Documentation ¶
Index ¶
- Variables
- type CallCredentials
- func (m *CallCredentials) Clone() proto.Message
- func (*CallCredentials) Descriptor() ([]byte, []int)deprecated
- func (m *CallCredentials) Equal(that interface{}) bool
- func (x *CallCredentials) GetFileCredentialSource() *CallCredentials_FileCredentialSource
- func (m *CallCredentials) Hash(hasher hash.Hash64) (uint64, error)
- func (*CallCredentials) ProtoMessage()
- func (x *CallCredentials) ProtoReflect() protoreflect.Message
- func (x *CallCredentials) Reset()
- func (x *CallCredentials) String() string
- type CallCredentials_FileCredentialSource
- func (m *CallCredentials_FileCredentialSource) Clone() proto.Message
- func (*CallCredentials_FileCredentialSource) Descriptor() ([]byte, []int)deprecated
- func (m *CallCredentials_FileCredentialSource) Equal(that interface{}) bool
- func (x *CallCredentials_FileCredentialSource) GetHeader() string
- func (x *CallCredentials_FileCredentialSource) GetTokenFileName() string
- func (m *CallCredentials_FileCredentialSource) Hash(hasher hash.Hash64) (uint64, error)
- func (*CallCredentials_FileCredentialSource) ProtoMessage()
- func (x *CallCredentials_FileCredentialSource) ProtoReflect() protoreflect.Message
- func (x *CallCredentials_FileCredentialSource) Reset()
- func (x *CallCredentials_FileCredentialSource) String() string
- type SDSConfig
- func (m *SDSConfig) Clone() proto.Message
- func (*SDSConfig) Descriptor() ([]byte, []int)deprecated
- func (m *SDSConfig) Equal(that interface{}) bool
- func (x *SDSConfig) GetCallCredentials() *CallCredentials
- func (x *SDSConfig) GetCertificatesSecretName() string
- func (x *SDSConfig) GetClusterName() string
- func (m *SDSConfig) GetSdsBuilder() isSDSConfig_SdsBuilder
- func (x *SDSConfig) GetTargetUri() string
- func (x *SDSConfig) GetValidationContextName() string
- func (m *SDSConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*SDSConfig) ProtoMessage()
- func (x *SDSConfig) ProtoReflect() protoreflect.Message
- func (x *SDSConfig) Reset()
- func (x *SDSConfig) String() string
- type SDSConfig_CallCredentials
- type SDSConfig_ClusterName
- type SSLFiles
- func (m *SSLFiles) Clone() proto.Message
- func (*SSLFiles) Descriptor() ([]byte, []int)deprecated
- func (m *SSLFiles) Equal(that interface{}) bool
- func (x *SSLFiles) GetOcspStaple() string
- func (x *SSLFiles) GetRootCa() string
- func (x *SSLFiles) GetTlsCert() string
- func (x *SSLFiles) GetTlsKey() string
- func (m *SSLFiles) Hash(hasher hash.Hash64) (uint64, error)
- func (*SSLFiles) ProtoMessage()
- func (x *SSLFiles) ProtoReflect() protoreflect.Message
- func (x *SSLFiles) Reset()
- func (x *SSLFiles) String() string
- type SslConfig
- func (m *SslConfig) Clone() proto.Message
- func (*SslConfig) Descriptor() ([]byte, []int)deprecated
- func (m *SslConfig) Equal(that interface{}) bool
- func (x *SslConfig) GetAlpnProtocols() []string
- func (x *SslConfig) GetDisableTlsSessionResumption() *wrappers.BoolValue
- func (x *SslConfig) GetOcspStaplePolicy() SslConfig_OcspStaplePolicy
- func (x *SslConfig) GetOneWayTls() *wrappers.BoolValue
- func (x *SslConfig) GetParameters() *SslParameters
- func (x *SslConfig) GetSds() *SDSConfig
- func (x *SslConfig) GetSecretRef() *core.ResourceRef
- func (x *SslConfig) GetSniDomains() []string
- func (x *SslConfig) GetSslFiles() *SSLFiles
- func (m *SslConfig) GetSslSecrets() isSslConfig_SslSecrets
- func (x *SslConfig) GetTransportSocketConnectTimeout() *duration.Duration
- func (x *SslConfig) GetVerifySubjectAltName() []string
- func (m *SslConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*SslConfig) ProtoMessage()
- func (x *SslConfig) ProtoReflect() protoreflect.Message
- func (x *SslConfig) Reset()
- func (x *SslConfig) String() string
- type SslConfig_OcspStaplePolicy
- func (SslConfig_OcspStaplePolicy) Descriptor() protoreflect.EnumDescriptor
- func (x SslConfig_OcspStaplePolicy) Enum() *SslConfig_OcspStaplePolicy
- func (SslConfig_OcspStaplePolicy) EnumDescriptor() ([]byte, []int)deprecated
- func (x SslConfig_OcspStaplePolicy) Number() protoreflect.EnumNumber
- func (x SslConfig_OcspStaplePolicy) String() string
- func (SslConfig_OcspStaplePolicy) Type() protoreflect.EnumType
- type SslConfig_Sds
- type SslConfig_SecretRef
- type SslConfig_SslFiles
- type SslParameters
- func (m *SslParameters) Clone() proto.Message
- func (*SslParameters) Descriptor() ([]byte, []int)deprecated
- func (m *SslParameters) Equal(that interface{}) bool
- func (x *SslParameters) GetCipherSuites() []string
- func (x *SslParameters) GetEcdhCurves() []string
- func (x *SslParameters) GetMaximumProtocolVersion() SslParameters_ProtocolVersion
- func (x *SslParameters) GetMinimumProtocolVersion() SslParameters_ProtocolVersion
- func (m *SslParameters) Hash(hasher hash.Hash64) (uint64, error)
- func (*SslParameters) ProtoMessage()
- func (x *SslParameters) ProtoReflect() protoreflect.Message
- func (x *SslParameters) Reset()
- func (x *SslParameters) String() string
- type SslParameters_ProtocolVersion
- func (SslParameters_ProtocolVersion) Descriptor() protoreflect.EnumDescriptor
- func (x SslParameters_ProtocolVersion) Enum() *SslParameters_ProtocolVersion
- func (SslParameters_ProtocolVersion) EnumDescriptor() ([]byte, []int)deprecated
- func (x SslParameters_ProtocolVersion) Number() protoreflect.EnumNumber
- func (x SslParameters_ProtocolVersion) String() string
- func (SslParameters_ProtocolVersion) Type() protoreflect.EnumType
- type UpstreamSslConfig
- func (m *UpstreamSslConfig) Clone() proto.Message
- func (*UpstreamSslConfig) Descriptor() ([]byte, []int)deprecated
- func (m *UpstreamSslConfig) Equal(that interface{}) bool
- func (x *UpstreamSslConfig) GetAllowRenegotiation() *wrappers.BoolValue
- func (x *UpstreamSslConfig) GetAlpnProtocols() []string
- func (x *UpstreamSslConfig) GetOneWayTls() *wrappers.BoolValue
- func (x *UpstreamSslConfig) GetParameters() *SslParameters
- func (x *UpstreamSslConfig) GetSds() *SDSConfig
- func (x *UpstreamSslConfig) GetSecretRef() *core.ResourceRef
- func (x *UpstreamSslConfig) GetSni() string
- func (x *UpstreamSslConfig) GetSslFiles() *SSLFiles
- func (m *UpstreamSslConfig) GetSslSecrets() isUpstreamSslConfig_SslSecrets
- func (x *UpstreamSslConfig) GetVerifySubjectAltName() []string
- func (m *UpstreamSslConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*UpstreamSslConfig) ProtoMessage()
- func (x *UpstreamSslConfig) ProtoReflect() protoreflect.Message
- func (x *UpstreamSslConfig) Reset()
- func (x *UpstreamSslConfig) String() string
- type UpstreamSslConfig_Sds
- type UpstreamSslConfig_SecretRef
- type UpstreamSslConfig_SslFiles
Constants ¶
This section is empty.
Variables ¶
var ( SslConfig_OcspStaplePolicy_name = map[int32]string{ 0: "LENIENT_STAPLING", 1: "STRICT_STAPLING", 2: "MUST_STAPLE", } SslConfig_OcspStaplePolicy_value = map[string]int32{ "LENIENT_STAPLING": 0, "STRICT_STAPLING": 1, "MUST_STAPLE": 2, } )
Enum value maps for SslConfig_OcspStaplePolicy.
var ( SslParameters_ProtocolVersion_name = map[int32]string{ 0: "TLS_AUTO", 1: "TLSv1_0", 2: "TLSv1_1", 3: "TLSv1_2", 4: "TLSv1_3", } SslParameters_ProtocolVersion_value = map[string]int32{ "TLS_AUTO": 0, "TLSv1_0": 1, "TLSv1_1": 2, "TLSv1_2": 3, "TLSv1_3": 4, } )
Enum value maps for SslParameters_ProtocolVersion.
var File_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_ssl_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type CallCredentials ¶
type CallCredentials struct { // Call credentials are coming from a file, FileCredentialSource *CallCredentials_FileCredentialSource `protobuf:"bytes,1,opt,name=file_credential_source,json=fileCredentialSource,proto3" json:"file_credential_source,omitempty"` // contains filtered or unexported fields }
func (*CallCredentials) Descriptor
deprecated
func (*CallCredentials) Descriptor() ([]byte, []int)
Deprecated: Use CallCredentials.ProtoReflect.Descriptor instead.
func (*CallCredentials) Equal ¶
func (m *CallCredentials) Equal(that interface{}) bool
Equal function
func (*CallCredentials) GetFileCredentialSource ¶
func (x *CallCredentials) GetFileCredentialSource() *CallCredentials_FileCredentialSource
func (*CallCredentials) Hash ¶
func (m *CallCredentials) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*CallCredentials) ProtoMessage ¶
func (*CallCredentials) ProtoMessage()
func (*CallCredentials) ProtoReflect ¶
func (x *CallCredentials) ProtoReflect() protoreflect.Message
func (*CallCredentials) Reset ¶
func (x *CallCredentials) Reset()
func (*CallCredentials) String ¶
func (x *CallCredentials) String() string
type CallCredentials_FileCredentialSource ¶
type CallCredentials_FileCredentialSource struct { // File containing auth token. TokenFileName string `protobuf:"bytes,1,opt,name=token_file_name,json=tokenFileName,proto3" json:"token_file_name,omitempty"` // Header to carry the token. Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"` // contains filtered or unexported fields }
func (*CallCredentials_FileCredentialSource) Clone ¶
func (m *CallCredentials_FileCredentialSource) Clone() proto.Message
Clone function
func (*CallCredentials_FileCredentialSource) Descriptor
deprecated
func (*CallCredentials_FileCredentialSource) Descriptor() ([]byte, []int)
Deprecated: Use CallCredentials_FileCredentialSource.ProtoReflect.Descriptor instead.
func (*CallCredentials_FileCredentialSource) Equal ¶
func (m *CallCredentials_FileCredentialSource) Equal(that interface{}) bool
Equal function
func (*CallCredentials_FileCredentialSource) GetHeader ¶
func (x *CallCredentials_FileCredentialSource) GetHeader() string
func (*CallCredentials_FileCredentialSource) GetTokenFileName ¶
func (x *CallCredentials_FileCredentialSource) GetTokenFileName() string
func (*CallCredentials_FileCredentialSource) Hash ¶
func (m *CallCredentials_FileCredentialSource) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*CallCredentials_FileCredentialSource) ProtoMessage ¶
func (*CallCredentials_FileCredentialSource) ProtoMessage()
func (*CallCredentials_FileCredentialSource) ProtoReflect ¶
func (x *CallCredentials_FileCredentialSource) ProtoReflect() protoreflect.Message
func (*CallCredentials_FileCredentialSource) Reset ¶
func (x *CallCredentials_FileCredentialSource) Reset()
func (*CallCredentials_FileCredentialSource) String ¶
func (x *CallCredentials_FileCredentialSource) String() string
type SDSConfig ¶
type SDSConfig struct { // Target uri for the sds channel. currently only a unix domain socket is supported. TargetUri string `protobuf:"bytes,1,opt,name=target_uri,json=targetUri,proto3" json:"target_uri,omitempty"` // Types that are assignable to SdsBuilder: // // *SDSConfig_CallCredentials // *SDSConfig_ClusterName SdsBuilder isSDSConfig_SdsBuilder `protobuf_oneof:"sds_builder"` // The name of the secret containing the certificate CertificatesSecretName string `` /* 129-byte string literal not displayed */ // The name of secret containing the validation context (i.e. root ca) ValidationContextName string `` /* 126-byte string literal not displayed */ // contains filtered or unexported fields }
func (*SDSConfig) Descriptor
deprecated
func (*SDSConfig) GetCallCredentials ¶
func (x *SDSConfig) GetCallCredentials() *CallCredentials
func (*SDSConfig) GetCertificatesSecretName ¶
func (*SDSConfig) GetClusterName ¶
func (*SDSConfig) GetSdsBuilder ¶
func (m *SDSConfig) GetSdsBuilder() isSDSConfig_SdsBuilder
func (*SDSConfig) GetTargetUri ¶
func (*SDSConfig) GetValidationContextName ¶
func (*SDSConfig) ProtoMessage ¶
func (*SDSConfig) ProtoMessage()
func (*SDSConfig) ProtoReflect ¶
func (x *SDSConfig) ProtoReflect() protoreflect.Message
type SDSConfig_CallCredentials ¶
type SDSConfig_CallCredentials struct { // Call credentials. CallCredentials *CallCredentials `protobuf:"bytes,2,opt,name=call_credentials,json=callCredentials,proto3,oneof"` }
type SDSConfig_ClusterName ¶
type SDSConfig_ClusterName struct { // The name of the sds cluster in envoy ClusterName string `protobuf:"bytes,5,opt,name=cluster_name,json=clusterName,proto3,oneof"` }
type SSLFiles ¶
type SSLFiles struct { TlsCert string `protobuf:"bytes,1,opt,name=tls_cert,json=tlsCert,proto3" json:"tls_cert,omitempty"` TlsKey string `protobuf:"bytes,2,opt,name=tls_key,json=tlsKey,proto3" json:"tls_key,omitempty"` // for client cert validation. optional RootCa string `protobuf:"bytes,3,opt,name=root_ca,json=rootCa,proto3" json:"root_ca,omitempty"` // stapled ocsp response. optional // should be der-encoded OcspStaple string `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"` // contains filtered or unexported fields }
SSLFiles reference paths to certificates which can be read by the proxy off of its local filesystem
func (*SSLFiles) Descriptor
deprecated
func (*SSLFiles) GetOcspStaple ¶ added in v1.14.2
func (*SSLFiles) GetTlsCert ¶
func (*SSLFiles) ProtoMessage ¶
func (*SSLFiles) ProtoMessage()
func (*SSLFiles) ProtoReflect ¶
func (x *SSLFiles) ProtoReflect() protoreflect.Message
type SslConfig ¶
type SslConfig struct { // Types that are assignable to SslSecrets: // // *SslConfig_SecretRef // *SslConfig_SslFiles // *SslConfig_Sds SslSecrets isSslConfig_SslSecrets `protobuf_oneof:"ssl_secrets"` // optional. the SNI domains that should be considered for TLS connections SniDomains []string `protobuf:"bytes,3,rep,name=sni_domains,json=sniDomains,proto3" json:"sni_domains,omitempty"` // Verify that the Subject Alternative Name in the peer certificate is one of the specified values. // note that a root_ca must be provided if this option is used. VerifySubjectAltName []string `protobuf:"bytes,5,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"` Parameters *SslParameters `protobuf:"bytes,6,opt,name=parameters,proto3" json:"parameters,omitempty"` // Set Application Level Protocol Negotiation // If empty, defaults to ["h2", "http/1.1"]. // As an advanced option you may use ["allow_empty"] to avoid defaults and set alpn to have no alpn set (ie pass empty slice). AlpnProtocols []string `protobuf:"bytes,7,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"` // If the SSL config has the ca.crt (root CA) provided, Gloo uses it to perform mTLS by default. // Set oneWayTls to true to disable mTLS in favor of server-only TLS (one-way TLS), even if Gloo has the root CA. // If unset, defaults to false. OneWayTls *wrappers.BoolValue `protobuf:"bytes,8,opt,name=one_way_tls,json=oneWayTls,proto3" json:"one_way_tls,omitempty"` // If set to true, the TLS session resumption will be deactivated, note that it deactivates only the tickets based tls session resumption (not the cache). DisableTlsSessionResumption *wrappers.BoolValue `` /* 146-byte string literal not displayed */ // If present and nonzero, the amount of time to allow incoming connections to complete any // transport socket negotiations. If this expires before the transport reports connection // establishment, the connection is summarily closed. TransportSocketConnectTimeout *duration.Duration `` /* 153-byte string literal not displayed */ // The OCSP staple policy to use for this listener. // Defaults to `LENIENT_STAPLING`. // https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/tls.proto#enum-extensions-transport-sockets-tls-v3-downstreamtlscontext-ocspstaplepolicy OcspStaplePolicy SslConfig_OcspStaplePolicy `` /* 158-byte string literal not displayed */ // contains filtered or unexported fields }
SslConfig contains the options necessary to configure a virtual host or listener to use TLS termination
func (*SslConfig) Descriptor
deprecated
func (*SslConfig) GetAlpnProtocols ¶
func (*SslConfig) GetDisableTlsSessionResumption ¶
func (*SslConfig) GetOcspStaplePolicy ¶ added in v1.14.2
func (x *SslConfig) GetOcspStaplePolicy() SslConfig_OcspStaplePolicy
func (*SslConfig) GetOneWayTls ¶
func (*SslConfig) GetParameters ¶
func (x *SslConfig) GetParameters() *SslParameters
func (*SslConfig) GetSecretRef ¶
func (x *SslConfig) GetSecretRef() *core.ResourceRef
func (*SslConfig) GetSniDomains ¶
func (*SslConfig) GetSslFiles ¶
func (*SslConfig) GetSslSecrets ¶
func (m *SslConfig) GetSslSecrets() isSslConfig_SslSecrets
func (*SslConfig) GetTransportSocketConnectTimeout ¶
func (*SslConfig) GetVerifySubjectAltName ¶
func (*SslConfig) ProtoMessage ¶
func (*SslConfig) ProtoMessage()
func (*SslConfig) ProtoReflect ¶
func (x *SslConfig) ProtoReflect() protoreflect.Message
type SslConfig_OcspStaplePolicy ¶ added in v1.14.2
type SslConfig_OcspStaplePolicy int32
const ( // OCSP responses are optional. If none is provided, or the provided response is expired, the associated certificate will be used without the OCSP response. SslConfig_LENIENT_STAPLING SslConfig_OcspStaplePolicy = 0 // OCSP responses are optional. If none is provided, the associated certificate will be used without the OCSP response. // If a response is present, but expired, the certificate will not be used for connections. // If no suitable certificate is found, the connection is rejected. SslConfig_STRICT_STAPLING SslConfig_OcspStaplePolicy = 1 // OCSP responses are required. If no `ocsp_staple` is set on a certificate, configuration will fail. // If a response is expired, the associated certificate will not be used. // If no suitable certificate is found, the connection is rejected. SslConfig_MUST_STAPLE SslConfig_OcspStaplePolicy = 2 )
func (SslConfig_OcspStaplePolicy) Descriptor ¶ added in v1.14.2
func (SslConfig_OcspStaplePolicy) Descriptor() protoreflect.EnumDescriptor
func (SslConfig_OcspStaplePolicy) Enum ¶ added in v1.14.2
func (x SslConfig_OcspStaplePolicy) Enum() *SslConfig_OcspStaplePolicy
func (SslConfig_OcspStaplePolicy) EnumDescriptor
deprecated
added in
v1.14.2
func (SslConfig_OcspStaplePolicy) EnumDescriptor() ([]byte, []int)
Deprecated: Use SslConfig_OcspStaplePolicy.Descriptor instead.
func (SslConfig_OcspStaplePolicy) Number ¶ added in v1.14.2
func (x SslConfig_OcspStaplePolicy) Number() protoreflect.EnumNumber
func (SslConfig_OcspStaplePolicy) String ¶ added in v1.14.2
func (x SslConfig_OcspStaplePolicy) String() string
func (SslConfig_OcspStaplePolicy) Type ¶ added in v1.14.2
func (SslConfig_OcspStaplePolicy) Type() protoreflect.EnumType
type SslConfig_Sds ¶
type SslConfig_Sds struct { // Use secret discovery service. Sds *SDSConfig `protobuf:"bytes,4,opt,name=sds,proto3,oneof"` }
type SslConfig_SecretRef ¶
type SslConfig_SecretRef struct { // SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret. // gloo tls secret can contain a root ca as well if verification is needed. SecretRef *core.ResourceRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3,oneof"` }
type SslConfig_SslFiles ¶
type SslConfig_SslFiles struct { // SSLFiles reference paths to certificates which are local to the proxy SslFiles *SSLFiles `protobuf:"bytes,2,opt,name=ssl_files,json=sslFiles,proto3,oneof"` }
type SslParameters ¶
type SslParameters struct { MinimumProtocolVersion SslParameters_ProtocolVersion `` /* 178-byte string literal not displayed */ MaximumProtocolVersion SslParameters_ProtocolVersion `` /* 178-byte string literal not displayed */ CipherSuites []string `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` EcdhCurves []string `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"` // contains filtered or unexported fields }
General TLS parameters. See the [envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters) for more information on the meaning of these values.
func (*SslParameters) Descriptor
deprecated
func (*SslParameters) Descriptor() ([]byte, []int)
Deprecated: Use SslParameters.ProtoReflect.Descriptor instead.
func (*SslParameters) GetCipherSuites ¶
func (x *SslParameters) GetCipherSuites() []string
func (*SslParameters) GetEcdhCurves ¶
func (x *SslParameters) GetEcdhCurves() []string
func (*SslParameters) GetMaximumProtocolVersion ¶
func (x *SslParameters) GetMaximumProtocolVersion() SslParameters_ProtocolVersion
func (*SslParameters) GetMinimumProtocolVersion ¶
func (x *SslParameters) GetMinimumProtocolVersion() SslParameters_ProtocolVersion
func (*SslParameters) Hash ¶
func (m *SslParameters) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*SslParameters) ProtoMessage ¶
func (*SslParameters) ProtoMessage()
func (*SslParameters) ProtoReflect ¶
func (x *SslParameters) ProtoReflect() protoreflect.Message
func (*SslParameters) Reset ¶
func (x *SslParameters) Reset()
func (*SslParameters) String ¶
func (x *SslParameters) String() string
type SslParameters_ProtocolVersion ¶
type SslParameters_ProtocolVersion int32
const ( // Envoy will choose the optimal TLS version. SslParameters_TLS_AUTO SslParameters_ProtocolVersion = 0 // TLS 1.0 SslParameters_TLSv1_0 SslParameters_ProtocolVersion = 1 // TLS 1.1 SslParameters_TLSv1_1 SslParameters_ProtocolVersion = 2 // TLS 1.2 SslParameters_TLSv1_2 SslParameters_ProtocolVersion = 3 // TLS 1.3 SslParameters_TLSv1_3 SslParameters_ProtocolVersion = 4 )
func (SslParameters_ProtocolVersion) Descriptor ¶
func (SslParameters_ProtocolVersion) Descriptor() protoreflect.EnumDescriptor
func (SslParameters_ProtocolVersion) Enum ¶
func (x SslParameters_ProtocolVersion) Enum() *SslParameters_ProtocolVersion
func (SslParameters_ProtocolVersion) EnumDescriptor
deprecated
func (SslParameters_ProtocolVersion) EnumDescriptor() ([]byte, []int)
Deprecated: Use SslParameters_ProtocolVersion.Descriptor instead.
func (SslParameters_ProtocolVersion) Number ¶
func (x SslParameters_ProtocolVersion) Number() protoreflect.EnumNumber
func (SslParameters_ProtocolVersion) String ¶
func (x SslParameters_ProtocolVersion) String() string
func (SslParameters_ProtocolVersion) Type ¶
func (SslParameters_ProtocolVersion) Type() protoreflect.EnumType
type UpstreamSslConfig ¶
type UpstreamSslConfig struct { // Types that are assignable to SslSecrets: // // *UpstreamSslConfig_SecretRef // *UpstreamSslConfig_SslFiles // *UpstreamSslConfig_Sds SslSecrets isUpstreamSslConfig_SslSecrets `protobuf_oneof:"ssl_secrets"` // optional. the SNI domains that should be considered for TLS connections Sni string `protobuf:"bytes,3,opt,name=sni,proto3" json:"sni,omitempty"` // Verify that the Subject Alternative Name in the peer certificate is one of the specified values. // note that a root_ca must be provided if this option is used. VerifySubjectAltName []string `protobuf:"bytes,5,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"` Parameters *SslParameters `protobuf:"bytes,7,opt,name=parameters,proto3" json:"parameters,omitempty"` // Set Application Level Protocol Negotiation. // If empty, it is not set. AlpnProtocols []string `protobuf:"bytes,8,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"` // Allow Tls renegotiation, the default value is false. // TLS renegotiation is considered insecure and shouldn’t be used unless absolutely necessary. AllowRenegotiation *wrappers.BoolValue `protobuf:"bytes,10,opt,name=allow_renegotiation,json=allowRenegotiation,proto3" json:"allow_renegotiation,omitempty"` // If the SSL config has the ca.crt (root CA) provided, Gloo uses it to perform mTLS by default. // Set oneWayTls to true to disable mTLS in favor of server-only TLS (one-way TLS), even if Gloo has the root CA. // This flag does nothing if SDS is configured. // If unset, defaults to false. OneWayTls *wrappers.BoolValue `protobuf:"bytes,11,opt,name=one_way_tls,json=oneWayTls,proto3" json:"one_way_tls,omitempty"` // contains filtered or unexported fields }
SslConfig contains the options necessary to configure an upstream to use TLS origination
func (*UpstreamSslConfig) Descriptor
deprecated
func (*UpstreamSslConfig) Descriptor() ([]byte, []int)
Deprecated: Use UpstreamSslConfig.ProtoReflect.Descriptor instead.
func (*UpstreamSslConfig) Equal ¶
func (m *UpstreamSslConfig) Equal(that interface{}) bool
Equal function
func (*UpstreamSslConfig) GetAllowRenegotiation ¶
func (x *UpstreamSslConfig) GetAllowRenegotiation() *wrappers.BoolValue
func (*UpstreamSslConfig) GetAlpnProtocols ¶
func (x *UpstreamSslConfig) GetAlpnProtocols() []string
func (*UpstreamSslConfig) GetOneWayTls ¶ added in v1.18.0
func (x *UpstreamSslConfig) GetOneWayTls() *wrappers.BoolValue
func (*UpstreamSslConfig) GetParameters ¶
func (x *UpstreamSslConfig) GetParameters() *SslParameters
func (*UpstreamSslConfig) GetSds ¶
func (x *UpstreamSslConfig) GetSds() *SDSConfig
func (*UpstreamSslConfig) GetSecretRef ¶
func (x *UpstreamSslConfig) GetSecretRef() *core.ResourceRef
func (*UpstreamSslConfig) GetSni ¶
func (x *UpstreamSslConfig) GetSni() string
func (*UpstreamSslConfig) GetSslFiles ¶
func (x *UpstreamSslConfig) GetSslFiles() *SSLFiles
func (*UpstreamSslConfig) GetSslSecrets ¶
func (m *UpstreamSslConfig) GetSslSecrets() isUpstreamSslConfig_SslSecrets
func (*UpstreamSslConfig) GetVerifySubjectAltName ¶
func (x *UpstreamSslConfig) GetVerifySubjectAltName() []string
func (*UpstreamSslConfig) Hash ¶
func (m *UpstreamSslConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*UpstreamSslConfig) ProtoMessage ¶
func (*UpstreamSslConfig) ProtoMessage()
func (*UpstreamSslConfig) ProtoReflect ¶
func (x *UpstreamSslConfig) ProtoReflect() protoreflect.Message
func (*UpstreamSslConfig) Reset ¶
func (x *UpstreamSslConfig) Reset()
func (*UpstreamSslConfig) String ¶
func (x *UpstreamSslConfig) String() string
type UpstreamSslConfig_Sds ¶
type UpstreamSslConfig_Sds struct { // Use secret discovery service. Sds *SDSConfig `protobuf:"bytes,4,opt,name=sds,proto3,oneof"` }
type UpstreamSslConfig_SecretRef ¶
type UpstreamSslConfig_SecretRef struct { // SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret. // gloo tls secret can contain a root ca as well if verification is needed. SecretRef *core.ResourceRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3,oneof"` }
type UpstreamSslConfig_SslFiles ¶
type UpstreamSslConfig_SslFiles struct { // SSLFiles reference paths to certificates which are local to the proxy SslFiles *SSLFiles `protobuf:"bytes,2,opt,name=ssl_files,json=sslFiles,proto3,oneof"` }