PlainOAuth2Config) GetAuthEndpoint ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetAuthEndpoint() string
func (*ExtAuthConfig_PlainOAuth2Config) GetAuthEndpointQueryParams ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetAuthEndpointQueryParams() map[string]string
func (*ExtAuthConfig_PlainOAuth2Config) GetCallbackPath ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetCallbackPath() string
func (*ExtAuthConfig_PlainOAuth2Config) GetClientId ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetClientId() string
func (*ExtAuthConfig_PlainOAuth2Config) GetClientSecret ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetClientSecret() string
func (*ExtAuthConfig_PlainOAuth2Config) GetLogoutPath ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetLogoutPath() string
func (*ExtAuthConfig_PlainOAuth2Config) GetRevocationEndpoint ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetRevocationEndpoint() string
func (*ExtAuthConfig_PlainOAuth2Config) GetScopes ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetScopes() []string
func (*ExtAuthConfig_PlainOAuth2Config) GetSession
deprecated
added in
v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetSession() *UserSession
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*ExtAuthConfig_PlainOAuth2Config) GetTokenEndpoint ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetTokenEndpoint() string
func (*ExtAuthConfig_PlainOAuth2Config) GetTokenEndpointQueryParams ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) GetTokenEndpointQueryParams() map[string]string
func (*ExtAuthConfig_PlainOAuth2Config) GetUserSession ¶ added in v1.14.2
func (x *ExtAuthConfig_PlainOAuth2Config) GetUserSession() *ExtAuthConfig_UserSessionConfig
func (*ExtAuthConfig_PlainOAuth2Config) Hash ¶ added in v1.12.26
func (m *ExtAuthConfig_PlainOAuth2Config) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_PlainOAuth2Config) ProtoMessage ¶ added in v1.12.26
func (*ExtAuthConfig_PlainOAuth2Config) ProtoMessage()
func (*ExtAuthConfig_PlainOAuth2Config) ProtoReflect ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_PlainOAuth2Config) Reset ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) Reset()
func (*ExtAuthConfig_PlainOAuth2Config) String ¶ added in v1.12.26
func (x *ExtAuthConfig_PlainOAuth2Config) String() string
type ExtAuthConfig_UserSessionConfig ¶ added in v1.14.2
type ExtAuthConfig_UserSessionConfig struct { // should we fail auth flow when failing to get a session from redis, or allow it to continue, // potentially starting a new auth flow and setting a new session. FailOnFetchFailure bool `protobuf:"varint,1,opt,name=fail_on_fetch_failure,json=failOnFetchFailure,proto3" json:"fail_on_fetch_failure,omitempty"` // Set-Cookie options CookieOptions *UserSession_CookieOptions `protobuf:"bytes,2,opt,name=cookie_options,json=cookieOptions,proto3" json:"cookie_options,omitempty"` // Types that are assignable to Session: // // *ExtAuthConfig_UserSessionConfig_Cookie // *ExtAuthConfig_UserSessionConfig_Redis Session isExtAuthConfig_UserSessionConfig_Session `protobuf_oneof:"session"` // the cipher config enables the symmetric key encryption of the cookie values of the user session. CipherConfig *ExtAuthConfig_UserSessionConfig_CipherConfig `protobuf:"bytes,5,opt,name=cipher_config,json=cipherConfig,proto3" json:"cipher_config,omitempty"` // contains filtered or unexported fields }
func (*ExtAuthConfig_UserSessionConfig) Clone ¶ added in v1.14.2
func (m *ExtAuthConfig_UserSessionConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_UserSessionConfig) Descriptor
deprecated
added in
v1.14.2
func (*ExtAuthConfig_UserSessionConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_UserSessionConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_UserSessionConfig) Equal ¶ added in v1.14.2
func (m *ExtAuthConfig_UserSessionConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_UserSessionConfig) GetCipherConfig ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) GetCipherConfig() *ExtAuthConfig_UserSessionConfig_CipherConfig
func (*ExtAuthConfig_UserSessionConfig) GetCookie ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) GetCookie() *UserSession_InternalSession
func (*ExtAuthConfig_UserSessionConfig) GetCookieOptions ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) GetCookieOptions() *UserSession_CookieOptions
func (*ExtAuthConfig_UserSessionConfig) GetFailOnFetchFailure ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) GetFailOnFetchFailure() bool
func (*ExtAuthConfig_UserSessionConfig) GetRedis ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) GetRedis() *UserSession_RedisSession
func (*ExtAuthConfig_UserSessionConfig) GetSession ¶ added in v1.14.2
func (m *ExtAuthConfig_UserSessionConfig) GetSession() isExtAuthConfig_UserSessionConfig_Session
func (*ExtAuthConfig_UserSessionConfig) Hash ¶ added in v1.14.2
func (m *ExtAuthConfig_UserSessionConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_UserSessionConfig) ProtoMessage ¶ added in v1.14.2
func (*ExtAuthConfig_UserSessionConfig) ProtoMessage()
func (*ExtAuthConfig_UserSessionConfig) ProtoReflect ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_UserSessionConfig) Reset ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) Reset()
func (*ExtAuthConfig_UserSessionConfig) String ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig) String() string
type ExtAuthConfig_UserSessionConfig_CipherConfig ¶ added in v1.14.2
type ExtAuthConfig_UserSessionConfig_CipherConfig struct { // to enable the cipher encryption, the key has to be present. // Note that the key has to be found and 32 bytes in length for the authconfig to not be rejected. Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` // contains filtered or unexported fields }
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) Clone ¶ added in v1.14.2
func (m *ExtAuthConfig_UserSessionConfig_CipherConfig) Clone() proto.Message
Clone function
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) Descriptor
deprecated
added in
v1.14.2
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthConfig_UserSessionConfig_CipherConfig.ProtoReflect.Descriptor instead.
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) Equal ¶ added in v1.14.2
func (m *ExtAuthConfig_UserSessionConfig_CipherConfig) Equal(that interface{}) bool
Equal function
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) GetKey ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) GetKey() string
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) Hash ¶ added in v1.14.2
func (m *ExtAuthConfig_UserSessionConfig_CipherConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) ProtoMessage ¶ added in v1.14.2
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) ProtoMessage()
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) ProtoReflect ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) ProtoReflect() protoreflect.Message
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) Reset ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) Reset()
func (*ExtAuthConfig_UserSessionConfig_CipherConfig) String ¶ added in v1.14.2
func (x *ExtAuthConfig_UserSessionConfig_CipherConfig) String() string
type ExtAuthConfig_UserSessionConfig_Cookie ¶ added in v1.14.2
type ExtAuthConfig_UserSessionConfig_Cookie struct { // Set the tokens in the cookie itself. No need for server side state. Cookie *UserSession_InternalSession `protobuf:"bytes,3,opt,name=cookie,proto3,oneof"` }
type ExtAuthConfig_UserSessionConfig_Redis ¶ added in v1.14.2
type ExtAuthConfig_UserSessionConfig_Redis struct { // Use redis to store the tokens and just store a random id in the cookie. Redis *UserSession_RedisSession `protobuf:"bytes,4,opt,name=redis,proto3,oneof"` }
type ExtAuthDiscoveryServiceClient ¶
type ExtAuthDiscoveryServiceClient interface { StreamExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_StreamExtAuthConfigClient, error) DeltaExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_DeltaExtAuthConfigClient, error) FetchExtAuthConfig(ctx context.Context, in *v2.DiscoveryRequest, opts ...grpc.CallOption) (*v2.DiscoveryResponse, error) }
ExtAuthDiscoveryServiceClient is the client API for ExtAuthDiscoveryService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewExtAuthDiscoveryServiceClient ¶
func NewExtAuthDiscoveryServiceClient(cc grpc.ClientConnInterface) ExtAuthDiscoveryServiceClient
type ExtAuthDiscoveryServiceServer ¶
type ExtAuthDiscoveryServiceServer interface { StreamExtAuthConfig(ExtAuthDiscoveryService_StreamExtAuthConfigServer) error DeltaExtAuthConfig(ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error FetchExtAuthConfig(context.Context, *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error) }
ExtAuthDiscoveryServiceServer is the server API for ExtAuthDiscoveryService service.
func NewExtAuthDiscoveryServiceServer ¶
func NewExtAuthDiscoveryServiceServer(genericServer server.Server) ExtAuthDiscoveryServiceServer
type ExtAuthDiscoveryService_DeltaExtAuthConfigClient ¶
type ExtAuthDiscoveryService_DeltaExtAuthConfigClient interface { Send(*v2.DeltaDiscoveryRequest) error Recv() (*v2.DeltaDiscoveryResponse, error) grpc.ClientStream }
type ExtAuthDiscoveryService_DeltaExtAuthConfigServer ¶
type ExtAuthDiscoveryService_DeltaExtAuthConfigServer interface { Send(*v2.DeltaDiscoveryResponse) error Recv() (*v2.DeltaDiscoveryRequest, error) grpc.ServerStream }
type ExtAuthDiscoveryService_StreamExtAuthConfigClient ¶
type ExtAuthDiscoveryService_StreamExtAuthConfigClient interface { Send(*v2.DiscoveryRequest) error Recv() (*v2.DiscoveryResponse, error) grpc.ClientStream }
type ExtAuthDiscoveryService_StreamExtAuthConfigServer ¶
type ExtAuthDiscoveryService_StreamExtAuthConfigServer interface { Send(*v2.DiscoveryResponse) error Recv() (*v2.DiscoveryRequest, error) grpc.ServerStream }
type ExtAuthExtension ¶
type ExtAuthExtension struct { // Types that are assignable to Spec: // // *ExtAuthExtension_Disable // *ExtAuthExtension_ConfigRef // *ExtAuthExtension_CustomAuth Spec isExtAuthExtension_Spec `protobuf_oneof:"spec"` // contains filtered or unexported fields }
Auth configurations defined on virtual hosts, routes, and weighted destinations will be unmarshalled to this message.
func (*ExtAuthExtension) Clone ¶ added in v1.8.24
func (m *ExtAuthExtension) Clone() proto.Message
Clone function
func (*ExtAuthExtension) Descriptor
deprecated
func (*ExtAuthExtension) Descriptor() ([]byte, []int)
Deprecated: Use ExtAuthExtension.ProtoReflect.Descriptor instead.
func (*ExtAuthExtension) Equal ¶
func (m *ExtAuthExtension) Equal(that interface{}) bool
Equal function
func (*ExtAuthExtension) GetConfigRef ¶
func (x *ExtAuthExtension) GetConfigRef() *core.ResourceRef
func (*ExtAuthExtension) GetCustomAuth ¶
func (x *ExtAuthExtension) GetCustomAuth() *CustomAuth
func (*ExtAuthExtension) GetDisable ¶
func (x *ExtAuthExtension) GetDisable() bool
func (*ExtAuthExtension) GetSpec ¶
func (m *ExtAuthExtension) GetSpec() isExtAuthExtension_Spec
func (*ExtAuthExtension) Hash ¶ added in v1.2.13
func (m *ExtAuthExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtAuthExtension) ProtoMessage ¶
func (*ExtAuthExtension) ProtoMessage()
func (*ExtAuthExtension) ProtoReflect ¶ added in v1.6.0
func (x *ExtAuthExtension) ProtoReflect() protoreflect.Message
func (*ExtAuthExtension) Reset ¶
func (x *ExtAuthExtension) Reset()
func (*ExtAuthExtension) String ¶
func (x *ExtAuthExtension) String() string
type ExtAuthExtension_ConfigRef ¶
type ExtAuthExtension_ConfigRef struct { // A reference to an AuthConfig. This is used to configure the Gloo Edge Enterprise extauth server. ConfigRef *core.ResourceRef `protobuf:"bytes,2,opt,name=config_ref,json=configRef,proto3,oneof"` }
type ExtAuthExtension_CustomAuth ¶
type ExtAuthExtension_CustomAuth struct { // Use this field if you are running your own custom extauth server. CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof"` }
type ExtAuthExtension_Disable ¶
type ExtAuthExtension_Disable struct { // Set to true to disable auth on the virtual host/route. Disable bool `protobuf:"varint,1,opt,name=disable,proto3,oneof"` }
type GrpcService ¶ added in v1.9.25
type GrpcService struct { // Set the authority header when calling the GRPC service. Authority string `protobuf:"bytes,1,opt,name=authority,proto3" json:"authority,omitempty"` // contains filtered or unexported fields }
func (*GrpcService) Clone ¶ added in v1.9.25
func (m *GrpcService) Clone() proto.Message
Clone function
func (*GrpcService) Descriptor
deprecated
added in
v1.9.25
func (*GrpcService) Descriptor() ([]byte, []int)
Deprecated: Use GrpcService.ProtoReflect.Descriptor instead.
func (*GrpcService) Equal ¶ added in v1.9.25
func (m *GrpcService) Equal(that interface{}) bool
Equal function
func (*GrpcService) GetAuthority ¶ added in v1.9.25
func (x *GrpcService) GetAuthority() string
func (*GrpcService) Hash ¶ added in v1.9.25
func (m *GrpcService) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*GrpcService) ProtoMessage ¶ added in v1.9.25
func (*GrpcService) ProtoMessage()
func (*GrpcService) ProtoReflect ¶ added in v1.9.25
func (x *GrpcService) ProtoReflect() protoreflect.Message
func (*GrpcService) Reset ¶ added in v1.9.25
func (x *GrpcService) Reset()
func (*GrpcService) String ¶ added in v1.9.25
func (x *GrpcService) String() string
type HeaderConfiguration ¶ added in v1.5.8
type HeaderConfiguration struct { // If set, the id token will be forward upstream using this header name. IdTokenHeader string `protobuf:"bytes,1,opt,name=id_token_header,json=idTokenHeader,proto3" json:"id_token_header,omitempty"` // If set, the access token will be forward upstream using this header name. AccessTokenHeader string `protobuf:"bytes,2,opt,name=access_token_header,json=accessTokenHeader,proto3" json:"access_token_header,omitempty"` // If true, adds the "Bearer" prefix to the upstream access token header value. UseBearerSchemaForAuthorization *wrappers.BoolValue `` /* 160-byte string literal not displayed */ // contains filtered or unexported fields }
func (*HeaderConfiguration) Clone ¶ added in v1.8.24
func (m *HeaderConfiguration) Clone() proto.Message
Clone function
func (*HeaderConfiguration) Descriptor
deprecated
added in
v1.5.8
func (*HeaderConfiguration) Descriptor() ([]byte, []int)
Deprecated: Use HeaderConfiguration.ProtoReflect.Descriptor instead.
func (*HeaderConfiguration) Equal ¶ added in v1.5.8
func (m *HeaderConfiguration) Equal(that interface{}) bool
Equal function
func (*HeaderConfiguration) GetAccessTokenHeader ¶ added in v1.6.0
func (x *HeaderConfiguration) GetAccessTokenHeader() string
func (*HeaderConfiguration) GetIdTokenHeader ¶ added in v1.5.8
func (x *HeaderConfiguration) GetIdTokenHeader() string
func (*HeaderConfiguration) GetUseBearerSchemaForAuthorization ¶ added in v1.8.32
func (x *HeaderConfiguration) GetUseBearerSchemaForAuthorization() *wrappers.BoolValue
func (*HeaderConfiguration) Hash ¶ added in v1.5.8
func (m *HeaderConfiguration) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*HeaderConfiguration) ProtoMessage ¶ added in v1.5.8
func (*HeaderConfiguration) ProtoMessage()
func (*HeaderConfiguration) ProtoReflect ¶ added in v1.6.0
func (x *HeaderConfiguration) ProtoReflect() protoreflect.Message
func (*HeaderConfiguration) Reset ¶ added in v1.5.8
func (x *HeaderConfiguration) Reset()
func (*HeaderConfiguration) String ¶ added in v1.5.8
func (x *HeaderConfiguration) String() string
type HmacAuth ¶ added in v1.14.0
type HmacAuth struct { // Configuration for how secrets are stored. // // Types that are assignable to SecretStorage: // // *HmacAuth_SecretRefs SecretStorage isHmacAuth_SecretStorage `protobuf_oneof:"secret_storage"` // Algorithm to use to turn the request into a hashable string // // Types that are assignable to ImplementationType: // // *HmacAuth_ParametersInHeaders ImplementationType isHmacAuth_ImplementationType `protobuf_oneof:"implementation_type"` // contains filtered or unexported fields }
HMAC is a message authentication technique that can use multiple algorithms for finding credentials and generating signed messages. It conforms to https://www.ietf.org/rfc/rfc2104.txt
func (*HmacAuth) Descriptor
deprecated
added in
v1.14.0
func (*HmacAuth) GetImplementationType ¶ added in v1.14.0
func (m *HmacAuth) GetImplementationType() isHmacAuth_ImplementationType
func (*HmacAuth) GetParametersInHeaders ¶ added in v1.14.0
func (x *HmacAuth) GetParametersInHeaders() *HmacParametersInHeaders
func (*HmacAuth) GetSecretRefs ¶ added in v1.14.0
func (x *HmacAuth) GetSecretRefs() *SecretRefList
func (*HmacAuth) GetSecretStorage ¶ added in v1.14.0
func (m *HmacAuth) GetSecretStorage() isHmacAuth_SecretStorage
func (*HmacAuth) ProtoMessage ¶ added in v1.14.0
func (*HmacAuth) ProtoMessage()
func (*HmacAuth) ProtoReflect ¶ added in v1.14.0
func (x *HmacAuth) ProtoReflect() protoreflect.Message
type HmacAuth_ParametersInHeaders ¶ added in v1.14.0
type HmacAuth_ParametersInHeaders struct {
ParametersInHeaders *HmacParametersInHeaders `protobuf:"bytes,2,opt,name=parameters_in_headers,json=parametersInHeaders,proto3,oneof"`
}
type HmacAuth_SecretRefs ¶ added in v1.14.0
type HmacAuth_SecretRefs struct {
SecretRefs *SecretRefList `protobuf:"bytes,1,opt,name=secret_refs,json=secretRefs,proto3,oneof"`
}
type HmacParametersInHeaders ¶ added in v1.14.0
type HmacParametersInHeaders struct {
// contains filtered or unexported fields
}
Extract the HMAC parameters from the HTTP headers and use SHA-1 hashing
func (*HmacParametersInHeaders) Clone ¶ added in v1.14.0
func (m *HmacParametersInHeaders) Clone() proto.Message
Clone function
func (*HmacParametersInHeaders) Descriptor
deprecated
added in
v1.14.0
func (*HmacParametersInHeaders) Descriptor() ([]byte, []int)
Deprecated: Use HmacParametersInHeaders.ProtoReflect.Descriptor instead.
func (*HmacParametersInHeaders) Equal ¶ added in v1.14.0
func (m *HmacParametersInHeaders) Equal(that interface{}) bool
Equal function
func (*HmacParametersInHeaders) Hash ¶ added in v1.14.0
func (m *HmacParametersInHeaders) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*HmacParametersInHeaders) ProtoMessage ¶ added in v1.14.0
func (*HmacParametersInHeaders) ProtoMessage()
func (*HmacParametersInHeaders) ProtoReflect ¶ added in v1.14.0
func (x *HmacParametersInHeaders) ProtoReflect() protoreflect.Message
func (*HmacParametersInHeaders) Reset ¶ added in v1.14.0
func (x *HmacParametersInHeaders) Reset()
func (*HmacParametersInHeaders) String ¶ added in v1.14.0
func (x *HmacParametersInHeaders) String() string
type HttpService ¶
type HttpService struct { // Sets a prefix to the value of authorization request header *Path*. PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` Request *HttpService_Request `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` Response *HttpService_Response `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"` // contains filtered or unexported fields }
func (*HttpService) Clone ¶ added in v1.8.24
func (m *HttpService) Clone() proto.Message
Clone function
func (*HttpService) Descriptor
deprecated
func (*HttpService) Descriptor() ([]byte, []int)
Deprecated: Use HttpService.ProtoReflect.Descriptor instead.
func (*HttpService) GetPathPrefix ¶
func (x *HttpService) GetPathPrefix() string
func (*HttpService) GetRequest ¶
func (x *HttpService) GetRequest() *HttpService_Request
func (*HttpService) GetResponse ¶
func (x *HttpService) GetResponse() *HttpService_Response
func (*HttpService) Hash ¶ added in v1.2.13
func (m *HttpService) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*HttpService) ProtoMessage ¶
func (*HttpService) ProtoMessage()
func (*HttpService) ProtoReflect ¶ added in v1.6.0
func (x *HttpService) ProtoReflect() protoreflect.Message
func (*HttpService) Reset ¶
func (x *HttpService) Reset()
func (*HttpService) String ¶
func (x *HttpService) String() string
type HttpService_Request ¶
type HttpService_Request struct { // These headers will be copied from the incoming request to the request going // to the auth server. Note that in addition to the user's supplied matchers: // // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list. // // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have // a message body. AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"` // These headers that will be included to the request to authorization service. Note that // client request of the same key will be overridden. HeadersToAdd map[string]string `` /* 187-byte string literal not displayed */ // Headers that match these regex patterns will be copied from the incoming request // to the request going to the auth server. AllowedHeadersRegex []string `protobuf:"bytes,3,rep,name=allowed_headers_regex,json=allowedHeadersRegex,proto3" json:"allowed_headers_regex,omitempty"` // contains filtered or unexported fields }
func (*HttpService_Request) Clone ¶ added in v1.8.24
func (m *HttpService_Request) Clone() proto.Message
Clone function
func (*HttpService_Request) Descriptor
deprecated
func (*HttpService_Request) Descriptor() ([]byte, []int)
Deprecated: Use HttpService_Request.ProtoReflect.Descriptor instead.
func (*HttpService_Request) Equal ¶
func (m *HttpService_Request) Equal(that interface{}) bool
Equal function
func (*HttpService_Request) GetAllowedHeaders ¶
func (x *HttpService_Request) GetAllowedHeaders() []string
func (*HttpService_Request) GetAllowedHeadersRegex ¶ added in v1.8.19
func (x *HttpService_Request) GetAllowedHeadersRegex() []string
func (*HttpService_Request) GetHeadersToAdd ¶
func (x *HttpService_Request) GetHeadersToAdd() map[string]string
func (*HttpService_Request) Hash ¶ added in v1.2.13
func (m *HttpService_Request) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*HttpService_Request) ProtoMessage ¶
func (*HttpService_Request) ProtoMessage()
func (*HttpService_Request) ProtoReflect ¶ added in v1.6.0
func (x *HttpService_Request) ProtoReflect() protoreflect.Message
func (*HttpService_Request) Reset ¶
func (x *HttpService_Request) Reset()
func (*HttpService_Request) String ¶
func (x *HttpService_Request) String() string
type HttpService_Response ¶
type HttpService_Response struct { // When this is set, authorization response headers that have a header in this list will be added to the original client request and sent to the upstream. // Note that coexistent headers will be overridden. AllowedUpstreamHeaders []string `` /* 129-byte string literal not displayed */ // When this is set, authorization response headers in this list will be added to the client's response when the auth request is denied. // Note that when this list is *not* set, all the authorization response headers, except *Authority // (Host)* will be in the response to the client. When a header is included in this list, *Path*, // *Status*, *Content-Length*, *WWW-Authenticate* and *Location* are automatically added. AllowedClientHeaders []string `protobuf:"bytes,2,rep,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"` // When this is set, authorization response headers that have a correspondent match will be added to the client's response. // Note that coexistent headers will be appended. AllowedUpstreamHeadersToAppend []string `` /* 157-byte string literal not displayed */ // contains filtered or unexported fields }
func (*HttpService_Response) Clone ¶ added in v1.8.24
func (m *HttpService_Response) Clone() proto.Message
Clone function
func (*HttpService_Response) Descriptor
deprecated
func (*HttpService_Response) Descriptor() ([]byte, []int)
Deprecated: Use HttpService_Response.ProtoReflect.Descriptor instead.
func (*HttpService_Response) Equal ¶
func (m *HttpService_Response) Equal(that interface{}) bool
Equal function
func (*HttpService_Response) GetAllowedClientHeaders ¶
func (x *HttpService_Response) GetAllowedClientHeaders() []string
func (*HttpService_Response) GetAllowedUpstreamHeaders ¶
func (x *HttpService_Response) GetAllowedUpstreamHeaders() []string
func (*HttpService_Response) GetAllowedUpstreamHeadersToAppend ¶ added in v1.9.25
func (x *HttpService_Response) GetAllowedUpstreamHeadersToAppend() []string
func (*HttpService_Response) Hash ¶ added in v1.2.13
func (m *HttpService_Response) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*HttpService_Response) ProtoMessage ¶
func (*HttpService_Response) ProtoMessage()
func (*HttpService_Response) ProtoReflect ¶ added in v1.6.0
func (x *HttpService_Response) ProtoReflect() protoreflect.Message
func (*HttpService_Response) Reset ¶
func (x *HttpService_Response) Reset()
func (*HttpService_Response) String ¶
func (x *HttpService_Response) String() string
type IntrospectionValidation ¶ added in v1.9.25
type IntrospectionValidation struct { // The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint. // If provided, the (opaque) access token provided or received from the oauth authorization endpoint // will be validated against this endpoint, or locally cached responses for this access token. IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3" json:"introspection_url,omitempty"` // Your client id as registered with the issuer. // Optional: Use if the token introspection url requires client authentication. ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // Your client secret as registered with the issuer. // Optional: Use if the token introspection url requires client authentication. ClientSecretRef *core.ResourceRef `protobuf:"bytes,3,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"` // The name of the [introspection response](https://tools.ietf.org/html/rfc7662#section-2.2) // attribute that contains the ID of the resource owner (e.g. `sub`, `username`). // If specified, the external auth server will use the value of the attribute as the identifier of the // authenticated user and add it to the request headers and/or dynamic metadata (depending on how the // server is configured); if the field is set and the attribute cannot be found, the request will be denied. // This field is optional and by default the server will not try to derive the user ID. UserIdAttributeName string `protobuf:"bytes,4,opt,name=user_id_attribute_name,json=userIdAttributeName,proto3" json:"user_id_attribute_name,omitempty"` // Allows setting a client id but not a client secret. DisableClientSecret *wrappers.BoolValue `protobuf:"bytes,5,opt,name=disable_client_secret,json=disableClientSecret,proto3" json:"disable_client_secret,omitempty"` // contains filtered or unexported fields }
Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
If the token introspection url requires client authentication, both the client_id and client_secret are required. Unless disable_client_secret is set, when only one is provided, the config will be rejected. These values will be encoded in a basic auth header in order to authenticate the client.
func (*IntrospectionValidation) Clone ¶ added in v1.9.25
func (m *IntrospectionValidation) Clone() proto.Message
Clone function
func (*IntrospectionValidation) Descriptor
deprecated
added in
v1.9.25
func (*IntrospectionValidation) Descriptor() ([]byte, []int)
Deprecated: Use IntrospectionValidation.ProtoReflect.Descriptor instead.
func (*IntrospectionValidation) Equal ¶ added in v1.9.25
func (m *IntrospectionValidation) Equal(that interface{}) bool
Equal function
func (*IntrospectionValidation) GetClientId ¶ added in v1.9.25
func (x *IntrospectionValidation) GetClientId() string
func (*IntrospectionValidation) GetClientSecretRef ¶ added in v1.9.25
func (x *IntrospectionValidation) GetClientSecretRef() *core.ResourceRef
func (*IntrospectionValidation) GetDisableClientSecret ¶ added in v1.14.9
func (x *IntrospectionValidation) GetDisableClientSecret() *wrappers.BoolValue
func (*IntrospectionValidation) GetIntrospectionUrl ¶ added in v1.9.25
func (x *IntrospectionValidation) GetIntrospectionUrl() string
func (*IntrospectionValidation) GetUserIdAttributeName ¶ added in v1.9.25
func (x *IntrospectionValidation) GetUserIdAttributeName() string
func (*IntrospectionValidation) Hash ¶ added in v1.9.25
func (m *IntrospectionValidation) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*IntrospectionValidation) ProtoMessage ¶ added in v1.9.25
func (*IntrospectionValidation) ProtoMessage()
func (*IntrospectionValidation) ProtoReflect ¶ added in v1.9.25
func (x *IntrospectionValidation) ProtoReflect() protoreflect.Message
func (*IntrospectionValidation) Reset ¶ added in v1.9.25
func (x *IntrospectionValidation) Reset()
func (*IntrospectionValidation) String ¶ added in v1.9.25
func (x *IntrospectionValidation) String() string
type JwksOnDemandCacheRefreshPolicy ¶ added in v1.5.18
type JwksOnDemandCacheRefreshPolicy struct { // Types that are assignable to Policy: // // *JwksOnDemandCacheRefreshPolicy_Never // *JwksOnDemandCacheRefreshPolicy_Always // *JwksOnDemandCacheRefreshPolicy_MaxIdpReqPerPollingInterval Policy isJwksOnDemandCacheRefreshPolicy_Policy `protobuf_oneof:"policy"` // contains filtered or unexported fields }
The json web key set (JWKS) (https://tools.ietf.org/html/rfc7517) is discovered at an interval from a remote source. When keys rotate in the remote source, there may be a delay in the local source picking up those new keys. Therefore, a user could execute a request with a token that has been signed by a key in the remote JWKS, but the local cache doesn't have the key yet. The request would fail because the key isn't contained in the local set. Since most IdPs publish key keys in their remote JWKS before they are used, this is not an issue most of the time. This policy lets you define the behavior for when a user has a token with a key not yet in the local cache.
func (*JwksOnDemandCacheRefreshPolicy) Clone ¶ added in v1.8.24
func (m *JwksOnDemandCacheRefreshPolicy) Clone() proto.Message
Clone function
func (*JwksOnDemandCacheRefreshPolicy) Descriptor
deprecated
added in
v1.5.18
func (*JwksOnDemandCacheRefreshPolicy) Descriptor() ([]byte, []int)
Deprecated: Use JwksOnDemandCacheRefreshPolicy.ProtoReflect.Descriptor instead.
func (*JwksOnDemandCacheRefreshPolicy) Equal ¶ added in v1.5.18
func (m *JwksOnDemandCacheRefreshPolicy) Equal(that interface{}) bool
Equal function
func (*JwksOnDemandCacheRefreshPolicy) GetAlways ¶ added in v1.5.18
func (x *JwksOnDemandCacheRefreshPolicy) GetAlways() *empty.Empty
func (*JwksOnDemandCacheRefreshPolicy) GetMaxIdpReqPerPollingInterval ¶ added in v1.5.18
func (x *JwksOnDemandCacheRefreshPolicy) GetMaxIdpReqPerPollingInterval() uint32
func (*JwksOnDemandCacheRefreshPolicy) GetNever ¶ added in v1.5.18
func (x *JwksOnDemandCacheRefreshPolicy) GetNever() *empty.Empty
func (*JwksOnDemandCacheRefreshPolicy) GetPolicy ¶ added in v1.5.18
func (m *JwksOnDemandCacheRefreshPolicy) GetPolicy() isJwksOnDemandCacheRefreshPolicy_Policy
func (*JwksOnDemandCacheRefreshPolicy) Hash ¶ added in v1.5.18
func (m *JwksOnDemandCacheRefreshPolicy) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwksOnDemandCacheRefreshPolicy) ProtoMessage ¶ added in v1.5.18
func (*JwksOnDemandCacheRefreshPolicy) ProtoMessage()
func (*JwksOnDemandCacheRefreshPolicy) ProtoReflect ¶ added in v1.6.19
func (x *JwksOnDemandCacheRefreshPolicy) ProtoReflect() protoreflect.Message
func (*JwksOnDemandCacheRefreshPolicy) Reset ¶ added in v1.5.18
func (x *JwksOnDemandCacheRefreshPolicy) Reset()
func (*JwksOnDemandCacheRefreshPolicy) String ¶ added in v1.5.18
func (x *JwksOnDemandCacheRefreshPolicy) String() string
type JwksOnDemandCacheRefreshPolicy_Always ¶ added in v1.5.18
type JwksOnDemandCacheRefreshPolicy_Always struct { // If a key is not in the cache, fetch the most recent keys from the IdP and update the cache. // NOTE: This should only be done in trusted environments, since missing keys will each trigger // a request to the IdP. Using this in an environment exposed to the internet will allow malicious agents to // execute a DDoS attack by spamming protected endpoints with tokens signed by invalid keys. Always *empty.Empty `protobuf:"bytes,2,opt,name=always,proto3,oneof"` }
type JwksOnDemandCacheRefreshPolicy_MaxIdpReqPerPollingInterval ¶ added in v1.5.18
type JwksOnDemandCacheRefreshPolicy_MaxIdpReqPerPollingInterval struct { // If a key is not in the cache, fetch the most recent keys from the IdP and update the cache. // This value sets the number of requests to the IdP per polling interval. If that limit is exceeded, // we will stop fetching from the IdP for the remainder of the polling interval. MaxIdpReqPerPollingInterval uint32 `protobuf:"varint,3,opt,name=max_idp_req_per_polling_interval,json=maxIdpReqPerPollingInterval,proto3,oneof"` }
type JwksOnDemandCacheRefreshPolicy_Never ¶ added in v1.5.18
type JwksOnDemandCacheRefreshPolicy_Never struct { // Never refresh the local JWKS cache on demand. If a key is not in the cache, it is assumed to be malicious. // This is the default policy since we assume that IdPs publish keys before they rotate them, // and frequent polling finds the newest keys. Never *empty.Empty `protobuf:"bytes,1,opt,name=never,proto3,oneof"` }
type JwtValidation ¶ added in v1.9.25
type JwtValidation struct { // Types that are assignable to JwksSourceSpecifier: // // *JwtValidation_RemoteJwks_ // *JwtValidation_LocalJwks_ JwksSourceSpecifier isJwtValidation_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"` // Allow only tokens that have been issued by this principal (i.e. whose "iss" claim matches this value). // If empty, issuer validation will be skipped. Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"` // contains filtered or unexported fields }
Defines how JSON Web Token (JWT) access tokens are validated.
Tokens are validated using a JSON Web Key Set (as defined in [Section 5 of RFC7517](https://tools.ietf.org/html/rfc7517#section-5)), which can be either inlined in the configuration or fetched from a remote location via HTTP. Any keys in the JWKS that are not intended for signature verification (i.e. whose ["use" parameter](https://tools.ietf.org/html/rfc7517#section-4.2) is not "sig") will be ignored by the system, as will keys that do not specify a ["kid" (Key ID) parameter](https://tools.ietf.org/html/rfc7517#section-4.2).
The JWT to be validated must define non-empty "kid" and "alg" headers. The "kid" header determines which key in the JWKS will be used to verify the signature of the token; if no matching key is found, the token will be rejected.
If present, the server will verify the "exp", "iat", and "nbf" standard JWT claims. Validation of the "iss" claim and of token scopes can be configured as well. If the JWT has been successfully validated, its set of claims will be added to the `AuthorizationRequest` state under the "jwtAccessToken" key.
func (*JwtValidation) Clone ¶ added in v1.9.25
func (m *JwtValidation) Clone() proto.Message
Clone function
func (*JwtValidation) Descriptor
deprecated
added in
v1.9.25
func (*JwtValidation) Descriptor() ([]byte, []int)
Deprecated: Use JwtValidation.ProtoReflect.Descriptor instead.
func (*JwtValidation) Equal ¶ added in v1.9.25
func (m *JwtValidation) Equal(that interface{}) bool
Equal function
func (*JwtValidation) GetIssuer ¶ added in v1.9.25
func (x *JwtValidation) GetIssuer() string
func (*JwtValidation) GetJwksSourceSpecifier ¶ added in v1.9.25
func (m *JwtValidation) GetJwksSourceSpecifier() isJwtValidation_JwksSourceSpecifier
func (*JwtValidation) GetLocalJwks ¶ added in v1.9.25
func (x *JwtValidation) GetLocalJwks() *JwtValidation_LocalJwks
func (*JwtValidation) GetRemoteJwks ¶ added in v1.9.25
func (x *JwtValidation) GetRemoteJwks() *JwtValidation_RemoteJwks
func (*JwtValidation) Hash ¶ added in v1.9.25
func (m *JwtValidation) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtValidation) ProtoMessage ¶ added in v1.9.25
func (*JwtValidation) ProtoMessage()
func (*JwtValidation) ProtoReflect ¶ added in v1.9.25
func (x *JwtValidation) ProtoReflect() protoreflect.Message
func (*JwtValidation) Reset ¶ added in v1.9.25
func (x *JwtValidation) Reset()
func (*JwtValidation) String ¶ added in v1.9.25
func (x *JwtValidation) String() string
type JwtValidation_LocalJwks ¶ added in v1.9.25
type JwtValidation_LocalJwks struct { // JWKS is embedded as a string. InlineString string `protobuf:"bytes,1,opt,name=inline_string,json=inlineString,proto3" json:"inline_string,omitempty"` // contains filtered or unexported fields }
Represents a locally available JWKS.
func (*JwtValidation_LocalJwks) Clone ¶ added in v1.9.25
func (m *JwtValidation_LocalJwks) Clone() proto.Message
Clone function
func (*JwtValidation_LocalJwks) Descriptor
deprecated
added in
v1.9.25
func (*JwtValidation_LocalJwks) Descriptor() ([]byte, []int)
Deprecated: Use JwtValidation_LocalJwks.ProtoReflect.Descriptor instead.
func (*JwtValidation_LocalJwks) Equal ¶ added in v1.9.25
func (m *JwtValidation_LocalJwks) Equal(that interface{}) bool
Equal function
func (*JwtValidation_LocalJwks) GetInlineString ¶ added in v1.9.25
func (x *JwtValidation_LocalJwks) GetInlineString() string
func (*JwtValidation_LocalJwks) Hash ¶ added in v1.9.25
func (m *JwtValidation_LocalJwks) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtValidation_LocalJwks) ProtoMessage ¶ added in v1.9.25
func (*JwtValidation_LocalJwks) ProtoMessage()
func (*JwtValidation_LocalJwks) ProtoReflect ¶ added in v1.9.25
func (x *JwtValidation_LocalJwks) ProtoReflect() protoreflect.Message
func (*JwtValidation_LocalJwks) Reset ¶ added in v1.9.25
func (x *JwtValidation_LocalJwks) Reset()
func (*JwtValidation_LocalJwks) String ¶ added in v1.9.25
func (x *JwtValidation_LocalJwks) String() string
type JwtValidation_LocalJwks_ ¶ added in v1.9.25
type JwtValidation_LocalJwks_ struct { // Loads the JWKS from a local data source. LocalJwks *JwtValidation_LocalJwks `protobuf:"bytes,2,opt,name=local_jwks,json=localJwks,proto3,oneof"` }
type JwtValidation_RemoteJwks ¶ added in v1.9.25
type JwtValidation_RemoteJwks struct { // The HTTP URI to fetch the JWKS. Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"` // The frequency at which the JWKS should be refreshed. // If not specified, the default value is 5 minutes. RefreshInterval *duration.Duration `protobuf:"bytes,2,opt,name=refresh_interval,json=refreshInterval,proto3" json:"refresh_interval,omitempty"` // contains filtered or unexported fields }
Specifies how to fetch JWKS from remote and how to cache it.
func (*JwtValidation_RemoteJwks) Clone ¶ added in v1.9.25
func (m *JwtValidation_RemoteJwks) Clone() proto.Message
Clone function
func (*JwtValidation_RemoteJwks) Descriptor
deprecated
added in
v1.9.25
func (*JwtValidation_RemoteJwks) Descriptor() ([]byte, []int)
Deprecated: Use JwtValidation_RemoteJwks.ProtoReflect.Descriptor instead.
func (*JwtValidation_RemoteJwks) Equal ¶ added in v1.9.25
func (m *JwtValidation_RemoteJwks) Equal(that interface{}) bool
Equal function
func (*JwtValidation_RemoteJwks) GetRefreshInterval ¶ added in v1.9.25
func (x *JwtValidation_RemoteJwks) GetRefreshInterval() *duration.Duration
func (*JwtValidation_RemoteJwks) GetUrl ¶ added in v1.9.25
func (x *JwtValidation_RemoteJwks) GetUrl() string
func (*JwtValidation_RemoteJwks) Hash ¶ added in v1.9.25
func (m *JwtValidation_RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtValidation_RemoteJwks) ProtoMessage ¶ added in v1.9.25
func (*JwtValidation_RemoteJwks) ProtoMessage()
func (*JwtValidation_RemoteJwks) ProtoReflect ¶ added in v1.9.25
func (x *JwtValidation_RemoteJwks) ProtoReflect() protoreflect.Message
func (*JwtValidation_RemoteJwks) Reset ¶ added in v1.9.25
func (x *JwtValidation_RemoteJwks) Reset()
func (*JwtValidation_RemoteJwks) String ¶ added in v1.9.25
func (x *JwtValidation_RemoteJwks) String() string
type JwtValidation_RemoteJwks_ ¶ added in v1.9.25
type JwtValidation_RemoteJwks_ struct { // Fetches the JWKS from a remote location. RemoteJwks *JwtValidation_RemoteJwks `protobuf:"bytes,1,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"` }
type K8SSecretApiKeyStorage ¶ added in v1.13.0
type K8SSecretApiKeyStorage struct { // Identify all valid API key secrets that match the provided label selector.<br/> // API key secrets must be in one of the watch namespaces for gloo to locate them. LabelSelector map[string]string `` /* 188-byte string literal not displayed */ // A way to directly reference API key secrets. This configuration can be useful for testing, // but in general the more flexible label selector should be preferred. ApiKeySecretRefs []*core.ResourceRef `protobuf:"bytes,2,rep,name=api_key_secret_refs,json=apiKeySecretRefs,proto3" json:"api_key_secret_refs,omitempty"` // contains filtered or unexported fields }
func (*K8SSecretApiKeyStorage) Clone ¶ added in v1.13.0
func (m *K8SSecretApiKeyStorage) Clone() proto.Message
Clone function
func (*K8SSecretApiKeyStorage) Descriptor
deprecated
added in
v1.13.0
func (*K8SSecretApiKeyStorage) Descriptor() ([]byte, []int)
Deprecated: Use K8SSecretApiKeyStorage.ProtoReflect.Descriptor instead.
func (*K8SSecretApiKeyStorage) Equal ¶ added in v1.13.0
func (m *K8SSecretApiKeyStorage) Equal(that interface{}) bool
Equal function
func (*K8SSecretApiKeyStorage) GetApiKeySecretRefs ¶ added in v1.13.0
func (x *K8SSecretApiKeyStorage) GetApiKeySecretRefs() []*core.ResourceRef
func (*K8SSecretApiKeyStorage) GetLabelSelector ¶ added in v1.13.0
func (x *K8SSecretApiKeyStorage) GetLabelSelector() map[string]string
func (*K8SSecretApiKeyStorage) Hash ¶ added in v1.13.0
func (m *K8SSecretApiKeyStorage) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*K8SSecretApiKeyStorage) ProtoMessage ¶ added in v1.13.0
func (*K8SSecretApiKeyStorage) ProtoMessage()
func (*K8SSecretApiKeyStorage) ProtoReflect ¶ added in v1.13.0
func (x *K8SSecretApiKeyStorage) ProtoReflect() protoreflect.Message
func (*K8SSecretApiKeyStorage) Reset ¶ added in v1.13.0
func (x *K8SSecretApiKeyStorage) Reset()
func (*K8SSecretApiKeyStorage) String ¶ added in v1.13.0
func (x *K8SSecretApiKeyStorage) String() string
type Ldap ¶
type Ldap struct { // Address of the LDAP server to query. Should be in the form ADDRESS:PORT, e.g. `ldap.default.svc.cluster.local:389`. Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` // Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder. // When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the // placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope). // E.g. "uid=%s,ou=people,dc=solo,dc=io" UserDnTemplate string `protobuf:"bytes,2,opt,name=userDnTemplate,proto3" json:"userDnTemplate,omitempty"` // Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look // for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided. MembershipAttributeName string `protobuf:"bytes,3,opt,name=membershipAttributeName,proto3" json:"membershipAttributeName,omitempty"` // In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must // contain at least of one of the group DNs specified via this option. // E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" } AllowedGroups []string `protobuf:"bytes,4,rep,name=allowedGroups,proto3" json:"allowedGroups,omitempty"` // Use this property to tune the pool of connections to the LDAP server that Gloo maintains. Pool *Ldap_ConnectionPool `protobuf:"bytes,5,opt,name=pool,proto3" json:"pool,omitempty"` // Use to set a custom filter when searching a member. Defaults to "(uid=*)". SearchFilter string `protobuf:"bytes,6,opt,name=searchFilter,proto3" json:"searchFilter,omitempty"` // Disables group checking, regardless of the value for allowedGroups, // and disables validation for the membership attribute of the user entry. // Group checking is enabled by default. DisableGroupChecking bool `protobuf:"varint,7,opt,name=disable_group_checking,json=disableGroupChecking,proto3" json:"disable_group_checking,omitempty"` // Settings for using a separate service account for looking up group membership // To use this, you also need to configure credentials in a secret GroupLookupSettings *LdapServiceAccount `protobuf:"bytes,8,opt,name=group_lookup_settings,json=groupLookupSettings,proto3" json:"group_lookup_settings,omitempty"` // contains filtered or unexported fields }
Authenticates and authorizes requests by querying an LDAP server. Gloo makes the following assumptions:
- Requests provide credentials via the basic HTTP authentication header. Gloo will BIND to the LDAP server using the credentials extracted from the header.
- Your LDAP server is configured so that each entry you want to authorize has an attribute that indicates its group memberships. A common way of achieving this is by using the [*memberof* overlay](http://www.openldap.org/software/man.cgi?query=slapo-memberof).
func (*Ldap) Descriptor
deprecated
func (*Ldap) GetAddress ¶
func (*Ldap) GetAllowedGroups ¶
func (*Ldap) GetDisableGroupChecking ¶ added in v1.9.23
func (*Ldap) GetGroupLookupSettings ¶ added in v1.13.0
func (x *Ldap) GetGroupLookupSettings() *LdapServiceAccount
func (*Ldap) GetMembershipAttributeName ¶
func (*Ldap) GetPool ¶
func (x *Ldap) GetPool() *Ldap_ConnectionPool
func (*Ldap) GetSearchFilter ¶ added in v1.9.25
func (*Ldap) GetUserDnTemplate ¶
func (*Ldap) ProtoMessage ¶
func (*Ldap) ProtoMessage()
func (*Ldap) ProtoReflect ¶ added in v1.6.0
func (x *Ldap) ProtoReflect() protoreflect.Message
type LdapServiceAccount ¶ added in v1.13.0
type LdapServiceAccount struct { // Reference to an AccountCredentialsSecret to use to authenticate as the service account CredentialsSecretRef *core.ResourceRef `protobuf:"bytes,1,opt,name=credentials_secret_ref,json=credentialsSecretRef,proto3" json:"credentials_secret_ref,omitempty"` // If true, Gloo will use the service account to check group membership CheckGroupsWithServiceAccount bool `` /* 155-byte string literal not displayed */ // contains filtered or unexported fields }
func (*LdapServiceAccount) Clone ¶ added in v1.13.0
func (m *LdapServiceAccount) Clone() proto.Message
Clone function
func (*LdapServiceAccount) Descriptor
deprecated
added in
v1.13.0
func (*LdapServiceAccount) Descriptor() ([]byte, []int)
Deprecated: Use LdapServiceAccount.ProtoReflect.Descriptor instead.
func (*LdapServiceAccount) Equal ¶ added in v1.13.0
func (m *LdapServiceAccount) Equal(that interface{}) bool
Equal function
func (*LdapServiceAccount) GetCheckGroupsWithServiceAccount ¶ added in v1.13.0
func (x *LdapServiceAccount) GetCheckGroupsWithServiceAccount() bool
func (*LdapServiceAccount) GetCredentialsSecretRef ¶ added in v1.13.0
func (x *LdapServiceAccount) GetCredentialsSecretRef() *core.ResourceRef
func (*LdapServiceAccount) Hash ¶ added in v1.13.0
func (m *LdapServiceAccount) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*LdapServiceAccount) ProtoMessage ¶ added in v1.13.0
func (*LdapServiceAccount) ProtoMessage()
func (*LdapServiceAccount) ProtoReflect ¶ added in v1.13.0
func (x *LdapServiceAccount) ProtoReflect() protoreflect.Message
func (*LdapServiceAccount) Reset ¶ added in v1.13.0
func (x *LdapServiceAccount) Reset()
func (*LdapServiceAccount) String ¶ added in v1.13.0
func (x *LdapServiceAccount) String() string
type Ldap_ConnectionPool ¶
type Ldap_ConnectionPool struct { // Maximum number connections that are pooled at any give time. The default value is 5. MaxSize *wrappers.UInt32Value `protobuf:"bytes,1,opt,name=maxSize,proto3" json:"maxSize,omitempty"` // Number of connections that the pool will be pre-populated with upon initialization. The default value is 2. InitialSize *wrappers.UInt32Value `protobuf:"bytes,2,opt,name=initialSize,proto3" json:"initialSize,omitempty"` // contains filtered or unexported fields }
Configuration properties for pooling connections to the LDAP server. If the pool is exhausted when a connection is requested (meaning that all the pooled connections are in use), the connection will be created on the fly.
func (*Ldap_ConnectionPool) Clone ¶ added in v1.8.24
func (m *Ldap_ConnectionPool) Clone() proto.Message
Clone function
func (*Ldap_ConnectionPool) Descriptor
deprecated
func (*Ldap_ConnectionPool) Descriptor() ([]byte, []int)
Deprecated: Use Ldap_ConnectionPool.ProtoReflect.Descriptor instead.
func (*Ldap_ConnectionPool) Equal ¶
func (m *Ldap_ConnectionPool) Equal(that interface{}) bool
Equal function
func (*Ldap_ConnectionPool) GetInitialSize ¶
func (x *Ldap_ConnectionPool) GetInitialSize() *wrappers.UInt32Value
func (*Ldap_ConnectionPool) GetMaxSize ¶
func (x *Ldap_ConnectionPool) GetMaxSize() *wrappers.UInt32Value
func (*Ldap_ConnectionPool) Hash ¶ added in v1.2.13
func (m *Ldap_ConnectionPool) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*Ldap_ConnectionPool) ProtoMessage ¶
func (*Ldap_ConnectionPool) ProtoMessage()
func (*Ldap_ConnectionPool) ProtoReflect ¶ added in v1.6.0
func (x *Ldap_ConnectionPool) ProtoReflect() protoreflect.Message
func (*Ldap_ConnectionPool) Reset ¶
func (x *Ldap_ConnectionPool) Reset()
func (*Ldap_ConnectionPool) String ¶
func (x *Ldap_ConnectionPool) String() string
type OAuth
deprecated
type OAuth struct { // your client id as registered with the issuer // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // your client secret as registered with the issuer // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"` // The url of the issuer. We will look for OIDC information in issuerUrl+ // ".well-known/openid-configuration" // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"` // extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */ // we to redirect after successful auth, if we can't determine the original // url this should be your publicly available app url. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` // a callback path relative to app url that will be used for OIDC callbacks. // needs to not be used by the application // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` // Scopes to request in addition to openid scope. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"` // contains filtered or unexported fields }
Deprecated: Prefer OAuth2
func (*OAuth) Descriptor
deprecated
func (*OAuth) GetAuthEndpointQueryParams
deprecated
added in
v1.3.0
func (*OAuth) GetCallbackPath
deprecated
func (*OAuth) GetClientId
deprecated
func (*OAuth) GetClientSecretRef
deprecated
func (x *OAuth) GetClientSecretRef() *core.ResourceRef
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*OAuth) GetIssuerUrl
deprecated
func (*OAuth) ProtoMessage ¶
func (*OAuth) ProtoMessage()
func (*OAuth) ProtoReflect ¶ added in v1.6.0
func (x *OAuth) ProtoReflect() protoreflect.Message
type OAuth2 ¶ added in v1.5.0
type OAuth2 struct { // Types that are assignable to OauthType: // // *OAuth2_OidcAuthorizationCode // *OAuth2_AccessTokenValidation // *OAuth2_Oauth2 OauthType isOAuth2_OauthType `protobuf_oneof:"oauth_type"` // contains filtered or unexported fields }
func (*OAuth2) Descriptor
deprecated
added in
v1.5.0
func (*OAuth2) GetAccessTokenValidation ¶ added in v1.5.0
func (x *OAuth2) GetAccessTokenValidation() *AccessTokenValidation
func (*OAuth2) GetOauth2 ¶ added in v1.12.26
func (x *OAuth2) GetOauth2() *PlainOAuth2
func (*OAuth2) GetOauthType ¶ added in v1.5.0
func (m *OAuth2) GetOauthType() isOAuth2_OauthType
func (*OAuth2) GetOidcAuthorizationCode ¶ added in v1.5.0
func (x *OAuth2) GetOidcAuthorizationCode() *OidcAuthorizationCode
func (*OAuth2) ProtoMessage ¶ added in v1.5.0
func (*OAuth2) ProtoMessage()
func (*OAuth2) ProtoReflect ¶ added in v1.6.0
func (x *OAuth2) ProtoReflect() protoreflect.Message
type OAuth2_AccessTokenValidation ¶ added in v1.5.0
type OAuth2_AccessTokenValidation struct { // provide the access token on the request and let gloo handle authorization. // // according to https://tools.ietf.org/html/rfc6750 you can pass tokens through: // - form-encoded body parameter. recommended, more likely to appear. e.g.: Authorization: Bearer mytoken123 // - URI query parameter e.g. access_token=mytoken123 // - and (preferably) secure cookies AccessTokenValidation *AccessTokenValidation `protobuf:"bytes,2,opt,name=access_token_validation,json=accessTokenValidation,proto3,oneof"` }
type OAuth2_Oauth2 ¶ added in v1.12.26
type OAuth2_Oauth2 struct { // Enterprise-Only: THIS FEATURE IS IN TECH PREVIEW. APIs are versioned as alpha and subject to change. // provide issuer location and let Gloo handle Oauth2 flow for you. // requests authorized by validating the contents of access token. // Prefer to use OIDC for better security. Oauth2 *PlainOAuth2 `protobuf:"bytes,3,opt,name=oauth2,proto3,oneof"` }
type OAuth2_OidcAuthorizationCode ¶ added in v1.5.0
type OAuth2_OidcAuthorizationCode struct { // provide issuer location and let gloo handle OIDC flow for you. // requests authorized by validating the contents of ID token. // can also authorize the access token if configured. OidcAuthorizationCode *OidcAuthorizationCode `protobuf:"bytes,1,opt,name=oidc_authorization_code,json=oidcAuthorizationCode,proto3,oneof"` }
type OauthSecret ¶
type OauthSecret struct { ClientSecret string `protobuf:"bytes,1,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` // contains filtered or unexported fields }
func (*OauthSecret) Clone ¶ added in v1.8.24
func (m *OauthSecret) Clone() proto.Message
Clone function
func (*OauthSecret) Descriptor
deprecated
func (*OauthSecret) Descriptor() ([]byte, []int)
Deprecated: Use OauthSecret.ProtoReflect.Descriptor instead.
func (*OauthSecret) GetClientSecret ¶
func (x *OauthSecret) GetClientSecret() string
func (*OauthSecret) Hash ¶ added in v1.2.13
func (m *OauthSecret) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*OauthSecret) ProtoMessage ¶
func (*OauthSecret) ProtoMessage()
func (*OauthSecret) ProtoReflect ¶ added in v1.6.0
func (x *OauthSecret) ProtoReflect() protoreflect.Message
func (*OauthSecret) Reset ¶
func (x *OauthSecret) Reset()
func (*OauthSecret) String ¶
func (x *OauthSecret) String() string
type OidcAuthorizationCode ¶ added in v1.5.0
type OidcAuthorizationCode struct { // your client id as registered with the issuer ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // your client secret as registered with the issuer. // This is required unless `disable_client_secret` is true ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"` // The url of the issuer. We will look for OIDC information in issuerUrl+ // ".well-known/openid-configuration" IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"` // extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider. // this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_challenge` and `code_challenge_method`. AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */ // extra query parameters to apply to the Ext-Auth service's token request to the identity provider. // this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_verifier`. TokenEndpointQueryParams map[string]string `` /* 226-byte string literal not displayed */ // where to redirect after successful auth, if we can't determine the original url. // this should be your publicly available app url. AppUrl string `protobuf:"bytes,5,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` // a callback path relative to app url that will be used for OIDC callbacks. // should not be used by the application. CallbackPath string `protobuf:"bytes,6,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` // a path relative to app url that will be used for logging out from an OIDC session. // should not be used by the application. // If not provided, logout functionality will be disabled. LogoutPath string `protobuf:"bytes,9,opt,name=logout_path,json=logoutPath,proto3" json:"logout_path,omitempty"` // url to redirect to after logout. // This should be a publicly available URL. If not provided, will default to the `app_url`. AfterLogoutUrl string `protobuf:"bytes,15,opt,name=after_logout_url,json=afterLogoutUrl,proto3" json:"after_logout_url,omitempty"` // Scopes to request in addition to openid scope. Scopes []string `protobuf:"bytes,7,rep,name=scopes,proto3" json:"scopes,omitempty"` // Configuration related to the user session. Session *UserSession `protobuf:"bytes,8,opt,name=session,proto3" json:"session,omitempty"` // Configures headers added to requests. Headers *HeaderConfiguration `protobuf:"bytes,10,opt,name=headers,proto3" json:"headers,omitempty"` // OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration // The discovery override defines any properties that should override this discovery configuration // For example, the following AuthConfig CRD could be defined as: // // “`yaml // apiVersion: enterprise.gloo.solo.io/v1 // kind: AuthConfig // metadata: // name: google-oidc // namespace: gloo-system // spec: // configs: // - oauth: // app_url: http://localhost:8080 // callback_path: /callback // client_id: $CLIENT_ID // client_secret_ref: // name: google // namespace: gloo-system // issuer_url: https://accounts.google.com // discovery_override: // token_endpoint: "https://token.url/gettoken" // “` // // And this will ensure that regardless of what value is discovered at // <issuerUrl>/.well-known/openid-configuration, "https://token.url/gettoken" will be used as the token endpoint DiscoveryOverride *DiscoveryOverride `protobuf:"bytes,11,opt,name=discovery_override,json=discoveryOverride,proto3" json:"discovery_override,omitempty"` // The interval at which OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration // If not specified, the default value is 30 minutes. DiscoveryPollInterval *duration.Duration `` /* 127-byte string literal not displayed */ // If a user executes a request with a key that is not found in the JWKS, it could be // that the keys have rotated on the remote source, and not yet in the local cache. // This policy lets you define the behavior for how to refresh the local cache during a request // where an invalid key is provided JwksCacheRefreshPolicy *JwksOnDemandCacheRefreshPolicy `` /* 132-byte string literal not displayed */ // DEPRECATED: Prefer the RedisSession.HeaderName field // If set, the randomly generated session id will be sent to the token endpoint as part of the code exchange // The session id is used as the key for sessions in Redis // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto. SessionIdHeaderName string `protobuf:"bytes,16,opt,name=session_id_header_name,json=sessionIdHeaderName,proto3" json:"session_id_header_name,omitempty"` // If set, CallbackPath will be evaluated as a regular expression ParseCallbackPathAsRegex bool `` /* 141-byte string literal not displayed */ // If specified, authEndpointQueryParams and tokenEndpointQueryParams will be populated using dynamic metadata values. // By default parameters will be extracted from the solo_authconfig_oidc namespace // this behavior can be overridden by explicitly specifying a namespace AutoMapFromMetadata *AutoMapFromMetadata `protobuf:"bytes,18,opt,name=auto_map_from_metadata,json=autoMapFromMetadata,proto3" json:"auto_map_from_metadata,omitempty"` // If specified, these are properties defined for the end session endpoint // specifications. Noted [here](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) // in the OIDC documentation. EndSessionProperties *EndSessionProperties `protobuf:"bytes,19,opt,name=end_session_properties,json=endSessionProperties,proto3" json:"end_session_properties,omitempty"` // Map of metadata key to claim. Ie: // dynamic_metadata_from_claims: // // issuer: iss // email: email // // When specified, the matching claims from the ID token will be emitted as dynamic metadata. // Note that metadata keys must be unique, and the claim names must be alphanumeric and use `-` or `_` as separators. // The metadata will live in a namespace specified by the canonical name of the ext auth filter (in our case `envoy.filters.http.ext_authz`), // and the structure of the claim value will be preserved in the metadata struct. DynamicMetadataFromClaims map[string]string `` /* 229-byte string literal not displayed */ // If true, do not check for or use the client secret. // Generally the client secret is required and AuthConfigs will be rejected if it isn't set. // However certain implementations of the PKCE flow do not use a client secret (including Okta) so this setting allows configuring Oidc without a client secret. DisableClientSecret *wrappers.BoolValue `protobuf:"bytes,21,opt,name=disable_client_secret,json=disableClientSecret,proto3" json:"disable_client_secret,omitempty"` // Optional: Configuration specific to the OAuth2 access token received and processed by the ext-auth-service. AccessToken *OidcAuthorizationCode_AccessToken `protobuf:"bytes,23,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"` // Optional: Configuration specific to the OIDC identity token received and processed by the ext-auth-service. IdentityToken *OidcAuthorizationCode_IdentityToken `protobuf:"bytes,24,opt,name=identity_token,json=identityToken,proto3" json:"identity_token,omitempty"` // contains filtered or unexported fields }
func (*OidcAuthorizationCode) Clone ¶ added in v1.8.24
func (m *OidcAuthorizationCode) Clone() proto.Message
Clone function
func (*OidcAuthorizationCode) Descriptor
deprecated
added in
v1.5.0
func (*OidcAuthorizationCode) Descriptor() ([]byte, []int)
Deprecated: Use OidcAuthorizationCode.ProtoReflect.Descriptor instead.
func (*OidcAuthorizationCode) Equal ¶ added in v1.5.0
func (m *OidcAuthorizationCode) Equal(that interface{}) bool
Equal function
func (*OidcAuthorizationCode) GetAccessToken ¶ added in v1.15.4
func (x *OidcAuthorizationCode) GetAccessToken() *OidcAuthorizationCode_AccessToken
func (*OidcAuthorizationCode) GetAfterLogoutUrl ¶ added in v1.8.0
func (x *OidcAuthorizationCode) GetAfterLogoutUrl() string
func (*OidcAuthorizationCode) GetAppUrl ¶ added in v1.5.0
func (x *OidcAuthorizationCode) GetAppUrl() string
func (*OidcAuthorizationCode) GetAuthEndpointQueryParams ¶ added in v1.5.0
func (x *OidcAuthorizationCode) GetAuthEndpointQueryParams() map[string]string
func (*OidcAuthorizationCode) GetAutoMapFromMetadata ¶ added in v1.9.25
func (x *OidcAuthorizationCode) GetAutoMapFromMetadata() *AutoMapFromMetadata
func (*OidcAuthorizationCode) GetCallbackPath ¶ added in v1.5.0
func (x *OidcAuthorizationCode) GetCallbackPath() string
func (*OidcAuthorizationCode) GetClientId ¶ added in v1.5.0
func (x *OidcAuthorizationCode) GetClientId() string
func (*OidcAuthorizationCode) GetClientSecretRef ¶ added in v1.5.0
func (x *OidcAuthorizationCode) GetClientSecretRef() *core.ResourceRef
func (*OidcAuthorizationCode) GetDisableClientSecret ¶ added in v1.14.9
func (x *OidcAuthorizationCode) GetDisableClientSecret() *wrappers.BoolValue
func (*OidcAuthorizationCode) GetDiscoveryOverride ¶ added in v1.6.0
func (x *OidcAuthorizationCode) GetDiscoveryOverride() *DiscoveryOverride
func (*OidcAuthorizationCode) GetDiscoveryPollInterval ¶ added in v1.5.17
func (x *OidcAuthorizationCode) GetDiscoveryPollInterval() *duration.Duration
func (*OidcAuthorizationCode) GetDynamicMetadataFromClaims ¶ added in v1.15.0
func (x *OidcAuthorizationCode) GetDynamicMetadataFromClaims() map[string]string
func (*OidcAuthorizationCode) GetEndSessionProperties ¶ added in v1.9.25
func (x *OidcAuthorizationCode) GetEndSessionProperties() *EndSessionProperties
func (*OidcAuthorizationCode) GetHeaders ¶ added in v1.5.8
func (x *OidcAuthorizationCode) GetHeaders() *HeaderConfiguration
func (*OidcAuthorizationCode) GetIdentityToken ¶ added in v1.15.4
func (x *OidcAuthorizationCode) GetIdentityToken() *OidcAuthorizationCode_IdentityToken
func (*OidcAuthorizationCode) GetIssuerUrl ¶ added in v1.5.0
func (x *OidcAuthorizationCode) GetIssuerUrl() string
func (*OidcAuthorizationCode) GetJwksCacheRefreshPolicy ¶ added in v1.5.18
func (x *OidcAuthorizationCode) GetJwksCacheRefreshPolicy() *JwksOnDemandCacheRefreshPolicy
func (*OidcAuthorizationCode) GetLogoutPath ¶ added in v1.5.8
func (x *OidcAuthorizationCode) GetLogoutPath() string
func (*OidcAuthorizationCode) GetParseCallbackPathAsRegex ¶ added in v1.9.25
func (x *OidcAuthorizationCode) GetParseCallbackPathAsRegex() bool
func (*OidcAuthorizationCode) GetScopes ¶ added in v1.5.0
func (x *OidcAuthorizationCode) GetScopes() []string
func (*OidcAuthorizationCode) GetSession ¶ added in v1.5.8
func (x *OidcAuthorizationCode) GetSession() *UserSession
func (*OidcAuthorizationCode) GetSessionIdHeaderName
deprecated
added in
v1.9.0
func (x *OidcAuthorizationCode) GetSessionIdHeaderName() string
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.
func (*OidcAuthorizationCode) GetTokenEndpointQueryParams ¶ added in v1.7.7
func (x *OidcAuthorizationCode) GetTokenEndpointQueryParams() map[string]string
func (*OidcAuthorizationCode) Hash ¶ added in v1.5.0
func (m *OidcAuthorizationCode) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*OidcAuthorizationCode) ProtoMessage ¶ added in v1.5.0
func (*OidcAuthorizationCode) ProtoMessage()
func (*OidcAuthorizationCode) ProtoReflect ¶ added in v1.6.0
func (x *OidcAuthorizationCode) ProtoReflect() protoreflect.Message
func (*OidcAuthorizationCode) Reset ¶ added in v1.5.0
func (x *OidcAuthorizationCode) Reset()
func (*OidcAuthorizationCode) String ¶ added in v1.5.0
func (x *OidcAuthorizationCode) String() string
type OidcAuthorizationCode_AccessToken ¶ added in v1.15.4
type OidcAuthorizationCode_AccessToken struct { // A list of claims to be mapped from the JWT token received by ext-auth-service to an upstream destination ClaimsToHeaders []*ClaimToHeader `protobuf:"bytes,1,rep,name=claims_to_headers,json=claimsToHeaders,proto3" json:"claims_to_headers,omitempty"` // contains filtered or unexported fields }
Optional: Map a single claim from an OAuth2 access token to a header in the request to the upstream destination.
func (*OidcAuthorizationCode_AccessToken) Clone ¶ added in v1.15.4
func (m *OidcAuthorizationCode_AccessToken) Clone() proto.Message
Clone function
func (*OidcAuthorizationCode_AccessToken) Descriptor
deprecated
added in
v1.15.4
func (*OidcAuthorizationCode_AccessToken) Descriptor() ([]byte, []int)
Deprecated: Use OidcAuthorizationCode_AccessToken.ProtoReflect.Descriptor instead.
func (*OidcAuthorizationCode_AccessToken) Equal ¶ added in v1.15.4
func (m *OidcAuthorizationCode_AccessToken) Equal(that interface{}) bool
Equal function
func (*OidcAuthorizationCode_AccessToken) GetClaimsToHeaders ¶ added in v1.15.4
func (x *OidcAuthorizationCode_AccessToken) GetClaimsToHeaders() []*ClaimToHeader
func (*OidcAuthorizationCode_AccessToken) Hash ¶ added in v1.15.4
func (m *OidcAuthorizationCode_AccessToken) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*OidcAuthorizationCode_AccessToken) ProtoMessage ¶ added in v1.15.4
func (*OidcAuthorizationCode_AccessToken) ProtoMessage()
func (*OidcAuthorizationCode_AccessToken) ProtoReflect ¶ added in v1.15.4
func (x *OidcAuthorizationCode_AccessToken) ProtoReflect() protoreflect.Message
func (*OidcAuthorizationCode_AccessToken) Reset ¶ added in v1.15.4
func (x *OidcAuthorizationCode_AccessToken) Reset()
func (*OidcAuthorizationCode_AccessToken) String ¶ added in v1.15.4
func (x *OidcAuthorizationCode_AccessToken) String() string
type OidcAuthorizationCode_IdentityToken ¶ added in v1.15.4
type OidcAuthorizationCode_IdentityToken struct { // A list of claims to be mapped from the JWT token received by ext-auth-service to an upstream destination ClaimsToHeaders []*ClaimToHeader `protobuf:"bytes,1,rep,name=claims_to_headers,json=claimsToHeaders,proto3" json:"claims_to_headers,omitempty"` // contains filtered or unexported fields }
Optional: Map a single claim from an OIDC identity token to a header in the request to the upstream destination.
func (*OidcAuthorizationCode_IdentityToken) Clone ¶ added in v1.15.4
func (m *OidcAuthorizationCode_IdentityToken) Clone() proto.Message
Clone function
func (*OidcAuthorizationCode_IdentityToken) Descriptor
deprecated
added in
v1.15.4
func (*OidcAuthorizationCode_IdentityToken) Descriptor() ([]byte, []int)
Deprecated: Use OidcAuthorizationCode_IdentityToken.ProtoReflect.Descriptor instead.
func (*OidcAuthorizationCode_IdentityToken) Equal ¶ added in v1.15.4
func (m *OidcAuthorizationCode_IdentityToken) Equal(that interface{}) bool
Equal function
func (*OidcAuthorizationCode_IdentityToken) GetClaimsToHeaders ¶ added in v1.15.4
func (x *OidcAuthorizationCode_IdentityToken) GetClaimsToHeaders() []*ClaimToHeader
func (*OidcAuthorizationCode_IdentityToken) Hash ¶ added in v1.15.4
func (m *OidcAuthorizationCode_IdentityToken) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*OidcAuthorizationCode_IdentityToken) ProtoMessage ¶ added in v1.15.4
func (*OidcAuthorizationCode_IdentityToken) ProtoMessage()
func (*OidcAuthorizationCode_IdentityToken) ProtoReflect ¶ added in v1.15.4
func (x *OidcAuthorizationCode_IdentityToken) ProtoReflect() protoreflect.Message
func (*OidcAuthorizationCode_IdentityToken) Reset ¶ added in v1.15.4
func (x *OidcAuthorizationCode_IdentityToken) Reset()
func (*OidcAuthorizationCode_IdentityToken) String ¶ added in v1.15.4
func (x *OidcAuthorizationCode_IdentityToken) String() string
type OpaAuth ¶
type OpaAuth struct { // An optional resource reference to config maps containing modules to assist in the resolution of `query`. Modules []*core.ResourceRef `protobuf:"bytes,1,rep,name=modules,proto3" json:"modules,omitempty"` // The query that determines the auth decision. The result of this query must be either a boolean // or an array with boolean as the first element. A boolean `true` value means that the request // will be authorized. Any other value, or error, means that the request will be denied. Query string `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"` // Additional Options for Opa Auth configuration. Options *OpaAuthOptions `protobuf:"bytes,3,opt,name=options,proto3" json:"options,omitempty"` // contains filtered or unexported fields }
Enforce Open Policy Agent (OPA) policies in Gloo Edge environments. For Gloo Platform environments, use OpaServerAuth instead.
func (*OpaAuth) Descriptor
deprecated
func (*OpaAuth) GetModules ¶
func (x *OpaAuth) GetModules() []*core.ResourceRef
func (*OpaAuth) GetOptions ¶ added in v1.9.0
func (x *OpaAuth) GetOptions() *OpaAuthOptions
func (*OpaAuth) ProtoMessage ¶
func (*OpaAuth) ProtoMessage()
func (*OpaAuth) ProtoReflect ¶ added in v1.6.0
func (x *OpaAuth) ProtoReflect() protoreflect.Message
type OpaAuthOptions ¶ added in v1.9.0
type OpaAuthOptions struct { // Decreases OPA latency by speeding up conversion of input to the OPA engine. // If this is set to true, only http_request and state fields which are a scalar, map, or string array // are included in the request input. All other fields are dropped. Dropped fields will not be evaluated by the OPA engine. // By default, this is set to false and all fields are evaluated by OPA. FastInputConversion bool `protobuf:"varint,1,opt,name=fast_input_conversion,json=fastInputConversion,proto3" json:"fast_input_conversion,omitempty"` // Return the reason given from the OPA engine after a decision made on this policy. Reason must be the second // parameter of the query. The entry will be in the returned DynamicMetadata in the CheckResponse and the structure // will be // envoy.filters.http.ext_authz: // // -> name of the auth step, i.e. spec.configs[i].name // -> reason ReturnDecisionReason bool `protobuf:"varint,2,opt,name=return_decision_reason,json=returnDecisionReason,proto3" json:"return_decision_reason,omitempty"` // contains filtered or unexported fields }
func (*OpaAuthOptions) Clone ¶ added in v1.9.7
func (m *OpaAuthOptions) Clone() proto.Message
Clone function
func (*OpaAuthOptions) Descriptor
deprecated
added in
v1.9.0
func (*OpaAuthOptions) Descriptor() ([]byte, []int)
Deprecated: Use OpaAuthOptions.ProtoReflect.Descriptor instead.
func (*OpaAuthOptions) Equal ¶ added in v1.9.0
func (m *OpaAuthOptions) Equal(that interface{}) bool
Equal function
func (*OpaAuthOptions) GetFastInputConversion ¶ added in v1.9.0
func (x *OpaAuthOptions) GetFastInputConversion() bool
func (*OpaAuthOptions) GetReturnDecisionReason ¶ added in v1.15.0
func (x *OpaAuthOptions) GetReturnDecisionReason() bool
func (*OpaAuthOptions) Hash ¶ added in v1.9.0
func (m *OpaAuthOptions) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*OpaAuthOptions) ProtoMessage ¶ added in v1.9.0
func (*OpaAuthOptions) ProtoMessage()
func (*OpaAuthOptions) ProtoReflect ¶ added in v1.9.0
func (x *OpaAuthOptions) ProtoReflect() protoreflect.Message
func (*OpaAuthOptions) Reset ¶ added in v1.9.0
func (x *OpaAuthOptions) Reset()
func (*OpaAuthOptions) String ¶ added in v1.9.0
func (x *OpaAuthOptions) String() string
type PassThroughAuth ¶ added in v1.6.0
type PassThroughAuth struct { // Types that are assignable to Protocol: // // *PassThroughAuth_Grpc // *PassThroughAuth_Http Protocol isPassThroughAuth_Protocol `protobuf_oneof:"protocol"` // Custom config to be passed per request to the passthrough auth service. Config *_struct.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"` // If set to true, the service will accept client request even if the communication with // // the authorization service has failed, or if the authorization service has returned a server error. // // Defaults to false. FailureModeAllow bool `protobuf:"varint,5,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"` // contains filtered or unexported fields }
Authorizes requests by querying a custom extauth server.
func (*PassThroughAuth) Clone ¶ added in v1.8.24
func (m *PassThroughAuth) Clone() proto.Message
Clone function
func (*PassThroughAuth) Descriptor
deprecated
added in
v1.6.0
func (*PassThroughAuth) Descriptor() ([]byte, []int)
Deprecated: Use PassThroughAuth.ProtoReflect.Descriptor instead.
func (*PassThroughAuth) Equal ¶ added in v1.6.0
func (m *PassThroughAuth) Equal(that interface{}) bool
Equal function
func (*PassThroughAuth) GetConfig ¶ added in v1.6.11
func (x *PassThroughAuth) GetConfig() *_struct.Struct
func (*PassThroughAuth) GetFailureModeAllow ¶ added in v1.12.30
func (x *PassThroughAuth) GetFailureModeAllow() bool
func (*PassThroughAuth) GetGrpc ¶ added in v1.6.0
func (x *PassThroughAuth) GetGrpc() *PassThroughGrpc
func (*PassThroughAuth) GetHttp ¶ added in v1.9.0
func (x *PassThroughAuth) GetHttp() *PassThroughHttp
func (*PassThroughAuth) GetProtocol ¶ added in v1.6.0
func (m *PassThroughAuth) GetProtocol() isPassThroughAuth_Protocol
func (*PassThroughAuth) Hash ¶ added in v1.6.0
func (m *PassThroughAuth) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*PassThroughAuth) ProtoMessage ¶ added in v1.6.0
func (*PassThroughAuth) ProtoMessage()
func (*PassThroughAuth) ProtoReflect ¶ added in v1.6.0
func (x *PassThroughAuth) ProtoReflect() protoreflect.Message
func (*PassThroughAuth) Reset ¶ added in v1.6.0
func (x *PassThroughAuth) Reset()
func (*PassThroughAuth) String ¶ added in v1.6.0
func (x *PassThroughAuth) String() string
type PassThroughAuth_Grpc ¶ added in v1.6.0
type PassThroughAuth_Grpc struct {
Grpc *PassThroughGrpc `protobuf:"bytes,1,opt,name=grpc,proto3,oneof"`
}
type PassThroughAuth_Http ¶ added in v1.9.0
type PassThroughAuth_Http struct {
Http *PassThroughHttp `protobuf:"bytes,2,opt,name=http,proto3,oneof"`
}
type PassThroughGrpc ¶ added in v1.6.0
type PassThroughGrpc struct { // Address of the auth server to query. Should be in the form ADDRESS:PORT, e.g. `default.svc.cluster.local:389`. Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` // Timeout for the auth server to respond. Defaults to 5s ConnectionTimeout *duration.Duration `protobuf:"bytes,2,opt,name=connection_timeout,json=connectionTimeout,proto3" json:"connection_timeout,omitempty"` // TLS config for the Grpc passthrough, if not configured the connection will use insecure. TlsConfig *PassThroughGrpcTLSConfig `protobuf:"bytes,3,opt,name=tlsConfig,proto3" json:"tlsConfig,omitempty"` // contains filtered or unexported fields }
Authorizes requests by querying a custom extauth grpc server Assumes that the server implements the envoy external authorization spec: https://github.com/envoyproxy/envoy/blob/ae1ed1fa74f096dabe8dd5b19fc70333621b0309/api/envoy/service/auth/v3/external_auth.proto#L29
func (*PassThroughGrpc) Clone ¶ added in v1.8.24
func (m *PassThroughGrpc) Clone() proto.Message
Clone function
func (*PassThroughGrpc) Descriptor
deprecated
added in
v1.6.0
func (*PassThroughGrpc) Descriptor() ([]byte, []int)
Deprecated: Use PassThroughGrpc.ProtoReflect.Descriptor instead.
func (*PassThroughGrpc) Equal ¶ added in v1.6.0
func (m *PassThroughGrpc) Equal(that interface{}) bool
Equal function
func (*PassThroughGrpc) GetAddress ¶ added in v1.6.0
func (x *PassThroughGrpc) GetAddress() string
func (*PassThroughGrpc) GetConnectionTimeout ¶ added in v1.6.0
func (x *PassThroughGrpc) GetConnectionTimeout() *duration.Duration
func (*PassThroughGrpc) GetTlsConfig ¶ added in v1.13.15
func (x *PassThroughGrpc) GetTlsConfig() *PassThroughGrpcTLSConfig
func (*PassThroughGrpc) Hash ¶ added in v1.6.0
func (m *PassThroughGrpc) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*PassThroughGrpc) ProtoMessage ¶ added in v1.6.0
func (*PassThroughGrpc) ProtoMessage()
func (*PassThroughGrpc) ProtoReflect ¶ added in v1.6.0
func (x *PassThroughGrpc) ProtoReflect() protoreflect.Message
func (*PassThroughGrpc) Reset ¶ added in v1.6.0
func (x *PassThroughGrpc) Reset()
func (*PassThroughGrpc) String ¶ added in v1.6.0
func (x *PassThroughGrpc) String() string
type PassThroughGrpcTLSConfig ¶ added in v1.13.15
type PassThroughGrpcTLSConfig struct {
// contains filtered or unexported fields
}
TLS configuration for the extauth grpc passthrough connection
func (*PassThroughGrpcTLSConfig) Clone ¶ added in v1.13.15
func (m *PassThroughGrpcTLSConfig) Clone() proto.Message
Clone function
func (*PassThroughGrpcTLSConfig) Descriptor
deprecated
added in
v1.13.15
func (*PassThroughGrpcTLSConfig) Descriptor() ([]byte, []int)
Deprecated: Use PassThroughGrpcTLSConfig.ProtoReflect.Descriptor instead.
func (*PassThroughGrpcTLSConfig) Equal ¶ added in v1.13.15
func (m *PassThroughGrpcTLSConfig) Equal(that interface{}) bool
Equal function
func (*PassThroughGrpcTLSConfig) Hash ¶ added in v1.13.15
func (m *PassThroughGrpcTLSConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*PassThroughGrpcTLSConfig) ProtoMessage ¶ added in v1.13.15
func (*PassThroughGrpcTLSConfig) ProtoMessage()
func (*PassThroughGrpcTLSConfig) ProtoReflect ¶ added in v1.13.15
func (x *PassThroughGrpcTLSConfig) ProtoReflect() protoreflect.Message
func (*PassThroughGrpcTLSConfig) Reset ¶ added in v1.13.15
func (x *PassThroughGrpcTLSConfig) Reset()
func (*PassThroughGrpcTLSConfig) String ¶ added in v1.13.15
func (x *PassThroughGrpcTLSConfig) String() string
type PassThroughHttp ¶ added in v1.9.0
type PassThroughHttp struct { // Required: URL of the passthrough http service, is a fully qualified domain name. // Example: http://ext-auth-service.svc.local:9001. Path provided in the URL will be respected. // To use https, provide the cert in the HTTPS_PASSTHROUGH_CA_CERT environment variable to the ext-auth-service // pod as a base64-encoded string Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"` Request *PassThroughHttp_Request `protobuf:"bytes,3,opt,name=request,proto3" json:"request,omitempty"` Response *PassThroughHttp_Response `protobuf:"bytes,4,opt,name=response,proto3" json:"response,omitempty"` // Timeout for the auth server to respond. Defaults to 5s ConnectionTimeout *duration.Duration `protobuf:"bytes,8,opt,name=connection_timeout,json=connectionTimeout,proto3" json:"connection_timeout,omitempty"` // contains filtered or unexported fields }
Authorizes requests by making a POST HTTP/1 request to a custom HTTP auth server Assumes the request is authorized if the server returns a OK (200) status code, else the request is unauthorized.
func (*PassThroughHttp) Clone ¶ added in v1.9.7
func (m *PassThroughHttp) Clone() proto.Message
Clone function
func (*PassThroughHttp) Descriptor
deprecated
added in
v1.9.0
func (*PassThroughHttp) Descriptor() ([]byte, []int)
Deprecated: Use PassThroughHttp.ProtoReflect.Descriptor instead.
func (*PassThroughHttp) Equal ¶ added in v1.9.0
func (m *PassThroughHttp) Equal(that interface{}) bool
Equal function
func (*PassThroughHttp) GetConnectionTimeout ¶ added in v1.9.0
func (x *PassThroughHttp) GetConnectionTimeout() *duration.Duration
func (*PassThroughHttp) GetRequest ¶ added in v1.9.0
func (x *PassThroughHttp) GetRequest() *PassThroughHttp_Request
func (*PassThroughHttp) GetResponse ¶ added in v1.9.0
func (x *PassThroughHttp) GetResponse() *PassThroughHttp_Response
func (*PassThroughHttp) GetUrl ¶ added in v1.9.0
func (x *PassThroughHttp) GetUrl() string
func (*PassThroughHttp) Hash ¶ added in v1.9.0
func (m *PassThroughHttp) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*PassThroughHttp) ProtoMessage ¶ added in v1.9.0
func (*PassThroughHttp) ProtoMessage()
func (*PassThroughHttp) ProtoReflect ¶ added in v1.9.0
func (x *PassThroughHttp) ProtoReflect() protoreflect.Message
func (*PassThroughHttp) Reset ¶ added in v1.9.0
func (x *PassThroughHttp) Reset()
func (*PassThroughHttp) String ¶ added in v1.9.0
func (x *PassThroughHttp) String() string
type PassThroughHttp_Request ¶ added in v1.9.0
type PassThroughHttp_Request struct { // These headers will be copied from the incoming request to the request going // to the auth server. By default, no headers are copied from the incoming request. // Pseudo-headers such as `:Path`, and `:Method` can not be specified here. AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"` // These headers that will be included to the request to authorization service. Note that // client request of the same key will be overridden. // Pseudo-headers such as `:Path`, and `:Method` can not be specified here. HeadersToAdd map[string]string `` /* 187-byte string literal not displayed */ // Whether or not to include the ext-auth state object in the passthrough request body. // If this is set to true, it is expected that the state is returned in the HTTP response from the // passthrough service. The state received from the response will be the state that is shared with // other ext-auth service methods. // If pass_through_body, pass_through_filter_metadata and pass_through_state are false, // the authorization request body will be empty. A non-empty body will increase latency times // slightly, so this is set to false by default, and should only be set to to true if the // extauth state is needed in the auth request. PassThroughState bool `protobuf:"varint,3,opt,name=pass_through_state,json=passThroughState,proto3" json:"pass_through_state,omitempty"` // Whether or not to include the filter metadata in the passthrough request body. // If pass_through_body, pass_through_filter_metadata and pass_through_state are false, // the authorization request body will be empty. A non-empty body will increase latency times // slightly, so this is set to false by default, and should only be set to to true if the // filter metadata is needed in the auth request. PassThroughFilterMetadata bool `` /* 141-byte string literal not displayed */ // Whether or not to include the body in the passthrough request body. // In order for this to work, the settings.extauth.requestBody must be set in the Gloo Edge Settings CRD so that // the request body is buffered and sent to the ext-auth service. // If pass_through_body, pass_through_filter_metadata and pass_through_state are false, // the authorization request body will be empty. A non-empty body will increase latency times // slightly, so this is set to false by default, and should only be set to to true if the // request body is needed in the auth request. PassThroughBody bool `protobuf:"varint,5,opt,name=pass_through_body,json=passThroughBody,proto3" json:"pass_through_body,omitempty"` // contains filtered or unexported fields }
The passthrough http request can be configured to pass through the incoming request body, the ext-auth state (which is shared between different auth methods within one ext-auth instance), and the [filterMetadata](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/data_sharing_between_filters#metadata) The body of the passthrough auth request will be a JSON as follows: { "body" : string, "state": object (map[string]interface{}), "filterMetadata": object (map[string]protobuf.Struct), "config": object (protobuf.Struct), } `config` is the struct block specified under the passthrough auth configuration. If `passthrough_body`, `passthrough_state`, `passthrough_filter_metadata`, and `config` are all false/nil, the body of the auth request will remain empty. Setting any of these will increase latency slightly due to JSON marshalling.
func (*PassThroughHttp_Request) Clone ¶ added in v1.9.7
func (m *PassThroughHttp_Request) Clone() proto.Message
Clone function
func (*PassThroughHttp_Request) Descriptor
deprecated
added in
v1.9.0
func (*PassThroughHttp_Request) Descriptor() ([]byte, []int)
Deprecated: Use PassThroughHttp_Request.ProtoReflect.Descriptor instead.
func (*PassThroughHttp_Request) Equal ¶ added in v1.9.0
func (m *PassThroughHttp_Request) Equal(that interface{}) bool
Equal function
func (*PassThroughHttp_Request) GetAllowedHeaders ¶ added in v1.9.0
func (x *PassThroughHttp_Request) GetAllowedHeaders() []string
func (*PassThroughHttp_Request) GetHeadersToAdd ¶ added in v1.9.0
func (x *PassThroughHttp_Request) GetHeadersToAdd() map[string]string
func (*PassThroughHttp_Request) GetPassThroughBody ¶ added in v1.9.0
func (x *PassThroughHttp_Request) GetPassThroughBody() bool
func (*PassThroughHttp_Request) GetPassThroughFilterMetadata ¶ added in v1.9.0
func (x *PassThroughHttp_Request) GetPassThroughFilterMetadata() bool
func (*PassThroughHttp_Request) GetPassThroughState ¶ added in v1.9.0
func (x *PassThroughHttp_Request) GetPassThroughState() bool
func (*PassThroughHttp_Request) Hash ¶ added in v1.9.0
func (m *PassThroughHttp_Request) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*PassThroughHttp_Request) ProtoMessage ¶ added in v1.9.0
func (*PassThroughHttp_Request) ProtoMessage()
func (*PassThroughHttp_Request) ProtoReflect ¶ added in v1.9.0
func (x *PassThroughHttp_Request) ProtoReflect() protoreflect.Message
func (*PassThroughHttp_Request) Reset ¶ added in v1.9.0
func (x *PassThroughHttp_Request) Reset()
func (*PassThroughHttp_Request) String ¶ added in v1.9.0
func (x *PassThroughHttp_Request) String() string
type PassThroughHttp_Response ¶ added in v1.9.0
type PassThroughHttp_Response struct { // When this is set, authorization response headers that have a header in this list will be added to the original client request and sent to the upstream // when the auth request is successful. These will be appended to any request headers that already exist. // If this and allowed_upstream_headers_to_overwrite are empty, by default, no authorization response headers will be added to the upstream request. // Header names may not be included in both allowed_upstream_headers and allowed_upstream_headers_to_overwrite. AllowedUpstreamHeaders []string `` /* 129-byte string literal not displayed */ // When this is set, authorization response headers in this list will be added to the response to the downstream client when the auth request is denied. // If the response header already exists, it will replace the response header. // If this is empty, by default, no authorization response headers will be added to the response to the downstream client. AllowedClientHeadersOnDenied []string `` /* 151-byte string literal not displayed */ // If this is set to true, the body of the response from the http passthrough auth server is expected to have shape // // { // "state": object (map[string]interface{}) // } // // The state will be marshalled from the response body and this is the state that will be passed on to other auth configs. // Because of the marshalling from JSON to Go map, this will add some latency to the request. // If the marshalling fails, the authorization check will fail and the request will be unauthorized after the ext-auth-service pod // logs the marshal error. ReadStateFromResponse bool `` /* 129-byte string literal not displayed */ // When this is set, authorization response headers that have a header in this list will be added to the original client request and sent to the upstream // when the auth request is successful. These will overwrite to any request headers that already exist. // If this and allowed_upstream_headers are empty, by default, no authorization response headers will be added to the upstream request. // Header names may not be included in both allowed_upstream_headers and allowed_upstream_headers_to_overwrite. AllowedUpstreamHeadersToOverwrite []string `` /* 166-byte string literal not displayed */ // contains filtered or unexported fields }
func (*PassThroughHttp_Response) Clone ¶ added in v1.9.7
func (m *PassThroughHttp_Response) Clone() proto.Message
Clone function
func (*PassThroughHttp_Response) Descriptor
deprecated
added in
v1.9.0
func (*PassThroughHttp_Response) Descriptor() ([]byte, []int)
Deprecated: Use PassThroughHttp_Response.ProtoReflect.Descriptor instead.
func (*PassThroughHttp_Response) Equal ¶ added in v1.9.0
func (m *PassThroughHttp_Response) Equal(that interface{}) bool
Equal function
func (*PassThroughHttp_Response) GetAllowedClientHeadersOnDenied ¶ added in v1.9.0
func (x *PassThroughHttp_Response) GetAllowedClientHeadersOnDenied() []string
func (*PassThroughHttp_Response) GetAllowedUpstreamHeaders ¶ added in v1.9.0
func (x *PassThroughHttp_Response) GetAllowedUpstreamHeaders() []string
func (*PassThroughHttp_Response) GetAllowedUpstreamHeadersToOverwrite ¶ added in v1.15.1
func (x *PassThroughHttp_Response) GetAllowedUpstreamHeadersToOverwrite() []string
func (*PassThroughHttp_Response) GetReadStateFromResponse ¶ added in v1.9.0
func (x *PassThroughHttp_Response) GetReadStateFromResponse() bool
func (*PassThroughHttp_Response) Hash ¶ added in v1.9.0
func (m *PassThroughHttp_Response) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*PassThroughHttp_Response) ProtoMessage ¶ added in v1.9.0
func (*PassThroughHttp_Response) ProtoMessage()
func (*PassThroughHttp_Response) ProtoReflect ¶ added in v1.9.0
func (x *PassThroughHttp_Response) ProtoReflect() protoreflect.Message
func (*PassThroughHttp_Response) Reset ¶ added in v1.9.0
func (x *PassThroughHttp_Response) Reset()
func (*PassThroughHttp_Response) String ¶ added in v1.9.0
func (x *PassThroughHttp_Response) String() string
type PlainOAuth2 ¶ added in v1.12.26
type PlainOAuth2 struct { // Your client ID as registered with the issuer ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // Your client secret as registered with the issuer. // This is required unless `disable_client_secret` is set. ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"` // Extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider. // These parameters can be useful for flows such as [PKCE](https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_challenge` and `code_challenge_method`. AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */ // Where to redirect after successful auth, if Gloo can't determine the original URL. // Set this field to your publicly available app URL. AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` // A callback path relative to the app URL to be used for OAuth2 callbacks. // Do not use this path in the application itself. CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` // Scopes to request for. Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"` // Configuration related to the user session. Session *UserSession `protobuf:"bytes,7,opt,name=session,proto3" json:"session,omitempty"` // A path relative to the app URL to use for logging out from an OAuth2 session. // Do not use this path in the application itself. // If not provided, logout functionality is disabled. LogoutPath string `protobuf:"bytes,8,opt,name=logout_path,json=logoutPath,proto3" json:"logout_path,omitempty"` // Extra query parameters to apply to the Ext-Auth service's token request to the identity provider. // These parameters can be useful for flows such as [PKCE](https://www.oauth.com/oauth2-servers/pkce/authorization-request/) // to set the `code_verifier`. TokenEndpointQueryParams map[string]string `` /* 225-byte string literal not displayed */ // URL to redirect to after logout. // Set this field to a publicly available URL. If not provided, this value defaults to the `app_url` value. AfterLogoutUrl string `protobuf:"bytes,10,opt,name=after_logout_url,json=afterLogoutUrl,proto3" json:"after_logout_url,omitempty"` // The URL of the provider authorization endpoint. AuthEndpoint string `protobuf:"bytes,11,opt,name=auth_endpoint,json=authEndpoint,proto3" json:"auth_endpoint,omitempty"` // The URL of the provider token endpoint. TokenEndpoint string `protobuf:"bytes,12,opt,name=token_endpoint,json=tokenEndpoint,proto3" json:"token_endpoint,omitempty"` // The URL of the provider token revocation endpoint. // For more information, refer to https://www.rfc-editor.org/rfc/rfc7009. RevocationEndpoint string `protobuf:"bytes,13,opt,name=revocation_endpoint,json=revocationEndpoint,proto3" json:"revocation_endpoint,omitempty"` // If true, do not check for or use the client secret. // Generally the client secret is required and AuthConfigs will be rejected if it isn't set. // However certain implementations of the PKCE flow do not use a client secret (including Okta) so this setting allows configuring Oauth2 without a client secret. DisableClientSecret *wrappers.BoolValue `protobuf:"bytes,14,opt,name=disable_client_secret,json=disableClientSecret,proto3" json:"disable_client_secret,omitempty"` // contains filtered or unexported fields }
func (*PlainOAuth2) Clone ¶ added in v1.12.26
func (m *PlainOAuth2) Clone() proto.Message
Clone function
func (*PlainOAuth2) Descriptor
deprecated
added in
v1.12.26
func (*PlainOAuth2) Descriptor() ([]byte, []int)
Deprecated: Use PlainOAuth2.ProtoReflect.Descriptor instead.
func (*PlainOAuth2) Equal ¶ added in v1.12.26
func (m *PlainOAuth2) Equal(that interface{}) bool
Equal function
func (*PlainOAuth2) GetAfterLogoutUrl ¶ added in v1.12.26
func (x *PlainOAuth2) GetAfterLogoutUrl() string
func (*PlainOAuth2) GetAppUrl ¶ added in v1.12.26
func (x *PlainOAuth2) GetAppUrl() string
func (*PlainOAuth2) GetAuthEndpoint ¶ added in v1.12.26
func (x *PlainOAuth2) GetAuthEndpoint() string
func (*PlainOAuth2) GetAuthEndpointQueryParams ¶ added in v1.12.26
func (x *PlainOAuth2) GetAuthEndpointQueryParams() map[string]string
func (*PlainOAuth2) GetCallbackPath ¶ added in v1.12.26
func (x *PlainOAuth2) GetCallbackPath() string
func (*PlainOAuth2) GetClientId ¶ added in v1.12.26
func (x *PlainOAuth2) GetClientId() string
func (*PlainOAuth2) GetClientSecretRef ¶ added in v1.12.26
func (x *PlainOAuth2) GetClientSecretRef() *core.ResourceRef
func (*PlainOAuth2) GetDisableClientSecret ¶ added in v1.14.9
func (x *PlainOAuth2) GetDisableClientSecret() *wrappers.BoolValue
func (*PlainOAuth2) GetLogoutPath ¶ added in v1.12.26
func (x *PlainOAuth2) GetLogoutPath() string
func (*PlainOAuth2) GetRevocationEndpoint ¶ added in v1.12.26
func (x *PlainOAuth2) GetRevocationEndpoint() string
func (*PlainOAuth2) GetScopes ¶ added in v1.12.26
func (x *PlainOAuth2) GetScopes() []string
func (*PlainOAuth2) GetSession ¶ added in v1.12.26
func (x *PlainOAuth2) GetSession() *UserSession
func (*PlainOAuth2) GetTokenEndpoint ¶ added in v1.12.26
func (x *PlainOAuth2) GetTokenEndpoint() string
func (*PlainOAuth2) GetTokenEndpointQueryParams ¶ added in v1.12.26
func (x *PlainOAuth2) GetTokenEndpointQueryParams() map[string]string
func (*PlainOAuth2) Hash ¶ added in v1.12.26
func (m *PlainOAuth2) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*PlainOAuth2) ProtoMessage ¶ added in v1.12.26
func (*PlainOAuth2) ProtoMessage()
func (*PlainOAuth2) ProtoReflect ¶ added in v1.12.26
func (x *PlainOAuth2) ProtoReflect() protoreflect.Message
func (*PlainOAuth2) Reset ¶ added in v1.12.26
func (x *PlainOAuth2) Reset()
func (*PlainOAuth2) String ¶ added in v1.12.26
func (x *PlainOAuth2) String() string
type RedisOptions ¶ added in v1.5.8
type RedisOptions struct { // address of the redis. can be address:port or unix://path/to/unix.sock Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` // db to use. can leave unset for db 0. Db int32 `protobuf:"varint,2,opt,name=db,proto3" json:"db,omitempty"` // size of the connection pool. can leave unset for default. // defaults to 10 connections per every CPU PoolSize int32 `protobuf:"varint,3,opt,name=pool_size,json=poolSize,proto3" json:"pool_size,omitempty"` // enabled with a socket type of TLS. this is the tls cert mount path for this particular host. // the generic secret can include the keys 'ca.crt', 'tls.crt', and 'tls.key'. // the secret can contain the root-ca ,'ca.crt', at minimum. If a // certificate is needed, both the 'tls.crt' and 'tls.key' need to be included. // reference this to equal the 'mountPath' on the 'redis.certs[x].mountPath' in the helm chart values. // an example of a mount path is '/certs'. TlsCertMountPath string `protobuf:"bytes,4,opt,name=tls_cert_mount_path,json=tlsCertMountPath,proto3" json:"tls_cert_mount_path,omitempty"` // the socket type, default is TCP. SocketType RedisOptions_SocketType `` /* 145-byte string literal not displayed */ // contains filtered or unexported fields }
func (*RedisOptions) Clone ¶ added in v1.8.24
func (m *RedisOptions) Clone() proto.Message
Clone function
func (*RedisOptions) Descriptor
deprecated
added in
v1.5.8
func (*RedisOptions) Descriptor() ([]byte, []int)
Deprecated: Use RedisOptions.ProtoReflect.Descriptor instead.
func (*RedisOptions) Equal ¶ added in v1.5.8
func (m *RedisOptions) Equal(that interface{}) bool
Equal function
func (*RedisOptions) GetDb ¶ added in v1.5.8
func (x *RedisOptions) GetDb() int32
func (*RedisOptions) GetHost ¶ added in v1.5.8
func (x *RedisOptions) GetHost() string
func (*RedisOptions) GetPoolSize ¶ added in v1.5.8
func (x *RedisOptions) GetPoolSize() int32
func (*RedisOptions) GetSocketType ¶ added in v1.9.25
func (x *RedisOptions) GetSocketType() RedisOptions_SocketType
func (*RedisOptions) GetTlsCertMountPath ¶ added in v1.9.25
func (x *RedisOptions) GetTlsCertMountPath() string
func (*RedisOptions) Hash ¶ added in v1.5.8
func (m *RedisOptions) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*RedisOptions) ProtoMessage ¶ added in v1.5.8
func (*RedisOptions) ProtoMessage()
func (*RedisOptions) ProtoReflect ¶ added in v1.6.0
func (x *RedisOptions) ProtoReflect() protoreflect.Message
func (*RedisOptions) Reset ¶ added in v1.5.8
func (x *RedisOptions) Reset()
func (*RedisOptions) String ¶ added in v1.5.8
func (x *RedisOptions) String() string
type RedisOptions_SocketType ¶ added in v1.9.25
type RedisOptions_SocketType int32
redis socket types
const ( // TCP connection socket, this is the default. RedisOptions_TCP RedisOptions_SocketType = 0 // TLS connection socket. RedisOptions_TLS RedisOptions_SocketType = 1 )
func (RedisOptions_SocketType) Descriptor ¶ added in v1.9.25
func (RedisOptions_SocketType) Descriptor() protoreflect.EnumDescriptor
func (RedisOptions_SocketType) Enum ¶ added in v1.9.25
func (x RedisOptions_SocketType) Enum() *RedisOptions_SocketType
func (RedisOptions_SocketType) EnumDescriptor
deprecated
added in
v1.9.25
func (RedisOptions_SocketType) EnumDescriptor() ([]byte, []int)
Deprecated: Use RedisOptions_SocketType.Descriptor instead.
func (RedisOptions_SocketType) Number ¶ added in v1.9.25
func (x RedisOptions_SocketType) Number() protoreflect.EnumNumber
func (RedisOptions_SocketType) String ¶ added in v1.9.25
func (x RedisOptions_SocketType) String() string
func (RedisOptions_SocketType) Type ¶ added in v1.9.25
func (RedisOptions_SocketType) Type() protoreflect.EnumType
type SecretRefList ¶ added in v1.14.0
type SecretRefList struct { // list of secrets as registered with the issuer SecretRefs []*core.ResourceRef `protobuf:"bytes,1,rep,name=secret_refs,json=secretRefs,proto3" json:"secret_refs,omitempty"` // contains filtered or unexported fields }
func (*SecretRefList) Clone ¶ added in v1.14.0
func (m *SecretRefList) Clone() proto.Message
Clone function
func (*SecretRefList) Descriptor
deprecated
added in
v1.14.0
func (*SecretRefList) Descriptor() ([]byte, []int)
Deprecated: Use SecretRefList.ProtoReflect.Descriptor instead.
func (*SecretRefList) Equal ¶ added in v1.14.0
func (m *SecretRefList) Equal(that interface{}) bool
Equal function
func (*SecretRefList) GetSecretRefs ¶ added in v1.14.0
func (x *SecretRefList) GetSecretRefs() []*core.ResourceRef
func (*SecretRefList) Hash ¶ added in v1.14.0
func (m *SecretRefList) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*SecretRefList) ProtoMessage ¶ added in v1.14.0
func (*SecretRefList) ProtoMessage()
func (*SecretRefList) ProtoReflect ¶ added in v1.14.0
func (x *SecretRefList) ProtoReflect() protoreflect.Message
func (*SecretRefList) Reset ¶ added in v1.14.0
func (x *SecretRefList) Reset()
func (*SecretRefList) String ¶ added in v1.14.0
func (x *SecretRefList) String() string
type Settings ¶
type Settings struct { // The upstream to ask about auth decisions ExtauthzServerRef *core.ResourceRef `protobuf:"bytes,1,opt,name=extauthz_server_ref,json=extauthzServerRef,proto3" json:"extauthz_server_ref,omitempty"` // Types that are assignable to ServiceType: // // *Settings_HttpService // *Settings_GrpcService ServiceType isSettings_ServiceType `protobuf_oneof:"service_type"` // If the auth server trusted id of the user, it will be set in this header. // Specifically this means that this header will be sanitized form the incoming request. UserIdHeader string `protobuf:"bytes,3,opt,name=user_id_header,json=userIdHeader,proto3" json:"user_id_header,omitempty"` // Timeout for the ext auth service to respond. Defaults to 200ms RequestTimeout *duration.Duration `protobuf:"bytes,4,opt,name=request_timeout,json=requestTimeout,proto3" json:"request_timeout,omitempty"` // In case of a failure or timeout querying the auth server, normally a request is denied. // if this is set to true, the request will be allowed. FailureModeAllow bool `protobuf:"varint,5,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"` // Set this if you also want to send the body of the request, and not just the headers. RequestBody *BufferSettings `protobuf:"bytes,6,opt,name=request_body,json=requestBody,proto3" json:"request_body,omitempty"` // Clears route cache in order to allow the external authorization service to correctly affect // routing decisions. Filter clears all cached routes when: // // 1. The field is set to *true*. // // 2. The status returned from the authorization service is a HTTP 200 or gRPC 0. // // 3. At least one *authorization response header* is added to the client request, or is used for // altering another client request header. ClearRouteCache bool `protobuf:"varint,7,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"` // Sets the HTTP status that is returned to the client when there is a network error between the // filter and the authorization server. The default status is HTTP 403 Forbidden. // If set, this must be one of the following: // - 100 // - 200 201 202 203 204 205 206 207 208 226 // - 300 301 302 303 304 305 307 308 // - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431 // - 500 501 502 503 504 505 506 507 508 510 511 StatusOnError uint32 `protobuf:"varint,8,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"` // Determines the API version for the `ext_authz` transport protocol that will be used by Envoy // to communicate with the auth server. Defaults to `V2`. For more info, see the `transport_api_version` field // [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_authz/v3/ext_authz.proto#extensions-filters-http-ext-authz-v3-extauthz). TransportApiVersion Settings_ApiVersion `` /* 170-byte string literal not displayed */ // Optional additional prefix to use when emitting statistics. // This allows to distinguish emitted statistics between configured ext_authz filters in an HTTP filter chain. StatPrefix string `protobuf:"bytes,10,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"` // contains filtered or unexported fields }
Global external auth settings
func (*Settings) Descriptor
deprecated
func (*Settings) GetClearRouteCache ¶
func (*Settings) GetExtauthzServerRef ¶
func (x *Settings) GetExtauthzServerRef() *core.ResourceRef
func (*Settings) GetFailureModeAllow ¶
func (*Settings) GetGrpcService ¶ added in v1.9.25
func (x *Settings) GetGrpcService() *GrpcService
func (*Settings) GetHttpService ¶
func (x *Settings) GetHttpService() *HttpService
func (*Settings) GetRequestBody ¶
func (x *Settings) GetRequestBody() *BufferSettings
func (*Settings) GetRequestTimeout ¶
func (*Settings) GetServiceType ¶ added in v1.9.25
func (m *Settings) GetServiceType() isSettings_ServiceType
func (*Settings) GetStatPrefix ¶ added in v1.8.0
func (*Settings) GetStatusOnError ¶
func (*Settings) GetTransportApiVersion ¶ added in v1.6.11
func (x *Settings) GetTransportApiVersion() Settings_ApiVersion
func (*Settings) GetUserIdHeader ¶
func (*Settings) ProtoMessage ¶
func (*Settings) ProtoMessage()
func (*Settings) ProtoReflect ¶ added in v1.6.0
func (x *Settings) ProtoReflect() protoreflect.Message
type Settings_ApiVersion ¶ added in v1.6.11
type Settings_ApiVersion int32
Describes the transport protocol version to use when connecting to the ext auth server.
const ( // Use v3 API. Settings_V3 Settings_ApiVersion = 0 )
func (Settings_ApiVersion) Descriptor ¶ added in v1.6.11
func (Settings_ApiVersion) Descriptor() protoreflect.EnumDescriptor
func (Settings_ApiVersion) Enum ¶ added in v1.6.11
func (x Settings_ApiVersion) Enum() *Settings_ApiVersion
func (Settings_ApiVersion) EnumDescriptor
deprecated
added in
v1.6.11
func (Settings_ApiVersion) EnumDescriptor() ([]byte, []int)
Deprecated: Use Settings_ApiVersion.Descriptor instead.
func (Settings_ApiVersion) Number ¶ added in v1.6.11
func (x Settings_ApiVersion) Number() protoreflect.EnumNumber
func (Settings_ApiVersion) String ¶ added in v1.6.11
func (x Settings_ApiVersion) String() string
func (Settings_ApiVersion) Type ¶ added in v1.6.11
func (Settings_ApiVersion) Type() protoreflect.EnumType
type Settings_GrpcService ¶ added in v1.9.25
type Settings_GrpcService struct { // Optional, if set the communication to the upstream will be via GRPC. GrpcService *GrpcService `protobuf:"bytes,11,opt,name=grpc_service,json=grpcService,proto3,oneof"` }
type Settings_HttpService ¶ added in v1.9.25
type Settings_HttpService struct { // If this is set, communication to the upstream will be via HTTP and not GRPC (default). HttpService *HttpService `protobuf:"bytes,2,opt,name=http_service,json=httpService,proto3,oneof"` }
type TransitionAuthConfigFunc ¶
type TransitionAuthConfigFunc func(original, desired *AuthConfig) (bool, error)
Option to copy anything from the original to the desired before writing. Return value of false means don't update
type UnimplementedApiKeyServiceServer ¶ added in v1.13.0
type UnimplementedApiKeyServiceServer struct { }
UnimplementedApiKeyServiceServer can be embedded to have forward compatible implementations.
func (*UnimplementedApiKeyServiceServer) Create ¶ added in v1.13.0
func (*UnimplementedApiKeyServiceServer) Create(context.Context, *ApiKeyCreateRequest) (*ApiKeyCreateResponse, error)
func (*UnimplementedApiKeyServiceServer) Delete ¶ added in v1.13.0
func (*UnimplementedApiKeyServiceServer) Delete(context.Context, *ApiKeyDeleteRequest) (*ApiKeyDeleteResponse, error)
func (*UnimplementedApiKeyServiceServer) Read ¶ added in v1.13.0
func (*UnimplementedApiKeyServiceServer) Read(context.Context, *ApiKeyReadRequest) (*ApiKeyReadResponse, error)
func (*UnimplementedApiKeyServiceServer) Update ¶ added in v1.13.0
func (*UnimplementedApiKeyServiceServer) Update(context.Context, *ApiKeyUpdateRequest) (*ApiKeyUpdateResponse, error)
type UnimplementedExtAuthDiscoveryServiceServer ¶
type UnimplementedExtAuthDiscoveryServiceServer struct { }
UnimplementedExtAuthDiscoveryServiceServer can be embedded to have forward compatible implementations.
func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig ¶
func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig(ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error
func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig ¶
func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig(context.Context, *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)
func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig ¶
func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig(ExtAuthDiscoveryService_StreamExtAuthConfigServer) error
type UserSession ¶ added in v1.5.8
type UserSession struct { // should we fail auth flow when failing to get a session from redis, or allow it to continue, // potentially starting a new auth flow and setting a new session. FailOnFetchFailure bool `protobuf:"varint,1,opt,name=fail_on_fetch_failure,json=failOnFetchFailure,proto3" json:"fail_on_fetch_failure,omitempty"` // Set-Cookie options CookieOptions *UserSession_CookieOptions `protobuf:"bytes,2,opt,name=cookie_options,json=cookieOptions,proto3" json:"cookie_options,omitempty"` // Types that are assignable to Session: // // *UserSession_Cookie // *UserSession_Redis Session isUserSession_Session `protobuf_oneof:"session"` // the cipher config enables the symmetric key encryption of the cookie values of the user session. CipherConfig *UserSession_CipherConfig `protobuf:"bytes,5,opt,name=cipher_config,json=cipherConfig,proto3" json:"cipher_config,omitempty"` // contains filtered or unexported fields }
func (*UserSession) Clone ¶ added in v1.8.24
func (m *UserSession) Clone() proto.Message
Clone function
func (*UserSession) Descriptor
deprecated
added in
v1.5.8
func (*UserSession) Descriptor() ([]byte, []int)
Deprecated: Use UserSession.ProtoReflect.Descriptor instead.
func (*UserSession) Equal ¶ added in v1.5.8
func (m *UserSession) Equal(that interface{}) bool
Equal function
func (*UserSession) GetCipherConfig ¶ added in v1.14.2
func (x *UserSession) GetCipherConfig() *UserSession_CipherConfig
func (*UserSession) GetCookie ¶ added in v1.5.8
func (x *UserSession) GetCookie() *UserSession_InternalSession
func (*UserSession) GetCookieOptions ¶ added in v1.5.8
func (x *UserSession) GetCookieOptions() *UserSession_CookieOptions
func (*UserSession) GetFailOnFetchFailure ¶ added in v1.5.8
func (x *UserSession) GetFailOnFetchFailure() bool
func (*UserSession) GetRedis ¶ added in v1.5.8
func (x *UserSession) GetRedis() *UserSession_RedisSession
func (*UserSession) GetSession ¶ added in v1.5.8
func (m *UserSession) GetSession() isUserSession_Session
func (*UserSession) Hash ¶ added in v1.5.8
func (m *UserSession) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*UserSession) ProtoMessage ¶ added in v1.5.8
func (*UserSession) ProtoMessage()
func (*UserSession) ProtoReflect ¶ added in v1.6.0
func (x *UserSession) ProtoReflect() protoreflect.Message
func (*UserSession) Reset ¶ added in v1.5.8
func (x *UserSession) Reset()
func (*UserSession) String ¶ added in v1.5.8
func (x *UserSession) String() string
type UserSession_CipherConfig ¶ added in v1.14.2
type UserSession_CipherConfig struct { // to enable the cipher encryption, the key has to be present. Note that the key has to be found and 32 bytes in // length for the authconfig to not be rejected. // // Types that are assignable to Key: // // *UserSession_CipherConfig_KeyRef Key isUserSession_CipherConfig_Key `protobuf_oneof:"key"` // contains filtered or unexported fields }
the cipher config is used to encrypt session cookie values. This is currently only available for OIDC.
func (*UserSession_CipherConfig) Clone ¶ added in v1.14.2
func (m *UserSession_CipherConfig) Clone() proto.Message
Clone function
func (*UserSession_CipherConfig) Descriptor
deprecated
added in
v1.14.2
func (*UserSession_CipherConfig) Descriptor() ([]byte, []int)
Deprecated: Use UserSession_CipherConfig.ProtoReflect.Descriptor instead.
func (*UserSession_CipherConfig) Equal ¶ added in v1.14.2
func (m *UserSession_CipherConfig) Equal(that interface{}) bool
Equal function
func (*UserSession_CipherConfig) GetKey ¶ added in v1.14.2
func (m *UserSession_CipherConfig) GetKey() isUserSession_CipherConfig_Key
func (*UserSession_CipherConfig) GetKeyRef ¶ added in v1.14.2
func (x *UserSession_CipherConfig) GetKeyRef() *core.ResourceRef
func (*UserSession_CipherConfig) Hash ¶ added in v1.14.2
func (m *UserSession_CipherConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*UserSession_CipherConfig) ProtoMessage ¶ added in v1.14.2
func (*UserSession_CipherConfig) ProtoMessage()
func (*UserSession_CipherConfig) ProtoReflect ¶ added in v1.14.2
func (x *UserSession_CipherConfig) ProtoReflect() protoreflect.Message
func (*UserSession_CipherConfig) Reset ¶ added in v1.14.2
func (x *UserSession_CipherConfig) Reset()
func (*UserSession_CipherConfig) String ¶ added in v1.14.2
func (x *UserSession_CipherConfig) String() string
type UserSession_CipherConfig_KeyRef ¶ added in v1.14.2
type UserSession_CipherConfig_KeyRef struct { // The key reference used for the cipher. The reference must be a Kubernetes Secret of type `gloo.solo.io.EncryptionKeySecret`. KeyRef *core.ResourceRef `protobuf:"bytes,1,opt,name=key_ref,json=keyRef,proto3,oneof"` }
type UserSession_Cookie ¶ added in v1.5.8
type UserSession_Cookie struct { // Set the tokens in the cookie itself. No need for server side state. Cookie *UserSession_InternalSession `protobuf:"bytes,3,opt,name=cookie,proto3,oneof"` }
type UserSession_CookieOptions ¶ added in v1.5.8
type UserSession_CookieOptions struct { // Max age for the cookie. Leave unset for a default of 30 days (2592000 seconds). // To disable cookie expiry, set explicitly to 0. MaxAge *wrappers.UInt32Value `protobuf:"bytes,1,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"` // Use a non-secure cookie. Note - this should only be used for testing and in trusted // environments. NotSecure bool `protobuf:"varint,2,opt,name=not_secure,json=notSecure,proto3" json:"not_secure,omitempty"` // Set the cookie to be HttpOnly. defaults to true. Set explicity to false to disable. HttpOnly *wrappers.BoolValue `protobuf:"bytes,5,opt,name=http_only,json=httpOnly,proto3" json:"http_only,omitempty"` // Path of the cookie. If unset, defaults to "/". Set it explicitly to "" to avoid setting a // path. Path *wrappers.StringValue `protobuf:"bytes,3,opt,name=path,proto3" json:"path,omitempty"` // Whether the cookie should be restricted to a first-party or same-site context. // The default mode is LaxMode. SameSite UserSession_CookieOptions_SameSite `` /* 150-byte string literal not displayed */ // Cookie domain Domain string `protobuf:"bytes,4,opt,name=domain,proto3" json:"domain,omitempty"` // contains filtered or unexported fields }
func (*UserSession_CookieOptions) Clone ¶ added in v1.8.24
func (m *UserSession_CookieOptions) Clone() proto.Message
Clone function
func (*UserSession_CookieOptions) Descriptor
deprecated
added in
v1.5.8
func (*UserSession_CookieOptions) Descriptor() ([]byte, []int)
Deprecated: Use UserSession_CookieOptions.ProtoReflect.Descriptor instead.
func (*UserSession_CookieOptions) Equal ¶ added in v1.5.8
func (m *UserSession_CookieOptions) Equal(that interface{}) bool
Equal function
func (*UserSession_CookieOptions) GetDomain ¶ added in v1.5.8
func (x *UserSession_CookieOptions) GetDomain() string
func (*UserSession_CookieOptions) GetHttpOnly ¶ added in v1.9.25
func (x *UserSession_CookieOptions) GetHttpOnly() *wrappers.BoolValue
func (*UserSession_CookieOptions) GetMaxAge ¶ added in v1.5.8
func (x *UserSession_CookieOptions) GetMaxAge() *wrappers.UInt32Value
func (*UserSession_CookieOptions) GetNotSecure ¶ added in v1.5.8
func (x *UserSession_CookieOptions) GetNotSecure() bool
func (*UserSession_CookieOptions) GetPath ¶ added in v1.5.8
func (x *UserSession_CookieOptions) GetPath() *wrappers.StringValue
func (*UserSession_CookieOptions) GetSameSite ¶ added in v1.9.25
func (x *UserSession_CookieOptions) GetSameSite() UserSession_CookieOptions_SameSite
func (*UserSession_CookieOptions) Hash ¶ added in v1.5.8
func (m *UserSession_CookieOptions) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*UserSession_CookieOptions) ProtoMessage ¶ added in v1.5.8
func (*UserSession_CookieOptions) ProtoMessage()
func (*UserSession_CookieOptions) ProtoReflect ¶ added in v1.6.0
func (x *UserSession_CookieOptions) ProtoReflect() protoreflect.Message
func (*UserSession_CookieOptions) Reset ¶ added in v1.5.8
func (x *UserSession_CookieOptions) Reset()
func (*UserSession_CookieOptions) String ¶ added in v1.5.8
func (x *UserSession_CookieOptions) String() string
type UserSession_CookieOptions_SameSite ¶ added in v1.9.25
type UserSession_CookieOptions_SameSite int32
The SameSite options. The default value is LaxMode.
const ( // Default Mode is the same as LaxMode but will not show up in the Cookie Header. This value is ignored. UserSession_CookieOptions_DefaultMode UserSession_CookieOptions_SameSite = 0 // Cookies are not sent on normal cross-site subrequests, but are sent when // navigating to the origin site. UserSession_CookieOptions_LaxMode UserSession_CookieOptions_SameSite = 1 // Only be sent in a first-party context and not be sent along with requests // initiated by third party websites. UserSession_CookieOptions_StrictMode UserSession_CookieOptions_SameSite = 2 // Cookies are sent in all contexts. Cookie NotSecure must be unset. UserSession_CookieOptions_NoneMode UserSession_CookieOptions_SameSite = 3 )
func (UserSession_CookieOptions_SameSite) Descriptor ¶ added in v1.9.25
func (UserSession_CookieOptions_SameSite) Descriptor() protoreflect.EnumDescriptor
func (UserSession_CookieOptions_SameSite) Enum ¶ added in v1.9.25
func (x UserSession_CookieOptions_SameSite) Enum() *UserSession_CookieOptions_SameSite
func (UserSession_CookieOptions_SameSite) EnumDescriptor
deprecated
added in
v1.9.25
func (UserSession_CookieOptions_SameSite) EnumDescriptor() ([]byte, []int)
Deprecated: Use UserSession_CookieOptions_SameSite.Descriptor instead.
func (UserSession_CookieOptions_SameSite) Number ¶ added in v1.9.25
func (x UserSession_CookieOptions_SameSite) Number() protoreflect.EnumNumber
func (UserSession_CookieOptions_SameSite) String ¶ added in v1.9.25
func (x UserSession_CookieOptions_SameSite) String() string
func (UserSession_CookieOptions_SameSite) Type ¶ added in v1.9.25
func (UserSession_CookieOptions_SameSite) Type() protoreflect.EnumType
type UserSession_InternalSession ¶ added in v1.5.8
type UserSession_InternalSession struct { // Refresh expired id-tokens using the refresh-token. The tokens refreshes when the client issues a call. // Defaults to false. To enable refreshing, set to true. AllowRefreshing *wrappers.BoolValue `protobuf:"bytes,1,opt,name=allow_refreshing,json=allowRefreshing,proto3" json:"allow_refreshing,omitempty"` // Prefix to append to cookie keys, such as for separate domain and subdomain prefixes. // Cookie keys are stored in the form `<key_prefix>_<cookie_name>`. // For more information, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes KeyPrefix string `protobuf:"bytes,2,opt,name=key_prefix,json=keyPrefix,proto3" json:"key_prefix,omitempty"` // Domain used to validate against requests in order to ensure that request host name matches target domain. // If the target domain is provided will prevent requests that do not match the target domain according to // the domain matching specifications in RFC 6265. For more information, see https://datatracker.ietf.org/doc/html/rfc6265#section-5.1.3 TargetDomain string `protobuf:"bytes,3,opt,name=target_domain,json=targetDomain,proto3" json:"target_domain,omitempty"` // contains filtered or unexported fields }
func (*UserSession_InternalSession) Clone ¶ added in v1.8.24
func (m *UserSession_InternalSession) Clone() proto.Message
Clone function
func (*UserSession_InternalSession) Descriptor
deprecated
added in
v1.5.8
func (*UserSession_InternalSession) Descriptor() ([]byte, []int)
Deprecated: Use UserSession_InternalSession.ProtoReflect.Descriptor instead.
func (*UserSession_InternalSession) Equal ¶ added in v1.5.8
func (m *UserSession_InternalSession) Equal(that interface{}) bool
Equal function
func (*UserSession_InternalSession) GetAllowRefreshing ¶ added in v1.9.25
func (x *UserSession_InternalSession) GetAllowRefreshing() *wrappers.BoolValue
func (*UserSession_InternalSession) GetKeyPrefix ¶ added in v1.8.37
func (x *UserSession_InternalSession) GetKeyPrefix() string
func (*UserSession_InternalSession) GetTargetDomain ¶ added in v1.9.25
func (x *UserSession_InternalSession) GetTargetDomain() string
func (*UserSession_InternalSession) Hash ¶ added in v1.5.8
func (m *UserSession_InternalSession) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*UserSession_InternalSession) ProtoMessage ¶ added in v1.5.8
func (*UserSession_InternalSession) ProtoMessage()
func (*UserSession_InternalSession) ProtoReflect ¶ added in v1.6.0
func (x *UserSession_InternalSession) ProtoReflect() protoreflect.Message
func (*UserSession_InternalSession) Reset ¶ added in v1.5.8
func (x *UserSession_InternalSession) Reset()
func (*UserSession_InternalSession) String ¶ added in v1.5.8
func (x *UserSession_InternalSession) String() string
type UserSession_Redis ¶ added in v1.5.8
type UserSession_Redis struct { // Use redis to store the tokens and just store a random id in the cookie. Redis *UserSession_RedisSession `protobuf:"bytes,4,opt,name=redis,proto3,oneof"` }
type UserSession_RedisSession ¶ added in v1.5.8
type UserSession_RedisSession struct { // Options to connect to redis Options *RedisOptions `protobuf:"bytes,1,opt,name=options,proto3" json:"options,omitempty"` // Key prefix inside redis KeyPrefix string `protobuf:"bytes,2,opt,name=key_prefix,json=keyPrefix,proto3" json:"key_prefix,omitempty"` // Cookie name to set and store the session id. If empty the default "__session" is used. CookieName string `protobuf:"bytes,3,opt,name=cookie_name,json=cookieName,proto3" json:"cookie_name,omitempty"` // Refresh expired id-tokens using the refresh-token. The tokens refreshes when the client issues a call. // Defaults to true. To disable refreshing, set to false. AllowRefreshing *wrappers.BoolValue `protobuf:"bytes,4,opt,name=allow_refreshing,json=allowRefreshing,proto3" json:"allow_refreshing,omitempty"` // Specifies a time buffer in which an id-token will be refreshed prior to its // actual expiration. Defaults to 2 seconds. A duration of 0 will only refresh // tokens after they have already expired. To refresh tokens, you must also set // 'allowRefreshing' to 'true'; otherwise, this field is ignored. PreExpiryBuffer *duration.Duration `protobuf:"bytes,5,opt,name=pre_expiry_buffer,json=preExpiryBuffer,proto3" json:"pre_expiry_buffer,omitempty"` // Domain used to validate against requests in order to ensure that request host name matches target domain. // If the target domain is provided will prevent requests that do not match the target domain according to // the domain matching specifications in RFC 6265. For more information, see https://datatracker.ietf.org/doc/html/rfc6265#section-5.1.3 TargetDomain string `protobuf:"bytes,6,opt,name=target_domain,json=targetDomain,proto3" json:"target_domain,omitempty"` // If set, the name of the header that will include the randomly generated session id // This would be used as part of the code exchange with the Oauth2 token endpoint HeaderName string `protobuf:"bytes,7,opt,name=header_name,json=headerName,proto3" json:"header_name,omitempty"` // contains filtered or unexported fields }
func (*UserSession_RedisSession) Clone ¶ added in v1.8.24
func (m *UserSession_RedisSession) Clone() proto.Message
Clone function
func (*UserSession_RedisSession) Descriptor
deprecated
added in
v1.5.8
func (*UserSession_RedisSession) Descriptor() ([]byte, []int)
Deprecated: Use UserSession_RedisSession.ProtoReflect.Descriptor instead.
func (*UserSession_RedisSession) Equal ¶ added in v1.5.8
func (m *UserSession_RedisSession) Equal(that interface{}) bool
Equal function
func (*UserSession_RedisSession) GetAllowRefreshing ¶ added in v1.6.0
func (x *UserSession_RedisSession) GetAllowRefreshing() *wrappers.BoolValue
func (*UserSession_RedisSession) GetCookieName ¶ added in v1.5.8
func (x *UserSession_RedisSession) GetCookieName() string
func (*UserSession_RedisSession) GetHeaderName ¶ added in v1.12.26
func (x *UserSession_RedisSession) GetHeaderName() string
func (*UserSession_RedisSession) GetKeyPrefix ¶ added in v1.5.8
func (x *UserSession_RedisSession) GetKeyPrefix() string
func (*UserSession_RedisSession) GetOptions ¶ added in v1.5.8
func (x *UserSession_RedisSession) GetOptions() *RedisOptions
func (*UserSession_RedisSession) GetPreExpiryBuffer ¶ added in v1.9.6
func (x *UserSession_RedisSession) GetPreExpiryBuffer() *duration.Duration
func (*UserSession_RedisSession) GetTargetDomain ¶ added in v1.9.25
func (x *UserSession_RedisSession) GetTargetDomain() string
func (*UserSession_RedisSession) Hash ¶ added in v1.5.8
func (m *UserSession_RedisSession) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*UserSession_RedisSession) ProtoMessage ¶ added in v1.5.8
func (*UserSession_RedisSession) ProtoMessage()
func (*UserSession_RedisSession) ProtoReflect ¶ added in v1.6.0
func (x *UserSession_RedisSession) ProtoReflect() protoreflect.Message
func (*UserSession_RedisSession) Reset ¶ added in v1.5.8
func (x *UserSession_RedisSession) Reset()
func (*UserSession_RedisSession) String ¶ added in v1.5.8
func (x *UserSession_RedisSession) String() string
Source Files ¶
- auth_config.sk.go
- auth_config_client.sk.go
- auth_config_reconciler.sk.go
- enterprise_event_loop.sk.go
- enterprise_simple_event_loop.sk.go
- enterprise_snapshot.sk.go
- enterprise_snapshot_emitter.sk.go
- enterprise_snapshot_simple_emitter.sk.go
- ext_auth_discovery_service_xds.sk.go
- extauth.pb.clone.go
- extauth.pb.equal.go
- extauth.pb.go
- extauth.pb.hash.go
Directories ¶
Path | Synopsis |
---|---|
kube
|
|
apis/enterprise.gloo.solo.io/v1
Package v1 is the v1 version of the API.
|
Package v1 is the v1 version of the API. |
client/clientset/versioned
This package has the automatically generated clientset.
|
This package has the automatically generated clientset. |
client/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
client/clientset/versioned/typed/enterprise.gloo.solo.io/v1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
client/clientset/versioned/typed/enterprise.gloo.solo.io/v1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |