Documentation ¶
Index ¶
- Variables
- type DataSource
- func (*DataSource) Descriptor() ([]byte, []int)
- func (m *DataSource) GetFilename() string
- func (m *DataSource) GetInlineBytes() []byte
- func (m *DataSource) GetInlineString() string
- func (m *DataSource) GetSpecifier() isDataSource_Specifier
- func (m *DataSource) Marshal() (dAtA []byte, err error)
- func (m *DataSource) MarshalTo(dAtA []byte) (int, error)
- func (*DataSource) ProtoMessage()
- func (m *DataSource) Reset()
- func (m *DataSource) Size() (n int)
- func (m *DataSource) String() string
- func (m *DataSource) Unmarshal(dAtA []byte) error
- func (*DataSource) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- type DataSource_Filename
- type DataSource_InlineBytes
- type DataSource_InlineString
- type HttpUri
- func (*HttpUri) Descriptor() ([]byte, []int)
- func (m *HttpUri) GetCluster() string
- func (m *HttpUri) GetHttpUpstreamType() isHttpUri_HttpUpstreamType
- func (m *HttpUri) GetTimeout() *google_protobuf.Duration
- func (m *HttpUri) GetUri() string
- func (m *HttpUri) Marshal() (dAtA []byte, err error)
- func (m *HttpUri) MarshalTo(dAtA []byte) (int, error)
- func (*HttpUri) ProtoMessage()
- func (m *HttpUri) Reset()
- func (m *HttpUri) Size() (n int)
- func (m *HttpUri) String() string
- func (m *HttpUri) Unmarshal(dAtA []byte) error
- func (*HttpUri) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- type HttpUri_Cluster
- type JwtAuthentication
- func (*JwtAuthentication) Descriptor() ([]byte, []int)
- func (m *JwtAuthentication) GetAllowMissingOrFailed() bool
- func (m *JwtAuthentication) GetRules() []*JwtRule
- func (m *JwtAuthentication) Marshal() (dAtA []byte, err error)
- func (m *JwtAuthentication) MarshalTo(dAtA []byte) (int, error)
- func (*JwtAuthentication) ProtoMessage()
- func (m *JwtAuthentication) Reset()
- func (m *JwtAuthentication) Size() (n int)
- func (m *JwtAuthentication) String() string
- func (m *JwtAuthentication) Unmarshal(dAtA []byte) error
- type JwtHeader
- func (*JwtHeader) Descriptor() ([]byte, []int)
- func (m *JwtHeader) GetName() string
- func (m *JwtHeader) GetValuePrefix() string
- func (m *JwtHeader) Marshal() (dAtA []byte, err error)
- func (m *JwtHeader) MarshalTo(dAtA []byte) (int, error)
- func (*JwtHeader) ProtoMessage()
- func (m *JwtHeader) Reset()
- func (m *JwtHeader) Size() (n int)
- func (m *JwtHeader) String() string
- func (m *JwtHeader) Unmarshal(dAtA []byte) error
- type JwtRule
- func (*JwtRule) Descriptor() ([]byte, []int)
- func (m *JwtRule) GetAudiences() []string
- func (m *JwtRule) GetForward() bool
- func (m *JwtRule) GetForwardPayloadHeader() string
- func (m *JwtRule) GetFromHeaders() []*JwtHeader
- func (m *JwtRule) GetFromParams() []string
- func (m *JwtRule) GetIssuer() string
- func (m *JwtRule) GetJwksSourceSpecifier() isJwtRule_JwksSourceSpecifier
- func (m *JwtRule) GetLocalJwks() *DataSource
- func (m *JwtRule) GetRemoteJwks() *RemoteJwks
- func (m *JwtRule) Marshal() (dAtA []byte, err error)
- func (m *JwtRule) MarshalTo(dAtA []byte) (int, error)
- func (*JwtRule) ProtoMessage()
- func (m *JwtRule) Reset()
- func (m *JwtRule) Size() (n int)
- func (m *JwtRule) String() string
- func (m *JwtRule) Unmarshal(dAtA []byte) error
- func (*JwtRule) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- type JwtRule_LocalJwks
- type JwtRule_RemoteJwks
- type RemoteJwks
- func (*RemoteJwks) Descriptor() ([]byte, []int)
- func (m *RemoteJwks) GetCacheDuration() *google_protobuf.Duration
- func (m *RemoteJwks) GetHttpUri() *HttpUri
- func (m *RemoteJwks) Marshal() (dAtA []byte, err error)
- func (m *RemoteJwks) MarshalTo(dAtA []byte) (int, error)
- func (*RemoteJwks) ProtoMessage()
- func (m *RemoteJwks) Reset()
- func (m *RemoteJwks) Size() (n int)
- func (m *RemoteJwks) String() string
- func (m *RemoteJwks) Unmarshal(dAtA []byte) error
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthConfig = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowConfig = fmt.Errorf("proto: integer overflow") )
Functions ¶
This section is empty.
Types ¶
type DataSource ¶
type DataSource struct { // Types that are valid to be assigned to Specifier: // *DataSource_Filename // *DataSource_InlineBytes // *DataSource_InlineString Specifier isDataSource_Specifier `protobuf_oneof:"specifier"` }
Copied from @envoy/api/envoy/api/v2/core/base.proto Data source consisting of either a file or an inline value.
func (*DataSource) Descriptor ¶
func (*DataSource) Descriptor() ([]byte, []int)
func (*DataSource) GetFilename ¶
func (m *DataSource) GetFilename() string
func (*DataSource) GetInlineBytes ¶
func (m *DataSource) GetInlineBytes() []byte
func (*DataSource) GetInlineString ¶
func (m *DataSource) GetInlineString() string
func (*DataSource) GetSpecifier ¶
func (m *DataSource) GetSpecifier() isDataSource_Specifier
func (*DataSource) Marshal ¶
func (m *DataSource) Marshal() (dAtA []byte, err error)
func (*DataSource) ProtoMessage ¶
func (*DataSource) ProtoMessage()
func (*DataSource) Reset ¶
func (m *DataSource) Reset()
func (*DataSource) Size ¶
func (m *DataSource) Size() (n int)
func (*DataSource) String ¶
func (m *DataSource) String() string
func (*DataSource) Unmarshal ¶
func (m *DataSource) Unmarshal(dAtA []byte) error
func (*DataSource) XXX_OneofFuncs ¶
func (*DataSource) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
type DataSource_Filename ¶
type DataSource_Filename struct {
Filename string `protobuf:"bytes,1,opt,name=filename,proto3,oneof"`
}
func (*DataSource_Filename) MarshalTo ¶
func (m *DataSource_Filename) MarshalTo(dAtA []byte) (int, error)
func (*DataSource_Filename) Size ¶
func (m *DataSource_Filename) Size() (n int)
type DataSource_InlineBytes ¶
type DataSource_InlineBytes struct {
InlineBytes []byte `protobuf:"bytes,2,opt,name=inline_bytes,json=inlineBytes,proto3,oneof"`
}
func (*DataSource_InlineBytes) MarshalTo ¶
func (m *DataSource_InlineBytes) MarshalTo(dAtA []byte) (int, error)
func (*DataSource_InlineBytes) Size ¶
func (m *DataSource_InlineBytes) Size() (n int)
type DataSource_InlineString ¶
type DataSource_InlineString struct {
InlineString string `protobuf:"bytes,3,opt,name=inline_string,json=inlineString,proto3,oneof"`
}
func (*DataSource_InlineString) MarshalTo ¶
func (m *DataSource_InlineString) MarshalTo(dAtA []byte) (int, error)
func (*DataSource_InlineString) Size ¶
func (m *DataSource_InlineString) Size() (n int)
type HttpUri ¶
type HttpUri struct { // The HTTP server URI. It should be a full FQDN with protocol, host and path. // // Example: // // .. code-block:: yaml // // uri: https://www.googleapis.com/oauth2/v1/certs // Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` // Specify how `uri` is to be fetched. Today, this requires an explicit // cluster, but in the future we may support dynamic cluster creation or // inline DNS resolution. See `issue // <https://github.com/envoyproxy/envoy/issues/1606>`_. // // Types that are valid to be assigned to HttpUpstreamType: // *HttpUri_Cluster HttpUpstreamType isHttpUri_HttpUpstreamType `protobuf_oneof:"http_upstream_type"` // Sets the maximum duration in milliseconds that a response can take to arrive upon request. Timeout *google_protobuf.Duration `protobuf:"bytes,3,opt,name=timeout" json:"timeout,omitempty"` }
Copied from @envoy/api/envoy/api/v2/core/http_uri.proto Envoy external URI descriptor
func (*HttpUri) Descriptor ¶
func (*HttpUri) GetCluster ¶
func (*HttpUri) GetHttpUpstreamType ¶
func (m *HttpUri) GetHttpUpstreamType() isHttpUri_HttpUpstreamType
func (*HttpUri) GetTimeout ¶
func (m *HttpUri) GetTimeout() *google_protobuf.Duration
func (*HttpUri) ProtoMessage ¶
func (*HttpUri) ProtoMessage()
type HttpUri_Cluster ¶
type HttpUri_Cluster struct {
Cluster string `protobuf:"bytes,2,opt,name=cluster,proto3,oneof"`
}
func (*HttpUri_Cluster) Size ¶
func (m *HttpUri_Cluster) Size() (n int)
type JwtAuthentication ¶
type JwtAuthentication struct { // List of JWT rules to valide. Rules []*JwtRule `protobuf:"bytes,1,rep,name=rules" json:"rules,omitempty"` // If true, the request is allowed if JWT is missing or JWT verification fails. // Default is false, a request without JWT or failed JWT verification is not allowed. AllowMissingOrFailed bool `` /* 126-byte string literal not displayed */ }
This is the Envoy HTTP filter config for JWT authentication. [#not-implemented-hide:]
func (*JwtAuthentication) Descriptor ¶
func (*JwtAuthentication) Descriptor() ([]byte, []int)
func (*JwtAuthentication) GetAllowMissingOrFailed ¶
func (m *JwtAuthentication) GetAllowMissingOrFailed() bool
func (*JwtAuthentication) GetRules ¶
func (m *JwtAuthentication) GetRules() []*JwtRule
func (*JwtAuthentication) Marshal ¶
func (m *JwtAuthentication) Marshal() (dAtA []byte, err error)
func (*JwtAuthentication) MarshalTo ¶
func (m *JwtAuthentication) MarshalTo(dAtA []byte) (int, error)
func (*JwtAuthentication) ProtoMessage ¶
func (*JwtAuthentication) ProtoMessage()
func (*JwtAuthentication) Reset ¶
func (m *JwtAuthentication) Reset()
func (*JwtAuthentication) Size ¶
func (m *JwtAuthentication) Size() (n int)
func (*JwtAuthentication) String ¶
func (m *JwtAuthentication) String() string
func (*JwtAuthentication) Unmarshal ¶
func (m *JwtAuthentication) Unmarshal(dAtA []byte) error
type JwtHeader ¶
type JwtHeader struct { // The HTTP header name. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The value prefix. The value format is "value_prefix<token>" // For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the // end. ValuePrefix string `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"` }
This message specifies a header location to extract JWT token.
func (*JwtHeader) Descriptor ¶
func (*JwtHeader) GetValuePrefix ¶
func (*JwtHeader) ProtoMessage ¶
func (*JwtHeader) ProtoMessage()
type JwtRule ¶
type JwtRule struct { // Identifies the principal that issued the JWT. See `here // <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address. // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com // Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` // The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are // allowed to access. A JWT containing any of these audiences will be accepted. If not specified, // will not check audiences in the token. // // Example: // // .. code-block:: yaml // // audiences: // - bookstore_android.apps.googleusercontent.com // bookstore_web.apps.googleusercontent.com // Audiences []string `protobuf:"bytes,2,rep,name=audiences" json:"audiences,omitempty"` // `JSON Web Key Set <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed. to validate // signature of the JWT. This field specifies where to fetch JWKS. // // Types that are valid to be assigned to JwksSourceSpecifier: // *JwtRule_RemoteJwks // *JwtRule_LocalJwks JwksSourceSpecifier isJwtRule_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"` // If false, the JWT is removed in the request after a success verification. If true, the JWT is // not removed in the request. Default value is false. Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"` // Specify the HTTP headers to extract JWT token. For examples, following config: // // .. code-block:: yaml // // from_headers: // - name: x-goog-iap-jwt-assertion // // can be used to extract token from header:: // // x-goog-iap-jwt-assertion: <JWT>. // FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders" json:"from_headers,omitempty"` // JWT is sent in a query parameter. `jwt_params` represents the query parameter names. // // For example, if config is: // // .. code-block:: yaml // // from_params: // - jwt_token // // The JWT format in query parameter is:: // // /path?jwt_token=<JWT> // FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams" json:"from_params,omitempty"` // This field specifies the header name to forward a successfully verified JWT payload to the // backend. The forwarded data is:: // // base64_encoded(jwt_payload_in_JSON) // // If it is not specified, the payload will not be forwarded. // Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the // same issuer will not be supported. Each issuer can config this `forward_payload_header`. If // multiple JWTs from different issuers want to forward their payloads, their // `forward_payload_header` should be different. ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"` }
This message specifies how a JSON Web Token (JWT) can be verified. JWT format is defined `here <https://tools.ietf.org/html/rfc7519>`_. Please see `OAuth2.0
<https://tools.ietf.org/html/rfc6749>`_ and `OIDC1.0 <http://openid.net/connect>`_ for
the authentication flow.
Example:
.. code-block:: yaml
issuer: https://example.com audiences: - bookstore_android.apps.googleusercontent.com bookstore_web.apps.googleusercontent.com remote_jwks: - http_uri: - uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster cache_duration: - seconds: 300
[#not-implemented-hide:]
func (*JwtRule) Descriptor ¶
func (*JwtRule) GetAudiences ¶
func (*JwtRule) GetForward ¶
func (*JwtRule) GetForwardPayloadHeader ¶
func (*JwtRule) GetFromHeaders ¶
func (*JwtRule) GetFromParams ¶
func (*JwtRule) GetJwksSourceSpecifier ¶
func (m *JwtRule) GetJwksSourceSpecifier() isJwtRule_JwksSourceSpecifier
func (*JwtRule) GetLocalJwks ¶
func (m *JwtRule) GetLocalJwks() *DataSource
func (*JwtRule) GetRemoteJwks ¶
func (m *JwtRule) GetRemoteJwks() *RemoteJwks
func (*JwtRule) ProtoMessage ¶
func (*JwtRule) ProtoMessage()
type JwtRule_LocalJwks ¶
type JwtRule_LocalJwks struct {
LocalJwks *DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,oneof"`
}
func (*JwtRule_LocalJwks) MarshalTo ¶
func (m *JwtRule_LocalJwks) MarshalTo(dAtA []byte) (int, error)
func (*JwtRule_LocalJwks) Size ¶
func (m *JwtRule_LocalJwks) Size() (n int)
type JwtRule_RemoteJwks ¶
type JwtRule_RemoteJwks struct {
RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,oneof"`
}
func (*JwtRule_RemoteJwks) MarshalTo ¶
func (m *JwtRule_RemoteJwks) MarshalTo(dAtA []byte) (int, error)
func (*JwtRule_RemoteJwks) Size ¶
func (m *JwtRule_RemoteJwks) Size() (n int)
type RemoteJwks ¶
type RemoteJwks struct { // The HTTP URI to fetch the JWKS. For example: // // .. code-block:: yaml // // http_uri: // - uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 // HttpUri *HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri" json:"http_uri,omitempty"` // Duration after which the cached JWKS should be expired. If not specified, default cache // duration is 5 minutes. CacheDuration *google_protobuf.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration" json:"cache_duration,omitempty"` }
This message specifies how to fetch JWKS from remote and how to cache it.
func (*RemoteJwks) Descriptor ¶
func (*RemoteJwks) Descriptor() ([]byte, []int)
func (*RemoteJwks) GetCacheDuration ¶
func (m *RemoteJwks) GetCacheDuration() *google_protobuf.Duration
func (*RemoteJwks) GetHttpUri ¶
func (m *RemoteJwks) GetHttpUri() *HttpUri
func (*RemoteJwks) Marshal ¶
func (m *RemoteJwks) Marshal() (dAtA []byte, err error)
func (*RemoteJwks) ProtoMessage ¶
func (*RemoteJwks) ProtoMessage()
func (*RemoteJwks) Reset ¶
func (m *RemoteJwks) Reset()
func (*RemoteJwks) Size ¶
func (m *RemoteJwks) Size() (n int)
func (*RemoteJwks) String ¶
func (m *RemoteJwks) String() string
func (*RemoteJwks) Unmarshal ¶
func (m *RemoteJwks) Unmarshal(dAtA []byte) error