Documentation ¶
Index ¶
- Variables
- type ClaimToHeader
- func (m *ClaimToHeader) Clone() proto.Message
- func (*ClaimToHeader) Descriptor() ([]byte, []int)deprecated
- func (m *ClaimToHeader) Equal(that interface{}) bool
- func (x *ClaimToHeader) GetAppend() bool
- func (x *ClaimToHeader) GetClaim() string
- func (x *ClaimToHeader) GetHeader() string
- func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)
- func (*ClaimToHeader) ProtoMessage()
- func (x *ClaimToHeader) ProtoReflect() protoreflect.Message
- func (x *ClaimToHeader) Reset()
- func (x *ClaimToHeader) String() string
- type Jwks
- func (m *Jwks) Clone() proto.Message
- func (*Jwks) Descriptor() ([]byte, []int)deprecated
- func (m *Jwks) Equal(that interface{}) bool
- func (m *Jwks) GetJwks() isJwks_Jwks
- func (x *Jwks) GetLocal() *LocalJwks
- func (x *Jwks) GetRemote() *RemoteJwks
- func (m *Jwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*Jwks) ProtoMessage()
- func (x *Jwks) ProtoReflect() protoreflect.Message
- func (x *Jwks) Reset()
- func (x *Jwks) String() string
- type Jwks_Local
- type Jwks_Remote
- type JwtStagedRouteExtension
- func (m *JwtStagedRouteExtension) Clone() proto.Message
- func (*JwtStagedRouteExtension) Descriptor() ([]byte, []int)deprecated
- func (m *JwtStagedRouteExtension) Equal(that interface{}) bool
- func (x *JwtStagedRouteExtension) GetAfterExtAuth() *RouteExtension
- func (x *JwtStagedRouteExtension) GetBeforeExtAuth() *RouteExtension
- func (m *JwtStagedRouteExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtStagedRouteExtension) ProtoMessage()
- func (x *JwtStagedRouteExtension) ProtoReflect() protoreflect.Message
- func (x *JwtStagedRouteExtension) Reset()
- func (x *JwtStagedRouteExtension) String() string
- type JwtStagedRouteProvidersExtension
- func (m *JwtStagedRouteProvidersExtension) Clone() proto.Message
- func (*JwtStagedRouteProvidersExtension) Descriptor() ([]byte, []int)deprecated
- func (m *JwtStagedRouteProvidersExtension) Equal(that interface{}) bool
- func (x *JwtStagedRouteProvidersExtension) GetAfterExtAuth() *VhostExtension
- func (x *JwtStagedRouteProvidersExtension) GetBeforeExtAuth() *VhostExtension
- func (m *JwtStagedRouteProvidersExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtStagedRouteProvidersExtension) ProtoMessage()
- func (x *JwtStagedRouteProvidersExtension) ProtoReflect() protoreflect.Message
- func (x *JwtStagedRouteProvidersExtension) Reset()
- func (x *JwtStagedRouteProvidersExtension) String() string
- type JwtStagedVhostExtension
- func (m *JwtStagedVhostExtension) Clone() proto.Message
- func (*JwtStagedVhostExtension) Descriptor() ([]byte, []int)deprecated
- func (m *JwtStagedVhostExtension) Equal(that interface{}) bool
- func (x *JwtStagedVhostExtension) GetAfterExtAuth() *VhostExtension
- func (x *JwtStagedVhostExtension) GetBeforeExtAuth() *VhostExtension
- func (m *JwtStagedVhostExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtStagedVhostExtension) ProtoMessage()
- func (x *JwtStagedVhostExtension) ProtoReflect() protoreflect.Message
- func (x *JwtStagedVhostExtension) Reset()
- func (x *JwtStagedVhostExtension) String() string
- type LocalJwks
- func (m *LocalJwks) Clone() proto.Message
- func (*LocalJwks) Descriptor() ([]byte, []int)deprecated
- func (m *LocalJwks) Equal(that interface{}) bool
- func (x *LocalJwks) GetKey() string
- func (m *LocalJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*LocalJwks) ProtoMessage()
- func (x *LocalJwks) ProtoReflect() protoreflect.Message
- func (x *LocalJwks) Reset()
- func (x *LocalJwks) String() string
- type Provider
- func (m *Provider) Clone() proto.Message
- func (*Provider) Descriptor() ([]byte, []int)deprecated
- func (m *Provider) Equal(that interface{}) bool
- func (x *Provider) GetAudiences() []string
- func (x *Provider) GetClaimsToHeaders() []*ClaimToHeader
- func (x *Provider) GetClockSkewSeconds() *wrappers.UInt32Value
- func (x *Provider) GetIssuer() string
- func (x *Provider) GetJwks() *Jwks
- func (x *Provider) GetKeepToken() bool
- func (x *Provider) GetTokenSource() *TokenSource
- func (m *Provider) Hash(hasher hash.Hash64) (uint64, error)
- func (*Provider) ProtoMessage()
- func (x *Provider) ProtoReflect() protoreflect.Message
- func (x *Provider) Reset()
- func (x *Provider) String() string
- type RemoteJwks
- func (m *RemoteJwks) Clone() proto.Message
- func (*RemoteJwks) Descriptor() ([]byte, []int)deprecated
- func (m *RemoteJwks) Equal(that interface{}) bool
- func (x *RemoteJwks) GetAsyncFetch() *v3.JwksAsyncFetch
- func (x *RemoteJwks) GetCacheDuration() *duration.Duration
- func (x *RemoteJwks) GetUpstreamRef() *core.ResourceRef
- func (x *RemoteJwks) GetUrl() string
- func (m *RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*RemoteJwks) ProtoMessage()
- func (x *RemoteJwks) ProtoReflect() protoreflect.Message
- func (x *RemoteJwks) Reset()
- func (x *RemoteJwks) String() string
- type RouteExtension
- func (m *RouteExtension) Clone() proto.Message
- func (*RouteExtension) Descriptor() ([]byte, []int)deprecated
- func (m *RouteExtension) Equal(that interface{}) bool
- func (x *RouteExtension) GetDisable() bool
- func (m *RouteExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*RouteExtension) ProtoMessage()
- func (x *RouteExtension) ProtoReflect() protoreflect.Message
- func (x *RouteExtension) Reset()
- func (x *RouteExtension) String() string
- type TokenSource
- func (m *TokenSource) Clone() proto.Message
- func (*TokenSource) Descriptor() ([]byte, []int)deprecated
- func (m *TokenSource) Equal(that interface{}) bool
- func (x *TokenSource) GetHeaders() []*TokenSource_HeaderSource
- func (x *TokenSource) GetQueryParams() []string
- func (m *TokenSource) Hash(hasher hash.Hash64) (uint64, error)
- func (*TokenSource) ProtoMessage()
- func (x *TokenSource) ProtoReflect() protoreflect.Message
- func (x *TokenSource) Reset()
- func (x *TokenSource) String() string
- type TokenSource_HeaderSource
- func (m *TokenSource_HeaderSource) Clone() proto.Message
- func (*TokenSource_HeaderSource) Descriptor() ([]byte, []int)deprecated
- func (m *TokenSource_HeaderSource) Equal(that interface{}) bool
- func (x *TokenSource_HeaderSource) GetHeader() string
- func (x *TokenSource_HeaderSource) GetPrefix() string
- func (m *TokenSource_HeaderSource) Hash(hasher hash.Hash64) (uint64, error)
- func (*TokenSource_HeaderSource) ProtoMessage()
- func (x *TokenSource_HeaderSource) ProtoReflect() protoreflect.Message
- func (x *TokenSource_HeaderSource) Reset()
- func (x *TokenSource_HeaderSource) String() string
- type VhostExtension
- func (m *VhostExtension) Clone() proto.Message
- func (*VhostExtension) Descriptor() ([]byte, []int)deprecated
- func (m *VhostExtension) Equal(that interface{}) bool
- func (x *VhostExtension) GetAllowMissingOrFailedJwt() booldeprecated
- func (x *VhostExtension) GetProviders() map[string]*Provider
- func (x *VhostExtension) GetValidationPolicy() VhostExtension_ValidationPolicy
- func (m *VhostExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*VhostExtension) ProtoMessage()
- func (x *VhostExtension) ProtoReflect() protoreflect.Message
- func (x *VhostExtension) Reset()
- func (x *VhostExtension) String() string
- type VhostExtension_ValidationPolicy
- func (VhostExtension_ValidationPolicy) Descriptor() protoreflect.EnumDescriptor
- func (x VhostExtension_ValidationPolicy) Enum() *VhostExtension_ValidationPolicy
- func (VhostExtension_ValidationPolicy) EnumDescriptor() ([]byte, []int)deprecated
- func (x VhostExtension_ValidationPolicy) Number() protoreflect.EnumNumber
- func (x VhostExtension_ValidationPolicy) String() string
- func (VhostExtension_ValidationPolicy) Type() protoreflect.EnumType
Constants ¶
This section is empty.
Variables ¶
var ( VhostExtension_ValidationPolicy_name = map[int32]string{ 0: "REQUIRE_VALID", 1: "ALLOW_MISSING", 2: "ALLOW_MISSING_OR_FAILED", } VhostExtension_ValidationPolicy_value = map[string]int32{ "REQUIRE_VALID": 0, "ALLOW_MISSING": 1, "ALLOW_MISSING_OR_FAILED": 2, } )
Enum value maps for VhostExtension_ValidationPolicy.
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_jwt_jwt_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type ClaimToHeader ¶
type ClaimToHeader struct { // Claim name. for example, "sub" Claim string `protobuf:"bytes,1,opt,name=claim,proto3" json:"claim,omitempty"` // The header the claim will be copied to. for example, "x-sub". Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"` // If the header exists, append to it (true), or overwrite it (false). Append bool `protobuf:"varint,4,opt,name=append,proto3" json:"append,omitempty"` // contains filtered or unexported fields }
Allows copying verified claims to headers sent upstream
func (*ClaimToHeader) Clone ¶ added in v1.8.24
func (m *ClaimToHeader) Clone() proto.Message
Clone function
func (*ClaimToHeader) Descriptor
deprecated
func (*ClaimToHeader) Descriptor() ([]byte, []int)
Deprecated: Use ClaimToHeader.ProtoReflect.Descriptor instead.
func (*ClaimToHeader) GetAppend ¶
func (x *ClaimToHeader) GetAppend() bool
func (*ClaimToHeader) GetClaim ¶
func (x *ClaimToHeader) GetClaim() string
func (*ClaimToHeader) GetHeader ¶
func (x *ClaimToHeader) GetHeader() string
func (*ClaimToHeader) Hash ¶ added in v1.2.13
func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ClaimToHeader) ProtoMessage ¶
func (*ClaimToHeader) ProtoMessage()
func (*ClaimToHeader) ProtoReflect ¶ added in v1.6.0
func (x *ClaimToHeader) ProtoReflect() protoreflect.Message
func (*ClaimToHeader) Reset ¶
func (x *ClaimToHeader) Reset()
func (*ClaimToHeader) String ¶
func (x *ClaimToHeader) String() string
type Jwks ¶
type Jwks struct { // Types that are assignable to Jwks: // // *Jwks_Remote // *Jwks_Local Jwks isJwks_Jwks `protobuf_oneof:"jwks"` // contains filtered or unexported fields }
func (*Jwks) Descriptor
deprecated
func (*Jwks) GetRemote ¶
func (x *Jwks) GetRemote() *RemoteJwks
func (*Jwks) ProtoMessage ¶
func (*Jwks) ProtoMessage()
func (*Jwks) ProtoReflect ¶ added in v1.6.0
func (x *Jwks) ProtoReflect() protoreflect.Message
type Jwks_Local ¶
type Jwks_Local struct { // Use an inline JWKS Local *LocalJwks `protobuf:"bytes,2,opt,name=local,proto3,oneof"` }
type Jwks_Remote ¶
type Jwks_Remote struct { // Use a remote JWKS server Remote *RemoteJwks `protobuf:"bytes,1,opt,name=remote,proto3,oneof"` }
type JwtStagedRouteExtension ¶ added in v1.6.4
type JwtStagedRouteExtension struct { // Per-route JWT config for the JWT filter that runs before the extauth filter. BeforeExtAuth *RouteExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"` // Per-route JWT config for the JWT filter that runs before the extauth filter. AfterExtAuth *RouteExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"` // contains filtered or unexported fields }
func (*JwtStagedRouteExtension) Clone ¶ added in v1.8.24
func (m *JwtStagedRouteExtension) Clone() proto.Message
Clone function
func (*JwtStagedRouteExtension) Descriptor
deprecated
added in
v1.6.4
func (*JwtStagedRouteExtension) Descriptor() ([]byte, []int)
Deprecated: Use JwtStagedRouteExtension.ProtoReflect.Descriptor instead.
func (*JwtStagedRouteExtension) Equal ¶ added in v1.6.4
func (m *JwtStagedRouteExtension) Equal(that interface{}) bool
Equal function
func (*JwtStagedRouteExtension) GetAfterExtAuth ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) GetAfterExtAuth() *RouteExtension
func (*JwtStagedRouteExtension) GetBeforeExtAuth ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) GetBeforeExtAuth() *RouteExtension
func (*JwtStagedRouteExtension) Hash ¶ added in v1.6.4
func (m *JwtStagedRouteExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtStagedRouteExtension) ProtoMessage ¶ added in v1.6.4
func (*JwtStagedRouteExtension) ProtoMessage()
func (*JwtStagedRouteExtension) ProtoReflect ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) ProtoReflect() protoreflect.Message
func (*JwtStagedRouteExtension) Reset ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) Reset()
func (*JwtStagedRouteExtension) String ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) String() string
type JwtStagedRouteProvidersExtension ¶ added in v1.18.0
type JwtStagedRouteProvidersExtension struct { // Per-route JWT config for the JWT filter that runs before the extauth filter. BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"` // Per-route JWT config for the JWT filter that runs before the extauth filter. AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"` // contains filtered or unexported fields }
func (*JwtStagedRouteProvidersExtension) Clone ¶ added in v1.18.0
func (m *JwtStagedRouteProvidersExtension) Clone() proto.Message
Clone function
func (*JwtStagedRouteProvidersExtension) Descriptor
deprecated
added in
v1.18.0
func (*JwtStagedRouteProvidersExtension) Descriptor() ([]byte, []int)
Deprecated: Use JwtStagedRouteProvidersExtension.ProtoReflect.Descriptor instead.
func (*JwtStagedRouteProvidersExtension) Equal ¶ added in v1.18.0
func (m *JwtStagedRouteProvidersExtension) Equal(that interface{}) bool
Equal function
func (*JwtStagedRouteProvidersExtension) GetAfterExtAuth ¶ added in v1.18.0
func (x *JwtStagedRouteProvidersExtension) GetAfterExtAuth() *VhostExtension
func (*JwtStagedRouteProvidersExtension) GetBeforeExtAuth ¶ added in v1.18.0
func (x *JwtStagedRouteProvidersExtension) GetBeforeExtAuth() *VhostExtension
func (*JwtStagedRouteProvidersExtension) Hash ¶ added in v1.18.0
func (m *JwtStagedRouteProvidersExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtStagedRouteProvidersExtension) ProtoMessage ¶ added in v1.18.0
func (*JwtStagedRouteProvidersExtension) ProtoMessage()
func (*JwtStagedRouteProvidersExtension) ProtoReflect ¶ added in v1.18.0
func (x *JwtStagedRouteProvidersExtension) ProtoReflect() protoreflect.Message
func (*JwtStagedRouteProvidersExtension) Reset ¶ added in v1.18.0
func (x *JwtStagedRouteProvidersExtension) Reset()
func (*JwtStagedRouteProvidersExtension) String ¶ added in v1.18.0
func (x *JwtStagedRouteProvidersExtension) String() string
type JwtStagedVhostExtension ¶ added in v1.6.4
type JwtStagedVhostExtension struct { // JWT Virtual host config for the JWT filter that runs before the extauth filter. BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"` // JWT Virtual host config for the JWT filter that runs after the extauth filter. AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"` // contains filtered or unexported fields }
func (*JwtStagedVhostExtension) Clone ¶ added in v1.8.24
func (m *JwtStagedVhostExtension) Clone() proto.Message
Clone function
func (*JwtStagedVhostExtension) Descriptor
deprecated
added in
v1.6.4
func (*JwtStagedVhostExtension) Descriptor() ([]byte, []int)
Deprecated: Use JwtStagedVhostExtension.ProtoReflect.Descriptor instead.
func (*JwtStagedVhostExtension) Equal ¶ added in v1.6.4
func (m *JwtStagedVhostExtension) Equal(that interface{}) bool
Equal function
func (*JwtStagedVhostExtension) GetAfterExtAuth ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) GetAfterExtAuth() *VhostExtension
func (*JwtStagedVhostExtension) GetBeforeExtAuth ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) GetBeforeExtAuth() *VhostExtension
func (*JwtStagedVhostExtension) Hash ¶ added in v1.6.4
func (m *JwtStagedVhostExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtStagedVhostExtension) ProtoMessage ¶ added in v1.6.4
func (*JwtStagedVhostExtension) ProtoMessage()
func (*JwtStagedVhostExtension) ProtoReflect ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) ProtoReflect() protoreflect.Message
func (*JwtStagedVhostExtension) Reset ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) Reset()
func (*JwtStagedVhostExtension) String ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) String() string
type LocalJwks ¶
type LocalJwks struct { // Inline key. this can be json web key, key-set or PEM format. Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` // contains filtered or unexported fields }
func (*LocalJwks) Descriptor
deprecated
func (*LocalJwks) ProtoMessage ¶
func (*LocalJwks) ProtoMessage()
func (*LocalJwks) ProtoReflect ¶ added in v1.6.0
func (x *LocalJwks) ProtoReflect() protoreflect.Message
type Provider ¶
type Provider struct { // The source for the keys to validate JWTs. Jwks *Jwks `protobuf:"bytes,1,opt,name=jwks,proto3" json:"jwks,omitempty"` // An incoming JWT must have an 'aud' claim and it must be in this list. Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // Issuer of the JWT. the 'iss' claim of the JWT must match this. Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"` // Where to find the JWT of the current provider. TokenSource *TokenSource `protobuf:"bytes,4,opt,name=token_source,json=tokenSource,proto3" json:"token_source,omitempty"` // Should the token forwarded upstream. if false, the header containing the token will be removed. KeepToken bool `protobuf:"varint,5,opt,name=keep_token,json=keepToken,proto3" json:"keep_token,omitempty"` // What claims should be copied to upstream headers. ClaimsToHeaders []*ClaimToHeader `protobuf:"bytes,6,rep,name=claims_to_headers,json=claimsToHeaders,proto3" json:"claims_to_headers,omitempty"` // Optional: ClockSkewSeconds is used to verify time constraints, such as `exp` and `npf`. Default is 60s ClockSkewSeconds *wrappers.UInt32Value `protobuf:"bytes,8,opt,name=clock_skew_seconds,json=clockSkewSeconds,proto3" json:"clock_skew_seconds,omitempty"` // contains filtered or unexported fields }
func (*Provider) Descriptor
deprecated
func (*Provider) GetAudiences ¶
func (*Provider) GetClaimsToHeaders ¶
func (x *Provider) GetClaimsToHeaders() []*ClaimToHeader
func (*Provider) GetClockSkewSeconds ¶ added in v1.14.0
func (x *Provider) GetClockSkewSeconds() *wrappers.UInt32Value
func (*Provider) GetKeepToken ¶
func (*Provider) GetTokenSource ¶
func (x *Provider) GetTokenSource() *TokenSource
func (*Provider) ProtoMessage ¶
func (*Provider) ProtoMessage()
func (*Provider) ProtoReflect ¶ added in v1.6.0
func (x *Provider) ProtoReflect() protoreflect.Message
type RemoteJwks ¶
type RemoteJwks struct { // The url used when accessing the upstream for Json Web Key Set. // This is used to set the host and path in the request Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"` // The Upstream representing the Json Web Key Set server UpstreamRef *core.ResourceRef `protobuf:"bytes,2,opt,name=upstream_ref,json=upstreamRef,proto3" json:"upstream_ref,omitempty"` // Duration after which the cached JWKS should be expired. // If not specified, default cache duration is 5 minutes. CacheDuration *duration.Duration `protobuf:"bytes,4,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"` // Fetch Jwks asynchronously in the main thread before the listener is activated. // Fetched Jwks can be used by all worker threads. // // If this feature is not enabled: // // - The Jwks is fetched on-demand when the requests come. During the fetching, first // few requests are paused until the Jwks is fetched. // - Each worker thread fetches its own Jwks since Jwks cache is per worker thread. // // If this feature is enabled: // // - Fetched Jwks is done in the main thread before the listener is activated. Its fetched // Jwks can be used by all worker threads. Each worker thread doesn't need to fetch its own. // - Jwks is ready when the requests come, not need to wait for the Jwks fetching. AsyncFetch *v3.JwksAsyncFetch `protobuf:"bytes,3,opt,name=async_fetch,json=asyncFetch,proto3" json:"async_fetch,omitempty"` // contains filtered or unexported fields }
func (*RemoteJwks) Clone ¶ added in v1.8.24
func (m *RemoteJwks) Clone() proto.Message
Clone function
func (*RemoteJwks) Descriptor
deprecated
func (*RemoteJwks) Descriptor() ([]byte, []int)
Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.
func (*RemoteJwks) GetAsyncFetch ¶ added in v1.9.0
func (x *RemoteJwks) GetAsyncFetch() *v3.JwksAsyncFetch
func (*RemoteJwks) GetCacheDuration ¶
func (x *RemoteJwks) GetCacheDuration() *duration.Duration
func (*RemoteJwks) GetUpstreamRef ¶
func (x *RemoteJwks) GetUpstreamRef() *core.ResourceRef
func (*RemoteJwks) GetUrl ¶
func (x *RemoteJwks) GetUrl() string
func (*RemoteJwks) Hash ¶ added in v1.2.13
func (m *RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*RemoteJwks) ProtoMessage ¶
func (*RemoteJwks) ProtoMessage()
func (*RemoteJwks) ProtoReflect ¶ added in v1.6.0
func (x *RemoteJwks) ProtoReflect() protoreflect.Message
func (*RemoteJwks) Reset ¶
func (x *RemoteJwks) Reset()
func (*RemoteJwks) String ¶
func (x *RemoteJwks) String() string
type RouteExtension ¶
type RouteExtension struct { // Disable JWT checks on this route. Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"` // contains filtered or unexported fields }
func (*RouteExtension) Clone ¶ added in v1.8.24
func (m *RouteExtension) Clone() proto.Message
Clone function
func (*RouteExtension) Descriptor
deprecated
func (*RouteExtension) Descriptor() ([]byte, []int)
Deprecated: Use RouteExtension.ProtoReflect.Descriptor instead.
func (*RouteExtension) GetDisable ¶
func (x *RouteExtension) GetDisable() bool
func (*RouteExtension) Hash ¶ added in v1.2.13
func (m *RouteExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*RouteExtension) ProtoMessage ¶
func (*RouteExtension) ProtoMessage()
func (*RouteExtension) ProtoReflect ¶ added in v1.6.0
func (x *RouteExtension) ProtoReflect() protoreflect.Message
func (*RouteExtension) Reset ¶
func (x *RouteExtension) Reset()
func (*RouteExtension) String ¶
func (x *RouteExtension) String() string
type TokenSource ¶
type TokenSource struct { // Try to retrieve token from these headers Headers []*TokenSource_HeaderSource `protobuf:"bytes,1,rep,name=headers,proto3" json:"headers,omitempty"` // Try to retrieve token from these query params QueryParams []string `protobuf:"bytes,2,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty"` // contains filtered or unexported fields }
Describes the location of a JWT token
func (*TokenSource) Clone ¶ added in v1.8.24
func (m *TokenSource) Clone() proto.Message
Clone function
func (*TokenSource) Descriptor
deprecated
func (*TokenSource) Descriptor() ([]byte, []int)
Deprecated: Use TokenSource.ProtoReflect.Descriptor instead.
func (*TokenSource) GetHeaders ¶
func (x *TokenSource) GetHeaders() []*TokenSource_HeaderSource
func (*TokenSource) GetQueryParams ¶
func (x *TokenSource) GetQueryParams() []string
func (*TokenSource) Hash ¶ added in v1.2.13
func (m *TokenSource) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*TokenSource) ProtoMessage ¶
func (*TokenSource) ProtoMessage()
func (*TokenSource) ProtoReflect ¶ added in v1.6.0
func (x *TokenSource) ProtoReflect() protoreflect.Message
func (*TokenSource) Reset ¶
func (x *TokenSource) Reset()
func (*TokenSource) String ¶
func (x *TokenSource) String() string
type TokenSource_HeaderSource ¶
type TokenSource_HeaderSource struct { // The name of the header. for example, "authorization" Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` // Prefix before the token. for example, "Bearer " Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"` // contains filtered or unexported fields }
Describes how to retrieve a JWT from a header
func (*TokenSource_HeaderSource) Clone ¶ added in v1.8.24
func (m *TokenSource_HeaderSource) Clone() proto.Message
Clone function
func (*TokenSource_HeaderSource) Descriptor
deprecated
func (*TokenSource_HeaderSource) Descriptor() ([]byte, []int)
Deprecated: Use TokenSource_HeaderSource.ProtoReflect.Descriptor instead.
func (*TokenSource_HeaderSource) Equal ¶
func (m *TokenSource_HeaderSource) Equal(that interface{}) bool
Equal function
func (*TokenSource_HeaderSource) GetHeader ¶
func (x *TokenSource_HeaderSource) GetHeader() string
func (*TokenSource_HeaderSource) GetPrefix ¶
func (x *TokenSource_HeaderSource) GetPrefix() string
func (*TokenSource_HeaderSource) Hash ¶ added in v1.2.13
func (m *TokenSource_HeaderSource) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*TokenSource_HeaderSource) ProtoMessage ¶
func (*TokenSource_HeaderSource) ProtoMessage()
func (*TokenSource_HeaderSource) ProtoReflect ¶ added in v1.6.0
func (x *TokenSource_HeaderSource) ProtoReflect() protoreflect.Message
func (*TokenSource_HeaderSource) Reset ¶
func (x *TokenSource_HeaderSource) Reset()
func (*TokenSource_HeaderSource) String ¶
func (x *TokenSource_HeaderSource) String() string
type VhostExtension ¶
type VhostExtension struct { // Map of JWT provider name to Provider. // If specified, multiple providers will be `OR`-ed together and will allow validation to any of the providers. Providers map[string]*Provider `` /* 159-byte string literal not displayed */ // Allow pass through of JWT requests for this virtual host, even if JWT token is missing or JWT auth failed. // If this is false (default false), requests that fail JWT authentication will fail authorization immediately. // For example, if a request requires either JWT auth OR another auth method, this can be enabled to allow a failed JWT auth request to pass through to the other auth method. // Deprecated: use validation_policy instead. // // Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/jwt/jwt.proto. AllowMissingOrFailedJwt bool `` /* 137-byte string literal not displayed */ // Optional: Configure how JWT validation works, with the flexibility to handle requests with missing or invalid JWTs. // By default, after applying JWT policy to a route, only requests that authenticate with a valid JWT succeed. ValidationPolicy VhostExtension_ValidationPolicy `` /* 172-byte string literal not displayed */ // contains filtered or unexported fields }
func (*VhostExtension) Clone ¶ added in v1.8.24
func (m *VhostExtension) Clone() proto.Message
Clone function
func (*VhostExtension) Descriptor
deprecated
func (*VhostExtension) Descriptor() ([]byte, []int)
Deprecated: Use VhostExtension.ProtoReflect.Descriptor instead.
func (*VhostExtension) GetAllowMissingOrFailedJwt
deprecated
added in
v1.6.0
func (x *VhostExtension) GetAllowMissingOrFailedJwt() bool
Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/jwt/jwt.proto.
func (*VhostExtension) GetProviders ¶
func (x *VhostExtension) GetProviders() map[string]*Provider
func (*VhostExtension) GetValidationPolicy ¶ added in v1.18.0
func (x *VhostExtension) GetValidationPolicy() VhostExtension_ValidationPolicy
func (*VhostExtension) Hash ¶ added in v1.2.13
func (m *VhostExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*VhostExtension) ProtoMessage ¶
func (*VhostExtension) ProtoMessage()
func (*VhostExtension) ProtoReflect ¶ added in v1.6.0
func (x *VhostExtension) ProtoReflect() protoreflect.Message
func (*VhostExtension) Reset ¶
func (x *VhostExtension) Reset()
func (*VhostExtension) String ¶
func (x *VhostExtension) String() string
type VhostExtension_ValidationPolicy ¶ added in v1.18.0
type VhostExtension_ValidationPolicy int32
const ( // Default value. Allow only requests that authenticate with a valid JWT to succeed. // Note that the `allowMissingOrFailed=true` setting takes precedence. In such a case, even if you explicitly set `validationPolicy=REQUIRE_VALID`, this field is ignored. VhostExtension_REQUIRE_VALID VhostExtension_ValidationPolicy = 0 // Allow requests to succeed even if JWT authentication is missing, but fail when an invalid JWT token is presented. // You might use this setting when later steps depend on input from the JWT. // For example, you might add claims from the JWT to request headers with the claimsToHeaders field. // As such, you may want to make sure that any provided JWT is valid. If not, the request fails, // which informs the requester that their JWT is not valid. // Requests without a JWT, however, still succeed and skip JWT validation. VhostExtension_ALLOW_MISSING VhostExtension_ValidationPolicy = 1 // Allow requests to succeed even when a JWT is missing or JWT verification fails. // For example, you might apply multiple policies to your routes so that requests can authenticate with either a // JWT or another method such as external auth. Use this value // to allow a failed JWT auth request to pass through to the other authentication method. VhostExtension_ALLOW_MISSING_OR_FAILED VhostExtension_ValidationPolicy = 2 )
func (VhostExtension_ValidationPolicy) Descriptor ¶ added in v1.18.0
func (VhostExtension_ValidationPolicy) Descriptor() protoreflect.EnumDescriptor
func (VhostExtension_ValidationPolicy) Enum ¶ added in v1.18.0
func (x VhostExtension_ValidationPolicy) Enum() *VhostExtension_ValidationPolicy
func (VhostExtension_ValidationPolicy) EnumDescriptor
deprecated
added in
v1.18.0
func (VhostExtension_ValidationPolicy) EnumDescriptor() ([]byte, []int)
Deprecated: Use VhostExtension_ValidationPolicy.Descriptor instead.
func (VhostExtension_ValidationPolicy) Number ¶ added in v1.18.0
func (x VhostExtension_ValidationPolicy) Number() protoreflect.EnumNumber
func (VhostExtension_ValidationPolicy) String ¶ added in v1.18.0
func (x VhostExtension_ValidationPolicy) String() string
func (VhostExtension_ValidationPolicy) Type ¶ added in v1.18.0
func (VhostExtension_ValidationPolicy) Type() protoreflect.EnumType