Documentation ¶
Index ¶
- Variables
- func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer)
- type AttributeContext
- func (*AttributeContext) Descriptor() ([]byte, []int)
- func (m *AttributeContext) GetContextExtensions() map[string]string
- func (m *AttributeContext) GetDestination() *AttributeContext_Peer
- func (m *AttributeContext) GetRequest() *AttributeContext_Request
- func (m *AttributeContext) GetSource() *AttributeContext_Peer
- func (m *AttributeContext) Marshal() (dAtA []byte, err error)
- func (m *AttributeContext) MarshalTo(dAtA []byte) (int, error)
- func (*AttributeContext) ProtoMessage()
- func (m *AttributeContext) Reset()
- func (m *AttributeContext) Size() (n int)
- func (m *AttributeContext) String() string
- func (m *AttributeContext) Unmarshal(dAtA []byte) error
- func (m *AttributeContext) Validate() error
- func (m *AttributeContext) XXX_DiscardUnknown()
- func (m *AttributeContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *AttributeContext) XXX_Merge(src proto.Message)
- func (m *AttributeContext) XXX_Size() int
- func (m *AttributeContext) XXX_Unmarshal(b []byte) error
- type AttributeContextValidationError
- type AttributeContext_HttpRequest
- func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int)
- func (m *AttributeContext_HttpRequest) GetFragment() string
- func (m *AttributeContext_HttpRequest) GetHeaders() map[string]string
- func (m *AttributeContext_HttpRequest) GetHost() string
- func (m *AttributeContext_HttpRequest) GetId() string
- func (m *AttributeContext_HttpRequest) GetMethod() string
- func (m *AttributeContext_HttpRequest) GetPath() string
- func (m *AttributeContext_HttpRequest) GetProtocol() string
- func (m *AttributeContext_HttpRequest) GetQuery() string
- func (m *AttributeContext_HttpRequest) GetScheme() string
- func (m *AttributeContext_HttpRequest) GetSize_() int64
- func (m *AttributeContext_HttpRequest) Marshal() (dAtA []byte, err error)
- func (m *AttributeContext_HttpRequest) MarshalTo(dAtA []byte) (int, error)
- func (*AttributeContext_HttpRequest) ProtoMessage()
- func (m *AttributeContext_HttpRequest) Reset()
- func (m *AttributeContext_HttpRequest) Size() (n int)
- func (m *AttributeContext_HttpRequest) String() string
- func (m *AttributeContext_HttpRequest) Unmarshal(dAtA []byte) error
- func (m *AttributeContext_HttpRequest) Validate() error
- func (m *AttributeContext_HttpRequest) XXX_DiscardUnknown()
- func (m *AttributeContext_HttpRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *AttributeContext_HttpRequest) XXX_Merge(src proto.Message)
- func (m *AttributeContext_HttpRequest) XXX_Size() int
- func (m *AttributeContext_HttpRequest) XXX_Unmarshal(b []byte) error
- type AttributeContext_HttpRequestValidationError
- type AttributeContext_Peer
- func (*AttributeContext_Peer) Descriptor() ([]byte, []int)
- func (m *AttributeContext_Peer) GetAddress() *core.Address
- func (m *AttributeContext_Peer) GetLabels() map[string]string
- func (m *AttributeContext_Peer) GetPrincipal() string
- func (m *AttributeContext_Peer) GetService() string
- func (m *AttributeContext_Peer) Marshal() (dAtA []byte, err error)
- func (m *AttributeContext_Peer) MarshalTo(dAtA []byte) (int, error)
- func (*AttributeContext_Peer) ProtoMessage()
- func (m *AttributeContext_Peer) Reset()
- func (m *AttributeContext_Peer) Size() (n int)
- func (m *AttributeContext_Peer) String() string
- func (m *AttributeContext_Peer) Unmarshal(dAtA []byte) error
- func (m *AttributeContext_Peer) Validate() error
- func (m *AttributeContext_Peer) XXX_DiscardUnknown()
- func (m *AttributeContext_Peer) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *AttributeContext_Peer) XXX_Merge(src proto.Message)
- func (m *AttributeContext_Peer) XXX_Size() int
- func (m *AttributeContext_Peer) XXX_Unmarshal(b []byte) error
- type AttributeContext_PeerValidationError
- type AttributeContext_Request
- func (*AttributeContext_Request) Descriptor() ([]byte, []int)
- func (m *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest
- func (m *AttributeContext_Request) GetTime() *types.Timestamp
- func (m *AttributeContext_Request) Marshal() (dAtA []byte, err error)
- func (m *AttributeContext_Request) MarshalTo(dAtA []byte) (int, error)
- func (*AttributeContext_Request) ProtoMessage()
- func (m *AttributeContext_Request) Reset()
- func (m *AttributeContext_Request) Size() (n int)
- func (m *AttributeContext_Request) String() string
- func (m *AttributeContext_Request) Unmarshal(dAtA []byte) error
- func (m *AttributeContext_Request) Validate() error
- func (m *AttributeContext_Request) XXX_DiscardUnknown()
- func (m *AttributeContext_Request) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *AttributeContext_Request) XXX_Merge(src proto.Message)
- func (m *AttributeContext_Request) XXX_Size() int
- func (m *AttributeContext_Request) XXX_Unmarshal(b []byte) error
- type AttributeContext_RequestValidationError
- type AuthorizationClient
- type AuthorizationServer
- type CheckRequest
- func (*CheckRequest) Descriptor() ([]byte, []int)
- func (m *CheckRequest) GetAttributes() *AttributeContext
- func (m *CheckRequest) Marshal() (dAtA []byte, err error)
- func (m *CheckRequest) MarshalTo(dAtA []byte) (int, error)
- func (*CheckRequest) ProtoMessage()
- func (m *CheckRequest) Reset()
- func (m *CheckRequest) Size() (n int)
- func (m *CheckRequest) String() string
- func (m *CheckRequest) Unmarshal(dAtA []byte) error
- func (m *CheckRequest) Validate() error
- func (m *CheckRequest) XXX_DiscardUnknown()
- func (m *CheckRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CheckRequest) XXX_Merge(src proto.Message)
- func (m *CheckRequest) XXX_Size() int
- func (m *CheckRequest) XXX_Unmarshal(b []byte) error
- type CheckRequestValidationError
- type CheckResponse
- func (*CheckResponse) Descriptor() ([]byte, []int)
- func (m *CheckResponse) GetDeniedResponse() *DeniedHttpResponse
- func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse
- func (m *CheckResponse) GetOkResponse() *OkHttpResponse
- func (m *CheckResponse) GetStatus() *rpc.Status
- func (m *CheckResponse) Marshal() (dAtA []byte, err error)
- func (m *CheckResponse) MarshalTo(dAtA []byte) (int, error)
- func (*CheckResponse) ProtoMessage()
- func (m *CheckResponse) Reset()
- func (m *CheckResponse) Size() (n int)
- func (m *CheckResponse) String() string
- func (m *CheckResponse) Unmarshal(dAtA []byte) error
- func (m *CheckResponse) Validate() error
- func (m *CheckResponse) XXX_DiscardUnknown()
- func (m *CheckResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CheckResponse) XXX_Merge(src proto.Message)
- func (*CheckResponse) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *CheckResponse) XXX_Size() int
- func (m *CheckResponse) XXX_Unmarshal(b []byte) error
- type CheckResponseValidationError
- type CheckResponse_DeniedResponse
- type CheckResponse_OkResponse
- type DeniedHttpResponse
- func (*DeniedHttpResponse) Descriptor() ([]byte, []int)
- func (m *DeniedHttpResponse) GetBody() string
- func (m *DeniedHttpResponse) GetHeaders() []*core.HeaderValueOption
- func (m *DeniedHttpResponse) GetStatus() *_type.HttpStatus
- func (m *DeniedHttpResponse) Marshal() (dAtA []byte, err error)
- func (m *DeniedHttpResponse) MarshalTo(dAtA []byte) (int, error)
- func (*DeniedHttpResponse) ProtoMessage()
- func (m *DeniedHttpResponse) Reset()
- func (m *DeniedHttpResponse) Size() (n int)
- func (m *DeniedHttpResponse) String() string
- func (m *DeniedHttpResponse) Unmarshal(dAtA []byte) error
- func (m *DeniedHttpResponse) Validate() error
- func (m *DeniedHttpResponse) XXX_DiscardUnknown()
- func (m *DeniedHttpResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *DeniedHttpResponse) XXX_Merge(src proto.Message)
- func (m *DeniedHttpResponse) XXX_Size() int
- func (m *DeniedHttpResponse) XXX_Unmarshal(b []byte) error
- type DeniedHttpResponseValidationError
- type OkHttpResponse
- func (*OkHttpResponse) Descriptor() ([]byte, []int)
- func (m *OkHttpResponse) GetHeaders() []*core.HeaderValueOption
- func (m *OkHttpResponse) Marshal() (dAtA []byte, err error)
- func (m *OkHttpResponse) MarshalTo(dAtA []byte) (int, error)
- func (*OkHttpResponse) ProtoMessage()
- func (m *OkHttpResponse) Reset()
- func (m *OkHttpResponse) Size() (n int)
- func (m *OkHttpResponse) String() string
- func (m *OkHttpResponse) Unmarshal(dAtA []byte) error
- func (m *OkHttpResponse) Validate() error
- func (m *OkHttpResponse) XXX_DiscardUnknown()
- func (m *OkHttpResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *OkHttpResponse) XXX_Merge(src proto.Message)
- func (m *OkHttpResponse) XXX_Size() int
- func (m *OkHttpResponse) XXX_Unmarshal(b []byte) error
- type OkHttpResponseValidationError
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthAttributeContext = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowAttributeContext = fmt.Errorf("proto: integer overflow") )
var ( ErrInvalidLengthExternalAuth = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowExternalAuth = fmt.Errorf("proto: integer overflow") )
Functions ¶
func RegisterAuthorizationServer ¶
func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer)
Types ¶
type AttributeContext ¶
type AttributeContext struct { // The source of a network activity, such as starting a TCP connection. // In a multi hop network activity, the source represents the sender of the // last hop. Source *AttributeContext_Peer `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"` // The destination of a network activity, such as accepting a TCP connection. // In a multi hop network activity, the destination represents the receiver of // the last hop. Destination *AttributeContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"` // Represents a network request, such as an HTTP request. Request *AttributeContext_Request `protobuf:"bytes,4,opt,name=request,proto3" json:"request,omitempty"` // This is analogous to http_request.headers, however these contents will not be sent to the // upstream server. Context_extensions provide an extension mechanism for sending additional // information to the auth server without modifying the proto definition. It maps to the // internal opaque context in the filter chain. ContextExtensions map[string]string `` /* 201-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
An attribute is a piece of metadata that describes an activity on a network. For example, the size of an HTTP request, or the status code of an HTTP response.
Each attribute has a type and a name, which is logically defined as a proto message field of the `AttributeContext`. The `AttributeContext` is a collection of individual attributes supported by Envoy authorization system.
func (*AttributeContext) Descriptor ¶
func (*AttributeContext) Descriptor() ([]byte, []int)
func (*AttributeContext) GetContextExtensions ¶
func (m *AttributeContext) GetContextExtensions() map[string]string
func (*AttributeContext) GetDestination ¶
func (m *AttributeContext) GetDestination() *AttributeContext_Peer
func (*AttributeContext) GetRequest ¶
func (m *AttributeContext) GetRequest() *AttributeContext_Request
func (*AttributeContext) GetSource ¶
func (m *AttributeContext) GetSource() *AttributeContext_Peer
func (*AttributeContext) Marshal ¶
func (m *AttributeContext) Marshal() (dAtA []byte, err error)
func (*AttributeContext) ProtoMessage ¶
func (*AttributeContext) ProtoMessage()
func (*AttributeContext) Reset ¶
func (m *AttributeContext) Reset()
func (*AttributeContext) Size ¶
func (m *AttributeContext) Size() (n int)
func (*AttributeContext) String ¶
func (m *AttributeContext) String() string
func (*AttributeContext) Unmarshal ¶
func (m *AttributeContext) Unmarshal(dAtA []byte) error
func (*AttributeContext) Validate ¶
func (m *AttributeContext) Validate() error
Validate checks the field values on AttributeContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*AttributeContext) XXX_DiscardUnknown ¶
func (m *AttributeContext) XXX_DiscardUnknown()
func (*AttributeContext) XXX_Marshal ¶
func (m *AttributeContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AttributeContext) XXX_Merge ¶
func (m *AttributeContext) XXX_Merge(src proto.Message)
func (*AttributeContext) XXX_Size ¶
func (m *AttributeContext) XXX_Size() int
func (*AttributeContext) XXX_Unmarshal ¶
func (m *AttributeContext) XXX_Unmarshal(b []byte) error
type AttributeContextValidationError ¶
AttributeContextValidationError is the validation error returned by AttributeContext.Validate if the designated constraints aren't met.
func (AttributeContextValidationError) Error ¶
func (e AttributeContextValidationError) Error() string
Error satisfies the builtin error interface
type AttributeContext_HttpRequest ¶
type AttributeContext_HttpRequest struct { // The unique ID for a request, which can be propagated to downstream // systems. The ID should have low probability of collision // within a single day for a specific service. // For HTTP requests, it should be X-Request-ID or equivalent. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // The HTTP request method, such as `GET`, `POST`. Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"` // The HTTP request headers. If multiple headers share the same key, they // must be merged according to the HTTP spec. All header keys must be // lowercased, because HTTP header keys are case-insensitive. Headers map[string]string `` /* 155-byte string literal not displayed */ // The HTTP URL path. Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` // The HTTP request `Host` or 'Authority` header value. Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"` // The HTTP URL scheme, such as `http` and `https`. Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"` // The HTTP URL query in the format of `name1=value`&name2=value2`, as it // appears in the first line of the HTTP request. No decoding is performed. Query string `protobuf:"bytes,7,opt,name=query,proto3" json:"query,omitempty"` // The HTTP URL fragment, excluding leading `#`. No URL decoding is performed. Fragment string `protobuf:"bytes,8,opt,name=fragment,proto3" json:"fragment,omitempty"` // The HTTP request size in bytes. If unknown, it must be -1. Size_ int64 `protobuf:"varint,9,opt,name=size,proto3" json:"size,omitempty"` // The network protocol used with the request, such as // "http/1.1", "spdy/3", "h2", "h2c" Protocol string `protobuf:"bytes,10,opt,name=protocol,proto3" json:"protocol,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message defines attributes for an HTTP request. HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests.
func (*AttributeContext_HttpRequest) Descriptor ¶
func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int)
func (*AttributeContext_HttpRequest) GetFragment ¶
func (m *AttributeContext_HttpRequest) GetFragment() string
func (*AttributeContext_HttpRequest) GetHeaders ¶
func (m *AttributeContext_HttpRequest) GetHeaders() map[string]string
func (*AttributeContext_HttpRequest) GetHost ¶
func (m *AttributeContext_HttpRequest) GetHost() string
func (*AttributeContext_HttpRequest) GetId ¶
func (m *AttributeContext_HttpRequest) GetId() string
func (*AttributeContext_HttpRequest) GetMethod ¶
func (m *AttributeContext_HttpRequest) GetMethod() string
func (*AttributeContext_HttpRequest) GetPath ¶
func (m *AttributeContext_HttpRequest) GetPath() string
func (*AttributeContext_HttpRequest) GetProtocol ¶
func (m *AttributeContext_HttpRequest) GetProtocol() string
func (*AttributeContext_HttpRequest) GetQuery ¶
func (m *AttributeContext_HttpRequest) GetQuery() string
func (*AttributeContext_HttpRequest) GetScheme ¶
func (m *AttributeContext_HttpRequest) GetScheme() string
func (*AttributeContext_HttpRequest) GetSize_ ¶
func (m *AttributeContext_HttpRequest) GetSize_() int64
func (*AttributeContext_HttpRequest) Marshal ¶
func (m *AttributeContext_HttpRequest) Marshal() (dAtA []byte, err error)
func (*AttributeContext_HttpRequest) MarshalTo ¶
func (m *AttributeContext_HttpRequest) MarshalTo(dAtA []byte) (int, error)
func (*AttributeContext_HttpRequest) ProtoMessage ¶
func (*AttributeContext_HttpRequest) ProtoMessage()
func (*AttributeContext_HttpRequest) Reset ¶
func (m *AttributeContext_HttpRequest) Reset()
func (*AttributeContext_HttpRequest) Size ¶
func (m *AttributeContext_HttpRequest) Size() (n int)
func (*AttributeContext_HttpRequest) String ¶
func (m *AttributeContext_HttpRequest) String() string
func (*AttributeContext_HttpRequest) Unmarshal ¶
func (m *AttributeContext_HttpRequest) Unmarshal(dAtA []byte) error
func (*AttributeContext_HttpRequest) Validate ¶
func (m *AttributeContext_HttpRequest) Validate() error
Validate checks the field values on AttributeContext_HttpRequest with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*AttributeContext_HttpRequest) XXX_DiscardUnknown ¶
func (m *AttributeContext_HttpRequest) XXX_DiscardUnknown()
func (*AttributeContext_HttpRequest) XXX_Marshal ¶
func (m *AttributeContext_HttpRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AttributeContext_HttpRequest) XXX_Merge ¶
func (m *AttributeContext_HttpRequest) XXX_Merge(src proto.Message)
func (*AttributeContext_HttpRequest) XXX_Size ¶
func (m *AttributeContext_HttpRequest) XXX_Size() int
func (*AttributeContext_HttpRequest) XXX_Unmarshal ¶
func (m *AttributeContext_HttpRequest) XXX_Unmarshal(b []byte) error
type AttributeContext_HttpRequestValidationError ¶
type AttributeContext_HttpRequestValidationError struct { Field string Reason string Cause error Key bool }
AttributeContext_HttpRequestValidationError is the validation error returned by AttributeContext_HttpRequest.Validate if the designated constraints aren't met.
func (AttributeContext_HttpRequestValidationError) Error ¶
func (e AttributeContext_HttpRequestValidationError) Error() string
Error satisfies the builtin error interface
type AttributeContext_Peer ¶
type AttributeContext_Peer struct { // The address of the peer, this is typically the IP address. // It can also be UDS path, or others. Address *core.Address `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` // The canonical service name of the peer. // It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster // <config_http_conn_man_headers_downstream-service-cluster>` // If a more trusted source of the service name is available through mTLS/secure naming, it // should be used. Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` // The labels associated with the peer. // These could be pod labels for Kubernetes or tags for VMs. // The source of the labels could be an X.509 certificate or other configuration. Labels map[string]string `` /* 153-byte string literal not displayed */ // The authenticated identity of this peer. // For example, the identity associated with the workload such as a service account. // If an X.509 certificate is used to assert the identity this field should be sourced from // `Subject` or `Subject Alternative Names`. The primary identity should be the principal. // The principal format is issuer specific. // // Example: // * SPIFFE format is `spiffe://trust-domain/path` // * Google account format is `https://accounts.google.com/{userid}` Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in the `service`, `principal`, and `labels` as appropriate.
func (*AttributeContext_Peer) Descriptor ¶
func (*AttributeContext_Peer) Descriptor() ([]byte, []int)
func (*AttributeContext_Peer) GetAddress ¶
func (m *AttributeContext_Peer) GetAddress() *core.Address
func (*AttributeContext_Peer) GetLabels ¶
func (m *AttributeContext_Peer) GetLabels() map[string]string
func (*AttributeContext_Peer) GetPrincipal ¶
func (m *AttributeContext_Peer) GetPrincipal() string
func (*AttributeContext_Peer) GetService ¶
func (m *AttributeContext_Peer) GetService() string
func (*AttributeContext_Peer) Marshal ¶
func (m *AttributeContext_Peer) Marshal() (dAtA []byte, err error)
func (*AttributeContext_Peer) MarshalTo ¶
func (m *AttributeContext_Peer) MarshalTo(dAtA []byte) (int, error)
func (*AttributeContext_Peer) ProtoMessage ¶
func (*AttributeContext_Peer) ProtoMessage()
func (*AttributeContext_Peer) Reset ¶
func (m *AttributeContext_Peer) Reset()
func (*AttributeContext_Peer) Size ¶
func (m *AttributeContext_Peer) Size() (n int)
func (*AttributeContext_Peer) String ¶
func (m *AttributeContext_Peer) String() string
func (*AttributeContext_Peer) Unmarshal ¶
func (m *AttributeContext_Peer) Unmarshal(dAtA []byte) error
func (*AttributeContext_Peer) Validate ¶
func (m *AttributeContext_Peer) Validate() error
Validate checks the field values on AttributeContext_Peer with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*AttributeContext_Peer) XXX_DiscardUnknown ¶
func (m *AttributeContext_Peer) XXX_DiscardUnknown()
func (*AttributeContext_Peer) XXX_Marshal ¶
func (m *AttributeContext_Peer) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AttributeContext_Peer) XXX_Merge ¶
func (m *AttributeContext_Peer) XXX_Merge(src proto.Message)
func (*AttributeContext_Peer) XXX_Size ¶
func (m *AttributeContext_Peer) XXX_Size() int
func (*AttributeContext_Peer) XXX_Unmarshal ¶
func (m *AttributeContext_Peer) XXX_Unmarshal(b []byte) error
type AttributeContext_PeerValidationError ¶
type AttributeContext_PeerValidationError struct { Field string Reason string Cause error Key bool }
AttributeContext_PeerValidationError is the validation error returned by AttributeContext_Peer.Validate if the designated constraints aren't met.
func (AttributeContext_PeerValidationError) Error ¶
func (e AttributeContext_PeerValidationError) Error() string
Error satisfies the builtin error interface
type AttributeContext_Request ¶
type AttributeContext_Request struct { // The timestamp when the proxy receives the first byte of the request. Time *types.Timestamp `protobuf:"bytes,1,opt,name=time,proto3" json:"time,omitempty"` // Represents an HTTP request or an HTTP-like request. Http *AttributeContext_HttpRequest `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Represents a network request, such as an HTTP request.
func (*AttributeContext_Request) Descriptor ¶
func (*AttributeContext_Request) Descriptor() ([]byte, []int)
func (*AttributeContext_Request) GetHttp ¶
func (m *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest
func (*AttributeContext_Request) GetTime ¶
func (m *AttributeContext_Request) GetTime() *types.Timestamp
func (*AttributeContext_Request) Marshal ¶
func (m *AttributeContext_Request) Marshal() (dAtA []byte, err error)
func (*AttributeContext_Request) MarshalTo ¶
func (m *AttributeContext_Request) MarshalTo(dAtA []byte) (int, error)
func (*AttributeContext_Request) ProtoMessage ¶
func (*AttributeContext_Request) ProtoMessage()
func (*AttributeContext_Request) Reset ¶
func (m *AttributeContext_Request) Reset()
func (*AttributeContext_Request) Size ¶
func (m *AttributeContext_Request) Size() (n int)
func (*AttributeContext_Request) String ¶
func (m *AttributeContext_Request) String() string
func (*AttributeContext_Request) Unmarshal ¶
func (m *AttributeContext_Request) Unmarshal(dAtA []byte) error
func (*AttributeContext_Request) Validate ¶
func (m *AttributeContext_Request) Validate() error
Validate checks the field values on AttributeContext_Request with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*AttributeContext_Request) XXX_DiscardUnknown ¶
func (m *AttributeContext_Request) XXX_DiscardUnknown()
func (*AttributeContext_Request) XXX_Marshal ¶
func (m *AttributeContext_Request) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AttributeContext_Request) XXX_Merge ¶
func (m *AttributeContext_Request) XXX_Merge(src proto.Message)
func (*AttributeContext_Request) XXX_Size ¶
func (m *AttributeContext_Request) XXX_Size() int
func (*AttributeContext_Request) XXX_Unmarshal ¶
func (m *AttributeContext_Request) XXX_Unmarshal(b []byte) error
type AttributeContext_RequestValidationError ¶
type AttributeContext_RequestValidationError struct { Field string Reason string Cause error Key bool }
AttributeContext_RequestValidationError is the validation error returned by AttributeContext_Request.Validate if the designated constraints aren't met.
func (AttributeContext_RequestValidationError) Error ¶
func (e AttributeContext_RequestValidationError) Error() string
Error satisfies the builtin error interface
type AuthorizationClient ¶
type AuthorizationClient interface { // Performs authorization check based on the attributes associated with the // incoming request, and returns status `OK` or not `OK`. Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) }
AuthorizationClient is the client API for Authorization service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewAuthorizationClient ¶
func NewAuthorizationClient(cc *grpc.ClientConn) AuthorizationClient
type AuthorizationServer ¶
type AuthorizationServer interface { // Performs authorization check based on the attributes associated with the // incoming request, and returns status `OK` or not `OK`. Check(context.Context, *CheckRequest) (*CheckResponse, error) }
AuthorizationServer is the server API for Authorization service.
type CheckRequest ¶
type CheckRequest struct { // The request attributes. Attributes *AttributeContext `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*CheckRequest) Descriptor ¶
func (*CheckRequest) Descriptor() ([]byte, []int)
func (*CheckRequest) GetAttributes ¶
func (m *CheckRequest) GetAttributes() *AttributeContext
func (*CheckRequest) Marshal ¶
func (m *CheckRequest) Marshal() (dAtA []byte, err error)
func (*CheckRequest) ProtoMessage ¶
func (*CheckRequest) ProtoMessage()
func (*CheckRequest) Reset ¶
func (m *CheckRequest) Reset()
func (*CheckRequest) Size ¶
func (m *CheckRequest) Size() (n int)
func (*CheckRequest) String ¶
func (m *CheckRequest) String() string
func (*CheckRequest) Unmarshal ¶
func (m *CheckRequest) Unmarshal(dAtA []byte) error
func (*CheckRequest) Validate ¶
func (m *CheckRequest) Validate() error
Validate checks the field values on CheckRequest with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*CheckRequest) XXX_DiscardUnknown ¶
func (m *CheckRequest) XXX_DiscardUnknown()
func (*CheckRequest) XXX_Marshal ¶
func (m *CheckRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CheckRequest) XXX_Merge ¶
func (m *CheckRequest) XXX_Merge(src proto.Message)
func (*CheckRequest) XXX_Size ¶
func (m *CheckRequest) XXX_Size() int
func (*CheckRequest) XXX_Unmarshal ¶
func (m *CheckRequest) XXX_Unmarshal(b []byte) error
type CheckRequestValidationError ¶
CheckRequestValidationError is the validation error returned by CheckRequest.Validate if the designated constraints aren't met.
func (CheckRequestValidationError) Error ¶
func (e CheckRequestValidationError) Error() string
Error satisfies the builtin error interface
type CheckResponse ¶
type CheckResponse struct { // Status `OK` allows the request. Any other status indicates the request should be denied. Status *rpc.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` // An message that contains HTTP response attributes. This message is // used when the authorization service needs to send custom responses to the // downstream client or, to modify/add request headers being dispatched to the upstream. // // Types that are valid to be assigned to HttpResponse: // *CheckResponse_DeniedResponse // *CheckResponse_OkResponse HttpResponse isCheckResponse_HttpResponse `protobuf_oneof:"http_response"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Intended for gRPC and Network Authorization servers `only`.
func (*CheckResponse) Descriptor ¶
func (*CheckResponse) Descriptor() ([]byte, []int)
func (*CheckResponse) GetDeniedResponse ¶
func (m *CheckResponse) GetDeniedResponse() *DeniedHttpResponse
func (*CheckResponse) GetHttpResponse ¶
func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse
func (*CheckResponse) GetOkResponse ¶
func (m *CheckResponse) GetOkResponse() *OkHttpResponse
func (*CheckResponse) GetStatus ¶
func (m *CheckResponse) GetStatus() *rpc.Status
func (*CheckResponse) Marshal ¶
func (m *CheckResponse) Marshal() (dAtA []byte, err error)
func (*CheckResponse) ProtoMessage ¶
func (*CheckResponse) ProtoMessage()
func (*CheckResponse) Reset ¶
func (m *CheckResponse) Reset()
func (*CheckResponse) Size ¶
func (m *CheckResponse) Size() (n int)
func (*CheckResponse) String ¶
func (m *CheckResponse) String() string
func (*CheckResponse) Unmarshal ¶
func (m *CheckResponse) Unmarshal(dAtA []byte) error
func (*CheckResponse) Validate ¶
func (m *CheckResponse) Validate() error
Validate checks the field values on CheckResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*CheckResponse) XXX_DiscardUnknown ¶
func (m *CheckResponse) XXX_DiscardUnknown()
func (*CheckResponse) XXX_Marshal ¶
func (m *CheckResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CheckResponse) XXX_Merge ¶
func (m *CheckResponse) XXX_Merge(src proto.Message)
func (*CheckResponse) XXX_OneofFuncs ¶
func (*CheckResponse) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*CheckResponse) XXX_Size ¶
func (m *CheckResponse) XXX_Size() int
func (*CheckResponse) XXX_Unmarshal ¶
func (m *CheckResponse) XXX_Unmarshal(b []byte) error
type CheckResponseValidationError ¶
CheckResponseValidationError is the validation error returned by CheckResponse.Validate if the designated constraints aren't met.
func (CheckResponseValidationError) Error ¶
func (e CheckResponseValidationError) Error() string
Error satisfies the builtin error interface
type CheckResponse_DeniedResponse ¶
type CheckResponse_DeniedResponse struct {
DeniedResponse *DeniedHttpResponse `protobuf:"bytes,2,opt,name=denied_response,json=deniedResponse,proto3,oneof"`
}
func (*CheckResponse_DeniedResponse) MarshalTo ¶
func (m *CheckResponse_DeniedResponse) MarshalTo(dAtA []byte) (int, error)
func (*CheckResponse_DeniedResponse) Size ¶
func (m *CheckResponse_DeniedResponse) Size() (n int)
type CheckResponse_OkResponse ¶
type CheckResponse_OkResponse struct {
OkResponse *OkHttpResponse `protobuf:"bytes,3,opt,name=ok_response,json=okResponse,proto3,oneof"`
}
func (*CheckResponse_OkResponse) MarshalTo ¶
func (m *CheckResponse_OkResponse) MarshalTo(dAtA []byte) (int, error)
func (*CheckResponse_OkResponse) Size ¶
func (m *CheckResponse_OkResponse) Size() (n int)
type DeniedHttpResponse ¶
type DeniedHttpResponse struct { // This field allows the authorization service to send a HTTP response status // code to the downstream client other than 403 (Forbidden). Status *_type.HttpStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` // This field allows the authorization service to send HTTP response headers // to the downstream client. Headers []*core.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"` // This field allows the authorization service to send a response body data // to the downstream client. Body string `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
HTTP attributes for a denied response.
func (*DeniedHttpResponse) Descriptor ¶
func (*DeniedHttpResponse) Descriptor() ([]byte, []int)
func (*DeniedHttpResponse) GetBody ¶
func (m *DeniedHttpResponse) GetBody() string
func (*DeniedHttpResponse) GetHeaders ¶
func (m *DeniedHttpResponse) GetHeaders() []*core.HeaderValueOption
func (*DeniedHttpResponse) GetStatus ¶
func (m *DeniedHttpResponse) GetStatus() *_type.HttpStatus
func (*DeniedHttpResponse) Marshal ¶
func (m *DeniedHttpResponse) Marshal() (dAtA []byte, err error)
func (*DeniedHttpResponse) MarshalTo ¶
func (m *DeniedHttpResponse) MarshalTo(dAtA []byte) (int, error)
func (*DeniedHttpResponse) ProtoMessage ¶
func (*DeniedHttpResponse) ProtoMessage()
func (*DeniedHttpResponse) Reset ¶
func (m *DeniedHttpResponse) Reset()
func (*DeniedHttpResponse) Size ¶
func (m *DeniedHttpResponse) Size() (n int)
func (*DeniedHttpResponse) String ¶
func (m *DeniedHttpResponse) String() string
func (*DeniedHttpResponse) Unmarshal ¶
func (m *DeniedHttpResponse) Unmarshal(dAtA []byte) error
func (*DeniedHttpResponse) Validate ¶
func (m *DeniedHttpResponse) Validate() error
Validate checks the field values on DeniedHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*DeniedHttpResponse) XXX_DiscardUnknown ¶
func (m *DeniedHttpResponse) XXX_DiscardUnknown()
func (*DeniedHttpResponse) XXX_Marshal ¶
func (m *DeniedHttpResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*DeniedHttpResponse) XXX_Merge ¶
func (m *DeniedHttpResponse) XXX_Merge(src proto.Message)
func (*DeniedHttpResponse) XXX_Size ¶
func (m *DeniedHttpResponse) XXX_Size() int
func (*DeniedHttpResponse) XXX_Unmarshal ¶
func (m *DeniedHttpResponse) XXX_Unmarshal(b []byte) error
type DeniedHttpResponseValidationError ¶
DeniedHttpResponseValidationError is the validation error returned by DeniedHttpResponse.Validate if the designated constraints aren't met.
func (DeniedHttpResponseValidationError) Error ¶
func (e DeniedHttpResponseValidationError) Error() string
Error satisfies the builtin error interface
type OkHttpResponse ¶
type OkHttpResponse struct { // HTTP entity headers in addition to the original request headers. This allows the authorization // service to append, to add or to override headers from the original request before // dispatching it to the upstream. By setting `append` field to `true` in the `HeaderValueOption`, // the filter will append the correspondent header value to the matched request header. Note that // by Leaving `append` as false, the filter will either add a new header, or override an existing // one if there is a match. Headers []*core.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
HTTP attributes for an ok response.
func (*OkHttpResponse) Descriptor ¶
func (*OkHttpResponse) Descriptor() ([]byte, []int)
func (*OkHttpResponse) GetHeaders ¶
func (m *OkHttpResponse) GetHeaders() []*core.HeaderValueOption
func (*OkHttpResponse) Marshal ¶
func (m *OkHttpResponse) Marshal() (dAtA []byte, err error)
func (*OkHttpResponse) ProtoMessage ¶
func (*OkHttpResponse) ProtoMessage()
func (*OkHttpResponse) Reset ¶
func (m *OkHttpResponse) Reset()
func (*OkHttpResponse) Size ¶
func (m *OkHttpResponse) Size() (n int)
func (*OkHttpResponse) String ¶
func (m *OkHttpResponse) String() string
func (*OkHttpResponse) Unmarshal ¶
func (m *OkHttpResponse) Unmarshal(dAtA []byte) error
func (*OkHttpResponse) Validate ¶
func (m *OkHttpResponse) Validate() error
Validate checks the field values on OkHttpResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*OkHttpResponse) XXX_DiscardUnknown ¶
func (m *OkHttpResponse) XXX_DiscardUnknown()
func (*OkHttpResponse) XXX_Marshal ¶
func (m *OkHttpResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*OkHttpResponse) XXX_Merge ¶
func (m *OkHttpResponse) XXX_Merge(src proto.Message)
func (*OkHttpResponse) XXX_Size ¶
func (m *OkHttpResponse) XXX_Size() int
func (*OkHttpResponse) XXX_Unmarshal ¶
func (m *OkHttpResponse) XXX_Unmarshal(b []byte) error
type OkHttpResponseValidationError ¶
OkHttpResponseValidationError is the validation error returned by OkHttpResponse.Validate if the designated constraints aren't met.
func (OkHttpResponseValidationError) Error ¶
func (e OkHttpResponseValidationError) Error() string
Error satisfies the builtin error interface