Documentation ¶
Index ¶
- Variables
- type JwtAuthentication
- func (*JwtAuthentication) Descriptor() ([]byte, []int)
- func (m *JwtAuthentication) GetProviders() map[string]*JwtProvider
- func (m *JwtAuthentication) GetRules() []*RequirementRule
- func (m *JwtAuthentication) Marshal() (dAtA []byte, err error)
- func (m *JwtAuthentication) MarshalTo(dAtA []byte) (int, error)
- func (*JwtAuthentication) ProtoMessage()
- func (m *JwtAuthentication) Reset()
- func (m *JwtAuthentication) Size() (n int)
- func (m *JwtAuthentication) String() string
- func (m *JwtAuthentication) Unmarshal(dAtA []byte) error
- func (m *JwtAuthentication) Validate() error
- func (m *JwtAuthentication) XXX_DiscardUnknown()
- func (m *JwtAuthentication) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *JwtAuthentication) XXX_Merge(src proto.Message)
- func (m *JwtAuthentication) XXX_Size() int
- func (m *JwtAuthentication) XXX_Unmarshal(b []byte) error
- type JwtAuthenticationValidationError
- type JwtHeader
- func (*JwtHeader) Descriptor() ([]byte, []int)
- func (m *JwtHeader) GetName() string
- func (m *JwtHeader) GetValuePrefix() string
- func (m *JwtHeader) Marshal() (dAtA []byte, err error)
- func (m *JwtHeader) MarshalTo(dAtA []byte) (int, error)
- func (*JwtHeader) ProtoMessage()
- func (m *JwtHeader) Reset()
- func (m *JwtHeader) Size() (n int)
- func (m *JwtHeader) String() string
- func (m *JwtHeader) Unmarshal(dAtA []byte) error
- func (m *JwtHeader) Validate() error
- func (m *JwtHeader) XXX_DiscardUnknown()
- func (m *JwtHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *JwtHeader) XXX_Merge(src proto.Message)
- func (m *JwtHeader) XXX_Size() int
- func (m *JwtHeader) XXX_Unmarshal(b []byte) error
- type JwtHeaderValidationError
- type JwtProvider
- func (*JwtProvider) Descriptor() ([]byte, []int)
- func (m *JwtProvider) GetAudiences() []string
- func (m *JwtProvider) GetForward() bool
- func (m *JwtProvider) GetForwardPayloadHeader() string
- func (m *JwtProvider) GetFromHeaders() []*JwtHeader
- func (m *JwtProvider) GetFromParams() []string
- func (m *JwtProvider) GetIssuer() string
- func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier
- func (m *JwtProvider) GetLocalJwks() *core.DataSource
- func (m *JwtProvider) GetRemoteJwks() *RemoteJwks
- func (m *JwtProvider) Marshal() (dAtA []byte, err error)
- func (m *JwtProvider) MarshalTo(dAtA []byte) (int, error)
- func (*JwtProvider) ProtoMessage()
- func (m *JwtProvider) Reset()
- func (m *JwtProvider) Size() (n int)
- func (m *JwtProvider) String() string
- func (m *JwtProvider) Unmarshal(dAtA []byte) error
- func (m *JwtProvider) Validate() error
- func (m *JwtProvider) XXX_DiscardUnknown()
- func (m *JwtProvider) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *JwtProvider) XXX_Merge(src proto.Message)
- func (*JwtProvider) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *JwtProvider) XXX_Size() int
- func (m *JwtProvider) XXX_Unmarshal(b []byte) error
- type JwtProviderValidationError
- type JwtProvider_LocalJwks
- type JwtProvider_RemoteJwks
- type JwtRequirement
- func (*JwtRequirement) Descriptor() ([]byte, []int)
- func (m *JwtRequirement) GetAllowMissingOrFailed() *types.BoolValue
- func (m *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences
- func (m *JwtRequirement) GetProviderName() string
- func (m *JwtRequirement) GetRequiresAll() *JwtRequirementAndList
- func (m *JwtRequirement) GetRequiresAny() *JwtRequirementOrList
- func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType
- func (m *JwtRequirement) Marshal() (dAtA []byte, err error)
- func (m *JwtRequirement) MarshalTo(dAtA []byte) (int, error)
- func (*JwtRequirement) ProtoMessage()
- func (m *JwtRequirement) Reset()
- func (m *JwtRequirement) Size() (n int)
- func (m *JwtRequirement) String() string
- func (m *JwtRequirement) Unmarshal(dAtA []byte) error
- func (m *JwtRequirement) Validate() error
- func (m *JwtRequirement) XXX_DiscardUnknown()
- func (m *JwtRequirement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *JwtRequirement) XXX_Merge(src proto.Message)
- func (*JwtRequirement) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *JwtRequirement) XXX_Size() int
- func (m *JwtRequirement) XXX_Unmarshal(b []byte) error
- type JwtRequirementAndList
- func (*JwtRequirementAndList) Descriptor() ([]byte, []int)
- func (m *JwtRequirementAndList) GetRequirements() []*JwtRequirement
- func (m *JwtRequirementAndList) Marshal() (dAtA []byte, err error)
- func (m *JwtRequirementAndList) MarshalTo(dAtA []byte) (int, error)
- func (*JwtRequirementAndList) ProtoMessage()
- func (m *JwtRequirementAndList) Reset()
- func (m *JwtRequirementAndList) Size() (n int)
- func (m *JwtRequirementAndList) String() string
- func (m *JwtRequirementAndList) Unmarshal(dAtA []byte) error
- func (m *JwtRequirementAndList) Validate() error
- func (m *JwtRequirementAndList) XXX_DiscardUnknown()
- func (m *JwtRequirementAndList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *JwtRequirementAndList) XXX_Merge(src proto.Message)
- func (m *JwtRequirementAndList) XXX_Size() int
- func (m *JwtRequirementAndList) XXX_Unmarshal(b []byte) error
- type JwtRequirementAndListValidationError
- type JwtRequirementOrList
- func (*JwtRequirementOrList) Descriptor() ([]byte, []int)
- func (m *JwtRequirementOrList) GetRequirements() []*JwtRequirement
- func (m *JwtRequirementOrList) Marshal() (dAtA []byte, err error)
- func (m *JwtRequirementOrList) MarshalTo(dAtA []byte) (int, error)
- func (*JwtRequirementOrList) ProtoMessage()
- func (m *JwtRequirementOrList) Reset()
- func (m *JwtRequirementOrList) Size() (n int)
- func (m *JwtRequirementOrList) String() string
- func (m *JwtRequirementOrList) Unmarshal(dAtA []byte) error
- func (m *JwtRequirementOrList) Validate() error
- func (m *JwtRequirementOrList) XXX_DiscardUnknown()
- func (m *JwtRequirementOrList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *JwtRequirementOrList) XXX_Merge(src proto.Message)
- func (m *JwtRequirementOrList) XXX_Size() int
- func (m *JwtRequirementOrList) XXX_Unmarshal(b []byte) error
- type JwtRequirementOrListValidationError
- type JwtRequirementValidationError
- type JwtRequirement_AllowMissingOrFailed
- type JwtRequirement_ProviderAndAudiences
- type JwtRequirement_ProviderName
- type JwtRequirement_RequiresAll
- type JwtRequirement_RequiresAny
- type ProviderWithAudiences
- func (*ProviderWithAudiences) Descriptor() ([]byte, []int)
- func (m *ProviderWithAudiences) GetAudiences() []string
- func (m *ProviderWithAudiences) GetProviderName() string
- func (m *ProviderWithAudiences) Marshal() (dAtA []byte, err error)
- func (m *ProviderWithAudiences) MarshalTo(dAtA []byte) (int, error)
- func (*ProviderWithAudiences) ProtoMessage()
- func (m *ProviderWithAudiences) Reset()
- func (m *ProviderWithAudiences) Size() (n int)
- func (m *ProviderWithAudiences) String() string
- func (m *ProviderWithAudiences) Unmarshal(dAtA []byte) error
- func (m *ProviderWithAudiences) Validate() error
- func (m *ProviderWithAudiences) XXX_DiscardUnknown()
- func (m *ProviderWithAudiences) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *ProviderWithAudiences) XXX_Merge(src proto.Message)
- func (m *ProviderWithAudiences) XXX_Size() int
- func (m *ProviderWithAudiences) XXX_Unmarshal(b []byte) error
- type ProviderWithAudiencesValidationError
- type RemoteJwks
- func (*RemoteJwks) Descriptor() ([]byte, []int)
- func (m *RemoteJwks) GetCacheDuration() *types.Duration
- func (m *RemoteJwks) GetHttpUri() *core.HttpUri
- func (m *RemoteJwks) Marshal() (dAtA []byte, err error)
- func (m *RemoteJwks) MarshalTo(dAtA []byte) (int, error)
- func (*RemoteJwks) ProtoMessage()
- func (m *RemoteJwks) Reset()
- func (m *RemoteJwks) Size() (n int)
- func (m *RemoteJwks) String() string
- func (m *RemoteJwks) Unmarshal(dAtA []byte) error
- func (m *RemoteJwks) Validate() error
- func (m *RemoteJwks) XXX_DiscardUnknown()
- func (m *RemoteJwks) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *RemoteJwks) XXX_Merge(src proto.Message)
- func (m *RemoteJwks) XXX_Size() int
- func (m *RemoteJwks) XXX_Unmarshal(b []byte) error
- type RemoteJwksValidationError
- type RequirementRule
- func (*RequirementRule) Descriptor() ([]byte, []int)
- func (m *RequirementRule) GetMatch() *route.RouteMatch
- func (m *RequirementRule) GetRequires() *JwtRequirement
- func (m *RequirementRule) Marshal() (dAtA []byte, err error)
- func (m *RequirementRule) MarshalTo(dAtA []byte) (int, error)
- func (*RequirementRule) ProtoMessage()
- func (m *RequirementRule) Reset()
- func (m *RequirementRule) Size() (n int)
- func (m *RequirementRule) String() string
- func (m *RequirementRule) Unmarshal(dAtA []byte) error
- func (m *RequirementRule) Validate() error
- func (m *RequirementRule) XXX_DiscardUnknown()
- func (m *RequirementRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *RequirementRule) XXX_Merge(src proto.Message)
- func (m *RequirementRule) XXX_Size() int
- func (m *RequirementRule) XXX_Unmarshal(b []byte) error
- type RequirementRuleValidationError
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthConfig = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowConfig = fmt.Errorf("proto: integer overflow") )
Functions ¶
This section is empty.
Types ¶
type JwtAuthentication ¶
type JwtAuthentication struct { // Map of provider names to JwtProviders. // // .. code-block:: yaml // // providers: // provider1: // issuer: issuer1 // audiences: // - audience1 // - audience2 // remote_jwks: // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster // provider2: // issuer: provider2 // local_jwks: // inline_string: jwks_string // Providers map[string]*JwtProvider `` /* 145-byte string literal not displayed */ // Specifies requirements based on the route matches. The first matched requirement will be // applied. If there are overlapped match conditions, please put the most specific match first. // // Examples // // .. code-block:: yaml // // rules: // - match: { prefix: "/healthz" } // - match: { prefix: "/baz" } // requires: // provider_name: "provider1" // - match: { prefix: "/foo" } // requires: // requires_any: // requirements: // - provider_name: "provider1" // - provider_name: "provider2" // - match: { prefix: "/bar" } // requires: // requires_all: // requirements: // - provider_name: "provider1" // - provider_name: "provider2" // Rules []*RequirementRule `protobuf:"bytes,2,rep,name=rules" json:"rules,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This is the Envoy HTTP filter config for JWT authentication.
For example:
.. code-block:: yaml
providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster provider2: issuer: issuer2 local_jwks: inline_string: jwks_string rules: # Not jwt verification is required for /health path - match: prefix: "/health" # Jwt verification for provider1 is required for path prefixed with "prefix" - match: prefix: "/prefix" requires: provider_name: "provider1" # Jwt verification for either provider1 or provider2 is required for all other requests. - match: prefix: "/" requires: requires_any: requirements: - provider_name: "provider1" - provider_name: "provider2"
// [#not-implemented-hide:]
func (*JwtAuthentication) Descriptor ¶
func (*JwtAuthentication) Descriptor() ([]byte, []int)
func (*JwtAuthentication) GetProviders ¶
func (m *JwtAuthentication) GetProviders() map[string]*JwtProvider
func (*JwtAuthentication) GetRules ¶
func (m *JwtAuthentication) GetRules() []*RequirementRule
func (*JwtAuthentication) Marshal ¶
func (m *JwtAuthentication) Marshal() (dAtA []byte, err error)
func (*JwtAuthentication) MarshalTo ¶
func (m *JwtAuthentication) MarshalTo(dAtA []byte) (int, error)
func (*JwtAuthentication) ProtoMessage ¶
func (*JwtAuthentication) ProtoMessage()
func (*JwtAuthentication) Reset ¶
func (m *JwtAuthentication) Reset()
func (*JwtAuthentication) Size ¶
func (m *JwtAuthentication) Size() (n int)
func (*JwtAuthentication) String ¶
func (m *JwtAuthentication) String() string
func (*JwtAuthentication) Unmarshal ¶
func (m *JwtAuthentication) Unmarshal(dAtA []byte) error
func (*JwtAuthentication) Validate ¶
func (m *JwtAuthentication) Validate() error
Validate checks the field values on JwtAuthentication with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*JwtAuthentication) XXX_DiscardUnknown ¶
func (m *JwtAuthentication) XXX_DiscardUnknown()
func (*JwtAuthentication) XXX_Marshal ¶
func (m *JwtAuthentication) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*JwtAuthentication) XXX_Merge ¶
func (dst *JwtAuthentication) XXX_Merge(src proto.Message)
func (*JwtAuthentication) XXX_Size ¶
func (m *JwtAuthentication) XXX_Size() int
func (*JwtAuthentication) XXX_Unmarshal ¶
func (m *JwtAuthentication) XXX_Unmarshal(b []byte) error
type JwtAuthenticationValidationError ¶
JwtAuthenticationValidationError is the validation error returned by JwtAuthentication.Validate if the designated constraints aren't met.
func (JwtAuthenticationValidationError) Error ¶
func (e JwtAuthenticationValidationError) Error() string
Error satisfies the builtin error interface
type JwtHeader ¶
type JwtHeader struct { // The HTTP header name. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The value prefix. The value format is "value_prefix<token>" // For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the // end. ValuePrefix string `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message specifies a header location to extract JWT token.
func (*JwtHeader) Descriptor ¶
func (*JwtHeader) GetValuePrefix ¶
func (*JwtHeader) ProtoMessage ¶
func (*JwtHeader) ProtoMessage()
func (*JwtHeader) Validate ¶
Validate checks the field values on JwtHeader with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*JwtHeader) XXX_DiscardUnknown ¶
func (m *JwtHeader) XXX_DiscardUnknown()
func (*JwtHeader) XXX_Marshal ¶
func (*JwtHeader) XXX_Unmarshal ¶
type JwtHeaderValidationError ¶
JwtHeaderValidationError is the validation error returned by JwtHeader.Validate if the designated constraints aren't met.
func (JwtHeaderValidationError) Error ¶
func (e JwtHeaderValidationError) Error() string
Error satisfies the builtin error interface
type JwtProvider ¶
type JwtProvider struct { // Identifies the principal that issued the JWT. See `here // <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address. // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com // Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` // The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are // allowed to access. A JWT containing any of these audiences will be accepted. If not specified, // will not check audiences in the token. // // Example: // // .. code-block:: yaml // // audiences: // - bookstore_android.apps.googleusercontent.com // - bookstore_web.apps.googleusercontent.com // Audiences []string `protobuf:"bytes,2,rep,name=audiences" json:"audiences,omitempty"` // `JSON Web Key Set <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed. to validate // signature of the JWT. This field specifies where to fetch JWKS. // // Types that are valid to be assigned to JwksSourceSpecifier: // *JwtProvider_RemoteJwks // *JwtProvider_LocalJwks JwksSourceSpecifier isJwtProvider_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"` // If false, the JWT is removed in the request after a success verification. If true, the JWT is // not removed in the request. Default value is false. Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"` // Specify the HTTP headers to extract JWT token. For examples, following config: // // .. code-block:: yaml // // from_headers: // - name: x-goog-iap-jwt-assertion // // can be used to extract token from header:: // // x-goog-iap-jwt-assertion: <JWT>. // FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders" json:"from_headers,omitempty"` // JWT is sent in a query parameter. `jwt_params` represents the query parameter names. // // For example, if config is: // // .. code-block:: yaml // // from_params: // - jwt_token // // The JWT format in query parameter is:: // // /path?jwt_token=<JWT> // FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams" json:"from_params,omitempty"` // This field specifies the header name to forward a successfully verified JWT payload to the // backend. The forwarded data is:: // // base64_encoded(jwt_payload_in_JSON) // // If it is not specified, the payload will not be forwarded. // Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the // same issuer will not be supported. Each issuer can config this `forward_payload_header`. If // multiple JWTs from different issuers want to forward their payloads, their // `forward_payload_header` should be different. ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message specifies how a JSON Web Token (JWT) can be verified. JWT format is defined `here <https://tools.ietf.org/html/rfc7519>`_. Please see `OAuth2.0
<https://tools.ietf.org/html/rfc6749>`_ and `OIDC1.0 <http://openid.net/connect>`_ for
the authentication flow.
Example:
.. code-block:: yaml
issuer: https://example.com audiences: - bookstore_android.apps.googleusercontent.com - bookstore_web.apps.googleusercontent.com remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster cache_duration: seconds: 300
[#not-implemented-hide:]
func (*JwtProvider) Descriptor ¶
func (*JwtProvider) Descriptor() ([]byte, []int)
func (*JwtProvider) GetAudiences ¶
func (m *JwtProvider) GetAudiences() []string
func (*JwtProvider) GetForward ¶
func (m *JwtProvider) GetForward() bool
func (*JwtProvider) GetForwardPayloadHeader ¶
func (m *JwtProvider) GetForwardPayloadHeader() string
func (*JwtProvider) GetFromHeaders ¶
func (m *JwtProvider) GetFromHeaders() []*JwtHeader
func (*JwtProvider) GetFromParams ¶
func (m *JwtProvider) GetFromParams() []string
func (*JwtProvider) GetIssuer ¶
func (m *JwtProvider) GetIssuer() string
func (*JwtProvider) GetJwksSourceSpecifier ¶
func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier
func (*JwtProvider) GetLocalJwks ¶
func (m *JwtProvider) GetLocalJwks() *core.DataSource
func (*JwtProvider) GetRemoteJwks ¶
func (m *JwtProvider) GetRemoteJwks() *RemoteJwks
func (*JwtProvider) Marshal ¶
func (m *JwtProvider) Marshal() (dAtA []byte, err error)
func (*JwtProvider) ProtoMessage ¶
func (*JwtProvider) ProtoMessage()
func (*JwtProvider) Reset ¶
func (m *JwtProvider) Reset()
func (*JwtProvider) Size ¶
func (m *JwtProvider) Size() (n int)
func (*JwtProvider) String ¶
func (m *JwtProvider) String() string
func (*JwtProvider) Unmarshal ¶
func (m *JwtProvider) Unmarshal(dAtA []byte) error
func (*JwtProvider) Validate ¶
func (m *JwtProvider) Validate() error
Validate checks the field values on JwtProvider with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*JwtProvider) XXX_DiscardUnknown ¶
func (m *JwtProvider) XXX_DiscardUnknown()
func (*JwtProvider) XXX_Marshal ¶
func (m *JwtProvider) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*JwtProvider) XXX_Merge ¶
func (dst *JwtProvider) XXX_Merge(src proto.Message)
func (*JwtProvider) XXX_OneofFuncs ¶
func (*JwtProvider) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*JwtProvider) XXX_Size ¶
func (m *JwtProvider) XXX_Size() int
func (*JwtProvider) XXX_Unmarshal ¶
func (m *JwtProvider) XXX_Unmarshal(b []byte) error
type JwtProviderValidationError ¶
JwtProviderValidationError is the validation error returned by JwtProvider.Validate if the designated constraints aren't met.
func (JwtProviderValidationError) Error ¶
func (e JwtProviderValidationError) Error() string
Error satisfies the builtin error interface
type JwtProvider_LocalJwks ¶
type JwtProvider_LocalJwks struct {
LocalJwks *core.DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,oneof"`
}
func (*JwtProvider_LocalJwks) MarshalTo ¶
func (m *JwtProvider_LocalJwks) MarshalTo(dAtA []byte) (int, error)
func (*JwtProvider_LocalJwks) Size ¶
func (m *JwtProvider_LocalJwks) Size() (n int)
type JwtProvider_RemoteJwks ¶
type JwtProvider_RemoteJwks struct {
RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,oneof"`
}
func (*JwtProvider_RemoteJwks) MarshalTo ¶
func (m *JwtProvider_RemoteJwks) MarshalTo(dAtA []byte) (int, error)
func (*JwtProvider_RemoteJwks) Size ¶
func (m *JwtProvider_RemoteJwks) Size() (n int)
type JwtRequirement ¶
type JwtRequirement struct { // Types that are valid to be assigned to RequiresType: // *JwtRequirement_ProviderName // *JwtRequirement_ProviderAndAudiences // *JwtRequirement_RequiresAny // *JwtRequirement_RequiresAll // *JwtRequirement_AllowMissingOrFailed RequiresType isJwtRequirement_RequiresType `protobuf_oneof:"requires_type"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message specifies a Jwt requirement. An empty message means JWT verification is not required. Here are some config examples:
.. code-block:: yaml
# Example 1: not required with an empty message # Example 2: require A provider_name: "provider-A" # Example 3: require A or B requires_any: requirements: - provider_name: "provider-A" - provider_name: "provider-B" # Example 4: require A and B requires_all: requirements: - provider_name: "provider-A" - provider_name: "provider-B" # Example 5: require A and (B or C) requires_all: requirements: - provider_name: "provider-A" - requires_any: requirements: - provider_name: "provider-B" - provider_name: "provider-C" # Example 6: require A or (B and C) requires_any: requirements: - provider_name: "provider-A" - requires_all: requirements: - provider_name: "provider-B" - provider_name: "provider-C"
func (*JwtRequirement) Descriptor ¶
func (*JwtRequirement) Descriptor() ([]byte, []int)
func (*JwtRequirement) GetAllowMissingOrFailed ¶
func (m *JwtRequirement) GetAllowMissingOrFailed() *types.BoolValue
func (*JwtRequirement) GetProviderAndAudiences ¶
func (m *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences
func (*JwtRequirement) GetProviderName ¶
func (m *JwtRequirement) GetProviderName() string
func (*JwtRequirement) GetRequiresAll ¶
func (m *JwtRequirement) GetRequiresAll() *JwtRequirementAndList
func (*JwtRequirement) GetRequiresAny ¶
func (m *JwtRequirement) GetRequiresAny() *JwtRequirementOrList
func (*JwtRequirement) GetRequiresType ¶
func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType
func (*JwtRequirement) Marshal ¶
func (m *JwtRequirement) Marshal() (dAtA []byte, err error)
func (*JwtRequirement) ProtoMessage ¶
func (*JwtRequirement) ProtoMessage()
func (*JwtRequirement) Reset ¶
func (m *JwtRequirement) Reset()
func (*JwtRequirement) Size ¶
func (m *JwtRequirement) Size() (n int)
func (*JwtRequirement) String ¶
func (m *JwtRequirement) String() string
func (*JwtRequirement) Unmarshal ¶
func (m *JwtRequirement) Unmarshal(dAtA []byte) error
func (*JwtRequirement) Validate ¶
func (m *JwtRequirement) Validate() error
Validate checks the field values on JwtRequirement with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*JwtRequirement) XXX_DiscardUnknown ¶
func (m *JwtRequirement) XXX_DiscardUnknown()
func (*JwtRequirement) XXX_Marshal ¶
func (m *JwtRequirement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*JwtRequirement) XXX_Merge ¶
func (dst *JwtRequirement) XXX_Merge(src proto.Message)
func (*JwtRequirement) XXX_OneofFuncs ¶
func (*JwtRequirement) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*JwtRequirement) XXX_Size ¶
func (m *JwtRequirement) XXX_Size() int
func (*JwtRequirement) XXX_Unmarshal ¶
func (m *JwtRequirement) XXX_Unmarshal(b []byte) error
type JwtRequirementAndList ¶
type JwtRequirementAndList struct { // Specify a list of JwtRequirement. Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements" json:"requirements,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message specifies a list of RequiredProvider. Their results are AND-ed; all of them must pass, if one of them fails or missing, it fails.
func (*JwtRequirementAndList) Descriptor ¶
func (*JwtRequirementAndList) Descriptor() ([]byte, []int)
func (*JwtRequirementAndList) GetRequirements ¶
func (m *JwtRequirementAndList) GetRequirements() []*JwtRequirement
func (*JwtRequirementAndList) Marshal ¶
func (m *JwtRequirementAndList) Marshal() (dAtA []byte, err error)
func (*JwtRequirementAndList) MarshalTo ¶
func (m *JwtRequirementAndList) MarshalTo(dAtA []byte) (int, error)
func (*JwtRequirementAndList) ProtoMessage ¶
func (*JwtRequirementAndList) ProtoMessage()
func (*JwtRequirementAndList) Reset ¶
func (m *JwtRequirementAndList) Reset()
func (*JwtRequirementAndList) Size ¶
func (m *JwtRequirementAndList) Size() (n int)
func (*JwtRequirementAndList) String ¶
func (m *JwtRequirementAndList) String() string
func (*JwtRequirementAndList) Unmarshal ¶
func (m *JwtRequirementAndList) Unmarshal(dAtA []byte) error
func (*JwtRequirementAndList) Validate ¶
func (m *JwtRequirementAndList) Validate() error
Validate checks the field values on JwtRequirementAndList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*JwtRequirementAndList) XXX_DiscardUnknown ¶
func (m *JwtRequirementAndList) XXX_DiscardUnknown()
func (*JwtRequirementAndList) XXX_Marshal ¶
func (m *JwtRequirementAndList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*JwtRequirementAndList) XXX_Merge ¶
func (dst *JwtRequirementAndList) XXX_Merge(src proto.Message)
func (*JwtRequirementAndList) XXX_Size ¶
func (m *JwtRequirementAndList) XXX_Size() int
func (*JwtRequirementAndList) XXX_Unmarshal ¶
func (m *JwtRequirementAndList) XXX_Unmarshal(b []byte) error
type JwtRequirementAndListValidationError ¶
type JwtRequirementAndListValidationError struct { Field string Reason string Cause error Key bool }
JwtRequirementAndListValidationError is the validation error returned by JwtRequirementAndList.Validate if the designated constraints aren't met.
func (JwtRequirementAndListValidationError) Error ¶
func (e JwtRequirementAndListValidationError) Error() string
Error satisfies the builtin error interface
type JwtRequirementOrList ¶
type JwtRequirementOrList struct { // Specify a list of JwtRequirement. Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements" json:"requirements,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message specifies a list of RequiredProvider. Their results are OR-ed; if any one of them passes, the result is passed
func (*JwtRequirementOrList) Descriptor ¶
func (*JwtRequirementOrList) Descriptor() ([]byte, []int)
func (*JwtRequirementOrList) GetRequirements ¶
func (m *JwtRequirementOrList) GetRequirements() []*JwtRequirement
func (*JwtRequirementOrList) Marshal ¶
func (m *JwtRequirementOrList) Marshal() (dAtA []byte, err error)
func (*JwtRequirementOrList) MarshalTo ¶
func (m *JwtRequirementOrList) MarshalTo(dAtA []byte) (int, error)
func (*JwtRequirementOrList) ProtoMessage ¶
func (*JwtRequirementOrList) ProtoMessage()
func (*JwtRequirementOrList) Reset ¶
func (m *JwtRequirementOrList) Reset()
func (*JwtRequirementOrList) Size ¶
func (m *JwtRequirementOrList) Size() (n int)
func (*JwtRequirementOrList) String ¶
func (m *JwtRequirementOrList) String() string
func (*JwtRequirementOrList) Unmarshal ¶
func (m *JwtRequirementOrList) Unmarshal(dAtA []byte) error
func (*JwtRequirementOrList) Validate ¶
func (m *JwtRequirementOrList) Validate() error
Validate checks the field values on JwtRequirementOrList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*JwtRequirementOrList) XXX_DiscardUnknown ¶
func (m *JwtRequirementOrList) XXX_DiscardUnknown()
func (*JwtRequirementOrList) XXX_Marshal ¶
func (m *JwtRequirementOrList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*JwtRequirementOrList) XXX_Merge ¶
func (dst *JwtRequirementOrList) XXX_Merge(src proto.Message)
func (*JwtRequirementOrList) XXX_Size ¶
func (m *JwtRequirementOrList) XXX_Size() int
func (*JwtRequirementOrList) XXX_Unmarshal ¶
func (m *JwtRequirementOrList) XXX_Unmarshal(b []byte) error
type JwtRequirementOrListValidationError ¶
JwtRequirementOrListValidationError is the validation error returned by JwtRequirementOrList.Validate if the designated constraints aren't met.
func (JwtRequirementOrListValidationError) Error ¶
func (e JwtRequirementOrListValidationError) Error() string
Error satisfies the builtin error interface
type JwtRequirementValidationError ¶
JwtRequirementValidationError is the validation error returned by JwtRequirement.Validate if the designated constraints aren't met.
func (JwtRequirementValidationError) Error ¶
func (e JwtRequirementValidationError) Error() string
Error satisfies the builtin error interface
type JwtRequirement_AllowMissingOrFailed ¶
type JwtRequirement_AllowMissingOrFailed struct {
AllowMissingOrFailed *types.BoolValue `protobuf:"bytes,5,opt,name=allow_missing_or_failed,json=allowMissingOrFailed,oneof"`
}
func (*JwtRequirement_AllowMissingOrFailed) MarshalTo ¶
func (m *JwtRequirement_AllowMissingOrFailed) MarshalTo(dAtA []byte) (int, error)
func (*JwtRequirement_AllowMissingOrFailed) Size ¶
func (m *JwtRequirement_AllowMissingOrFailed) Size() (n int)
type JwtRequirement_ProviderAndAudiences ¶
type JwtRequirement_ProviderAndAudiences struct {
ProviderAndAudiences *ProviderWithAudiences `protobuf:"bytes,2,opt,name=provider_and_audiences,json=providerAndAudiences,oneof"`
}
func (*JwtRequirement_ProviderAndAudiences) MarshalTo ¶
func (m *JwtRequirement_ProviderAndAudiences) MarshalTo(dAtA []byte) (int, error)
func (*JwtRequirement_ProviderAndAudiences) Size ¶
func (m *JwtRequirement_ProviderAndAudiences) Size() (n int)
type JwtRequirement_ProviderName ¶
type JwtRequirement_ProviderName struct {
ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3,oneof"`
}
func (*JwtRequirement_ProviderName) MarshalTo ¶
func (m *JwtRequirement_ProviderName) MarshalTo(dAtA []byte) (int, error)
func (*JwtRequirement_ProviderName) Size ¶
func (m *JwtRequirement_ProviderName) Size() (n int)
type JwtRequirement_RequiresAll ¶
type JwtRequirement_RequiresAll struct {
RequiresAll *JwtRequirementAndList `protobuf:"bytes,4,opt,name=requires_all,json=requiresAll,oneof"`
}
func (*JwtRequirement_RequiresAll) MarshalTo ¶
func (m *JwtRequirement_RequiresAll) MarshalTo(dAtA []byte) (int, error)
func (*JwtRequirement_RequiresAll) Size ¶
func (m *JwtRequirement_RequiresAll) Size() (n int)
type JwtRequirement_RequiresAny ¶
type JwtRequirement_RequiresAny struct {
RequiresAny *JwtRequirementOrList `protobuf:"bytes,3,opt,name=requires_any,json=requiresAny,oneof"`
}
func (*JwtRequirement_RequiresAny) MarshalTo ¶
func (m *JwtRequirement_RequiresAny) MarshalTo(dAtA []byte) (int, error)
func (*JwtRequirement_RequiresAny) Size ¶
func (m *JwtRequirement_RequiresAny) Size() (n int)
type ProviderWithAudiences ¶
type ProviderWithAudiences struct { // Specify a required provider name. ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"` // This field overrides the one specified in the JwtProvider. Audiences []string `protobuf:"bytes,2,rep,name=audiences" json:"audiences,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Specify a required provider with audiences.
func (*ProviderWithAudiences) Descriptor ¶
func (*ProviderWithAudiences) Descriptor() ([]byte, []int)
func (*ProviderWithAudiences) GetAudiences ¶
func (m *ProviderWithAudiences) GetAudiences() []string
func (*ProviderWithAudiences) GetProviderName ¶
func (m *ProviderWithAudiences) GetProviderName() string
func (*ProviderWithAudiences) Marshal ¶
func (m *ProviderWithAudiences) Marshal() (dAtA []byte, err error)
func (*ProviderWithAudiences) MarshalTo ¶
func (m *ProviderWithAudiences) MarshalTo(dAtA []byte) (int, error)
func (*ProviderWithAudiences) ProtoMessage ¶
func (*ProviderWithAudiences) ProtoMessage()
func (*ProviderWithAudiences) Reset ¶
func (m *ProviderWithAudiences) Reset()
func (*ProviderWithAudiences) Size ¶
func (m *ProviderWithAudiences) Size() (n int)
func (*ProviderWithAudiences) String ¶
func (m *ProviderWithAudiences) String() string
func (*ProviderWithAudiences) Unmarshal ¶
func (m *ProviderWithAudiences) Unmarshal(dAtA []byte) error
func (*ProviderWithAudiences) Validate ¶
func (m *ProviderWithAudiences) Validate() error
Validate checks the field values on ProviderWithAudiences with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*ProviderWithAudiences) XXX_DiscardUnknown ¶
func (m *ProviderWithAudiences) XXX_DiscardUnknown()
func (*ProviderWithAudiences) XXX_Marshal ¶
func (m *ProviderWithAudiences) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*ProviderWithAudiences) XXX_Merge ¶
func (dst *ProviderWithAudiences) XXX_Merge(src proto.Message)
func (*ProviderWithAudiences) XXX_Size ¶
func (m *ProviderWithAudiences) XXX_Size() int
func (*ProviderWithAudiences) XXX_Unmarshal ¶
func (m *ProviderWithAudiences) XXX_Unmarshal(b []byte) error
type ProviderWithAudiencesValidationError ¶
type ProviderWithAudiencesValidationError struct { Field string Reason string Cause error Key bool }
ProviderWithAudiencesValidationError is the validation error returned by ProviderWithAudiences.Validate if the designated constraints aren't met.
func (ProviderWithAudiencesValidationError) Error ¶
func (e ProviderWithAudiencesValidationError) Error() string
Error satisfies the builtin error interface
type RemoteJwks ¶
type RemoteJwks struct { // The HTTP URI to fetch the JWKS. For example: // // .. code-block:: yaml // // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 // HttpUri *core.HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri" json:"http_uri,omitempty"` // Duration after which the cached JWKS should be expired. If not specified, default cache // duration is 5 minutes. CacheDuration *types.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration" json:"cache_duration,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message specifies how to fetch JWKS from remote and how to cache it.
func (*RemoteJwks) Descriptor ¶
func (*RemoteJwks) Descriptor() ([]byte, []int)
func (*RemoteJwks) GetCacheDuration ¶
func (m *RemoteJwks) GetCacheDuration() *types.Duration
func (*RemoteJwks) GetHttpUri ¶
func (m *RemoteJwks) GetHttpUri() *core.HttpUri
func (*RemoteJwks) Marshal ¶
func (m *RemoteJwks) Marshal() (dAtA []byte, err error)
func (*RemoteJwks) ProtoMessage ¶
func (*RemoteJwks) ProtoMessage()
func (*RemoteJwks) Reset ¶
func (m *RemoteJwks) Reset()
func (*RemoteJwks) Size ¶
func (m *RemoteJwks) Size() (n int)
func (*RemoteJwks) String ¶
func (m *RemoteJwks) String() string
func (*RemoteJwks) Unmarshal ¶
func (m *RemoteJwks) Unmarshal(dAtA []byte) error
func (*RemoteJwks) Validate ¶
func (m *RemoteJwks) Validate() error
Validate checks the field values on RemoteJwks with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*RemoteJwks) XXX_DiscardUnknown ¶
func (m *RemoteJwks) XXX_DiscardUnknown()
func (*RemoteJwks) XXX_Marshal ¶
func (m *RemoteJwks) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*RemoteJwks) XXX_Merge ¶
func (dst *RemoteJwks) XXX_Merge(src proto.Message)
func (*RemoteJwks) XXX_Size ¶
func (m *RemoteJwks) XXX_Size() int
func (*RemoteJwks) XXX_Unmarshal ¶
func (m *RemoteJwks) XXX_Unmarshal(b []byte) error
type RemoteJwksValidationError ¶
RemoteJwksValidationError is the validation error returned by RemoteJwks.Validate if the designated constraints aren't met.
func (RemoteJwksValidationError) Error ¶
func (e RemoteJwksValidationError) Error() string
Error satisfies the builtin error interface
type RequirementRule ¶
type RequirementRule struct { // The route matching parameter. Only when the match is satisfied, the "requires" field will // apply. // // For example: following match will match all requests. // // .. code-block:: yaml // // match: // prefix: "/" // Match *route.RouteMatch `protobuf:"bytes,1,opt,name=match" json:"match,omitempty"` // Specify a Jwt Requirement. Please detail comment in message JwtRequirement. Requires *JwtRequirement `protobuf:"bytes,2,opt,name=requires" json:"requires,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
This message specifies a Jwt requirement for a specific Route condition. Example 1:
.. code-block:: yaml
- match: prefix: "/healthz"
In above example, "requires" field is empty for /healthz prefix match, it means that requests matching the path prefix don't require JWT authentication.
Example 2:
.. code-block:: yaml
- match: prefix: "/" requires: { provider_name: "provider-A" }
In above example, all requests matched the path prefix require jwt authentication from "provider-A".
func (*RequirementRule) Descriptor ¶
func (*RequirementRule) Descriptor() ([]byte, []int)
func (*RequirementRule) GetMatch ¶
func (m *RequirementRule) GetMatch() *route.RouteMatch
func (*RequirementRule) GetRequires ¶
func (m *RequirementRule) GetRequires() *JwtRequirement
func (*RequirementRule) Marshal ¶
func (m *RequirementRule) Marshal() (dAtA []byte, err error)
func (*RequirementRule) ProtoMessage ¶
func (*RequirementRule) ProtoMessage()
func (*RequirementRule) Reset ¶
func (m *RequirementRule) Reset()
func (*RequirementRule) Size ¶
func (m *RequirementRule) Size() (n int)
func (*RequirementRule) String ¶
func (m *RequirementRule) String() string
func (*RequirementRule) Unmarshal ¶
func (m *RequirementRule) Unmarshal(dAtA []byte) error
func (*RequirementRule) Validate ¶
func (m *RequirementRule) Validate() error
Validate checks the field values on RequirementRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*RequirementRule) XXX_DiscardUnknown ¶
func (m *RequirementRule) XXX_DiscardUnknown()
func (*RequirementRule) XXX_Marshal ¶
func (m *RequirementRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*RequirementRule) XXX_Merge ¶
func (dst *RequirementRule) XXX_Merge(src proto.Message)
func (*RequirementRule) XXX_Size ¶
func (m *RequirementRule) XXX_Size() int
func (*RequirementRule) XXX_Unmarshal ¶
func (m *RequirementRule) XXX_Unmarshal(b []byte) error
type RequirementRuleValidationError ¶
RequirementRuleValidationError is the validation error returned by RequirementRule.Validate if the designated constraints aren't met.
func (RequirementRuleValidationError) Error ¶
func (e RequirementRuleValidationError) Error() string
Error satisfies the builtin error interface