Documentation ¶
Index ¶
- Variables
- type FilterStateRule
- func (*FilterStateRule) Descriptor() ([]byte, []int)deprecated
- func (x *FilterStateRule) GetName() string
- func (x *FilterStateRule) GetRequires() map[string]*JwtRequirement
- func (*FilterStateRule) ProtoMessage()
- func (x *FilterStateRule) ProtoReflect() protoreflect.Message
- func (x *FilterStateRule) Reset()
- func (x *FilterStateRule) String() string
- func (m *FilterStateRule) Validate() error
- func (m *FilterStateRule) ValidateAll() error
- type FilterStateRuleMultiError
- type FilterStateRuleValidationError
- func (e FilterStateRuleValidationError) Cause() error
- func (e FilterStateRuleValidationError) Error() string
- func (e FilterStateRuleValidationError) ErrorName() string
- func (e FilterStateRuleValidationError) Field() string
- func (e FilterStateRuleValidationError) Key() bool
- func (e FilterStateRuleValidationError) Reason() string
- type JwtAuthentication
- func (*JwtAuthentication) Descriptor() ([]byte, []int)deprecated
- func (x *JwtAuthentication) GetBypassCorsPreflight() bool
- func (x *JwtAuthentication) GetFilterStateRules() *FilterStateRule
- func (x *JwtAuthentication) GetProviders() map[string]*JwtProvider
- func (x *JwtAuthentication) GetRules() []*RequirementRule
- func (*JwtAuthentication) ProtoMessage()
- func (x *JwtAuthentication) ProtoReflect() protoreflect.Message
- func (x *JwtAuthentication) Reset()
- func (x *JwtAuthentication) String() string
- func (m *JwtAuthentication) Validate() error
- func (m *JwtAuthentication) ValidateAll() error
- type JwtAuthenticationMultiError
- type JwtAuthenticationValidationError
- func (e JwtAuthenticationValidationError) Cause() error
- func (e JwtAuthenticationValidationError) Error() string
- func (e JwtAuthenticationValidationError) ErrorName() string
- func (e JwtAuthenticationValidationError) Field() string
- func (e JwtAuthenticationValidationError) Key() bool
- func (e JwtAuthenticationValidationError) Reason() string
- type JwtHeader
- func (*JwtHeader) Descriptor() ([]byte, []int)deprecated
- func (x *JwtHeader) GetName() string
- func (x *JwtHeader) GetValuePrefix() string
- func (*JwtHeader) ProtoMessage()
- func (x *JwtHeader) ProtoReflect() protoreflect.Message
- func (x *JwtHeader) Reset()
- func (x *JwtHeader) String() string
- func (m *JwtHeader) Validate() error
- func (m *JwtHeader) ValidateAll() error
- type JwtHeaderMultiError
- type JwtHeaderValidationError
- type JwtProvider
- func (*JwtProvider) Descriptor() ([]byte, []int)deprecated
- func (x *JwtProvider) GetAudiences() []string
- func (x *JwtProvider) GetForward() bool
- func (x *JwtProvider) GetForwardPayloadHeader() string
- func (x *JwtProvider) GetFromHeaders() []*JwtHeader
- func (x *JwtProvider) GetFromParams() []string
- func (x *JwtProvider) GetIssuer() string
- func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier
- func (x *JwtProvider) GetLocalJwks() *core.DataSource
- func (x *JwtProvider) GetPayloadInMetadata() string
- func (x *JwtProvider) GetRemoteJwks() *RemoteJwks
- func (*JwtProvider) ProtoMessage()
- func (x *JwtProvider) ProtoReflect() protoreflect.Message
- func (x *JwtProvider) Reset()
- func (x *JwtProvider) String() string
- func (m *JwtProvider) Validate() error
- func (m *JwtProvider) ValidateAll() error
- type JwtProviderMultiError
- type JwtProviderValidationError
- func (e JwtProviderValidationError) Cause() error
- func (e JwtProviderValidationError) Error() string
- func (e JwtProviderValidationError) ErrorName() string
- func (e JwtProviderValidationError) Field() string
- func (e JwtProviderValidationError) Key() bool
- func (e JwtProviderValidationError) Reason() string
- type JwtProvider_LocalJwks
- type JwtProvider_RemoteJwks
- type JwtRequirement
- func (*JwtRequirement) Descriptor() ([]byte, []int)deprecated
- func (x *JwtRequirement) GetAllowMissing() *emptypb.Empty
- func (x *JwtRequirement) GetAllowMissingOrFailed() *emptypb.Empty
- func (x *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences
- func (x *JwtRequirement) GetProviderName() string
- func (x *JwtRequirement) GetRequiresAll() *JwtRequirementAndList
- func (x *JwtRequirement) GetRequiresAny() *JwtRequirementOrList
- func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType
- func (*JwtRequirement) ProtoMessage()
- func (x *JwtRequirement) ProtoReflect() protoreflect.Message
- func (x *JwtRequirement) Reset()
- func (x *JwtRequirement) String() string
- func (m *JwtRequirement) Validate() error
- func (m *JwtRequirement) ValidateAll() error
- type JwtRequirementAndList
- func (*JwtRequirementAndList) Descriptor() ([]byte, []int)deprecated
- func (x *JwtRequirementAndList) GetRequirements() []*JwtRequirement
- func (*JwtRequirementAndList) ProtoMessage()
- func (x *JwtRequirementAndList) ProtoReflect() protoreflect.Message
- func (x *JwtRequirementAndList) Reset()
- func (x *JwtRequirementAndList) String() string
- func (m *JwtRequirementAndList) Validate() error
- func (m *JwtRequirementAndList) ValidateAll() error
- type JwtRequirementAndListMultiError
- type JwtRequirementAndListValidationError
- func (e JwtRequirementAndListValidationError) Cause() error
- func (e JwtRequirementAndListValidationError) Error() string
- func (e JwtRequirementAndListValidationError) ErrorName() string
- func (e JwtRequirementAndListValidationError) Field() string
- func (e JwtRequirementAndListValidationError) Key() bool
- func (e JwtRequirementAndListValidationError) Reason() string
- type JwtRequirementMultiError
- type JwtRequirementOrList
- func (*JwtRequirementOrList) Descriptor() ([]byte, []int)deprecated
- func (x *JwtRequirementOrList) GetRequirements() []*JwtRequirement
- func (*JwtRequirementOrList) ProtoMessage()
- func (x *JwtRequirementOrList) ProtoReflect() protoreflect.Message
- func (x *JwtRequirementOrList) Reset()
- func (x *JwtRequirementOrList) String() string
- func (m *JwtRequirementOrList) Validate() error
- func (m *JwtRequirementOrList) ValidateAll() error
- type JwtRequirementOrListMultiError
- type JwtRequirementOrListValidationError
- func (e JwtRequirementOrListValidationError) Cause() error
- func (e JwtRequirementOrListValidationError) Error() string
- func (e JwtRequirementOrListValidationError) ErrorName() string
- func (e JwtRequirementOrListValidationError) Field() string
- func (e JwtRequirementOrListValidationError) Key() bool
- func (e JwtRequirementOrListValidationError) Reason() string
- type JwtRequirementValidationError
- func (e JwtRequirementValidationError) Cause() error
- func (e JwtRequirementValidationError) Error() string
- func (e JwtRequirementValidationError) ErrorName() string
- func (e JwtRequirementValidationError) Field() string
- func (e JwtRequirementValidationError) Key() bool
- func (e JwtRequirementValidationError) Reason() string
- type JwtRequirement_AllowMissing
- type JwtRequirement_AllowMissingOrFailed
- type JwtRequirement_ProviderAndAudiences
- type JwtRequirement_ProviderName
- type JwtRequirement_RequiresAll
- type JwtRequirement_RequiresAny
- type ProviderWithAudiences
- func (*ProviderWithAudiences) Descriptor() ([]byte, []int)deprecated
- func (x *ProviderWithAudiences) GetAudiences() []string
- func (x *ProviderWithAudiences) GetProviderName() string
- func (*ProviderWithAudiences) ProtoMessage()
- func (x *ProviderWithAudiences) ProtoReflect() protoreflect.Message
- func (x *ProviderWithAudiences) Reset()
- func (x *ProviderWithAudiences) String() string
- func (m *ProviderWithAudiences) Validate() error
- func (m *ProviderWithAudiences) ValidateAll() error
- type ProviderWithAudiencesMultiError
- type ProviderWithAudiencesValidationError
- func (e ProviderWithAudiencesValidationError) Cause() error
- func (e ProviderWithAudiencesValidationError) Error() string
- func (e ProviderWithAudiencesValidationError) ErrorName() string
- func (e ProviderWithAudiencesValidationError) Field() string
- func (e ProviderWithAudiencesValidationError) Key() bool
- func (e ProviderWithAudiencesValidationError) Reason() string
- type RemoteJwks
- func (*RemoteJwks) Descriptor() ([]byte, []int)deprecated
- func (x *RemoteJwks) GetCacheDuration() *duration.Duration
- func (x *RemoteJwks) GetHttpUri() *core.HttpUri
- func (*RemoteJwks) ProtoMessage()
- func (x *RemoteJwks) ProtoReflect() protoreflect.Message
- func (x *RemoteJwks) Reset()
- func (x *RemoteJwks) String() string
- func (m *RemoteJwks) Validate() error
- func (m *RemoteJwks) ValidateAll() error
- type RemoteJwksMultiError
- type RemoteJwksValidationError
- type RequirementRule
- func (*RequirementRule) Descriptor() ([]byte, []int)deprecated
- func (x *RequirementRule) GetMatch() *route.RouteMatch
- func (x *RequirementRule) GetRequires() *JwtRequirement
- func (*RequirementRule) ProtoMessage()
- func (x *RequirementRule) ProtoReflect() protoreflect.Message
- func (x *RequirementRule) Reset()
- func (x *RequirementRule) String() string
- func (m *RequirementRule) Validate() error
- func (m *RequirementRule) ValidateAll() error
- type RequirementRuleMultiError
- type RequirementRuleValidationError
- func (e RequirementRuleValidationError) Cause() error
- func (e RequirementRuleValidationError) Error() string
- func (e RequirementRuleValidationError) ErrorName() string
- func (e RequirementRuleValidationError) Field() string
- func (e RequirementRuleValidationError) Key() bool
- func (e RequirementRuleValidationError) Reason() string
Constants ¶
This section is empty.
Variables ¶
var File_envoy_config_filter_http_jwt_authn_v2alpha_config_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type FilterStateRule ¶
type FilterStateRule struct { // The filter state name to retrieve the `Router::StringAccessor` object. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // A map of string keys to requirements. The string key is the string value // in the FilterState with the name specified in the *name* field above. Requires map[string]*JwtRequirement `` /* 157-byte string literal not displayed */ // contains filtered or unexported fields }
This message specifies Jwt requirements based on stream_info.filterState. This FilterState should use `Router::StringAccessor` object to set a string value. Other HTTP filters can use it to specify Jwt requirements dynamically.
Example:
.. code-block:: yaml
name: jwt_selector requires: issuer_1: provider_name: issuer1 issuer_2: provider_name: issuer2
If a filter set "jwt_selector" with "issuer_1" to FilterState for a request, jwt_authn filter will use JwtRequirement{"provider_name": "issuer1"} to verify.
func (*FilterStateRule) Descriptor
deprecated
func (*FilterStateRule) Descriptor() ([]byte, []int)
Deprecated: Use FilterStateRule.ProtoReflect.Descriptor instead.
func (*FilterStateRule) GetName ¶
func (x *FilterStateRule) GetName() string
func (*FilterStateRule) GetRequires ¶
func (x *FilterStateRule) GetRequires() map[string]*JwtRequirement
func (*FilterStateRule) ProtoMessage ¶
func (*FilterStateRule) ProtoMessage()
func (*FilterStateRule) ProtoReflect ¶
func (x *FilterStateRule) ProtoReflect() protoreflect.Message
func (*FilterStateRule) Reset ¶
func (x *FilterStateRule) Reset()
func (*FilterStateRule) String ¶
func (x *FilterStateRule) String() string
func (*FilterStateRule) Validate ¶
func (m *FilterStateRule) Validate() error
Validate checks the field values on FilterStateRule with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*FilterStateRule) ValidateAll ¶
func (m *FilterStateRule) ValidateAll() error
ValidateAll checks the field values on FilterStateRule with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in FilterStateRuleMultiError, or nil if none found.
type FilterStateRuleMultiError ¶
type FilterStateRuleMultiError []error
FilterStateRuleMultiError is an error wrapping multiple validation errors returned by FilterStateRule.ValidateAll() if the designated constraints aren't met.
func (FilterStateRuleMultiError) AllErrors ¶
func (m FilterStateRuleMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (FilterStateRuleMultiError) Error ¶
func (m FilterStateRuleMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type FilterStateRuleValidationError ¶
type FilterStateRuleValidationError struct {
// contains filtered or unexported fields
}
FilterStateRuleValidationError is the validation error returned by FilterStateRule.Validate if the designated constraints aren't met.
func (FilterStateRuleValidationError) Cause ¶
func (e FilterStateRuleValidationError) Cause() error
Cause function returns cause value.
func (FilterStateRuleValidationError) Error ¶
func (e FilterStateRuleValidationError) Error() string
Error satisfies the builtin error interface
func (FilterStateRuleValidationError) ErrorName ¶
func (e FilterStateRuleValidationError) ErrorName() string
ErrorName returns error name.
func (FilterStateRuleValidationError) Field ¶
func (e FilterStateRuleValidationError) Field() string
Field function returns field value.
func (FilterStateRuleValidationError) Key ¶
func (e FilterStateRuleValidationError) Key() bool
Key function returns key value.
func (FilterStateRuleValidationError) Reason ¶
func (e FilterStateRuleValidationError) Reason() string
Reason function returns reason value.
type JwtAuthentication ¶
type JwtAuthentication struct { // Map of provider names to JwtProviders. // // .. code-block:: yaml // // providers: // provider1: // issuer: issuer1 // audiences: // - audience1 // - audience2 // remote_jwks: // http_uri: // uri: https://example.com/.well-known/jwks.json // cluster: example_jwks_cluster // provider2: // issuer: provider2 // local_jwks: // inline_string: jwks_string // Providers map[string]*JwtProvider `` /* 159-byte string literal not displayed */ // Specifies requirements based on the route matches. The first matched requirement will be // applied. If there are overlapped match conditions, please put the most specific match first. // // Examples // // .. code-block:: yaml // // rules: // - match: // prefix: /healthz // - match: // prefix: /baz // requires: // provider_name: provider1 // - match: // prefix: /foo // requires: // requires_any: // requirements: // - provider_name: provider1 // - provider_name: provider2 // - match: // prefix: /bar // requires: // requires_all: // requirements: // - provider_name: provider1 // - provider_name: provider2 // Rules []*RequirementRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"` // This message specifies Jwt requirements based on stream_info.filterState. // Other HTTP filters can use it to specify Jwt requirements dynamically. // The *rules* field above is checked first, if it could not find any matches, // check this one. FilterStateRules *FilterStateRule `protobuf:"bytes,3,opt,name=filter_state_rules,json=filterStateRules,proto3" json:"filter_state_rules,omitempty"` // When set to true, bypass the `CORS preflight request // <http://www.w3.org/TR/cors/#cross-origin-request-with-preflight>`_ regardless of JWT // requirements specified in the rules. BypassCorsPreflight bool `protobuf:"varint,4,opt,name=bypass_cors_preflight,json=bypassCorsPreflight,proto3" json:"bypass_cors_preflight,omitempty"` // contains filtered or unexported fields }
This is the Envoy HTTP filter config for JWT authentication.
For example:
.. code-block:: yaml
providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster provider2: issuer: issuer2 local_jwks: inline_string: jwks_string rules: # Not jwt verification is required for /health path - match: prefix: /health # Jwt verification for provider1 is required for path prefixed with "prefix" - match: prefix: /prefix requires: provider_name: provider1 # Jwt verification for either provider1 or provider2 is required for all other requests. - match: prefix: / requires: requires_any: requirements: - provider_name: provider1 - provider_name: provider2
func (*JwtAuthentication) Descriptor
deprecated
func (*JwtAuthentication) Descriptor() ([]byte, []int)
Deprecated: Use JwtAuthentication.ProtoReflect.Descriptor instead.
func (*JwtAuthentication) GetBypassCorsPreflight ¶
func (x *JwtAuthentication) GetBypassCorsPreflight() bool
func (*JwtAuthentication) GetFilterStateRules ¶
func (x *JwtAuthentication) GetFilterStateRules() *FilterStateRule
func (*JwtAuthentication) GetProviders ¶
func (x *JwtAuthentication) GetProviders() map[string]*JwtProvider
func (*JwtAuthentication) GetRules ¶
func (x *JwtAuthentication) GetRules() []*RequirementRule
func (*JwtAuthentication) ProtoMessage ¶
func (*JwtAuthentication) ProtoMessage()
func (*JwtAuthentication) ProtoReflect ¶
func (x *JwtAuthentication) ProtoReflect() protoreflect.Message
func (*JwtAuthentication) Reset ¶
func (x *JwtAuthentication) Reset()
func (*JwtAuthentication) String ¶
func (x *JwtAuthentication) String() string
func (*JwtAuthentication) Validate ¶
func (m *JwtAuthentication) Validate() error
Validate checks the field values on JwtAuthentication with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*JwtAuthentication) ValidateAll ¶
func (m *JwtAuthentication) ValidateAll() error
ValidateAll checks the field values on JwtAuthentication with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in JwtAuthenticationMultiError, or nil if none found.
type JwtAuthenticationMultiError ¶
type JwtAuthenticationMultiError []error
JwtAuthenticationMultiError is an error wrapping multiple validation errors returned by JwtAuthentication.ValidateAll() if the designated constraints aren't met.
func (JwtAuthenticationMultiError) AllErrors ¶
func (m JwtAuthenticationMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (JwtAuthenticationMultiError) Error ¶
func (m JwtAuthenticationMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type JwtAuthenticationValidationError ¶
type JwtAuthenticationValidationError struct {
// contains filtered or unexported fields
}
JwtAuthenticationValidationError is the validation error returned by JwtAuthentication.Validate if the designated constraints aren't met.
func (JwtAuthenticationValidationError) Cause ¶
func (e JwtAuthenticationValidationError) Cause() error
Cause function returns cause value.
func (JwtAuthenticationValidationError) Error ¶
func (e JwtAuthenticationValidationError) Error() string
Error satisfies the builtin error interface
func (JwtAuthenticationValidationError) ErrorName ¶
func (e JwtAuthenticationValidationError) ErrorName() string
ErrorName returns error name.
func (JwtAuthenticationValidationError) Field ¶
func (e JwtAuthenticationValidationError) Field() string
Field function returns field value.
func (JwtAuthenticationValidationError) Key ¶
func (e JwtAuthenticationValidationError) Key() bool
Key function returns key value.
func (JwtAuthenticationValidationError) Reason ¶
func (e JwtAuthenticationValidationError) Reason() string
Reason function returns reason value.
type JwtHeader ¶
type JwtHeader struct { // The HTTP header name. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The value prefix. The value format is "value_prefix<token>" // For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the // end. ValuePrefix string `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"` // contains filtered or unexported fields }
This message specifies a header location to extract JWT token.
func (*JwtHeader) Descriptor
deprecated
func (*JwtHeader) GetValuePrefix ¶
func (*JwtHeader) ProtoMessage ¶
func (*JwtHeader) ProtoMessage()
func (*JwtHeader) ProtoReflect ¶
func (x *JwtHeader) ProtoReflect() protoreflect.Message
func (*JwtHeader) Validate ¶
Validate checks the field values on JwtHeader with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*JwtHeader) ValidateAll ¶
ValidateAll checks the field values on JwtHeader with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in JwtHeaderMultiError, or nil if none found.
type JwtHeaderMultiError ¶
type JwtHeaderMultiError []error
JwtHeaderMultiError is an error wrapping multiple validation errors returned by JwtHeader.ValidateAll() if the designated constraints aren't met.
func (JwtHeaderMultiError) AllErrors ¶
func (m JwtHeaderMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (JwtHeaderMultiError) Error ¶
func (m JwtHeaderMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type JwtHeaderValidationError ¶
type JwtHeaderValidationError struct {
// contains filtered or unexported fields
}
JwtHeaderValidationError is the validation error returned by JwtHeader.Validate if the designated constraints aren't met.
func (JwtHeaderValidationError) Cause ¶
func (e JwtHeaderValidationError) Cause() error
Cause function returns cause value.
func (JwtHeaderValidationError) Error ¶
func (e JwtHeaderValidationError) Error() string
Error satisfies the builtin error interface
func (JwtHeaderValidationError) ErrorName ¶
func (e JwtHeaderValidationError) ErrorName() string
ErrorName returns error name.
func (JwtHeaderValidationError) Field ¶
func (e JwtHeaderValidationError) Field() string
Field function returns field value.
func (JwtHeaderValidationError) Key ¶
func (e JwtHeaderValidationError) Key() bool
Key function returns key value.
func (JwtHeaderValidationError) Reason ¶
func (e JwtHeaderValidationError) Reason() string
Reason function returns reason value.
type JwtProvider ¶
type JwtProvider struct { // Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued // the JWT, usually a URL or an email address. // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com // Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` // The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are // allowed to access. A JWT containing any of these audiences will be accepted. If not specified, // will not check audiences in the token. // // Example: // // .. code-block:: yaml // // audiences: // - bookstore_android.apps.googleusercontent.com // - bookstore_web.apps.googleusercontent.com // Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // `JSON Web Key Set (JWKS) <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed to // validate signature of a JWT. This field specifies where to fetch JWKS. // // Types that are assignable to JwksSourceSpecifier: // *JwtProvider_RemoteJwks // *JwtProvider_LocalJwks JwksSourceSpecifier isJwtProvider_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"` // If false, the JWT is removed in the request after a success verification. If true, the JWT is // not removed in the request. Default value is false. Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"` // Two fields below define where to extract the JWT from an HTTP request. // // If no explicit location is specified, the following default locations are tried in order: // // 1. The Authorization header using the `Bearer schema // <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example:: // // Authorization: Bearer <token>. // // 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter. // // Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations // its provider specified or from the default locations. // // Specify the HTTP headers to extract JWT token. For examples, following config: // // .. code-block:: yaml // // from_headers: // - name: x-goog-iap-jwt-assertion // // can be used to extract token from header:: // // “x-goog-iap-jwt-assertion: <JWT>“. // FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders,proto3" json:"from_headers,omitempty"` // JWT is sent in a query parameter. `jwt_params` represents the query parameter names. // // For example, if config is: // // .. code-block:: yaml // // from_params: // - jwt_token // // The JWT format in query parameter is:: // // /path?jwt_token=<JWT> // FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams,proto3" json:"from_params,omitempty"` // This field specifies the header name to forward a successfully verified JWT payload to the // backend. The forwarded data is:: // // base64url_encoded(jwt_payload_in_JSON) // // If it is not specified, the payload will not be forwarded. ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"` // If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata // in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** // The value is the *protobuf::Struct*. The value of this field will be the key for its *fields* // and the value is the *protobuf::Struct* converted from JWT JSON payload. // // For example, if payload_in_metadata is *my_payload*: // // .. code-block:: yaml // // envoy.filters.http.jwt_authn: // my_payload: // iss: https://example.com // sub: test@example.com // aud: https://example.com // exp: 1501281058 // PayloadInMetadata string `protobuf:"bytes,9,opt,name=payload_in_metadata,json=payloadInMetadata,proto3" json:"payload_in_metadata,omitempty"` // contains filtered or unexported fields }
Please see following for JWT authentication flow:
* `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_ * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_ * `OpenID Connect <http://openid.net/connect>`_
A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:
* issuer: the principal that issues the JWT. It has to match the one from the token. * allowed audiences: the ones in the token have to be listed here. * how to fetch public key JWKS to verify the token signature. * how to extract JWT token in the request. * how to pass successfully verified token payload.
Example:
.. code-block:: yaml
issuer: https://example.com audiences: - bookstore_android.apps.googleusercontent.com - bookstore_web.apps.googleusercontent.com remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster cache_duration: seconds: 300
[#next-free-field: 10]
func (*JwtProvider) Descriptor
deprecated
func (*JwtProvider) Descriptor() ([]byte, []int)
Deprecated: Use JwtProvider.ProtoReflect.Descriptor instead.
func (*JwtProvider) GetAudiences ¶
func (x *JwtProvider) GetAudiences() []string
func (*JwtProvider) GetForward ¶
func (x *JwtProvider) GetForward() bool
func (*JwtProvider) GetForwardPayloadHeader ¶
func (x *JwtProvider) GetForwardPayloadHeader() string
func (*JwtProvider) GetFromHeaders ¶
func (x *JwtProvider) GetFromHeaders() []*JwtHeader
func (*JwtProvider) GetFromParams ¶
func (x *JwtProvider) GetFromParams() []string
func (*JwtProvider) GetIssuer ¶
func (x *JwtProvider) GetIssuer() string
func (*JwtProvider) GetJwksSourceSpecifier ¶
func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier
func (*JwtProvider) GetLocalJwks ¶
func (x *JwtProvider) GetLocalJwks() *core.DataSource
func (*JwtProvider) GetPayloadInMetadata ¶
func (x *JwtProvider) GetPayloadInMetadata() string
func (*JwtProvider) GetRemoteJwks ¶
func (x *JwtProvider) GetRemoteJwks() *RemoteJwks
func (*JwtProvider) ProtoMessage ¶
func (*JwtProvider) ProtoMessage()
func (*JwtProvider) ProtoReflect ¶
func (x *JwtProvider) ProtoReflect() protoreflect.Message
func (*JwtProvider) Reset ¶
func (x *JwtProvider) Reset()
func (*JwtProvider) String ¶
func (x *JwtProvider) String() string
func (*JwtProvider) Validate ¶
func (m *JwtProvider) Validate() error
Validate checks the field values on JwtProvider with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*JwtProvider) ValidateAll ¶
func (m *JwtProvider) ValidateAll() error
ValidateAll checks the field values on JwtProvider with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in JwtProviderMultiError, or nil if none found.
type JwtProviderMultiError ¶
type JwtProviderMultiError []error
JwtProviderMultiError is an error wrapping multiple validation errors returned by JwtProvider.ValidateAll() if the designated constraints aren't met.
func (JwtProviderMultiError) AllErrors ¶
func (m JwtProviderMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (JwtProviderMultiError) Error ¶
func (m JwtProviderMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type JwtProviderValidationError ¶
type JwtProviderValidationError struct {
// contains filtered or unexported fields
}
JwtProviderValidationError is the validation error returned by JwtProvider.Validate if the designated constraints aren't met.
func (JwtProviderValidationError) Cause ¶
func (e JwtProviderValidationError) Cause() error
Cause function returns cause value.
func (JwtProviderValidationError) Error ¶
func (e JwtProviderValidationError) Error() string
Error satisfies the builtin error interface
func (JwtProviderValidationError) ErrorName ¶
func (e JwtProviderValidationError) ErrorName() string
ErrorName returns error name.
func (JwtProviderValidationError) Field ¶
func (e JwtProviderValidationError) Field() string
Field function returns field value.
func (JwtProviderValidationError) Key ¶
func (e JwtProviderValidationError) Key() bool
Key function returns key value.
func (JwtProviderValidationError) Reason ¶
func (e JwtProviderValidationError) Reason() string
Reason function returns reason value.
type JwtProvider_LocalJwks ¶
type JwtProvider_LocalJwks struct { // JWKS is in local data source. It could be either in a local file or embedded in the // inline_string. // // Example: local file // // .. code-block:: yaml // // local_jwks: // filename: /etc/envoy/jwks/jwks1.txt // // Example: inline_string // // .. code-block:: yaml // // local_jwks: // inline_string: ACADADADADA // LocalJwks *core.DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,proto3,oneof"` }
type JwtProvider_RemoteJwks ¶
type JwtProvider_RemoteJwks struct { // JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP // URI and how the fetched JWKS should be cached. // // Example: // // .. code-block:: yaml // // remote_jwks: // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 // cache_duration: // seconds: 300 // RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"` }
type JwtRequirement ¶
type JwtRequirement struct { // Types that are assignable to RequiresType: // *JwtRequirement_ProviderName // *JwtRequirement_ProviderAndAudiences // *JwtRequirement_RequiresAny // *JwtRequirement_RequiresAll // *JwtRequirement_AllowMissingOrFailed // *JwtRequirement_AllowMissing RequiresType isJwtRequirement_RequiresType `protobuf_oneof:"requires_type"` // contains filtered or unexported fields }
This message specifies a Jwt requirement. An empty message means JWT verification is not required. Here are some config examples:
.. code-block:: yaml
# Example 1: not required with an empty message # Example 2: require A provider_name: provider-A # Example 3: require A or B requires_any: requirements: - provider_name: provider-A - provider_name: provider-B # Example 4: require A and B requires_all: requirements: - provider_name: provider-A - provider_name: provider-B # Example 5: require A and (B or C) requires_all: requirements: - provider_name: provider-A - requires_any: requirements: - provider_name: provider-B - provider_name: provider-C # Example 6: require A or (B and C) requires_any: requirements: - provider_name: provider-A - requires_all: requirements: - provider_name: provider-B - provider_name: provider-C # Example 7: A is optional (if token from A is provided, it must be valid, but also allows missing token.) requires_any: requirements: - provider_name: provider-A - allow_missing: {} # Example 8: A is optional and B is required. requires_all: requirements: - requires_any: requirements: - provider_name: provider-A - allow_missing: {} - provider_name: provider-B
[#next-free-field: 7]
func (*JwtRequirement) Descriptor
deprecated
func (*JwtRequirement) Descriptor() ([]byte, []int)
Deprecated: Use JwtRequirement.ProtoReflect.Descriptor instead.
func (*JwtRequirement) GetAllowMissing ¶
func (x *JwtRequirement) GetAllowMissing() *emptypb.Empty
func (*JwtRequirement) GetAllowMissingOrFailed ¶
func (x *JwtRequirement) GetAllowMissingOrFailed() *emptypb.Empty
func (*JwtRequirement) GetProviderAndAudiences ¶
func (x *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences
func (*JwtRequirement) GetProviderName ¶
func (x *JwtRequirement) GetProviderName() string
func (*JwtRequirement) GetRequiresAll ¶
func (x *JwtRequirement) GetRequiresAll() *JwtRequirementAndList
func (*JwtRequirement) GetRequiresAny ¶
func (x *JwtRequirement) GetRequiresAny() *JwtRequirementOrList
func (*JwtRequirement) GetRequiresType ¶
func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType
func (*JwtRequirement) ProtoMessage ¶
func (*JwtRequirement) ProtoMessage()
func (*JwtRequirement) ProtoReflect ¶
func (x *JwtRequirement) ProtoReflect() protoreflect.Message
func (*JwtRequirement) Reset ¶
func (x *JwtRequirement) Reset()
func (*JwtRequirement) String ¶
func (x *JwtRequirement) String() string
func (*JwtRequirement) Validate ¶
func (m *JwtRequirement) Validate() error
Validate checks the field values on JwtRequirement with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*JwtRequirement) ValidateAll ¶
func (m *JwtRequirement) ValidateAll() error
ValidateAll checks the field values on JwtRequirement with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in JwtRequirementMultiError, or nil if none found.
type JwtRequirementAndList ¶
type JwtRequirementAndList struct { // Specify a list of JwtRequirement. Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"` // contains filtered or unexported fields }
This message specifies a list of RequiredProvider. Their results are AND-ed; all of them must pass, if one of them fails or missing, it fails.
func (*JwtRequirementAndList) Descriptor
deprecated
func (*JwtRequirementAndList) Descriptor() ([]byte, []int)
Deprecated: Use JwtRequirementAndList.ProtoReflect.Descriptor instead.
func (*JwtRequirementAndList) GetRequirements ¶
func (x *JwtRequirementAndList) GetRequirements() []*JwtRequirement
func (*JwtRequirementAndList) ProtoMessage ¶
func (*JwtRequirementAndList) ProtoMessage()
func (*JwtRequirementAndList) ProtoReflect ¶
func (x *JwtRequirementAndList) ProtoReflect() protoreflect.Message
func (*JwtRequirementAndList) Reset ¶
func (x *JwtRequirementAndList) Reset()
func (*JwtRequirementAndList) String ¶
func (x *JwtRequirementAndList) String() string
func (*JwtRequirementAndList) Validate ¶
func (m *JwtRequirementAndList) Validate() error
Validate checks the field values on JwtRequirementAndList with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*JwtRequirementAndList) ValidateAll ¶
func (m *JwtRequirementAndList) ValidateAll() error
ValidateAll checks the field values on JwtRequirementAndList with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in JwtRequirementAndListMultiError, or nil if none found.
type JwtRequirementAndListMultiError ¶
type JwtRequirementAndListMultiError []error
JwtRequirementAndListMultiError is an error wrapping multiple validation errors returned by JwtRequirementAndList.ValidateAll() if the designated constraints aren't met.
func (JwtRequirementAndListMultiError) AllErrors ¶
func (m JwtRequirementAndListMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (JwtRequirementAndListMultiError) Error ¶
func (m JwtRequirementAndListMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type JwtRequirementAndListValidationError ¶
type JwtRequirementAndListValidationError struct {
// contains filtered or unexported fields
}
JwtRequirementAndListValidationError is the validation error returned by JwtRequirementAndList.Validate if the designated constraints aren't met.
func (JwtRequirementAndListValidationError) Cause ¶
func (e JwtRequirementAndListValidationError) Cause() error
Cause function returns cause value.
func (JwtRequirementAndListValidationError) Error ¶
func (e JwtRequirementAndListValidationError) Error() string
Error satisfies the builtin error interface
func (JwtRequirementAndListValidationError) ErrorName ¶
func (e JwtRequirementAndListValidationError) ErrorName() string
ErrorName returns error name.
func (JwtRequirementAndListValidationError) Field ¶
func (e JwtRequirementAndListValidationError) Field() string
Field function returns field value.
func (JwtRequirementAndListValidationError) Key ¶
func (e JwtRequirementAndListValidationError) Key() bool
Key function returns key value.
func (JwtRequirementAndListValidationError) Reason ¶
func (e JwtRequirementAndListValidationError) Reason() string
Reason function returns reason value.
type JwtRequirementMultiError ¶
type JwtRequirementMultiError []error
JwtRequirementMultiError is an error wrapping multiple validation errors returned by JwtRequirement.ValidateAll() if the designated constraints aren't met.
func (JwtRequirementMultiError) AllErrors ¶
func (m JwtRequirementMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (JwtRequirementMultiError) Error ¶
func (m JwtRequirementMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type JwtRequirementOrList ¶
type JwtRequirementOrList struct { // Specify a list of JwtRequirement. Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"` // contains filtered or unexported fields }
This message specifies a list of RequiredProvider. Their results are OR-ed; if any one of them passes, the result is passed
func (*JwtRequirementOrList) Descriptor
deprecated
func (*JwtRequirementOrList) Descriptor() ([]byte, []int)
Deprecated: Use JwtRequirementOrList.ProtoReflect.Descriptor instead.
func (*JwtRequirementOrList) GetRequirements ¶
func (x *JwtRequirementOrList) GetRequirements() []*JwtRequirement
func (*JwtRequirementOrList) ProtoMessage ¶
func (*JwtRequirementOrList) ProtoMessage()
func (*JwtRequirementOrList) ProtoReflect ¶
func (x *JwtRequirementOrList) ProtoReflect() protoreflect.Message
func (*JwtRequirementOrList) Reset ¶
func (x *JwtRequirementOrList) Reset()
func (*JwtRequirementOrList) String ¶
func (x *JwtRequirementOrList) String() string
func (*JwtRequirementOrList) Validate ¶
func (m *JwtRequirementOrList) Validate() error
Validate checks the field values on JwtRequirementOrList with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*JwtRequirementOrList) ValidateAll ¶
func (m *JwtRequirementOrList) ValidateAll() error
ValidateAll checks the field values on JwtRequirementOrList with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in JwtRequirementOrListMultiError, or nil if none found.
type JwtRequirementOrListMultiError ¶
type JwtRequirementOrListMultiError []error
JwtRequirementOrListMultiError is an error wrapping multiple validation errors returned by JwtRequirementOrList.ValidateAll() if the designated constraints aren't met.
func (JwtRequirementOrListMultiError) AllErrors ¶
func (m JwtRequirementOrListMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (JwtRequirementOrListMultiError) Error ¶
func (m JwtRequirementOrListMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type JwtRequirementOrListValidationError ¶
type JwtRequirementOrListValidationError struct {
// contains filtered or unexported fields
}
JwtRequirementOrListValidationError is the validation error returned by JwtRequirementOrList.Validate if the designated constraints aren't met.
func (JwtRequirementOrListValidationError) Cause ¶
func (e JwtRequirementOrListValidationError) Cause() error
Cause function returns cause value.
func (JwtRequirementOrListValidationError) Error ¶
func (e JwtRequirementOrListValidationError) Error() string
Error satisfies the builtin error interface
func (JwtRequirementOrListValidationError) ErrorName ¶
func (e JwtRequirementOrListValidationError) ErrorName() string
ErrorName returns error name.
func (JwtRequirementOrListValidationError) Field ¶
func (e JwtRequirementOrListValidationError) Field() string
Field function returns field value.
func (JwtRequirementOrListValidationError) Key ¶
func (e JwtRequirementOrListValidationError) Key() bool
Key function returns key value.
func (JwtRequirementOrListValidationError) Reason ¶
func (e JwtRequirementOrListValidationError) Reason() string
Reason function returns reason value.
type JwtRequirementValidationError ¶
type JwtRequirementValidationError struct {
// contains filtered or unexported fields
}
JwtRequirementValidationError is the validation error returned by JwtRequirement.Validate if the designated constraints aren't met.
func (JwtRequirementValidationError) Cause ¶
func (e JwtRequirementValidationError) Cause() error
Cause function returns cause value.
func (JwtRequirementValidationError) Error ¶
func (e JwtRequirementValidationError) Error() string
Error satisfies the builtin error interface
func (JwtRequirementValidationError) ErrorName ¶
func (e JwtRequirementValidationError) ErrorName() string
ErrorName returns error name.
func (JwtRequirementValidationError) Field ¶
func (e JwtRequirementValidationError) Field() string
Field function returns field value.
func (JwtRequirementValidationError) Key ¶
func (e JwtRequirementValidationError) Key() bool
Key function returns key value.
func (JwtRequirementValidationError) Reason ¶
func (e JwtRequirementValidationError) Reason() string
Reason function returns reason value.
type JwtRequirement_AllowMissing ¶
type JwtRequirement_AllowMissing struct { // The requirement is satisfied if JWT is missing, but failed if JWT is // presented but invalid. Similar to allow_missing_or_failed, this is used // to only verify JWTs and pass the verified payload to another filter. The // different is this mode will reject requests with invalid tokens. AllowMissing *emptypb.Empty `protobuf:"bytes,6,opt,name=allow_missing,json=allowMissing,proto3,oneof"` }
type JwtRequirement_AllowMissingOrFailed ¶
type JwtRequirement_AllowMissingOrFailed struct { // The requirement is always satisfied even if JWT is missing or the JWT // verification fails. A typical usage is: this filter is used to only verify // JWTs and pass the verified JWT payloads to another filter, the other filter // will make decision. In this mode, all JWT tokens will be verified. AllowMissingOrFailed *emptypb.Empty `protobuf:"bytes,5,opt,name=allow_missing_or_failed,json=allowMissingOrFailed,proto3,oneof"` }
type JwtRequirement_ProviderAndAudiences ¶
type JwtRequirement_ProviderAndAudiences struct { // Specify a required provider with audiences. ProviderAndAudiences *ProviderWithAudiences `protobuf:"bytes,2,opt,name=provider_and_audiences,json=providerAndAudiences,proto3,oneof"` }
type JwtRequirement_ProviderName ¶
type JwtRequirement_ProviderName struct { // Specify a required provider name. ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3,oneof"` }
type JwtRequirement_RequiresAll ¶
type JwtRequirement_RequiresAll struct { // Specify list of JwtRequirement. Their results are AND-ed. // All of them must pass, if one of them fails or missing, it fails. RequiresAll *JwtRequirementAndList `protobuf:"bytes,4,opt,name=requires_all,json=requiresAll,proto3,oneof"` }
type JwtRequirement_RequiresAny ¶
type JwtRequirement_RequiresAny struct { // Specify list of JwtRequirement. Their results are OR-ed. // If any one of them passes, the result is passed. RequiresAny *JwtRequirementOrList `protobuf:"bytes,3,opt,name=requires_any,json=requiresAny,proto3,oneof"` }
type ProviderWithAudiences ¶
type ProviderWithAudiences struct { // Specify a required provider name. ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"` // This field overrides the one specified in the JwtProvider. Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // contains filtered or unexported fields }
Specify a required provider with audiences.
func (*ProviderWithAudiences) Descriptor
deprecated
func (*ProviderWithAudiences) Descriptor() ([]byte, []int)
Deprecated: Use ProviderWithAudiences.ProtoReflect.Descriptor instead.
func (*ProviderWithAudiences) GetAudiences ¶
func (x *ProviderWithAudiences) GetAudiences() []string
func (*ProviderWithAudiences) GetProviderName ¶
func (x *ProviderWithAudiences) GetProviderName() string
func (*ProviderWithAudiences) ProtoMessage ¶
func (*ProviderWithAudiences) ProtoMessage()
func (*ProviderWithAudiences) ProtoReflect ¶
func (x *ProviderWithAudiences) ProtoReflect() protoreflect.Message
func (*ProviderWithAudiences) Reset ¶
func (x *ProviderWithAudiences) Reset()
func (*ProviderWithAudiences) String ¶
func (x *ProviderWithAudiences) String() string
func (*ProviderWithAudiences) Validate ¶
func (m *ProviderWithAudiences) Validate() error
Validate checks the field values on ProviderWithAudiences with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*ProviderWithAudiences) ValidateAll ¶
func (m *ProviderWithAudiences) ValidateAll() error
ValidateAll checks the field values on ProviderWithAudiences with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in ProviderWithAudiencesMultiError, or nil if none found.
type ProviderWithAudiencesMultiError ¶
type ProviderWithAudiencesMultiError []error
ProviderWithAudiencesMultiError is an error wrapping multiple validation errors returned by ProviderWithAudiences.ValidateAll() if the designated constraints aren't met.
func (ProviderWithAudiencesMultiError) AllErrors ¶
func (m ProviderWithAudiencesMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (ProviderWithAudiencesMultiError) Error ¶
func (m ProviderWithAudiencesMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type ProviderWithAudiencesValidationError ¶
type ProviderWithAudiencesValidationError struct {
// contains filtered or unexported fields
}
ProviderWithAudiencesValidationError is the validation error returned by ProviderWithAudiences.Validate if the designated constraints aren't met.
func (ProviderWithAudiencesValidationError) Cause ¶
func (e ProviderWithAudiencesValidationError) Cause() error
Cause function returns cause value.
func (ProviderWithAudiencesValidationError) Error ¶
func (e ProviderWithAudiencesValidationError) Error() string
Error satisfies the builtin error interface
func (ProviderWithAudiencesValidationError) ErrorName ¶
func (e ProviderWithAudiencesValidationError) ErrorName() string
ErrorName returns error name.
func (ProviderWithAudiencesValidationError) Field ¶
func (e ProviderWithAudiencesValidationError) Field() string
Field function returns field value.
func (ProviderWithAudiencesValidationError) Key ¶
func (e ProviderWithAudiencesValidationError) Key() bool
Key function returns key value.
func (ProviderWithAudiencesValidationError) Reason ¶
func (e ProviderWithAudiencesValidationError) Reason() string
Reason function returns reason value.
type RemoteJwks ¶
type RemoteJwks struct { // The HTTP URI to fetch the JWKS. For example: // // .. code-block:: yaml // // http_uri: // uri: https://www.googleapis.com/oauth2/v1/certs // cluster: jwt.www.googleapis.com|443 // HttpUri *core.HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri,proto3" json:"http_uri,omitempty"` // Duration after which the cached JWKS should be expired. If not specified, default cache // duration is 5 minutes. CacheDuration *duration.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"` // contains filtered or unexported fields }
This message specifies how to fetch JWKS from remote and how to cache it.
func (*RemoteJwks) Descriptor
deprecated
func (*RemoteJwks) Descriptor() ([]byte, []int)
Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.
func (*RemoteJwks) GetCacheDuration ¶
func (x *RemoteJwks) GetCacheDuration() *duration.Duration
func (*RemoteJwks) GetHttpUri ¶
func (x *RemoteJwks) GetHttpUri() *core.HttpUri
func (*RemoteJwks) ProtoMessage ¶
func (*RemoteJwks) ProtoMessage()
func (*RemoteJwks) ProtoReflect ¶
func (x *RemoteJwks) ProtoReflect() protoreflect.Message
func (*RemoteJwks) Reset ¶
func (x *RemoteJwks) Reset()
func (*RemoteJwks) String ¶
func (x *RemoteJwks) String() string
func (*RemoteJwks) Validate ¶
func (m *RemoteJwks) Validate() error
Validate checks the field values on RemoteJwks with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*RemoteJwks) ValidateAll ¶
func (m *RemoteJwks) ValidateAll() error
ValidateAll checks the field values on RemoteJwks with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in RemoteJwksMultiError, or nil if none found.
type RemoteJwksMultiError ¶
type RemoteJwksMultiError []error
RemoteJwksMultiError is an error wrapping multiple validation errors returned by RemoteJwks.ValidateAll() if the designated constraints aren't met.
func (RemoteJwksMultiError) AllErrors ¶
func (m RemoteJwksMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (RemoteJwksMultiError) Error ¶
func (m RemoteJwksMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type RemoteJwksValidationError ¶
type RemoteJwksValidationError struct {
// contains filtered or unexported fields
}
RemoteJwksValidationError is the validation error returned by RemoteJwks.Validate if the designated constraints aren't met.
func (RemoteJwksValidationError) Cause ¶
func (e RemoteJwksValidationError) Cause() error
Cause function returns cause value.
func (RemoteJwksValidationError) Error ¶
func (e RemoteJwksValidationError) Error() string
Error satisfies the builtin error interface
func (RemoteJwksValidationError) ErrorName ¶
func (e RemoteJwksValidationError) ErrorName() string
ErrorName returns error name.
func (RemoteJwksValidationError) Field ¶
func (e RemoteJwksValidationError) Field() string
Field function returns field value.
func (RemoteJwksValidationError) Key ¶
func (e RemoteJwksValidationError) Key() bool
Key function returns key value.
func (RemoteJwksValidationError) Reason ¶
func (e RemoteJwksValidationError) Reason() string
Reason function returns reason value.
type RequirementRule ¶
type RequirementRule struct { // The route matching parameter. Only when the match is satisfied, the "requires" field will // apply. // // For example: following match will match all requests. // // .. code-block:: yaml // // match: // prefix: / // Match *route.RouteMatch `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` // Specify a Jwt Requirement. Please detail comment in message JwtRequirement. Requires *JwtRequirement `protobuf:"bytes,2,opt,name=requires,proto3" json:"requires,omitempty"` // contains filtered or unexported fields }
This message specifies a Jwt requirement for a specific Route condition. Example 1:
.. code-block:: yaml
- match: prefix: /healthz
In above example, "requires" field is empty for /healthz prefix match, it means that requests matching the path prefix don't require JWT authentication.
Example 2:
.. code-block:: yaml
- match: prefix: / requires: { provider_name: provider-A }
In above example, all requests matched the path prefix require jwt authentication from "provider-A".
func (*RequirementRule) Descriptor
deprecated
func (*RequirementRule) Descriptor() ([]byte, []int)
Deprecated: Use RequirementRule.ProtoReflect.Descriptor instead.
func (*RequirementRule) GetMatch ¶
func (x *RequirementRule) GetMatch() *route.RouteMatch
func (*RequirementRule) GetRequires ¶
func (x *RequirementRule) GetRequires() *JwtRequirement
func (*RequirementRule) ProtoMessage ¶
func (*RequirementRule) ProtoMessage()
func (*RequirementRule) ProtoReflect ¶
func (x *RequirementRule) ProtoReflect() protoreflect.Message
func (*RequirementRule) Reset ¶
func (x *RequirementRule) Reset()
func (*RequirementRule) String ¶
func (x *RequirementRule) String() string
func (*RequirementRule) Validate ¶
func (m *RequirementRule) Validate() error
Validate checks the field values on RequirementRule with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*RequirementRule) ValidateAll ¶
func (m *RequirementRule) ValidateAll() error
ValidateAll checks the field values on RequirementRule with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in RequirementRuleMultiError, or nil if none found.
type RequirementRuleMultiError ¶
type RequirementRuleMultiError []error
RequirementRuleMultiError is an error wrapping multiple validation errors returned by RequirementRule.ValidateAll() if the designated constraints aren't met.
func (RequirementRuleMultiError) AllErrors ¶
func (m RequirementRuleMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (RequirementRuleMultiError) Error ¶
func (m RequirementRuleMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type RequirementRuleValidationError ¶
type RequirementRuleValidationError struct {
// contains filtered or unexported fields
}
RequirementRuleValidationError is the validation error returned by RequirementRule.Validate if the designated constraints aren't met.
func (RequirementRuleValidationError) Cause ¶
func (e RequirementRuleValidationError) Cause() error
Cause function returns cause value.
func (RequirementRuleValidationError) Error ¶
func (e RequirementRuleValidationError) Error() string
Error satisfies the builtin error interface
func (RequirementRuleValidationError) ErrorName ¶
func (e RequirementRuleValidationError) ErrorName() string
ErrorName returns error name.
func (RequirementRuleValidationError) Field ¶
func (e RequirementRuleValidationError) Field() string
Field function returns field value.
func (RequirementRuleValidationError) Key ¶
func (e RequirementRuleValidationError) Key() bool
Key function returns key value.
func (RequirementRuleValidationError) Reason ¶
func (e RequirementRuleValidationError) Reason() string
Reason function returns reason value.