Documentation
¶
Index ¶
- Variables
- type FilterConfig
- func (*FilterConfig) Descriptor() ([]byte, []int)deprecated
- func (x *FilterConfig) GetAllowedTrustDomains() []string
- func (x *FilterConfig) GetDisableClearRouteCache() bool
- func (x *FilterConfig) GetJwtOutputPayloadLocations() map[string]string
- func (x *FilterConfig) GetPolicy() *v1alpha1.Policy
- func (x *FilterConfig) GetSkipValidateTrustDomain() bool
- func (*FilterConfig) ProtoMessage()
- func (x *FilterConfig) ProtoReflect() protoreflect.Message
- func (x *FilterConfig) Reset()
- func (x *FilterConfig) String() string
Constants ¶
This section is empty.
Variables ¶
View Source
var File_envoy_config_filter_http_authn_v2alpha1_config_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type FilterConfig ¶
type FilterConfig struct {
// Policy is the original copy of the policy.
Policy *v1alpha1.Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
// Map from issuer to location of the payload that is emitted by Jwt filter.
// This information is added by pilot when construct and add Jwt and
// authN filters.
JwtOutputPayloadLocations map[string]string `` /* 228-byte string literal not displayed */
// Skips validating the peer's trust domain.
// By default, the istio authn filter will reject the request if the peer and
// the local service is not in the same trust domain.
// Set this field to true to skip the validation and allows peers from any
// trust domains.
// Note, the istio authn filter only validates the trust domain when mTLS is
// used, In other words, this field has no effect for plaintext traffic.
// TODO(incfly): deprecate this after allowed_trust_domains is shipped.
SkipValidateTrustDomain bool `` /* 135-byte string literal not displayed */
// allowed_trust_domains contains a list of trust domains the authn
// filter should validate against. When configured, only requests with a
// peer from one of the allowed trust domain will be admitted.
// An empty list means all trust domains are allowed.
// When this field is set, the skip_validate_trust_domain field is ignored.
// This field has no effect for plaintext traffic.
AllowedTrustDomains []string `protobuf:"bytes,4,rep,name=allowed_trust_domains,json=allowedTrustDomains,proto3" json:"allowed_trust_domains,omitempty"`
// By default the authn filter will clear the route cache so that the validated
// JWT token claims can be used in routing.
// Advanced users can set this to true to disable the behavior if they do not
// want the authn filter to clear the route cache for any reasons.
// Warning: setting this to true will break the JWT claim based routing.
DisableClearRouteCache bool `` /* 132-byte string literal not displayed */
// contains filtered or unexported fields
}
FilterConfig is the config for Istio-specific filter that is used to enforce authentication policy on Envoy.
func (*FilterConfig) Descriptor
deprecated
func (*FilterConfig) Descriptor() ([]byte, []int)
Deprecated: Use FilterConfig.ProtoReflect.Descriptor instead.
func (*FilterConfig) GetAllowedTrustDomains ¶
func (x *FilterConfig) GetAllowedTrustDomains() []string
func (*FilterConfig) GetDisableClearRouteCache ¶
func (x *FilterConfig) GetDisableClearRouteCache() bool
func (*FilterConfig) GetJwtOutputPayloadLocations ¶
func (x *FilterConfig) GetJwtOutputPayloadLocations() map[string]string
func (*FilterConfig) GetPolicy ¶
func (x *FilterConfig) GetPolicy() *v1alpha1.Policy
func (*FilterConfig) GetSkipValidateTrustDomain ¶
func (x *FilterConfig) GetSkipValidateTrustDomain() bool
func (*FilterConfig) ProtoMessage ¶
func (*FilterConfig) ProtoMessage()
func (*FilterConfig) ProtoReflect ¶
func (x *FilterConfig) ProtoReflect() protoreflect.Message
func (*FilterConfig) Reset ¶
func (x *FilterConfig) Reset()
func (*FilterConfig) String ¶
func (x *FilterConfig) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.