auth

package
v0.0.0-...-113c6ea Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2019 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package auth is a generated protocol buffer package.

It is generated from these files: 

envoy/api/v2/auth/cert.proto

It has these top-level messages: 

TlsParameters
TlsCertificate
TlsSessionTicketKeys
CertificateValidationContext
CommonTlsContext
UpstreamTlsContext
DownstreamTlsContext
SdsSecretConfig
Secret

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidLengthCert = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowCert   = fmt.Errorf("proto: integer overflow")
)
View Source 
var TlsParameters_TlsProtocol_name = map[int32]string{
	0: "TLS_AUTO",
	1: "TLSv1_0",
	2: "TLSv1_1",
	3: "TLSv1_2",
	4: "TLSv1_3",
}
View Source 
var TlsParameters_TlsProtocol_value = map[string]int32{
	"TLS_AUTO": 0,
	"TLSv1_0":  1,
	"TLSv1_1":  2,
	"TLSv1_2":  3,
	"TLSv1_3":  4,
}

Functions

This section is empty.

Types

type CertificateValidationContext 

type CertificateValidationContext struct {
	// TLS certificate data containing certificate authority certificates to use in verifying
	// a presented peer certificate (e.g. server certificate for clusters or client certificate
	// for listeners). If not specified and a peer certificate is presented it will not be
	// verified. By default, a client certificate is optional, unless one of the additional
	// options (:ref:`require_client_certificate
	// <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`,
	// :ref:`verify_certificate_spki
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>`,
	// :ref:`verify_certificate_hash
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or
	// :ref:`verify_subject_alt_name
	// <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also
	// specified.
	//
	// See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common
	// system CA locations.
	TrustedCa *envoy_api_v2_core.DataSource `protobuf:"bytes,1,opt,name=trusted_ca,json=trustedCa" json:"trusted_ca,omitempty"`
	// An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the
	// SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate
	// matches one of the specified values.
	//
	// A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate
	// can be generated with the following command:
	//
	// .. code-block:: bash
	//
	//   $ openssl x509 -in path/to/client.crt -noout -pubkey \
	//     | openssl pkey -pubin -outform DER \
	//     | openssl dgst -sha256 -binary \
	//     | openssl enc -base64
	//   NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A=
	//
	// This is the format used in HTTP Public Key Pinning.
	//
	// When both:
	// :ref:`verify_certificate_hash
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and
	// :ref:`verify_certificate_spki
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified,
	// a hash matching value from either of the lists will result in the certificate being accepted.
	//
	// .. attention::
	//
	//   This option is preferred over :ref:`verify_certificate_hash
	//   <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`,
	//   because SPKI is tied to a private key, so it doesn't change when the certificate
	//   is renewed using the same private key.
	VerifyCertificateSpki []string `protobuf:"bytes,3,rep,name=verify_certificate_spki,json=verifyCertificateSpki" json:"verify_certificate_spki,omitempty"`
	// An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that
	// the SHA-256 of the DER-encoded presented certificate matches one of the specified values.
	//
	// A hex-encoded SHA-256 of the certificate can be generated with the following command:
	//
	// .. code-block:: bash
	//
	//   $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2
	//   df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a
	//
	// A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate
	// can be generated with the following command:
	//
	// .. code-block:: bash
	//
	//   $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2
	//   DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A
	//
	// Both of those formats are acceptable.
	//
	// When both:
	// :ref:`verify_certificate_hash
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and
	// :ref:`verify_certificate_spki
	// <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified,
	// a hash matching value from either of the lists will result in the certificate being accepted.
	VerifyCertificateHash []string `protobuf:"bytes,2,rep,name=verify_certificate_hash,json=verifyCertificateHash" json:"verify_certificate_hash,omitempty"`
	// An optional list of Subject Alternative Names. If specified, Envoy will verify that the
	// Subject Alternative Name of the presented certificate matches one of the specified values.
	//
	// .. attention::
	//
	//   Subject Alternative Names are easily spoofable and verifying only them is insecure,
	//   therefore this option must be used together with :ref:`trusted_ca
	//   <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`.
	VerifySubjectAltName []string `protobuf:"bytes,4,rep,name=verify_subject_alt_name,json=verifySubjectAltName" json:"verify_subject_alt_name,omitempty"`
	// [#not-implemented-hide:] Must present a signed time-stamped OCSP response.
	RequireOcspStaple *google_protobuf1.BoolValue `protobuf:"bytes,5,opt,name=require_ocsp_staple,json=requireOcspStaple" json:"require_ocsp_staple,omitempty"`
	// [#not-implemented-hide:] Must present signed certificate time-stamp.
	RequireSignedCertificateTimestamp *google_protobuf1.BoolValue `` /* 157-byte string literal not displayed */
	// An optional `certificate revocation list
	// <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
	// (in PEM format). If specified, Envoy will verify that the presented peer
	// certificate has not been revoked by this CRL. If this DataSource contains
	// multiple CRLs, all of them will be used.
	Crl *envoy_api_v2_core.DataSource `protobuf:"bytes,7,opt,name=crl" json:"crl,omitempty"`
	// If specified, Envoy will not reject expired certificates.
	AllowExpiredCertificate bool `` /* 133-byte string literal not displayed */
}

func (*CertificateValidationContext) Descriptor 

func (*CertificateValidationContext) Descriptor() ([]byte, []int)

func (*CertificateValidationContext) Equal 

func (this *CertificateValidationContext) Equal(that interface{}) bool

func (*CertificateValidationContext) GetAllowExpiredCertificate 

func (m *CertificateValidationContext) GetAllowExpiredCertificate() bool

func (*CertificateValidationContext) GetCrl 

func (m *CertificateValidationContext) GetCrl() *envoy_api_v2_core.DataSource

func (*CertificateValidationContext) GetRequireOcspStaple 

func (m *CertificateValidationContext) GetRequireOcspStaple() *google_protobuf1.BoolValue

func (*CertificateValidationContext) GetRequireSignedCertificateTimestamp 

func (m *CertificateValidationContext) GetRequireSignedCertificateTimestamp() *google_protobuf1.BoolValue

func (*CertificateValidationContext) GetTrustedCa 

func (m *CertificateValidationContext) GetTrustedCa() *envoy_api_v2_core.DataSource

func (*CertificateValidationContext) GetVerifyCertificateHash 

func (m *CertificateValidationContext) GetVerifyCertificateHash() []string

func (*CertificateValidationContext) GetVerifyCertificateSpki 

func (m *CertificateValidationContext) GetVerifyCertificateSpki() []string

func (*CertificateValidationContext) GetVerifySubjectAltName 

func (m *CertificateValidationContext) GetVerifySubjectAltName() []string

func (*CertificateValidationContext) Marshal 

func (m *CertificateValidationContext) Marshal() (dAtA []byte, err error)

func (*CertificateValidationContext) MarshalTo 

func (m *CertificateValidationContext) MarshalTo(dAtA []byte) (int, error)

func (*CertificateValidationContext) ProtoMessage 

func (*CertificateValidationContext) ProtoMessage()

func (*CertificateValidationContext) Reset 

func (m *CertificateValidationContext) Reset()

func (*CertificateValidationContext) Size 

func (m *CertificateValidationContext) Size() (n int)

func (*CertificateValidationContext) String 

func (m *CertificateValidationContext) String() string

func (*CertificateValidationContext) Unmarshal 

func (m *CertificateValidationContext) Unmarshal(dAtA []byte) error

func (*CertificateValidationContext) Validate 

func (m *CertificateValidationContext) Validate() error

Validate checks the field values on CertificateValidationContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type CertificateValidationContextValidationError 

type CertificateValidationContextValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

CertificateValidationContextValidationError is the validation error returned by CertificateValidationContext.Validate if the designated constraints aren't met.

func (CertificateValidationContextValidationError) Error 

func (e CertificateValidationContextValidationError) Error() string

Error satisfies the builtin error interface

type CommonTlsContext 

type CommonTlsContext struct {
	// TLS protocol versions, cipher suites etc.
	TlsParams *TlsParameters `protobuf:"bytes,1,opt,name=tls_params,json=tlsParams" json:"tls_params,omitempty"`
	// Multiple TLS certificates can be associated with the same context.
	// E.g. to allow both RSA and ECDSA certificates, two TLS certificates can be configured.
	//
	// .. attention::
	//
	//   Although this is a list, currently only a single certificate is supported. This will be
	//   relaxed in the future.
	TlsCertificates []*TlsCertificate `protobuf:"bytes,2,rep,name=tls_certificates,json=tlsCertificates" json:"tls_certificates,omitempty"`
	// [#not-implemented-hide:]
	TlsCertificateSdsSecretConfigs []*SdsSecretConfig `` /* 150-byte string literal not displayed */
	// Types that are valid to be assigned to ValidationContextType:
	//	*CommonTlsContext_ValidationContext
	//	*CommonTlsContext_ValidationContextSdsSecretConfig
	ValidationContextType isCommonTlsContext_ValidationContextType `protobuf_oneof:"validation_context_type"`
	// Supplies the list of ALPN protocols that the listener should expose. In
	// practice this is likely to be set to one of two values (see the
	// :ref:`codec_type <config_http_conn_man_codec_type>` parameter in the HTTP connection
	// manager for more information):
	//
	// * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
	// * "http/1.1" If the listener is only going to support HTTP/1.1.
	//
	// There is no default for this parameter. If empty, Envoy will not expose ALPN.
	AlpnProtocols []string `protobuf:"bytes,4,rep,name=alpn_protocols,json=alpnProtocols" json:"alpn_protocols,omitempty"`
	// [#not-implemented-hide:]
	DeprecatedV1 *CommonTlsContext_DeprecatedV1 `protobuf:"bytes,5,opt,name=deprecated_v1,json=deprecatedV1" json:"deprecated_v1,omitempty"`
}

TLS context shared by both client and server TLS contexts.

func (*CommonTlsContext) Descriptor 

func (*CommonTlsContext) Descriptor() ([]byte, []int)

func (*CommonTlsContext) Equal 

func (this *CommonTlsContext) Equal(that interface{}) bool

func (*CommonTlsContext) GetAlpnProtocols 

func (m *CommonTlsContext) GetAlpnProtocols() []string

func (*CommonTlsContext) GetDeprecatedV1 

func (m *CommonTlsContext) GetDeprecatedV1() *CommonTlsContext_DeprecatedV1

func (*CommonTlsContext) GetTlsCertificateSdsSecretConfigs 

func (m *CommonTlsContext) GetTlsCertificateSdsSecretConfigs() []*SdsSecretConfig

func (*CommonTlsContext) GetTlsCertificates 

func (m *CommonTlsContext) GetTlsCertificates() []*TlsCertificate

func (*CommonTlsContext) GetTlsParams 

func (m *CommonTlsContext) GetTlsParams() *TlsParameters

func (*CommonTlsContext) GetValidationContext 

func (m *CommonTlsContext) GetValidationContext() *CertificateValidationContext

func (*CommonTlsContext) GetValidationContextSdsSecretConfig 

func (m *CommonTlsContext) GetValidationContextSdsSecretConfig() *SdsSecretConfig

func (*CommonTlsContext) GetValidationContextType 

func (m *CommonTlsContext) GetValidationContextType() isCommonTlsContext_ValidationContextType

func (*CommonTlsContext) Marshal 

func (m *CommonTlsContext) Marshal() (dAtA []byte, err error)

func (*CommonTlsContext) MarshalTo 

func (m *CommonTlsContext) MarshalTo(dAtA []byte) (int, error)

func (*CommonTlsContext) ProtoMessage 

func (*CommonTlsContext) ProtoMessage()

func (*CommonTlsContext) Reset 

func (m *CommonTlsContext) Reset()

func (*CommonTlsContext) Size 

func (m *CommonTlsContext) Size() (n int)

func (*CommonTlsContext) String 

func (m *CommonTlsContext) String() string

func (*CommonTlsContext) Unmarshal 

func (m *CommonTlsContext) Unmarshal(dAtA []byte) error

func (*CommonTlsContext) Validate 

func (m *CommonTlsContext) Validate() error

Validate checks the field values on CommonTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*CommonTlsContext) XXX_OneofFuncs 

func (*CommonTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type CommonTlsContextValidationError 

type CommonTlsContextValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

CommonTlsContextValidationError is the validation error returned by CommonTlsContext.Validate if the designated constraints aren't met.

func (CommonTlsContextValidationError) Error 

func (e CommonTlsContextValidationError) Error() string

Error satisfies the builtin error interface

type CommonTlsContext_DeprecatedV1 

type CommonTlsContext_DeprecatedV1 struct {
	AltAlpnProtocols string `protobuf:"bytes,1,opt,name=alt_alpn_protocols,json=altAlpnProtocols,proto3" json:"alt_alpn_protocols,omitempty"`
}

These fields are deprecated and only are used during the interim v1 -> v2 transition period for internal purposes. They should not be used outside of the Envoy binary. [#not-implemented-hide:]

func (*CommonTlsContext_DeprecatedV1) Descriptor 

func (*CommonTlsContext_DeprecatedV1) Descriptor() ([]byte, []int)

func (*CommonTlsContext_DeprecatedV1) Equal 

func (this *CommonTlsContext_DeprecatedV1) Equal(that interface{}) bool

func (*CommonTlsContext_DeprecatedV1) GetAltAlpnProtocols 

func (m *CommonTlsContext_DeprecatedV1) GetAltAlpnProtocols() string

func (*CommonTlsContext_DeprecatedV1) Marshal 

func (m *CommonTlsContext_DeprecatedV1) Marshal() (dAtA []byte, err error)

func (*CommonTlsContext_DeprecatedV1) MarshalTo 

func (m *CommonTlsContext_DeprecatedV1) MarshalTo(dAtA []byte) (int, error)

func (*CommonTlsContext_DeprecatedV1) ProtoMessage 

func (*CommonTlsContext_DeprecatedV1) ProtoMessage()

func (*CommonTlsContext_DeprecatedV1) Reset 

func (m *CommonTlsContext_DeprecatedV1) Reset()

func (*CommonTlsContext_DeprecatedV1) Size 

func (m *CommonTlsContext_DeprecatedV1) Size() (n int)

func (*CommonTlsContext_DeprecatedV1) String 

func (m *CommonTlsContext_DeprecatedV1) String() string

func (*CommonTlsContext_DeprecatedV1) Unmarshal 

func (m *CommonTlsContext_DeprecatedV1) Unmarshal(dAtA []byte) error

func (*CommonTlsContext_DeprecatedV1) Validate 

func (m *CommonTlsContext_DeprecatedV1) Validate() error

Validate checks the field values on CommonTlsContext_DeprecatedV1 with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type CommonTlsContext_DeprecatedV1ValidationError 

type CommonTlsContext_DeprecatedV1ValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

CommonTlsContext_DeprecatedV1ValidationError is the validation error returned by CommonTlsContext_DeprecatedV1.Validate if the designated constraints aren't met.

func (CommonTlsContext_DeprecatedV1ValidationError) Error 

func (e CommonTlsContext_DeprecatedV1ValidationError) Error() string

Error satisfies the builtin error interface

type CommonTlsContext_ValidationContext 

type CommonTlsContext_ValidationContext struct {
	ValidationContext *CertificateValidationContext `protobuf:"bytes,3,opt,name=validation_context,json=validationContext,oneof"`
}

func (*CommonTlsContext_ValidationContext) Equal 

func (this *CommonTlsContext_ValidationContext) Equal(that interface{}) bool

func (*CommonTlsContext_ValidationContext) MarshalTo 

func (m *CommonTlsContext_ValidationContext) MarshalTo(dAtA []byte) (int, error)

func (*CommonTlsContext_ValidationContext) Size 

func (m *CommonTlsContext_ValidationContext) Size() (n int)

type CommonTlsContext_ValidationContextSdsSecretConfig 

type CommonTlsContext_ValidationContextSdsSecretConfig struct {
	ValidationContextSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,7,opt,name=validation_context_sds_secret_config,json=validationContextSdsSecretConfig,oneof"`
}

func (*CommonTlsContext_ValidationContextSdsSecretConfig) Equal 

func (this *CommonTlsContext_ValidationContextSdsSecretConfig) Equal(that interface{}) bool

func (*CommonTlsContext_ValidationContextSdsSecretConfig) MarshalTo 

func (m *CommonTlsContext_ValidationContextSdsSecretConfig) MarshalTo(dAtA []byte) (int, error)

func (*CommonTlsContext_ValidationContextSdsSecretConfig) Size 

func (m *CommonTlsContext_ValidationContextSdsSecretConfig) Size() (n int)

type DownstreamTlsContext 

type DownstreamTlsContext struct {
	// Common TLS context settings.
	CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext" json:"common_tls_context,omitempty"`
	// If specified, Envoy will reject connections without a valid client
	// certificate.
	RequireClientCertificate *google_protobuf1.BoolValue `` /* 128-byte string literal not displayed */
	// If specified, Envoy will reject connections without a valid and matching SNI.
	// [#not-implemented-hide:]
	RequireSni *google_protobuf1.BoolValue `protobuf:"bytes,3,opt,name=require_sni,json=requireSni" json:"require_sni,omitempty"`
	// Types that are valid to be assigned to SessionTicketKeysType:
	//	*DownstreamTlsContext_SessionTicketKeys
	//	*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig
	SessionTicketKeysType isDownstreamTlsContext_SessionTicketKeysType `protobuf_oneof:"session_ticket_keys_type"`
}

func (*DownstreamTlsContext) Descriptor 

func (*DownstreamTlsContext) Descriptor() ([]byte, []int)

func (*DownstreamTlsContext) Equal 

func (this *DownstreamTlsContext) Equal(that interface{}) bool

func (*DownstreamTlsContext) GetCommonTlsContext 

func (m *DownstreamTlsContext) GetCommonTlsContext() *CommonTlsContext

func (*DownstreamTlsContext) GetRequireClientCertificate 

func (m *DownstreamTlsContext) GetRequireClientCertificate() *google_protobuf1.BoolValue

func (*DownstreamTlsContext) GetRequireSni 

func (m *DownstreamTlsContext) GetRequireSni() *google_protobuf1.BoolValue

func (*DownstreamTlsContext) GetSessionTicketKeys 

func (m *DownstreamTlsContext) GetSessionTicketKeys() *TlsSessionTicketKeys

func (*DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig 

func (m *DownstreamTlsContext) GetSessionTicketKeysSdsSecretConfig() *SdsSecretConfig

func (*DownstreamTlsContext) GetSessionTicketKeysType 

func (m *DownstreamTlsContext) GetSessionTicketKeysType() isDownstreamTlsContext_SessionTicketKeysType

func (*DownstreamTlsContext) Marshal 

func (m *DownstreamTlsContext) Marshal() (dAtA []byte, err error)

func (*DownstreamTlsContext) MarshalTo 

func (m *DownstreamTlsContext) MarshalTo(dAtA []byte) (int, error)

func (*DownstreamTlsContext) ProtoMessage 

func (*DownstreamTlsContext) ProtoMessage()

func (*DownstreamTlsContext) Reset 

func (m *DownstreamTlsContext) Reset()

func (*DownstreamTlsContext) Size 

func (m *DownstreamTlsContext) Size() (n int)

func (*DownstreamTlsContext) String 

func (m *DownstreamTlsContext) String() string

func (*DownstreamTlsContext) Unmarshal 

func (m *DownstreamTlsContext) Unmarshal(dAtA []byte) error

func (*DownstreamTlsContext) Validate 

func (m *DownstreamTlsContext) Validate() error

Validate checks the field values on DownstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*DownstreamTlsContext) XXX_OneofFuncs 

func (*DownstreamTlsContext) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type DownstreamTlsContextValidationError 

type DownstreamTlsContextValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

DownstreamTlsContextValidationError is the validation error returned by DownstreamTlsContext.Validate if the designated constraints aren't met.

func (DownstreamTlsContextValidationError) Error 

func (e DownstreamTlsContextValidationError) Error() string

Error satisfies the builtin error interface

type DownstreamTlsContext_SessionTicketKeys 

type DownstreamTlsContext_SessionTicketKeys struct {
	SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,4,opt,name=session_ticket_keys,json=sessionTicketKeys,oneof"`
}

func (*DownstreamTlsContext_SessionTicketKeys) Equal 

func (this *DownstreamTlsContext_SessionTicketKeys) Equal(that interface{}) bool

func (*DownstreamTlsContext_SessionTicketKeys) MarshalTo 

func (m *DownstreamTlsContext_SessionTicketKeys) MarshalTo(dAtA []byte) (int, error)

func (*DownstreamTlsContext_SessionTicketKeys) Size 

func (m *DownstreamTlsContext_SessionTicketKeys) Size() (n int)

type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig 

type DownstreamTlsContext_SessionTicketKeysSdsSecretConfig struct {
	SessionTicketKeysSdsSecretConfig *SdsSecretConfig `protobuf:"bytes,5,opt,name=session_ticket_keys_sds_secret_config,json=sessionTicketKeysSdsSecretConfig,oneof"`
}

func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Equal 

func (this *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Equal(that interface{}) bool

func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) MarshalTo 

func (m *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) MarshalTo(dAtA []byte) (int, error)

func (*DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Size 

func (m *DownstreamTlsContext_SessionTicketKeysSdsSecretConfig) Size() (n int)

type SdsSecretConfig 

type SdsSecretConfig struct {
	// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
	// When both name and config are specified, then secret can be fetched and/or reloaded via SDS.
	// When only name is specified, then secret will be loaded from static resources [V2-API-DIFF].
	Name      string                           `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	SdsConfig *envoy_api_v2_core2.ConfigSource `protobuf:"bytes,2,opt,name=sds_config,json=sdsConfig" json:"sds_config,omitempty"`
}

[#proto-status: experimental] [#not-implemented-hide:]

func (*SdsSecretConfig) Descriptor 

func (*SdsSecretConfig) Descriptor() ([]byte, []int)

func (*SdsSecretConfig) Equal 

func (this *SdsSecretConfig) Equal(that interface{}) bool

func (*SdsSecretConfig) GetName 

func (m *SdsSecretConfig) GetName() string

func (*SdsSecretConfig) GetSdsConfig 

func (m *SdsSecretConfig) GetSdsConfig() *envoy_api_v2_core2.ConfigSource

func (*SdsSecretConfig) Marshal 

func (m *SdsSecretConfig) Marshal() (dAtA []byte, err error)

func (*SdsSecretConfig) MarshalTo 

func (m *SdsSecretConfig) MarshalTo(dAtA []byte) (int, error)

func (*SdsSecretConfig) ProtoMessage 

func (*SdsSecretConfig) ProtoMessage()

func (*SdsSecretConfig) Reset 

func (m *SdsSecretConfig) Reset()

func (*SdsSecretConfig) Size 

func (m *SdsSecretConfig) Size() (n int)

func (*SdsSecretConfig) String 

func (m *SdsSecretConfig) String() string

func (*SdsSecretConfig) Unmarshal 

func (m *SdsSecretConfig) Unmarshal(dAtA []byte) error

func (*SdsSecretConfig) Validate 

func (m *SdsSecretConfig) Validate() error

Validate checks the field values on SdsSecretConfig with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type SdsSecretConfigValidationError 

type SdsSecretConfigValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

SdsSecretConfigValidationError is the validation error returned by SdsSecretConfig.Validate if the designated constraints aren't met.

func (SdsSecretConfigValidationError) Error 

func (e SdsSecretConfigValidationError) Error() string

Error satisfies the builtin error interface

type Secret 

type Secret struct {
	// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Types that are valid to be assigned to Type:
	//	*Secret_TlsCertificate
	//	*Secret_SessionTicketKeys
	//	*Secret_ValidationContext
	Type isSecret_Type `protobuf_oneof:"type"`
}

[#proto-status: experimental] [#not-implemented-hide:]

func (*Secret) Descriptor 

func (*Secret) Descriptor() ([]byte, []int)

func (*Secret) Equal 

func (this *Secret) Equal(that interface{}) bool

func (*Secret) GetName 

func (m *Secret) GetName() string

func (*Secret) GetSessionTicketKeys 

func (m *Secret) GetSessionTicketKeys() *TlsSessionTicketKeys

func (*Secret) GetTlsCertificate 

func (m *Secret) GetTlsCertificate() *TlsCertificate

func (*Secret) GetType 

func (m *Secret) GetType() isSecret_Type

func (*Secret) GetValidationContext 

func (m *Secret) GetValidationContext() *CertificateValidationContext

func (*Secret) Marshal 

func (m *Secret) Marshal() (dAtA []byte, err error)

func (*Secret) MarshalTo 

func (m *Secret) MarshalTo(dAtA []byte) (int, error)

func (*Secret) ProtoMessage 

func (*Secret) ProtoMessage()

func (*Secret) Reset 

func (m *Secret) Reset()

func (*Secret) Size 

func (m *Secret) Size() (n int)

func (*Secret) String 

func (m *Secret) String() string

func (*Secret) Unmarshal 

func (m *Secret) Unmarshal(dAtA []byte) error

func (*Secret) Validate 

func (m *Secret) Validate() error

Validate checks the field values on Secret with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Secret) XXX_OneofFuncs 

func (*Secret) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type SecretValidationError 

type SecretValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

SecretValidationError is the validation error returned by Secret.Validate if the designated constraints aren't met.

func (SecretValidationError) Error 

func (e SecretValidationError) Error() string

Error satisfies the builtin error interface

type Secret_SessionTicketKeys 

type Secret_SessionTicketKeys struct {
	SessionTicketKeys *TlsSessionTicketKeys `protobuf:"bytes,3,opt,name=session_ticket_keys,json=sessionTicketKeys,oneof"`
}

func (*Secret_SessionTicketKeys) Equal 

func (this *Secret_SessionTicketKeys) Equal(that interface{}) bool

func (*Secret_SessionTicketKeys) MarshalTo 

func (m *Secret_SessionTicketKeys) MarshalTo(dAtA []byte) (int, error)

func (*Secret_SessionTicketKeys) Size 

func (m *Secret_SessionTicketKeys) Size() (n int)

type Secret_TlsCertificate 

type Secret_TlsCertificate struct {
	TlsCertificate *TlsCertificate `protobuf:"bytes,2,opt,name=tls_certificate,json=tlsCertificate,oneof"`
}

func (*Secret_TlsCertificate) Equal 

func (this *Secret_TlsCertificate) Equal(that interface{}) bool

func (*Secret_TlsCertificate) MarshalTo 

func (m *Secret_TlsCertificate) MarshalTo(dAtA []byte) (int, error)

func (*Secret_TlsCertificate) Size 

func (m *Secret_TlsCertificate) Size() (n int)

type Secret_ValidationContext 

type Secret_ValidationContext struct {
	ValidationContext *CertificateValidationContext `protobuf:"bytes,4,opt,name=validation_context,json=validationContext,oneof"`
}

func (*Secret_ValidationContext) Equal 

func (this *Secret_ValidationContext) Equal(that interface{}) bool

func (*Secret_ValidationContext) MarshalTo 

func (m *Secret_ValidationContext) MarshalTo(dAtA []byte) (int, error)

func (*Secret_ValidationContext) Size 

func (m *Secret_ValidationContext) Size() (n int)

type TlsCertificate 

type TlsCertificate struct {
	// The TLS certificate chain.
	CertificateChain *envoy_api_v2_core.DataSource `protobuf:"bytes,1,opt,name=certificate_chain,json=certificateChain" json:"certificate_chain,omitempty"`
	// The TLS private key.
	PrivateKey *envoy_api_v2_core.DataSource `protobuf:"bytes,2,opt,name=private_key,json=privateKey" json:"private_key,omitempty"`
	// [#not-implemented-hide:]
	Password *envoy_api_v2_core.DataSource `protobuf:"bytes,3,opt,name=password" json:"password,omitempty"`
	// [#not-implemented-hide:]
	OcspStaple *envoy_api_v2_core.DataSource `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple" json:"ocsp_staple,omitempty"`
	// [#not-implemented-hide:]
	SignedCertificateTimestamp []*envoy_api_v2_core.DataSource `` /* 134-byte string literal not displayed */
}

func (*TlsCertificate) Descriptor 

func (*TlsCertificate) Descriptor() ([]byte, []int)

func (*TlsCertificate) Equal 

func (this *TlsCertificate) Equal(that interface{}) bool

func (*TlsCertificate) GetCertificateChain 

func (m *TlsCertificate) GetCertificateChain() *envoy_api_v2_core.DataSource

func (*TlsCertificate) GetOcspStaple 

func (m *TlsCertificate) GetOcspStaple() *envoy_api_v2_core.DataSource

func (*TlsCertificate) GetPassword 

func (m *TlsCertificate) GetPassword() *envoy_api_v2_core.DataSource

func (*TlsCertificate) GetPrivateKey 

func (m *TlsCertificate) GetPrivateKey() *envoy_api_v2_core.DataSource

func (*TlsCertificate) GetSignedCertificateTimestamp 

func (m *TlsCertificate) GetSignedCertificateTimestamp() []*envoy_api_v2_core.DataSource

func (*TlsCertificate) Marshal 

func (m *TlsCertificate) Marshal() (dAtA []byte, err error)

func (*TlsCertificate) MarshalTo 

func (m *TlsCertificate) MarshalTo(dAtA []byte) (int, error)

func (*TlsCertificate) ProtoMessage 

func (*TlsCertificate) ProtoMessage()

func (*TlsCertificate) Reset 

func (m *TlsCertificate) Reset()

func (*TlsCertificate) Size 

func (m *TlsCertificate) Size() (n int)

func (*TlsCertificate) String 

func (m *TlsCertificate) String() string

func (*TlsCertificate) Unmarshal 

func (m *TlsCertificate) Unmarshal(dAtA []byte) error

func (*TlsCertificate) Validate 

func (m *TlsCertificate) Validate() error

Validate checks the field values on TlsCertificate with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type TlsCertificateValidationError 

type TlsCertificateValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

TlsCertificateValidationError is the validation error returned by TlsCertificate.Validate if the designated constraints aren't met.

func (TlsCertificateValidationError) Error 

func (e TlsCertificateValidationError) Error() string

Error satisfies the builtin error interface

type TlsParameters 

type TlsParameters struct {
	// Minimum TLS protocol version.
	TlsMinimumProtocolVersion TlsParameters_TlsProtocol `` /* 190-byte string literal not displayed */
	// Maximum TLS protocol version.
	TlsMaximumProtocolVersion TlsParameters_TlsProtocol `` /* 190-byte string literal not displayed */
	// If specified, the TLS listener will only support the specified `cipher list
	// <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_.
	// If not specified, the default list:
	//
	// .. code-block:: none
	//
	//   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
	//   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
	//   ECDHE-ECDSA-AES128-SHA
	//   ECDHE-RSA-AES128-SHA
	//   AES128-GCM-SHA256
	//   AES128-SHA
	//   ECDHE-ECDSA-AES256-GCM-SHA384
	//   ECDHE-RSA-AES256-GCM-SHA384
	//   ECDHE-ECDSA-AES256-SHA
	//   ECDHE-RSA-AES256-SHA
	//   AES256-GCM-SHA384
	//   AES256-SHA
	//
	// will be used.
	CipherSuites []string `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites" json:"cipher_suites,omitempty"`
	// If specified, the TLS connection will only support the specified ECDH
	// curves. If not specified, the default curves (X25519, P-256) will be used.
	EcdhCurves []string `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves" json:"ecdh_curves,omitempty"`
}

func (*TlsParameters) Descriptor 

func (*TlsParameters) Descriptor() ([]byte, []int)

func (*TlsParameters) Equal 

func (this *TlsParameters) Equal(that interface{}) bool

func (*TlsParameters) GetCipherSuites 

func (m *TlsParameters) GetCipherSuites() []string

func (*TlsParameters) GetEcdhCurves 

func (m *TlsParameters) GetEcdhCurves() []string

func (*TlsParameters) GetTlsMaximumProtocolVersion 

func (m *TlsParameters) GetTlsMaximumProtocolVersion() TlsParameters_TlsProtocol

func (*TlsParameters) GetTlsMinimumProtocolVersion 

func (m *TlsParameters) GetTlsMinimumProtocolVersion() TlsParameters_TlsProtocol

func (*TlsParameters) Marshal 

func (m *TlsParameters) Marshal() (dAtA []byte, err error)

func (*TlsParameters) MarshalTo 

func (m *TlsParameters) MarshalTo(dAtA []byte) (int, error)

func (*TlsParameters) ProtoMessage 

func (*TlsParameters) ProtoMessage()

func (*TlsParameters) Reset 

func (m *TlsParameters) Reset()

func (*TlsParameters) Size 

func (m *TlsParameters) Size() (n int)

func (*TlsParameters) String 

func (m *TlsParameters) String() string

func (*TlsParameters) Unmarshal 

func (m *TlsParameters) Unmarshal(dAtA []byte) error

func (*TlsParameters) Validate 

func (m *TlsParameters) Validate() error

Validate checks the field values on TlsParameters with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type TlsParametersValidationError 

type TlsParametersValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

TlsParametersValidationError is the validation error returned by TlsParameters.Validate if the designated constraints aren't met.

func (TlsParametersValidationError) Error 

func (e TlsParametersValidationError) Error() string

Error satisfies the builtin error interface

type TlsParameters_TlsProtocol 

type TlsParameters_TlsProtocol int32
const (
	// Envoy will choose the optimal TLS version.
	TlsParameters_TLS_AUTO TlsParameters_TlsProtocol = 0
	// TLS 1.0
	TlsParameters_TLSv1_0 TlsParameters_TlsProtocol = 1
	// TLS 1.1
	TlsParameters_TLSv1_1 TlsParameters_TlsProtocol = 2
	// TLS 1.2
	TlsParameters_TLSv1_2 TlsParameters_TlsProtocol = 3
	// TLS 1.3
	TlsParameters_TLSv1_3 TlsParameters_TlsProtocol = 4
)

func (TlsParameters_TlsProtocol) EnumDescriptor 

func (TlsParameters_TlsProtocol) EnumDescriptor() ([]byte, []int)

func (TlsParameters_TlsProtocol) String 

func (x TlsParameters_TlsProtocol) String() string

type TlsSessionTicketKeys 

type TlsSessionTicketKeys struct {
	// Keys for encrypting and decrypting TLS session tickets. The
	// first key in the array contains the key to encrypt all new sessions created by this context.
	// All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
	// by, for example, putting the new key first, and the previous key second.
	//
	// If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
	// is not specified, the TLS library will still support resuming sessions via tickets, but it will
	// use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
	// or on different hosts.
	//
	// Each key must contain exactly 80 bytes of cryptographically-secure random data. For
	// example, the output of “openssl rand 80“.
	//
	// .. attention::
	//
	//   Using this feature has serious security considerations and risks. Improper handling of keys
	//   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
	//   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
	//   discussion. To minimize the risk, you must:
	//
	//   * Keep the session ticket keys at least as secure as your TLS certificate private keys
	//   * Rotate session ticket keys at least daily, and preferably hourly
	//   * Always generate keys using a cryptographically-secure random data source
	Keys []*envoy_api_v2_core.DataSource `protobuf:"bytes,1,rep,name=keys" json:"keys,omitempty"`
}

func (*TlsSessionTicketKeys) Descriptor 

func (*TlsSessionTicketKeys) Descriptor() ([]byte, []int)

func (*TlsSessionTicketKeys) Equal 

func (this *TlsSessionTicketKeys) Equal(that interface{}) bool

func (*TlsSessionTicketKeys) GetKeys 

func (m *TlsSessionTicketKeys) GetKeys() []*envoy_api_v2_core.DataSource

func (*TlsSessionTicketKeys) Marshal 

func (m *TlsSessionTicketKeys) Marshal() (dAtA []byte, err error)

func (*TlsSessionTicketKeys) MarshalTo 

func (m *TlsSessionTicketKeys) MarshalTo(dAtA []byte) (int, error)

func (*TlsSessionTicketKeys) ProtoMessage 

func (*TlsSessionTicketKeys) ProtoMessage()

func (*TlsSessionTicketKeys) Reset 

func (m *TlsSessionTicketKeys) Reset()

func (*TlsSessionTicketKeys) Size 

func (m *TlsSessionTicketKeys) Size() (n int)

func (*TlsSessionTicketKeys) String 

func (m *TlsSessionTicketKeys) String() string

func (*TlsSessionTicketKeys) Unmarshal 

func (m *TlsSessionTicketKeys) Unmarshal(dAtA []byte) error

func (*TlsSessionTicketKeys) Validate 

func (m *TlsSessionTicketKeys) Validate() error

Validate checks the field values on TlsSessionTicketKeys with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type TlsSessionTicketKeysValidationError 

type TlsSessionTicketKeysValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

TlsSessionTicketKeysValidationError is the validation error returned by TlsSessionTicketKeys.Validate if the designated constraints aren't met.

func (TlsSessionTicketKeysValidationError) Error 

func (e TlsSessionTicketKeysValidationError) Error() string

Error satisfies the builtin error interface

type UpstreamTlsContext 

type UpstreamTlsContext struct {
	// Common TLS context settings.
	CommonTlsContext *CommonTlsContext `protobuf:"bytes,1,opt,name=common_tls_context,json=commonTlsContext" json:"common_tls_context,omitempty"`
	// SNI string to use when creating TLS backend connections.
	Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"`
	// If true, server-initiated TLS renegotiation will be allowed.
	//
	// .. attention::
	//
	//   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
	AllowRenegotiation bool `protobuf:"varint,3,opt,name=allow_renegotiation,json=allowRenegotiation,proto3" json:"allow_renegotiation,omitempty"`
}

func (*UpstreamTlsContext) Descriptor 

func (*UpstreamTlsContext) Descriptor() ([]byte, []int)

func (*UpstreamTlsContext) Equal 

func (this *UpstreamTlsContext) Equal(that interface{}) bool

func (*UpstreamTlsContext) GetAllowRenegotiation 

func (m *UpstreamTlsContext) GetAllowRenegotiation() bool

func (*UpstreamTlsContext) GetCommonTlsContext 

func (m *UpstreamTlsContext) GetCommonTlsContext() *CommonTlsContext

func (*UpstreamTlsContext) GetSni 

func (m *UpstreamTlsContext) GetSni() string

func (*UpstreamTlsContext) Marshal 

func (m *UpstreamTlsContext) Marshal() (dAtA []byte, err error)

func (*UpstreamTlsContext) MarshalTo 

func (m *UpstreamTlsContext) MarshalTo(dAtA []byte) (int, error)

func (*UpstreamTlsContext) ProtoMessage 

func (*UpstreamTlsContext) ProtoMessage()

func (*UpstreamTlsContext) Reset 

func (m *UpstreamTlsContext) Reset()

func (*UpstreamTlsContext) Size 

func (m *UpstreamTlsContext) Size() (n int)

func (*UpstreamTlsContext) String 

func (m *UpstreamTlsContext) String() string

func (*UpstreamTlsContext) Unmarshal 

func (m *UpstreamTlsContext) Unmarshal(dAtA []byte) error

func (*UpstreamTlsContext) Validate 

func (m *UpstreamTlsContext) Validate() error

Validate checks the field values on UpstreamTlsContext with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type UpstreamTlsContextValidationError 

type UpstreamTlsContextValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

UpstreamTlsContextValidationError is the validation error returned by UpstreamTlsContext.Validate if the designated constraints aren't met.

func (UpstreamTlsContextValidationError) Error 

func (e UpstreamTlsContextValidationError) Error() string

Error satisfies the builtin error interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.