Documentation ¶
Index ¶
- Variables
- type ClaimToHeader
- func (*ClaimToHeader) Descriptor() ([]byte, []int)deprecated
- func (m *ClaimToHeader) Equal(that interface{}) bool
- func (x *ClaimToHeader) GetAppend() bool
- func (x *ClaimToHeader) GetClaim() string
- func (x *ClaimToHeader) GetHeader() string
- func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)
- func (*ClaimToHeader) ProtoMessage()
- func (x *ClaimToHeader) ProtoReflect() protoreflect.Message
- func (x *ClaimToHeader) Reset()
- func (x *ClaimToHeader) String() string
- type Jwks
- func (*Jwks) Descriptor() ([]byte, []int)deprecated
- func (m *Jwks) Equal(that interface{}) bool
- func (m *Jwks) GetJwks() isJwks_Jwks
- func (x *Jwks) GetLocal() *LocalJwks
- func (x *Jwks) GetRemote() *RemoteJwks
- func (m *Jwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*Jwks) ProtoMessage()
- func (x *Jwks) ProtoReflect() protoreflect.Message
- func (x *Jwks) Reset()
- func (x *Jwks) String() string
- type Jwks_Local
- type Jwks_Remote
- type JwtStagedRouteExtension
- func (*JwtStagedRouteExtension) Descriptor() ([]byte, []int)deprecated
- func (m *JwtStagedRouteExtension) Equal(that interface{}) bool
- func (x *JwtStagedRouteExtension) GetAfterExtAuth() *RouteExtension
- func (x *JwtStagedRouteExtension) GetBeforeExtAuth() *RouteExtension
- func (m *JwtStagedRouteExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtStagedRouteExtension) ProtoMessage()
- func (x *JwtStagedRouteExtension) ProtoReflect() protoreflect.Message
- func (x *JwtStagedRouteExtension) Reset()
- func (x *JwtStagedRouteExtension) String() string
- type JwtStagedVhostExtension
- func (*JwtStagedVhostExtension) Descriptor() ([]byte, []int)deprecated
- func (m *JwtStagedVhostExtension) Equal(that interface{}) bool
- func (x *JwtStagedVhostExtension) GetAfterExtAuth() *VhostExtension
- func (x *JwtStagedVhostExtension) GetBeforeExtAuth() *VhostExtension
- func (m *JwtStagedVhostExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*JwtStagedVhostExtension) ProtoMessage()
- func (x *JwtStagedVhostExtension) ProtoReflect() protoreflect.Message
- func (x *JwtStagedVhostExtension) Reset()
- func (x *JwtStagedVhostExtension) String() string
- type LocalJwks
- func (*LocalJwks) Descriptor() ([]byte, []int)deprecated
- func (m *LocalJwks) Equal(that interface{}) bool
- func (x *LocalJwks) GetKey() string
- func (m *LocalJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*LocalJwks) ProtoMessage()
- func (x *LocalJwks) ProtoReflect() protoreflect.Message
- func (x *LocalJwks) Reset()
- func (x *LocalJwks) String() string
- type Provider
- func (*Provider) Descriptor() ([]byte, []int)deprecated
- func (m *Provider) Equal(that interface{}) bool
- func (x *Provider) GetAudiences() []string
- func (x *Provider) GetClaimsToHeaders() []*ClaimToHeader
- func (x *Provider) GetIssuer() string
- func (x *Provider) GetJwks() *Jwks
- func (x *Provider) GetKeepToken() bool
- func (x *Provider) GetTokenSource() *TokenSource
- func (m *Provider) Hash(hasher hash.Hash64) (uint64, error)
- func (*Provider) ProtoMessage()
- func (x *Provider) ProtoReflect() protoreflect.Message
- func (x *Provider) Reset()
- func (x *Provider) String() string
- type RemoteJwks
- func (*RemoteJwks) Descriptor() ([]byte, []int)deprecated
- func (m *RemoteJwks) Equal(that interface{}) bool
- func (x *RemoteJwks) GetCacheDuration() *duration.Duration
- func (x *RemoteJwks) GetUpstreamRef() *core.ResourceRef
- func (x *RemoteJwks) GetUrl() string
- func (m *RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
- func (*RemoteJwks) ProtoMessage()
- func (x *RemoteJwks) ProtoReflect() protoreflect.Message
- func (x *RemoteJwks) Reset()
- func (x *RemoteJwks) String() string
- type RouteExtension
- func (*RouteExtension) Descriptor() ([]byte, []int)deprecated
- func (m *RouteExtension) Equal(that interface{}) bool
- func (x *RouteExtension) GetDisable() bool
- func (m *RouteExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*RouteExtension) ProtoMessage()
- func (x *RouteExtension) ProtoReflect() protoreflect.Message
- func (x *RouteExtension) Reset()
- func (x *RouteExtension) String() string
- type TokenSource
- func (*TokenSource) Descriptor() ([]byte, []int)deprecated
- func (m *TokenSource) Equal(that interface{}) bool
- func (x *TokenSource) GetHeaders() []*TokenSource_HeaderSource
- func (x *TokenSource) GetQueryParams() []string
- func (m *TokenSource) Hash(hasher hash.Hash64) (uint64, error)
- func (*TokenSource) ProtoMessage()
- func (x *TokenSource) ProtoReflect() protoreflect.Message
- func (x *TokenSource) Reset()
- func (x *TokenSource) String() string
- type TokenSource_HeaderSource
- func (*TokenSource_HeaderSource) Descriptor() ([]byte, []int)deprecated
- func (m *TokenSource_HeaderSource) Equal(that interface{}) bool
- func (x *TokenSource_HeaderSource) GetHeader() string
- func (x *TokenSource_HeaderSource) GetPrefix() string
- func (m *TokenSource_HeaderSource) Hash(hasher hash.Hash64) (uint64, error)
- func (*TokenSource_HeaderSource) ProtoMessage()
- func (x *TokenSource_HeaderSource) ProtoReflect() protoreflect.Message
- func (x *TokenSource_HeaderSource) Reset()
- func (x *TokenSource_HeaderSource) String() string
- type VhostExtension
- func (*VhostExtension) Descriptor() ([]byte, []int)deprecated
- func (m *VhostExtension) Equal(that interface{}) bool
- func (x *VhostExtension) GetAllowMissingOrFailedJwt() bool
- func (x *VhostExtension) GetProviders() map[string]*Provider
- func (m *VhostExtension) Hash(hasher hash.Hash64) (uint64, error)
- func (*VhostExtension) ProtoMessage()
- func (x *VhostExtension) ProtoReflect() protoreflect.Message
- func (x *VhostExtension) Reset()
- func (x *VhostExtension) String() string
Constants ¶
This section is empty.
Variables ¶
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_jwt_jwt_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type ClaimToHeader ¶
type ClaimToHeader struct { // Claim name. for example, "sub" Claim string `protobuf:"bytes,1,opt,name=claim,proto3" json:"claim,omitempty"` // The header the claim will be copied to. for example, "x-sub". Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"` // If the header exists, append to it (true), or overwrite it (false). Append bool `protobuf:"varint,4,opt,name=append,proto3" json:"append,omitempty"` // contains filtered or unexported fields }
Allows copying verified claims to headers sent upstream
func (*ClaimToHeader) Descriptor
deprecated
func (*ClaimToHeader) Descriptor() ([]byte, []int)
Deprecated: Use ClaimToHeader.ProtoReflect.Descriptor instead.
func (*ClaimToHeader) GetAppend ¶
func (x *ClaimToHeader) GetAppend() bool
func (*ClaimToHeader) GetClaim ¶
func (x *ClaimToHeader) GetClaim() string
func (*ClaimToHeader) GetHeader ¶
func (x *ClaimToHeader) GetHeader() string
func (*ClaimToHeader) Hash ¶ added in v1.2.13
func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ClaimToHeader) ProtoMessage ¶
func (*ClaimToHeader) ProtoMessage()
func (*ClaimToHeader) ProtoReflect ¶ added in v1.6.0
func (x *ClaimToHeader) ProtoReflect() protoreflect.Message
func (*ClaimToHeader) Reset ¶
func (x *ClaimToHeader) Reset()
func (*ClaimToHeader) String ¶
func (x *ClaimToHeader) String() string
type Jwks ¶
type Jwks struct { // Types that are assignable to Jwks: // *Jwks_Remote // *Jwks_Local Jwks isJwks_Jwks `protobuf_oneof:"jwks"` // contains filtered or unexported fields }
func (*Jwks) Descriptor
deprecated
func (*Jwks) GetRemote ¶
func (x *Jwks) GetRemote() *RemoteJwks
func (*Jwks) ProtoMessage ¶
func (*Jwks) ProtoMessage()
func (*Jwks) ProtoReflect ¶ added in v1.6.0
func (x *Jwks) ProtoReflect() protoreflect.Message
type Jwks_Local ¶
type Jwks_Local struct { // Use an inline JWKS Local *LocalJwks `protobuf:"bytes,2,opt,name=local,proto3,oneof"` }
type Jwks_Remote ¶
type Jwks_Remote struct { // Use a remote JWKS server Remote *RemoteJwks `protobuf:"bytes,1,opt,name=remote,proto3,oneof"` }
type JwtStagedRouteExtension ¶ added in v1.6.4
type JwtStagedRouteExtension struct { // JWT route config for the JWT filter that runs after the extauth filter. BeforeExtAuth *RouteExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"` // JWT route config for the JWT filter that runs after the extauth filter. AfterExtAuth *RouteExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"` // contains filtered or unexported fields }
func (*JwtStagedRouteExtension) Descriptor
deprecated
added in
v1.6.4
func (*JwtStagedRouteExtension) Descriptor() ([]byte, []int)
Deprecated: Use JwtStagedRouteExtension.ProtoReflect.Descriptor instead.
func (*JwtStagedRouteExtension) Equal ¶ added in v1.6.4
func (m *JwtStagedRouteExtension) Equal(that interface{}) bool
Equal function
func (*JwtStagedRouteExtension) GetAfterExtAuth ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) GetAfterExtAuth() *RouteExtension
func (*JwtStagedRouteExtension) GetBeforeExtAuth ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) GetBeforeExtAuth() *RouteExtension
func (*JwtStagedRouteExtension) Hash ¶ added in v1.6.4
func (m *JwtStagedRouteExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtStagedRouteExtension) ProtoMessage ¶ added in v1.6.4
func (*JwtStagedRouteExtension) ProtoMessage()
func (*JwtStagedRouteExtension) ProtoReflect ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) ProtoReflect() protoreflect.Message
func (*JwtStagedRouteExtension) Reset ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) Reset()
func (*JwtStagedRouteExtension) String ¶ added in v1.6.4
func (x *JwtStagedRouteExtension) String() string
type JwtStagedVhostExtension ¶ added in v1.6.4
type JwtStagedVhostExtension struct { // JWT Virtual host config for the JWT filter that runs before the extauth filter. BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"` // JWT Virtual host config for the JWT filter that runs after the extauth filter. AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"` // contains filtered or unexported fields }
func (*JwtStagedVhostExtension) Descriptor
deprecated
added in
v1.6.4
func (*JwtStagedVhostExtension) Descriptor() ([]byte, []int)
Deprecated: Use JwtStagedVhostExtension.ProtoReflect.Descriptor instead.
func (*JwtStagedVhostExtension) Equal ¶ added in v1.6.4
func (m *JwtStagedVhostExtension) Equal(that interface{}) bool
Equal function
func (*JwtStagedVhostExtension) GetAfterExtAuth ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) GetAfterExtAuth() *VhostExtension
func (*JwtStagedVhostExtension) GetBeforeExtAuth ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) GetBeforeExtAuth() *VhostExtension
func (*JwtStagedVhostExtension) Hash ¶ added in v1.6.4
func (m *JwtStagedVhostExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JwtStagedVhostExtension) ProtoMessage ¶ added in v1.6.4
func (*JwtStagedVhostExtension) ProtoMessage()
func (*JwtStagedVhostExtension) ProtoReflect ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) ProtoReflect() protoreflect.Message
func (*JwtStagedVhostExtension) Reset ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) Reset()
func (*JwtStagedVhostExtension) String ¶ added in v1.6.4
func (x *JwtStagedVhostExtension) String() string
type LocalJwks ¶
type LocalJwks struct { // Inline key. this can be json web key, key-set or PEM format. Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` // contains filtered or unexported fields }
func (*LocalJwks) Descriptor
deprecated
func (*LocalJwks) ProtoMessage ¶
func (*LocalJwks) ProtoMessage()
func (*LocalJwks) ProtoReflect ¶ added in v1.6.0
func (x *LocalJwks) ProtoReflect() protoreflect.Message
type Provider ¶
type Provider struct { // The source for the keys to validate JWTs. Jwks *Jwks `protobuf:"bytes,1,opt,name=jwks,proto3" json:"jwks,omitempty"` // An incoming JWT must have an 'aud' claim and it must be in this list. Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // Issuer of the JWT. the 'iss' claim of the JWT must match this. Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"` // Where to find the JWT of the current provider. TokenSource *TokenSource `protobuf:"bytes,4,opt,name=token_source,json=tokenSource,proto3" json:"token_source,omitempty"` // Should the token forwarded upstream. if false, the header containing the token will be removed. KeepToken bool `protobuf:"varint,5,opt,name=keep_token,json=keepToken,proto3" json:"keep_token,omitempty"` // What claims should be copied to upstream headers. ClaimsToHeaders []*ClaimToHeader `protobuf:"bytes,6,rep,name=claims_to_headers,json=claimsToHeaders,proto3" json:"claims_to_headers,omitempty"` // contains filtered or unexported fields }
func (*Provider) Descriptor
deprecated
func (*Provider) GetAudiences ¶
func (*Provider) GetClaimsToHeaders ¶
func (x *Provider) GetClaimsToHeaders() []*ClaimToHeader
func (*Provider) GetKeepToken ¶
func (*Provider) GetTokenSource ¶
func (x *Provider) GetTokenSource() *TokenSource
func (*Provider) ProtoMessage ¶
func (*Provider) ProtoMessage()
func (*Provider) ProtoReflect ¶ added in v1.6.0
func (x *Provider) ProtoReflect() protoreflect.Message
type RemoteJwks ¶
type RemoteJwks struct { // The url used when accessing the upstream for Json Web Key Set. // This is used to set the host and path in the request Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"` // The Upstream representing the Json Web Key Set server UpstreamRef *core.ResourceRef `protobuf:"bytes,2,opt,name=upstream_ref,json=upstreamRef,proto3" json:"upstream_ref,omitempty"` // Duration after which the cached JWKS should be expired. // If not specified, default cache duration is 5 minutes. CacheDuration *duration.Duration `protobuf:"bytes,4,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"` // contains filtered or unexported fields }
func (*RemoteJwks) Descriptor
deprecated
func (*RemoteJwks) Descriptor() ([]byte, []int)
Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.
func (*RemoteJwks) GetCacheDuration ¶
func (x *RemoteJwks) GetCacheDuration() *duration.Duration
func (*RemoteJwks) GetUpstreamRef ¶
func (x *RemoteJwks) GetUpstreamRef() *core.ResourceRef
func (*RemoteJwks) GetUrl ¶
func (x *RemoteJwks) GetUrl() string
func (*RemoteJwks) Hash ¶ added in v1.2.13
func (m *RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*RemoteJwks) ProtoMessage ¶
func (*RemoteJwks) ProtoMessage()
func (*RemoteJwks) ProtoReflect ¶ added in v1.6.0
func (x *RemoteJwks) ProtoReflect() protoreflect.Message
func (*RemoteJwks) Reset ¶
func (x *RemoteJwks) Reset()
func (*RemoteJwks) String ¶
func (x *RemoteJwks) String() string
type RouteExtension ¶
type RouteExtension struct { // Disable JWT checks on this route. Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"` // contains filtered or unexported fields }
func (*RouteExtension) Descriptor
deprecated
func (*RouteExtension) Descriptor() ([]byte, []int)
Deprecated: Use RouteExtension.ProtoReflect.Descriptor instead.
func (*RouteExtension) GetDisable ¶
func (x *RouteExtension) GetDisable() bool
func (*RouteExtension) Hash ¶ added in v1.2.13
func (m *RouteExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*RouteExtension) ProtoMessage ¶
func (*RouteExtension) ProtoMessage()
func (*RouteExtension) ProtoReflect ¶ added in v1.6.0
func (x *RouteExtension) ProtoReflect() protoreflect.Message
func (*RouteExtension) Reset ¶
func (x *RouteExtension) Reset()
func (*RouteExtension) String ¶
func (x *RouteExtension) String() string
type TokenSource ¶
type TokenSource struct { // Try to retrieve token from these headers Headers []*TokenSource_HeaderSource `protobuf:"bytes,1,rep,name=headers,proto3" json:"headers,omitempty"` // Try to retrieve token from these query params QueryParams []string `protobuf:"bytes,2,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty"` // contains filtered or unexported fields }
Describes the location of a JWT token
func (*TokenSource) Descriptor
deprecated
func (*TokenSource) Descriptor() ([]byte, []int)
Deprecated: Use TokenSource.ProtoReflect.Descriptor instead.
func (*TokenSource) GetHeaders ¶
func (x *TokenSource) GetHeaders() []*TokenSource_HeaderSource
func (*TokenSource) GetQueryParams ¶
func (x *TokenSource) GetQueryParams() []string
func (*TokenSource) Hash ¶ added in v1.2.13
func (m *TokenSource) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*TokenSource) ProtoMessage ¶
func (*TokenSource) ProtoMessage()
func (*TokenSource) ProtoReflect ¶ added in v1.6.0
func (x *TokenSource) ProtoReflect() protoreflect.Message
func (*TokenSource) Reset ¶
func (x *TokenSource) Reset()
func (*TokenSource) String ¶
func (x *TokenSource) String() string
type TokenSource_HeaderSource ¶
type TokenSource_HeaderSource struct { // The name of the header. for example, "authorization" Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` // Prefix before the token. for example, "Bearer " Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"` // contains filtered or unexported fields }
Describes how to retrieve a JWT from a header
func (*TokenSource_HeaderSource) Descriptor
deprecated
func (*TokenSource_HeaderSource) Descriptor() ([]byte, []int)
Deprecated: Use TokenSource_HeaderSource.ProtoReflect.Descriptor instead.
func (*TokenSource_HeaderSource) Equal ¶
func (m *TokenSource_HeaderSource) Equal(that interface{}) bool
Equal function
func (*TokenSource_HeaderSource) GetHeader ¶
func (x *TokenSource_HeaderSource) GetHeader() string
func (*TokenSource_HeaderSource) GetPrefix ¶
func (x *TokenSource_HeaderSource) GetPrefix() string
func (*TokenSource_HeaderSource) Hash ¶ added in v1.2.13
func (m *TokenSource_HeaderSource) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*TokenSource_HeaderSource) ProtoMessage ¶
func (*TokenSource_HeaderSource) ProtoMessage()
func (*TokenSource_HeaderSource) ProtoReflect ¶ added in v1.6.0
func (x *TokenSource_HeaderSource) ProtoReflect() protoreflect.Message
func (*TokenSource_HeaderSource) Reset ¶
func (x *TokenSource_HeaderSource) Reset()
func (*TokenSource_HeaderSource) String ¶
func (x *TokenSource_HeaderSource) String() string
type VhostExtension ¶
type VhostExtension struct { // Map of JWT provider name to Provider. // If specified, multiple providers will be `OR`-ed together and will allow validation to any of the providers. Providers map[string]*Provider `` /* 159-byte string literal not displayed */ // Allow pass through of JWT requests for this virtual host, even if JWT token is missing or JWT auth failed. // If this is false (default false), requests that fail JWT authentication will fail authorization immediately. // For example, if a request requires either JWT auth OR another auth method, this can be enabled to allow a failed JWT auth request to pass through to the other auth method. AllowMissingOrFailedJwt bool `` /* 137-byte string literal not displayed */ // contains filtered or unexported fields }
func (*VhostExtension) Descriptor
deprecated
func (*VhostExtension) Descriptor() ([]byte, []int)
Deprecated: Use VhostExtension.ProtoReflect.Descriptor instead.
func (*VhostExtension) GetAllowMissingOrFailedJwt ¶ added in v1.6.0
func (x *VhostExtension) GetAllowMissingOrFailedJwt() bool
func (*VhostExtension) GetProviders ¶
func (x *VhostExtension) GetProviders() map[string]*Provider
func (*VhostExtension) Hash ¶ added in v1.2.13
func (m *VhostExtension) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*VhostExtension) ProtoMessage ¶
func (*VhostExtension) ProtoMessage()
func (*VhostExtension) ProtoReflect ¶ added in v1.6.0
func (x *VhostExtension) ProtoReflect() protoreflect.Message
func (*VhostExtension) Reset ¶
func (x *VhostExtension) Reset()
func (*VhostExtension) String ¶
func (x *VhostExtension) String() string