Documentation ¶
Index ¶
- Variables
- type CertificateValidationContext
- func (*CertificateValidationContext) Descriptor() ([]byte, []int)
- func (this *CertificateValidationContext) Equal(that interface{}) bool
- func (m *CertificateValidationContext) GetAllowExpiredCertificate() bool
- func (m *CertificateValidationContext) GetCrl() *core.DataSource
- func (m *CertificateValidationContext) GetRequireOcspStaple() *types.BoolValue
- func (m *CertificateValidationContext) GetRequireSignedCertificateTimestamp() *types.BoolValue
- func (m *CertificateValidationContext) GetTrustedCa() *core.DataSource
- func (m *CertificateValidationContext) GetVerifyCertificateHash() []string
- func (m *CertificateValidationContext) GetVerifyCertificateSpki() []string
- func (m *CertificateValidationContext) GetVerifySubjectAltName() []string
- func (m *CertificateValidationContext) Marshal() (dAtA []byte, err error)
- func (m *CertificateValidationContext) MarshalTo(dAtA []byte) (int, error)
- func (*CertificateValidationContext) ProtoMessage()
- func (m *CertificateValidationContext) Reset()
- func (m *CertificateValidationContext) Size() (n int)
- func (m *CertificateValidationContext) String() string
- func (m *CertificateValidationContext) Unmarshal(dAtA []byte) error
- func (m *CertificateValidationContext) Validate() error
- func (m *CertificateValidationContext) XXX_DiscardUnknown()
- func (m *CertificateValidationContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CertificateValidationContext) XXX_Merge(src proto.Message)
- func (m *CertificateValidationContext) XXX_Size() int
- func (m *CertificateValidationContext) XXX_Unmarshal(b []byte) error
- type CertificateValidationContextValidationError
- type CommonTlsContext
- func (*CommonTlsContext) Descriptor() ([]byte, []int)
- func (this *CommonTlsContext) Equal(that interface{}) bool
- func (m *CommonTlsContext) GetAlpnProtocols() []string
- func (m *CommonTlsContext) GetCombinedValidationContext() *CommonTlsContext_CombinedCertificateValidationContext
- func (m *CommonTlsContext) GetTlsCertificateSdsSecretConfigs() []*SdsSecretConfig
- func (m *CommonTlsContext) GetTlsCertificates() []*TlsCertificate
- func (m *CommonTlsContext) GetTlsParams() *TlsParameters
- func (m *CommonTlsContext) GetValidationContext() *CertificateValidationContext
- func (m *CommonTlsContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig
- func (m *CommonTlsContext) GetValidationContextType() isCommonTlsContext_ValidationContextType
- func (m *CommonTlsContext) Marshal() (dAtA []byte, err error)
- func (m *CommonTlsContext) MarshalTo(dAtA []byte) (int, error)
- func (*CommonTlsContext) ProtoMessage()
- func (m *CommonTlsContext) Reset()
- func (m *CommonTlsContext) Size() (n int)
- func (m *CommonTlsContext) String() string
- func (m *CommonTlsContext) Unmarshal(dAtA []byte) error
- func (m *CommonTlsContext) Validate() error
- func (m *CommonTlsContext) XXX_DiscardUnknown()
- func (m *CommonTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CommonTlsContext) XXX_Merge(src proto.Message)
- func (*CommonTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *CommonTlsContext) XXX_Size() int
- func (m *CommonTlsContext) XXX_Unmarshal(b []byte) error
- type CommonTlsContextValidationError
- type CommonTlsContext_CombinedCertificateValidationContext
- func (*CommonTlsContext_CombinedCertificateValidationContext) Descriptor() ([]byte, []int)
- func (this *CommonTlsContext_CombinedCertificateValidationContext) Equal(that interface{}) bool
- func (m *CommonTlsContext_CombinedCertificateValidationContext) GetDefaultValidationContext() *CertificateValidationContext
- func (m *CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig
- func (m *CommonTlsContext_CombinedCertificateValidationContext) Marshal() (dAtA []byte, err error)
- func (m *CommonTlsContext_CombinedCertificateValidationContext) MarshalTo(dAtA []byte) (int, error)
- func (*CommonTlsContext_CombinedCertificateValidationContext) ProtoMessage()
- func (m *CommonTlsContext_CombinedCertificateValidationContext) Reset()
- func (m *CommonTlsContext_CombinedCertificateValidationContext) Size() (n int)
- func (m *CommonTlsContext_CombinedCertificateValidationContext) String() string
- func (m *CommonTlsContext_CombinedCertificateValidationContext) Unmarshal(dAtA []byte) error
- func (m *CommonTlsContext_CombinedCertificateValidationContext) Validate() error
- func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_DiscardUnknown()
- func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Merge(src proto.Message)
- func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Size() int
- func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Unmarshal(b []byte) error
- type CommonTlsContext_CombinedCertificateValidationContextValidationError
- type CommonTlsContext_CombinedValidationContext
- type CommonTlsContext_ValidationContext
- type CommonTlsContext_ValidationContextSdsSecretConfig
- type DownstreamTlsContext
- func (*DownstreamTlsContext) Descriptor() ([]byte, []int)
- func (this *DownstreamTlsContext) Equal(that interface{}) bool
- func (m *DownstreamTlsContext) GetCommonTlsContext() *CommonTlsContext
- func (m *DownstreamTlsContext) GetRequireClientCertificate() *types.BoolValue
- func (m *DownstreamTlsContext) GetRequireSni() *types.BoolValue
- func (m *DownstreamTlsContext) GetSessionTicketKeys() *TlsSessionTicketKeys
- func (m *DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig() *SdsSecretConfig
- func (m *DownstreamTlsContext) GetSessionTicketKeysType() isDownstreamTlsContext_SessionTicketKeysType
- func (m *DownstreamTlsContext) Marshal() (dAtA []byte, err error)
- func (m *DownstreamTlsContext) MarshalTo(dAtA []byte) (int, error)
- func (*DownstreamTlsContext) ProtoMessage()
- func (m *DownstreamTlsContext) Reset()
- func (m *DownstreamTlsContext) Size() (n int)
- func (m *DownstreamTlsContext) String() string
- func (m *DownstreamTlsContext) Unmarshal(dAtA []byte) error
- func (m *DownstreamTlsContext) Validate() error
- func (m *DownstreamTlsContext) XXX_DiscardUnknown()
- func (m *DownstreamTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *DownstreamTlsContext) XXX_Merge(src proto.Message)
- func (*DownstreamTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *DownstreamTlsContext) XXX_Size() int
- func (m *DownstreamTlsContext) XXX_Unmarshal(b []byte) error
- type DownstreamTlsContextValidationError
- type DownstreamTlsContext_SessionTicketKeys
- type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig
- type SdsSecretConfig
- func (*SdsSecretConfig) Descriptor() ([]byte, []int)
- func (this *SdsSecretConfig) Equal(that interface{}) bool
- func (m *SdsSecretConfig) GetName() string
- func (m *SdsSecretConfig) GetSdsConfig() *core.ConfigSource
- func (m *SdsSecretConfig) Marshal() (dAtA []byte, err error)
- func (m *SdsSecretConfig) MarshalTo(dAtA []byte) (int, error)
- func (*SdsSecretConfig) ProtoMessage()
- func (m *SdsSecretConfig) Reset()
- func (m *SdsSecretConfig) Size() (n int)
- func (m *SdsSecretConfig) String() string
- func (m *SdsSecretConfig) Unmarshal(dAtA []byte) error
- func (m *SdsSecretConfig) Validate() error
- func (m *SdsSecretConfig) XXX_DiscardUnknown()
- func (m *SdsSecretConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *SdsSecretConfig) XXX_Merge(src proto.Message)
- func (m *SdsSecretConfig) XXX_Size() int
- func (m *SdsSecretConfig) XXX_Unmarshal(b []byte) error
- type SdsSecretConfigValidationError
- type Secret
- func (*Secret) Descriptor() ([]byte, []int)
- func (this *Secret) Equal(that interface{}) bool
- func (m *Secret) GetName() string
- func (m *Secret) GetSessionTicketKeys() *TlsSessionTicketKeys
- func (m *Secret) GetTlsCertificate() *TlsCertificate
- func (m *Secret) GetType() isSecret_Type
- func (m *Secret) GetValidationContext() *CertificateValidationContext
- func (m *Secret) Marshal() (dAtA []byte, err error)
- func (m *Secret) MarshalTo(dAtA []byte) (int, error)
- func (*Secret) ProtoMessage()
- func (m *Secret) Reset()
- func (m *Secret) Size() (n int)
- func (m *Secret) String() string
- func (m *Secret) Unmarshal(dAtA []byte) error
- func (m *Secret) Validate() error
- func (m *Secret) XXX_DiscardUnknown()
- func (m *Secret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Secret) XXX_Merge(src proto.Message)
- func (*Secret) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *Secret) XXX_Size() int
- func (m *Secret) XXX_Unmarshal(b []byte) error
- type SecretValidationError
- type Secret_SessionTicketKeys
- type Secret_TlsCertificate
- type Secret_ValidationContext
- type TlsCertificate
- func (*TlsCertificate) Descriptor() ([]byte, []int)
- func (this *TlsCertificate) Equal(that interface{}) bool
- func (m *TlsCertificate) GetCertificateChain() *core.DataSource
- func (m *TlsCertificate) GetOcspStaple() *core.DataSource
- func (m *TlsCertificate) GetPassword() *core.DataSource
- func (m *TlsCertificate) GetPrivateKey() *core.DataSource
- func (m *TlsCertificate) GetSignedCertificateTimestamp() []*core.DataSource
- func (m *TlsCertificate) Marshal() (dAtA []byte, err error)
- func (m *TlsCertificate) MarshalTo(dAtA []byte) (int, error)
- func (*TlsCertificate) ProtoMessage()
- func (m *TlsCertificate) Reset()
- func (m *TlsCertificate) Size() (n int)
- func (m *TlsCertificate) String() string
- func (m *TlsCertificate) Unmarshal(dAtA []byte) error
- func (m *TlsCertificate) Validate() error
- func (m *TlsCertificate) XXX_DiscardUnknown()
- func (m *TlsCertificate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *TlsCertificate) XXX_Merge(src proto.Message)
- func (m *TlsCertificate) XXX_Size() int
- func (m *TlsCertificate) XXX_Unmarshal(b []byte) error
- type TlsCertificateValidationError
- type TlsParameters
- func (*TlsParameters) Descriptor() ([]byte, []int)
- func (this *TlsParameters) Equal(that interface{}) bool
- func (m *TlsParameters) GetCipherSuites() []string
- func (m *TlsParameters) GetEcdhCurves() []string
- func (m *TlsParameters) GetTlsMaximumProtocolVersion() TlsParameters_TlsProtocol
- func (m *TlsParameters) GetTlsMinimumProtocolVersion() TlsParameters_TlsProtocol
- func (m *TlsParameters) Marshal() (dAtA []byte, err error)
- func (m *TlsParameters) MarshalTo(dAtA []byte) (int, error)
- func (*TlsParameters) ProtoMessage()
- func (m *TlsParameters) Reset()
- func (m *TlsParameters) Size() (n int)
- func (m *TlsParameters) String() string
- func (m *TlsParameters) Unmarshal(dAtA []byte) error
- func (m *TlsParameters) Validate() error
- func (m *TlsParameters) XXX_DiscardUnknown()
- func (m *TlsParameters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *TlsParameters) XXX_Merge(src proto.Message)
- func (m *TlsParameters) XXX_Size() int
- func (m *TlsParameters) XXX_Unmarshal(b []byte) error
- type TlsParametersValidationError
- type TlsParameters_TlsProtocol
- type TlsSessionTicketKeys
- func (*TlsSessionTicketKeys) Descriptor() ([]byte, []int)
- func (this *TlsSessionTicketKeys) Equal(that interface{}) bool
- func (m *TlsSessionTicketKeys) GetKeys() []*core.DataSource
- func (m *TlsSessionTicketKeys) Marshal() (dAtA []byte, err error)
- func (m *TlsSessionTicketKeys) MarshalTo(dAtA []byte) (int, error)
- func (*TlsSessionTicketKeys) ProtoMessage()
- func (m *TlsSessionTicketKeys) Reset()
- func (m *TlsSessionTicketKeys) Size() (n int)
- func (m *TlsSessionTicketKeys) String() string
- func (m *TlsSessionTicketKeys) Unmarshal(dAtA []byte) error
- func (m *TlsSessionTicketKeys) Validate() error
- func (m *TlsSessionTicketKeys) XXX_DiscardUnknown()
- func (m *TlsSessionTicketKeys) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *TlsSessionTicketKeys) XXX_Merge(src proto.Message)
- func (m *TlsSessionTicketKeys) XXX_Size() int
- func (m *TlsSessionTicketKeys) XXX_Unmarshal(b []byte) error
- type TlsSessionTicketKeysValidationError
- type UpstreamTlsContext
- func (*UpstreamTlsContext) Descriptor() ([]byte, []int)
- func (this *UpstreamTlsContext) Equal(that interface{}) bool
- func (m *UpstreamTlsContext) GetAllowRenegotiation() bool
- func (m *UpstreamTlsContext) GetCommonTlsContext() *CommonTlsContext
- func (m *UpstreamTlsContext) GetMaxSessionKeys() *types.UInt32Value
- func (m *UpstreamTlsContext) GetSni() string
- func (m *UpstreamTlsContext) Marshal() (dAtA []byte, err error)
- func (m *UpstreamTlsContext) MarshalTo(dAtA []byte) (int, error)
- func (*UpstreamTlsContext) ProtoMessage()
- func (m *UpstreamTlsContext) Reset()
- func (m *UpstreamTlsContext) Size() (n int)
- func (m *UpstreamTlsContext) String() string
- func (m *UpstreamTlsContext) Unmarshal(dAtA []byte) error
- func (m *UpstreamTlsContext) Validate() error
- func (m *UpstreamTlsContext) XXX_DiscardUnknown()
- func (m *UpstreamTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *UpstreamTlsContext) XXX_Merge(src proto.Message)
- func (m *UpstreamTlsContext) XXX_Size() int
- func (m *UpstreamTlsContext) XXX_Unmarshal(b []byte) error
- type UpstreamTlsContextValidationError
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthCert = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowCert = fmt.Errorf("proto: integer overflow") )
var TlsParameters_TlsProtocol_name = map[int32]string{
0: "TLS_AUTO",
1: "TLSv1_0",
2: "TLSv1_1",
3: "TLSv1_2",
4: "TLSv1_3",
}
var TlsParameters_TlsProtocol_value = map[string]int32{
"TLS_AUTO": 0,
"TLSv1_0": 1,
"TLSv1_1": 2,
"TLSv1_2": 3,
"TLSv1_3": 4,
}
Functions ¶
This section is empty.
Types ¶
type CertificateValidationContext ¶
type CertificateValidationContext struct { // TLS certificate data containing certificate authority certificates to use in verifying // a presented peer certificate (e.g. server certificate for clusters or client certificate // for listeners). If not specified and a peer certificate is presented it will not be // verified. By default, a client certificate is optional, unless one of the additional // options (:ref:`require_client_certificate // <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, // :ref:`verify_certificate_spki // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>`, // :ref:`verify_certificate_hash // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or // :ref:`verify_subject_alt_name // <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also // specified. // // It can optionally contain certificate revocation lists, in which case Envoy will verify // that the presented peer certificate has not been revoked by one of the included CRLs. // // See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common // system CA locations. TrustedCa *core.DataSource `protobuf:"bytes,1,opt,name=trusted_ca,json=trustedCa,proto3" json:"trusted_ca,omitempty"` // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate // matches one of the specified values. // // A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate // can be generated with the following command: // // .. code-block:: bash // // $ openssl x509 -in path/to/client.crt -noout -pubkey \ // | openssl pkey -pubin -outform DER \ // | openssl dgst -sha256 -binary \ // | openssl enc -base64 // NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A= // // This is the format used in HTTP Public Key Pinning. // // When both: // :ref:`verify_certificate_hash // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and // :ref:`verify_certificate_spki // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified, // a hash matching value from either of the lists will result in the certificate being accepted. // // .. attention:: // // This option is preferred over :ref:`verify_certificate_hash // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, // because SPKI is tied to a private key, so it doesn't change when the certificate // is renewed using the same private key. VerifyCertificateSpki []string `` /* 126-byte string literal not displayed */ // An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that // the SHA-256 of the DER-encoded presented certificate matches one of the specified values. // // A hex-encoded SHA-256 of the certificate can be generated with the following command: // // .. code-block:: bash // // $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2 // df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a // // A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate // can be generated with the following command: // // .. code-block:: bash // // $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2 // DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A // // Both of those formats are acceptable. // // When both: // :ref:`verify_certificate_hash // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and // :ref:`verify_certificate_spki // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified, // a hash matching value from either of the lists will result in the certificate being accepted. VerifyCertificateHash []string `` /* 126-byte string literal not displayed */ // An optional list of Subject Alternative Names. If specified, Envoy will verify that the // Subject Alternative Name of the presented certificate matches one of the specified values. // // .. attention:: // // Subject Alternative Names are easily spoofable and verifying only them is insecure, // therefore this option must be used together with :ref:`trusted_ca // <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`. VerifySubjectAltName []string `protobuf:"bytes,4,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"` // [#not-implemented-hide:] Must present a signed time-stamped OCSP response. RequireOcspStaple *types.BoolValue `protobuf:"bytes,5,opt,name=require_ocsp_staple,json=requireOcspStaple,proto3" json:"require_ocsp_staple,omitempty"` // [#not-implemented-hide:] Must present signed certificate time-stamp. RequireSignedCertificateTimestamp *types.BoolValue `` /* 164-byte string literal not displayed */ // An optional `certificate revocation list // <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ // (in PEM format). If specified, Envoy will verify that the presented peer // certificate has not been revoked by this CRL. If this DataSource contains // multiple CRLs, all of them will be used. Crl *core.DataSource `protobuf:"bytes,7,opt,name=crl,proto3" json:"crl,omitempty"` // If specified, Envoy will not reject expired certificates. AllowExpiredCertificate bool `` /* 133-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*CertificateValidationContext) Descriptor ¶
func (*CertificateValidationContext) Descriptor() ([]byte, []int)
func (*CertificateValidationContext) Equal ¶
func (this *CertificateValidationContext) Equal(that interface{}) bool
func (*CertificateValidationContext) GetAllowExpiredCertificate ¶
func (m *CertificateValidationContext) GetAllowExpiredCertificate() bool
func (*CertificateValidationContext) GetCrl ¶
func (m *CertificateValidationContext) GetCrl() *core.DataSource
func (*CertificateValidationContext) GetRequireOcspStaple ¶
func (m *CertificateValidationContext) GetRequireOcspStaple() *types.BoolValue
func (*CertificateValidationContext) GetRequireSignedCertificateTimestamp ¶
func (m *CertificateValidationContext) GetRequireSignedCertificateTimestamp() *types.BoolValue
func (*CertificateValidationContext) GetTrustedCa ¶
func (m *CertificateValidationContext) GetTrustedCa() *core.DataSource
func (*CertificateValidationContext) GetVerifyCertificateHash ¶
func (m *CertificateValidationContext) GetVerifyCertificateHash() []string
func (*CertificateValidationContext) GetVerifyCertificateSpki ¶
func (m *CertificateValidationContext) GetVerifyCertificateSpki() []string
func (*CertificateValidationContext) GetVerifySubjectAltName ¶
func (m *CertificateValidationContext) GetVerifySubjectAltName() []string
func (*CertificateValidationContext) Marshal ¶
func (m *CertificateValidationContext) Marshal() (dAtA []byte, err error)
func (*CertificateValidationContext) MarshalTo ¶
func (m *CertificateValidationContext) MarshalTo(dAtA []byte) (int, error)
func (*CertificateValidationContext) ProtoMessage ¶
func (*CertificateValidationContext) ProtoMessage()
func (*CertificateValidationContext) Reset ¶
func (m *CertificateValidationContext) Reset()
func (*CertificateValidationContext) Size ¶
func (m *CertificateValidationContext) Size() (n int)
func (*CertificateValidationContext) String ¶
func (m *CertificateValidationContext) String() string
func (*CertificateValidationContext) Unmarshal ¶
func (m *CertificateValidationContext) Unmarshal(dAtA []byte) error
func (*CertificateValidationContext) Validate ¶
func (m *CertificateValidationContext) Validate() error
Validate checks the field values on CertificateValidationContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*CertificateValidationContext) XXX_DiscardUnknown ¶
func (m *CertificateValidationContext) XXX_DiscardUnknown()
func (*CertificateValidationContext) XXX_Marshal ¶
func (m *CertificateValidationContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CertificateValidationContext) XXX_Merge ¶
func (m *CertificateValidationContext) XXX_Merge(src proto.Message)
func (*CertificateValidationContext) XXX_Size ¶
func (m *CertificateValidationContext) XXX_Size() int
func (*CertificateValidationContext) XXX_Unmarshal ¶
func (m *CertificateValidationContext) XXX_Unmarshal(b []byte) error
type CertificateValidationContextValidationError ¶
type CertificateValidationContextValidationError struct { Field string Reason string Cause error Key bool }
CertificateValidationContextValidationError is the validation error returned by CertificateValidationContext.Validate if the designated constraints aren't met.
func (CertificateValidationContextValidationError) Error ¶
func (e CertificateValidationContextValidationError) Error() string
Error satisfies the builtin error interface
type CommonTlsContext ¶
type CommonTlsContext struct { // TLS protocol versions, cipher suites etc. TlsParams *TlsParameters `protobuf:"bytes,1,opt,name=tls_params,json=tlsParams,proto3" json:"tls_params,omitempty"` // :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the // same context to allow both RSA and ECDSA certificates. // // Only a single TLS certificate is supported in client contexts. In server contexts, the first // RSA certificate is used for clients that only support RSA and the first ECDSA certificate is // used for clients that support ECDSA. TlsCertificates []*TlsCertificate `protobuf:"bytes,2,rep,name=tls_certificates,json=tlsCertificates,proto3" json:"tls_certificates,omitempty"` // Configs for fetching TLS certificates via SDS API. TlsCertificateSdsSecretConfigs []*SdsSecretConfig `` /* 157-byte string literal not displayed */ // Types that are valid to be assigned to ValidationContextType: // *CommonTlsContext_ValidationContext // *CommonTlsContext_ValidationContextSdsSecretConfig // *CommonTlsContext_CombinedValidationContext ValidationContextType isCommonTlsContext_ValidationContextType `protobuf_oneof:"validation_context_type"` // Supplies the list of ALPN protocols that the listener should expose. In // practice this is likely to be set to one of two values (see the // :ref:`codec_type // <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.codec_type>` // parameter in the HTTP connection manager for more information): // // * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1. // * "http/1.1" If the listener is only going to support HTTP/1.1. // // There is no default for this parameter. If empty, Envoy will not expose ALPN. AlpnProtocols []string `protobuf:"bytes,4,rep,name=alpn_protocols,json=alpnProtocols,proto3" json:"alpn_protocols,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
TLS context shared by both client and server TLS contexts.
func (*CommonTlsContext) Descriptor ¶
func (*CommonTlsContext) Descriptor() ([]byte, []int)
func (*CommonTlsContext) Equal ¶
func (this *CommonTlsContext) Equal(that interface{}) bool
func (*CommonTlsContext) GetAlpnProtocols ¶
func (m *CommonTlsContext) GetAlpnProtocols() []string
func (*CommonTlsContext) GetCombinedValidationContext ¶ added in v0.6.3
func (m *CommonTlsContext) GetCombinedValidationContext() *CommonTlsContext_CombinedCertificateValidationContext
func (*CommonTlsContext) GetTlsCertificateSdsSecretConfigs ¶
func (m *CommonTlsContext) GetTlsCertificateSdsSecretConfigs() []*SdsSecretConfig
func (*CommonTlsContext) GetTlsCertificates ¶
func (m *CommonTlsContext) GetTlsCertificates() []*TlsCertificate
func (*CommonTlsContext) GetTlsParams ¶
func (m *CommonTlsContext) GetTlsParams() *TlsParameters
func (*CommonTlsContext) GetValidationContext ¶
func (m *CommonTlsContext) GetValidationContext() *CertificateValidationContext
func (*CommonTlsContext) GetValidationContextSdsSecretConfig ¶
func (m *CommonTlsContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig
func (*CommonTlsContext) GetValidationContextType ¶
func (m *CommonTlsContext) GetValidationContextType() isCommonTlsContext_ValidationContextType
func (*CommonTlsContext) Marshal ¶
func (m *CommonTlsContext) Marshal() (dAtA []byte, err error)
func (*CommonTlsContext) ProtoMessage ¶
func (*CommonTlsContext) ProtoMessage()
func (*CommonTlsContext) Reset ¶
func (m *CommonTlsContext) Reset()
func (*CommonTlsContext) Size ¶
func (m *CommonTlsContext) Size() (n int)
func (*CommonTlsContext) String ¶
func (m *CommonTlsContext) String() string
func (*CommonTlsContext) Unmarshal ¶
func (m *CommonTlsContext) Unmarshal(dAtA []byte) error
func (*CommonTlsContext) Validate ¶
func (m *CommonTlsContext) Validate() error
Validate checks the field values on CommonTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*CommonTlsContext) XXX_DiscardUnknown ¶
func (m *CommonTlsContext) XXX_DiscardUnknown()
func (*CommonTlsContext) XXX_Marshal ¶
func (m *CommonTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CommonTlsContext) XXX_Merge ¶
func (m *CommonTlsContext) XXX_Merge(src proto.Message)
func (*CommonTlsContext) XXX_OneofFuncs ¶
func (*CommonTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*CommonTlsContext) XXX_Size ¶
func (m *CommonTlsContext) XXX_Size() int
func (*CommonTlsContext) XXX_Unmarshal ¶
func (m *CommonTlsContext) XXX_Unmarshal(b []byte) error
type CommonTlsContextValidationError ¶
CommonTlsContextValidationError is the validation error returned by CommonTlsContext.Validate if the designated constraints aren't met.
func (CommonTlsContextValidationError) Error ¶
func (e CommonTlsContextValidationError) Error() string
Error satisfies the builtin error interface
type CommonTlsContext_CombinedCertificateValidationContext ¶ added in v0.6.3
type CommonTlsContext_CombinedCertificateValidationContext struct { // How to validate peer certificates. DefaultValidationContext *CertificateValidationContext `` /* 135-byte string literal not displayed */ // Config for fetching validation context via SDS API. ValidationContextSdsSecretConfig *SdsSecretConfig `` /* 163-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*CommonTlsContext_CombinedCertificateValidationContext) Descriptor ¶ added in v0.6.3
func (*CommonTlsContext_CombinedCertificateValidationContext) Descriptor() ([]byte, []int)
func (*CommonTlsContext_CombinedCertificateValidationContext) Equal ¶ added in v0.6.3
func (this *CommonTlsContext_CombinedCertificateValidationContext) Equal(that interface{}) bool
func (*CommonTlsContext_CombinedCertificateValidationContext) GetDefaultValidationContext ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) GetDefaultValidationContext() *CertificateValidationContext
func (*CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextSdsSecretConfig ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig
func (*CommonTlsContext_CombinedCertificateValidationContext) Marshal ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) Marshal() (dAtA []byte, err error)
func (*CommonTlsContext_CombinedCertificateValidationContext) MarshalTo ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) MarshalTo(dAtA []byte) (int, error)
func (*CommonTlsContext_CombinedCertificateValidationContext) ProtoMessage ¶ added in v0.6.3
func (*CommonTlsContext_CombinedCertificateValidationContext) ProtoMessage()
func (*CommonTlsContext_CombinedCertificateValidationContext) Reset ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) Reset()
func (*CommonTlsContext_CombinedCertificateValidationContext) Size ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) Size() (n int)
func (*CommonTlsContext_CombinedCertificateValidationContext) String ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) String() string
func (*CommonTlsContext_CombinedCertificateValidationContext) Unmarshal ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) Unmarshal(dAtA []byte) error
func (*CommonTlsContext_CombinedCertificateValidationContext) Validate ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) Validate() error
Validate checks the field values on CommonTlsContext_CombinedCertificateValidationContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_DiscardUnknown ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_DiscardUnknown()
func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Marshal ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Merge ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Merge(src proto.Message)
func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Size ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Size() int
func (*CommonTlsContext_CombinedCertificateValidationContext) XXX_Unmarshal ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedCertificateValidationContext) XXX_Unmarshal(b []byte) error
type CommonTlsContext_CombinedCertificateValidationContextValidationError ¶ added in v0.6.3
type CommonTlsContext_CombinedCertificateValidationContextValidationError struct { Field string Reason string Cause error Key bool }
CommonTlsContext_CombinedCertificateValidationContextValidationError is the validation error returned by CommonTlsContext_CombinedCertificateValidationContext.Validate if the designated constraints aren't met.
type CommonTlsContext_CombinedValidationContext ¶ added in v0.6.3
type CommonTlsContext_CombinedValidationContext struct {
CombinedValidationContext *CommonTlsContext_CombinedCertificateValidationContext `protobuf:"bytes,8,opt,name=combined_validation_context,json=combinedValidationContext,proto3,oneof"`
}
func (*CommonTlsContext_CombinedValidationContext) Equal ¶ added in v0.6.3
func (this *CommonTlsContext_CombinedValidationContext) Equal(that interface{}) bool
func (*CommonTlsContext_CombinedValidationContext) MarshalTo ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedValidationContext) MarshalTo(dAtA []byte) (int, error)
func (*CommonTlsContext_CombinedValidationContext) Size ¶ added in v0.6.3
func (m *CommonTlsContext_CombinedValidationContext) Size() (n int)
type CommonTlsContext_ValidationContext ¶
type CommonTlsContext_ValidationContext struct {
ValidationContext *CertificateValidationContext `protobuf:"bytes,3,opt,name=validation_context,json=validationContext,proto3,oneof"`
}
func (*CommonTlsContext_ValidationContext) Equal ¶
func (this *CommonTlsContext_ValidationContext) Equal(that interface{}) bool
func (*CommonTlsContext_ValidationContext) MarshalTo ¶
func (m *CommonTlsContext_ValidationContext) MarshalTo(dAtA []byte) (int, error)
func (*CommonTlsContext_ValidationContext) Size ¶
func (m *CommonTlsContext_ValidationContext) Size() (n int)
type CommonTlsContext_ValidationContextSdsSecretConfig ¶
type CommonTlsContext_ValidationContextSdsSecretConfig struct {
ValidationContextSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,7,opt,name=validation_context_sds_secret_config,json=validationContextSdsSecretConfig,proto3,oneof"`
}
func (*CommonTlsContext_ValidationContextSdsSecretConfig) Equal ¶
func (this *CommonTlsContext_ValidationContextSdsSecretConfig) Equal(that interface{}) bool
func (*CommonTlsContext_ValidationContextSdsSecretConfig) MarshalTo ¶
func (m *CommonTlsContext_ValidationContextSdsSecretConfig) MarshalTo(dAtA []byte) (int, error)
func (*CommonTlsContext_ValidationContextSdsSecretConfig) Size ¶
func (m *CommonTlsContext_ValidationContextSdsSecretConfig) Size() (n int)
type DownstreamTlsContext ¶
type DownstreamTlsContext struct { // Common TLS context settings. CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext,proto3" json:"common_tls_context,omitempty"` // If specified, Envoy will reject connections without a valid client // certificate. RequireClientCertificate *types.BoolValue `` /* 135-byte string literal not displayed */ // If specified, Envoy will reject connections without a valid and matching SNI. // [#not-implemented-hide:] RequireSni *types.BoolValue `protobuf:"bytes,3,opt,name=require_sni,json=requireSni,proto3" json:"require_sni,omitempty"` // Types that are valid to be assigned to SessionTicketKeysType: // *DownstreamTlsContext_SessionTicketKeys // *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig SessionTicketKeysType isDownstreamTlsContext_SessionTicketKeysType `protobuf_oneof:"session_ticket_keys_type"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*DownstreamTlsContext) Descriptor ¶
func (*DownstreamTlsContext) Descriptor() ([]byte, []int)
func (*DownstreamTlsContext) Equal ¶
func (this *DownstreamTlsContext) Equal(that interface{}) bool
func (*DownstreamTlsContext) GetCommonTlsContext ¶
func (m *DownstreamTlsContext) GetCommonTlsContext() *CommonTlsContext
func (*DownstreamTlsContext) GetRequireClientCertificate ¶
func (m *DownstreamTlsContext) GetRequireClientCertificate() *types.BoolValue
func (*DownstreamTlsContext) GetRequireSni ¶
func (m *DownstreamTlsContext) GetRequireSni() *types.BoolValue
func (*DownstreamTlsContext) GetSessionTicketKeys ¶
func (m *DownstreamTlsContext) GetSessionTicketKeys() *TlsSessionTicketKeys
func (*DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig ¶
func (m *DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig() *SdsSecretConfig
func (*DownstreamTlsContext) GetSessionTicketKeysType ¶
func (m *DownstreamTlsContext) GetSessionTicketKeysType() isDownstreamTlsContext_SessionTicketKeysType
func (*DownstreamTlsContext) Marshal ¶
func (m *DownstreamTlsContext) Marshal() (dAtA []byte, err error)
func (*DownstreamTlsContext) MarshalTo ¶
func (m *DownstreamTlsContext) MarshalTo(dAtA []byte) (int, error)
func (*DownstreamTlsContext) ProtoMessage ¶
func (*DownstreamTlsContext) ProtoMessage()
func (*DownstreamTlsContext) Reset ¶
func (m *DownstreamTlsContext) Reset()
func (*DownstreamTlsContext) Size ¶
func (m *DownstreamTlsContext) Size() (n int)
func (*DownstreamTlsContext) String ¶
func (m *DownstreamTlsContext) String() string
func (*DownstreamTlsContext) Unmarshal ¶
func (m *DownstreamTlsContext) Unmarshal(dAtA []byte) error
func (*DownstreamTlsContext) Validate ¶
func (m *DownstreamTlsContext) Validate() error
Validate checks the field values on DownstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*DownstreamTlsContext) XXX_DiscardUnknown ¶
func (m *DownstreamTlsContext) XXX_DiscardUnknown()
func (*DownstreamTlsContext) XXX_Marshal ¶
func (m *DownstreamTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*DownstreamTlsContext) XXX_Merge ¶
func (m *DownstreamTlsContext) XXX_Merge(src proto.Message)
func (*DownstreamTlsContext) XXX_OneofFuncs ¶
func (*DownstreamTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*DownstreamTlsContext) XXX_Size ¶
func (m *DownstreamTlsContext) XXX_Size() int
func (*DownstreamTlsContext) XXX_Unmarshal ¶
func (m *DownstreamTlsContext) XXX_Unmarshal(b []byte) error
type DownstreamTlsContextValidationError ¶
DownstreamTlsContextValidationError is the validation error returned by DownstreamTlsContext.Validate if the designated constraints aren't met.
func (DownstreamTlsContextValidationError) Error ¶
func (e DownstreamTlsContextValidationError) Error() string
Error satisfies the builtin error interface
type DownstreamTlsContext_SessionTicketKeys ¶
type DownstreamTlsContext_SessionTicketKeys struct {
SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,4,opt,name=session_ticket_keys,json=sessionTicketKeys,proto3,oneof"`
}
func (*DownstreamTlsContext_SessionTicketKeys) Equal ¶
func (this *DownstreamTlsContext_SessionTicketKeys) Equal(that interface{}) bool
func (*DownstreamTlsContext_SessionTicketKeys) MarshalTo ¶
func (m *DownstreamTlsContext_SessionTicketKeys) MarshalTo(dAtA []byte) (int, error)
func (*DownstreamTlsContext_SessionTicketKeys) Size ¶
func (m *DownstreamTlsContext_SessionTicketKeys) Size() (n int)
type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig ¶
type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig struct {
SessionTicketKeysSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,5,opt,name=session_ticket_keys_sds_secret_config,json=sessionTicketKeysSdsSecretConfig,proto3,oneof"`
}
func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Equal ¶
func (this *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Equal(that interface{}) bool
func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) MarshalTo ¶
func (m *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) MarshalTo(dAtA []byte) (int, error)
func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Size ¶
func (m *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Size() (n int)
type SdsSecretConfig ¶
type SdsSecretConfig struct { // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. // When both name and config are specified, then secret can be fetched and/or reloaded via SDS. // When only name is specified, then secret will be loaded from static resources [V2-API-DIFF]. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` SdsConfig *core.ConfigSource `protobuf:"bytes,2,opt,name=sds_config,json=sdsConfig,proto3" json:"sds_config,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
[#proto-status: experimental]
func (*SdsSecretConfig) Descriptor ¶
func (*SdsSecretConfig) Descriptor() ([]byte, []int)
func (*SdsSecretConfig) Equal ¶
func (this *SdsSecretConfig) Equal(that interface{}) bool
func (*SdsSecretConfig) GetName ¶
func (m *SdsSecretConfig) GetName() string
func (*SdsSecretConfig) GetSdsConfig ¶
func (m *SdsSecretConfig) GetSdsConfig() *core.ConfigSource
func (*SdsSecretConfig) Marshal ¶
func (m *SdsSecretConfig) Marshal() (dAtA []byte, err error)
func (*SdsSecretConfig) ProtoMessage ¶
func (*SdsSecretConfig) ProtoMessage()
func (*SdsSecretConfig) Reset ¶
func (m *SdsSecretConfig) Reset()
func (*SdsSecretConfig) Size ¶
func (m *SdsSecretConfig) Size() (n int)
func (*SdsSecretConfig) String ¶
func (m *SdsSecretConfig) String() string
func (*SdsSecretConfig) Unmarshal ¶
func (m *SdsSecretConfig) Unmarshal(dAtA []byte) error
func (*SdsSecretConfig) Validate ¶
func (m *SdsSecretConfig) Validate() error
Validate checks the field values on SdsSecretConfig with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*SdsSecretConfig) XXX_DiscardUnknown ¶
func (m *SdsSecretConfig) XXX_DiscardUnknown()
func (*SdsSecretConfig) XXX_Marshal ¶
func (m *SdsSecretConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*SdsSecretConfig) XXX_Merge ¶
func (m *SdsSecretConfig) XXX_Merge(src proto.Message)
func (*SdsSecretConfig) XXX_Size ¶
func (m *SdsSecretConfig) XXX_Size() int
func (*SdsSecretConfig) XXX_Unmarshal ¶
func (m *SdsSecretConfig) XXX_Unmarshal(b []byte) error
type SdsSecretConfigValidationError ¶
SdsSecretConfigValidationError is the validation error returned by SdsSecretConfig.Validate if the designated constraints aren't met.
func (SdsSecretConfigValidationError) Error ¶
func (e SdsSecretConfigValidationError) Error() string
Error satisfies the builtin error interface
type Secret ¶
type Secret struct { // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Types that are valid to be assigned to Type: // *Secret_TlsCertificate // *Secret_SessionTicketKeys // *Secret_ValidationContext Type isSecret_Type `protobuf_oneof:"type"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
[#proto-status: experimental]
func (*Secret) Descriptor ¶
func (*Secret) GetSessionTicketKeys ¶
func (m *Secret) GetSessionTicketKeys() *TlsSessionTicketKeys
func (*Secret) GetTlsCertificate ¶
func (m *Secret) GetTlsCertificate() *TlsCertificate
func (*Secret) GetValidationContext ¶
func (m *Secret) GetValidationContext() *CertificateValidationContext
func (*Secret) ProtoMessage ¶
func (*Secret) ProtoMessage()
func (*Secret) Validate ¶
Validate checks the field values on Secret with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Secret) XXX_DiscardUnknown ¶
func (m *Secret) XXX_DiscardUnknown()
func (*Secret) XXX_Marshal ¶
func (*Secret) XXX_OneofFuncs ¶
func (*Secret) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*Secret) XXX_Unmarshal ¶
type SecretValidationError ¶
SecretValidationError is the validation error returned by Secret.Validate if the designated constraints aren't met.
func (SecretValidationError) Error ¶
func (e SecretValidationError) Error() string
Error satisfies the builtin error interface
type Secret_SessionTicketKeys ¶
type Secret_SessionTicketKeys struct {
SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,3,opt,name=session_ticket_keys,json=sessionTicketKeys,proto3,oneof"`
}
func (*Secret_SessionTicketKeys) Equal ¶
func (this *Secret_SessionTicketKeys) Equal(that interface{}) bool
func (*Secret_SessionTicketKeys) MarshalTo ¶
func (m *Secret_SessionTicketKeys) MarshalTo(dAtA []byte) (int, error)
func (*Secret_SessionTicketKeys) Size ¶
func (m *Secret_SessionTicketKeys) Size() (n int)
type Secret_TlsCertificate ¶
type Secret_TlsCertificate struct {
TlsCertificate *TlsCertificate `protobuf:"bytes,2,opt,name=tls_certificate,json=tlsCertificate,proto3,oneof"`
}
func (*Secret_TlsCertificate) Equal ¶
func (this *Secret_TlsCertificate) Equal(that interface{}) bool
func (*Secret_TlsCertificate) MarshalTo ¶
func (m *Secret_TlsCertificate) MarshalTo(dAtA []byte) (int, error)
func (*Secret_TlsCertificate) Size ¶
func (m *Secret_TlsCertificate) Size() (n int)
type Secret_ValidationContext ¶
type Secret_ValidationContext struct {
ValidationContext *CertificateValidationContext `protobuf:"bytes,4,opt,name=validation_context,json=validationContext,proto3,oneof"`
}
func (*Secret_ValidationContext) Equal ¶
func (this *Secret_ValidationContext) Equal(that interface{}) bool
func (*Secret_ValidationContext) MarshalTo ¶
func (m *Secret_ValidationContext) MarshalTo(dAtA []byte) (int, error)
func (*Secret_ValidationContext) Size ¶
func (m *Secret_ValidationContext) Size() (n int)
type TlsCertificate ¶
type TlsCertificate struct { // The TLS certificate chain. CertificateChain *core.DataSource `protobuf:"bytes,1,opt,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` // The TLS private key. PrivateKey *core.DataSource `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` // The password to decrypt the TLS private key. If this field is not set, it is assumed that the // TLS private key is not password encrypted. Password *core.DataSource `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"` // [#not-implemented-hide:] OcspStaple *core.DataSource `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"` // [#not-implemented-hide:] SignedCertificateTimestamp []*core.DataSource `` /* 141-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*TlsCertificate) Descriptor ¶
func (*TlsCertificate) Descriptor() ([]byte, []int)
func (*TlsCertificate) Equal ¶
func (this *TlsCertificate) Equal(that interface{}) bool
func (*TlsCertificate) GetCertificateChain ¶
func (m *TlsCertificate) GetCertificateChain() *core.DataSource
func (*TlsCertificate) GetOcspStaple ¶
func (m *TlsCertificate) GetOcspStaple() *core.DataSource
func (*TlsCertificate) GetPassword ¶
func (m *TlsCertificate) GetPassword() *core.DataSource
func (*TlsCertificate) GetPrivateKey ¶
func (m *TlsCertificate) GetPrivateKey() *core.DataSource
func (*TlsCertificate) GetSignedCertificateTimestamp ¶
func (m *TlsCertificate) GetSignedCertificateTimestamp() []*core.DataSource
func (*TlsCertificate) Marshal ¶
func (m *TlsCertificate) Marshal() (dAtA []byte, err error)
func (*TlsCertificate) ProtoMessage ¶
func (*TlsCertificate) ProtoMessage()
func (*TlsCertificate) Reset ¶
func (m *TlsCertificate) Reset()
func (*TlsCertificate) Size ¶
func (m *TlsCertificate) Size() (n int)
func (*TlsCertificate) String ¶
func (m *TlsCertificate) String() string
func (*TlsCertificate) Unmarshal ¶
func (m *TlsCertificate) Unmarshal(dAtA []byte) error
func (*TlsCertificate) Validate ¶
func (m *TlsCertificate) Validate() error
Validate checks the field values on TlsCertificate with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*TlsCertificate) XXX_DiscardUnknown ¶
func (m *TlsCertificate) XXX_DiscardUnknown()
func (*TlsCertificate) XXX_Marshal ¶
func (m *TlsCertificate) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*TlsCertificate) XXX_Merge ¶
func (m *TlsCertificate) XXX_Merge(src proto.Message)
func (*TlsCertificate) XXX_Size ¶
func (m *TlsCertificate) XXX_Size() int
func (*TlsCertificate) XXX_Unmarshal ¶
func (m *TlsCertificate) XXX_Unmarshal(b []byte) error
type TlsCertificateValidationError ¶
TlsCertificateValidationError is the validation error returned by TlsCertificate.Validate if the designated constraints aren't met.
func (TlsCertificateValidationError) Error ¶
func (e TlsCertificateValidationError) Error() string
Error satisfies the builtin error interface
type TlsParameters ¶
type TlsParameters struct { // Minimum TLS protocol version. By default, it's “TLSv1_0“. TlsMinimumProtocolVersion TlsParameters_TlsProtocol `` /* 190-byte string literal not displayed */ // Maximum TLS protocol version. By default, it's “TLSv1_3“ for servers in non-FIPS builds, and // “TLSv1_2“ for clients and for servers using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`. TlsMaximumProtocolVersion TlsParameters_TlsProtocol `` /* 190-byte string literal not displayed */ // If specified, the TLS listener will only support the specified `cipher list // <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not // specified, the default list will be used. // // In non-FIPS builds, the default cipher list is: // // .. code-block:: none // // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] // ECDHE-ECDSA-AES128-SHA // ECDHE-RSA-AES128-SHA // AES128-GCM-SHA256 // AES128-SHA // ECDHE-ECDSA-AES256-GCM-SHA384 // ECDHE-RSA-AES256-GCM-SHA384 // ECDHE-ECDSA-AES256-SHA // ECDHE-RSA-AES256-SHA // AES256-GCM-SHA384 // AES256-SHA // // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is: // // .. code-block:: none // // ECDHE-ECDSA-AES128-GCM-SHA256 // ECDHE-RSA-AES128-GCM-SHA256 // ECDHE-ECDSA-AES128-SHA // ECDHE-RSA-AES128-SHA // AES128-GCM-SHA256 // AES128-SHA // ECDHE-ECDSA-AES256-GCM-SHA384 // ECDHE-RSA-AES256-GCM-SHA384 // ECDHE-ECDSA-AES256-SHA // ECDHE-RSA-AES256-SHA // AES256-GCM-SHA384 // AES256-SHA CipherSuites []string `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` // If specified, the TLS connection will only support the specified ECDH // curves. If not specified, the default curves will be used. // // In non-FIPS builds, the default curves are: // // .. code-block:: none // // X25519 // P-256 // // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: // // .. code-block:: none // // P-256 EcdhCurves []string `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*TlsParameters) Descriptor ¶
func (*TlsParameters) Descriptor() ([]byte, []int)
func (*TlsParameters) Equal ¶
func (this *TlsParameters) Equal(that interface{}) bool
func (*TlsParameters) GetCipherSuites ¶
func (m *TlsParameters) GetCipherSuites() []string
func (*TlsParameters) GetEcdhCurves ¶
func (m *TlsParameters) GetEcdhCurves() []string
func (*TlsParameters) GetTlsMaximumProtocolVersion ¶
func (m *TlsParameters) GetTlsMaximumProtocolVersion() TlsParameters_TlsProtocol
func (*TlsParameters) GetTlsMinimumProtocolVersion ¶
func (m *TlsParameters) GetTlsMinimumProtocolVersion() TlsParameters_TlsProtocol
func (*TlsParameters) Marshal ¶
func (m *TlsParameters) Marshal() (dAtA []byte, err error)
func (*TlsParameters) ProtoMessage ¶
func (*TlsParameters) ProtoMessage()
func (*TlsParameters) Reset ¶
func (m *TlsParameters) Reset()
func (*TlsParameters) Size ¶
func (m *TlsParameters) Size() (n int)
func (*TlsParameters) String ¶
func (m *TlsParameters) String() string
func (*TlsParameters) Unmarshal ¶
func (m *TlsParameters) Unmarshal(dAtA []byte) error
func (*TlsParameters) Validate ¶
func (m *TlsParameters) Validate() error
Validate checks the field values on TlsParameters with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*TlsParameters) XXX_DiscardUnknown ¶
func (m *TlsParameters) XXX_DiscardUnknown()
func (*TlsParameters) XXX_Marshal ¶
func (m *TlsParameters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*TlsParameters) XXX_Merge ¶
func (m *TlsParameters) XXX_Merge(src proto.Message)
func (*TlsParameters) XXX_Size ¶
func (m *TlsParameters) XXX_Size() int
func (*TlsParameters) XXX_Unmarshal ¶
func (m *TlsParameters) XXX_Unmarshal(b []byte) error
type TlsParametersValidationError ¶
TlsParametersValidationError is the validation error returned by TlsParameters.Validate if the designated constraints aren't met.
func (TlsParametersValidationError) Error ¶
func (e TlsParametersValidationError) Error() string
Error satisfies the builtin error interface
type TlsParameters_TlsProtocol ¶
type TlsParameters_TlsProtocol int32
const ( // Envoy will choose the optimal TLS version. TlsParameters_TLS_AUTO TlsParameters_TlsProtocol = 0 // TLS 1.0 TlsParameters_TLSv1_0 TlsParameters_TlsProtocol = 1 // TLS 1.1 TlsParameters_TLSv1_1 TlsParameters_TlsProtocol = 2 // TLS 1.2 TlsParameters_TLSv1_2 TlsParameters_TlsProtocol = 3 // TLS 1.3 TlsParameters_TLSv1_3 TlsParameters_TlsProtocol = 4 )
func (TlsParameters_TlsProtocol) EnumDescriptor ¶
func (TlsParameters_TlsProtocol) EnumDescriptor() ([]byte, []int)
func (TlsParameters_TlsProtocol) String ¶
func (x TlsParameters_TlsProtocol) String() string
type TlsSessionTicketKeys ¶
type TlsSessionTicketKeys struct { // Keys for encrypting and decrypting TLS session tickets. The // first key in the array contains the key to encrypt all new sessions created by this context. // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys // by, for example, putting the new key first, and the previous key second. // // If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>` // is not specified, the TLS library will still support resuming sessions via tickets, but it will // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts // or on different hosts. // // Each key must contain exactly 80 bytes of cryptographically-secure random data. For // example, the output of “openssl rand 80“. // // .. attention:: // // Using this feature has serious security considerations and risks. Improper handling of keys // may result in loss of secrecy in connections, even if ciphers supporting perfect forward // secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some // discussion. To minimize the risk, you must: // // * Keep the session ticket keys at least as secure as your TLS certificate private keys // * Rotate session ticket keys at least daily, and preferably hourly // * Always generate keys using a cryptographically-secure random data source Keys []*core.DataSource `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*TlsSessionTicketKeys) Descriptor ¶
func (*TlsSessionTicketKeys) Descriptor() ([]byte, []int)
func (*TlsSessionTicketKeys) Equal ¶
func (this *TlsSessionTicketKeys) Equal(that interface{}) bool
func (*TlsSessionTicketKeys) GetKeys ¶
func (m *TlsSessionTicketKeys) GetKeys() []*core.DataSource
func (*TlsSessionTicketKeys) Marshal ¶
func (m *TlsSessionTicketKeys) Marshal() (dAtA []byte, err error)
func (*TlsSessionTicketKeys) MarshalTo ¶
func (m *TlsSessionTicketKeys) MarshalTo(dAtA []byte) (int, error)
func (*TlsSessionTicketKeys) ProtoMessage ¶
func (*TlsSessionTicketKeys) ProtoMessage()
func (*TlsSessionTicketKeys) Reset ¶
func (m *TlsSessionTicketKeys) Reset()
func (*TlsSessionTicketKeys) Size ¶
func (m *TlsSessionTicketKeys) Size() (n int)
func (*TlsSessionTicketKeys) String ¶
func (m *TlsSessionTicketKeys) String() string
func (*TlsSessionTicketKeys) Unmarshal ¶
func (m *TlsSessionTicketKeys) Unmarshal(dAtA []byte) error
func (*TlsSessionTicketKeys) Validate ¶
func (m *TlsSessionTicketKeys) Validate() error
Validate checks the field values on TlsSessionTicketKeys with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*TlsSessionTicketKeys) XXX_DiscardUnknown ¶
func (m *TlsSessionTicketKeys) XXX_DiscardUnknown()
func (*TlsSessionTicketKeys) XXX_Marshal ¶
func (m *TlsSessionTicketKeys) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*TlsSessionTicketKeys) XXX_Merge ¶
func (m *TlsSessionTicketKeys) XXX_Merge(src proto.Message)
func (*TlsSessionTicketKeys) XXX_Size ¶
func (m *TlsSessionTicketKeys) XXX_Size() int
func (*TlsSessionTicketKeys) XXX_Unmarshal ¶
func (m *TlsSessionTicketKeys) XXX_Unmarshal(b []byte) error
type TlsSessionTicketKeysValidationError ¶
TlsSessionTicketKeysValidationError is the validation error returned by TlsSessionTicketKeys.Validate if the designated constraints aren't met.
func (TlsSessionTicketKeysValidationError) Error ¶
func (e TlsSessionTicketKeysValidationError) Error() string
Error satisfies the builtin error interface
type UpstreamTlsContext ¶
type UpstreamTlsContext struct { // Common TLS context settings. CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext,proto3" json:"common_tls_context,omitempty"` // SNI string to use when creating TLS backend connections. Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"` // If true, server-initiated TLS renegotiation will be allowed. // // .. attention:: // // TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary. AllowRenegotiation bool `protobuf:"varint,3,opt,name=allow_renegotiation,json=allowRenegotiation,proto3" json:"allow_renegotiation,omitempty"` // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets // for TLSv1.2 and older) to store for the purpose of session resumption. // // Defaults to 1, setting this to 0 disables session resumption. MaxSessionKeys *types.UInt32Value `protobuf:"bytes,4,opt,name=max_session_keys,json=maxSessionKeys,proto3" json:"max_session_keys,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*UpstreamTlsContext) Descriptor ¶
func (*UpstreamTlsContext) Descriptor() ([]byte, []int)
func (*UpstreamTlsContext) Equal ¶
func (this *UpstreamTlsContext) Equal(that interface{}) bool
func (*UpstreamTlsContext) GetAllowRenegotiation ¶
func (m *UpstreamTlsContext) GetAllowRenegotiation() bool
func (*UpstreamTlsContext) GetCommonTlsContext ¶
func (m *UpstreamTlsContext) GetCommonTlsContext() *CommonTlsContext
func (*UpstreamTlsContext) GetMaxSessionKeys ¶ added in v0.6.4
func (m *UpstreamTlsContext) GetMaxSessionKeys() *types.UInt32Value
func (*UpstreamTlsContext) GetSni ¶
func (m *UpstreamTlsContext) GetSni() string
func (*UpstreamTlsContext) Marshal ¶
func (m *UpstreamTlsContext) Marshal() (dAtA []byte, err error)
func (*UpstreamTlsContext) MarshalTo ¶
func (m *UpstreamTlsContext) MarshalTo(dAtA []byte) (int, error)
func (*UpstreamTlsContext) ProtoMessage ¶
func (*UpstreamTlsContext) ProtoMessage()
func (*UpstreamTlsContext) Reset ¶
func (m *UpstreamTlsContext) Reset()
func (*UpstreamTlsContext) Size ¶
func (m *UpstreamTlsContext) Size() (n int)
func (*UpstreamTlsContext) String ¶
func (m *UpstreamTlsContext) String() string
func (*UpstreamTlsContext) Unmarshal ¶
func (m *UpstreamTlsContext) Unmarshal(dAtA []byte) error
func (*UpstreamTlsContext) Validate ¶
func (m *UpstreamTlsContext) Validate() error
Validate checks the field values on UpstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*UpstreamTlsContext) XXX_DiscardUnknown ¶
func (m *UpstreamTlsContext) XXX_DiscardUnknown()
func (*UpstreamTlsContext) XXX_Marshal ¶
func (m *UpstreamTlsContext) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*UpstreamTlsContext) XXX_Merge ¶
func (m *UpstreamTlsContext) XXX_Merge(src proto.Message)
func (*UpstreamTlsContext) XXX_Size ¶
func (m *UpstreamTlsContext) XXX_Size() int
func (*UpstreamTlsContext) XXX_Unmarshal ¶
func (m *UpstreamTlsContext) XXX_Unmarshal(b []byte) error
type UpstreamTlsContextValidationError ¶
UpstreamTlsContextValidationError is the validation error returned by UpstreamTlsContext.Validate if the designated constraints aren't met.
func (UpstreamTlsContextValidationError) Error ¶
func (e UpstreamTlsContextValidationError) Error() string
Error satisfies the builtin error interface