Documentation ¶
Index ¶
- Variables
- type AuthorizationRequest
- func (*AuthorizationRequest) Descriptor() ([]byte, []int)
- func (m *AuthorizationRequest) GetAllowedHeaders() *matcher.ListStringMatcher
- func (m *AuthorizationRequest) GetHeadersToAdd() []*core.HeaderValue
- func (m *AuthorizationRequest) Marshal() (dAtA []byte, err error)
- func (m *AuthorizationRequest) MarshalTo(dAtA []byte) (int, error)
- func (*AuthorizationRequest) ProtoMessage()
- func (m *AuthorizationRequest) Reset()
- func (m *AuthorizationRequest) Size() (n int)
- func (m *AuthorizationRequest) String() string
- func (m *AuthorizationRequest) Unmarshal(dAtA []byte) error
- func (m *AuthorizationRequest) Validate() error
- func (m *AuthorizationRequest) XXX_DiscardUnknown()
- func (m *AuthorizationRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *AuthorizationRequest) XXX_Merge(src proto.Message)
- func (m *AuthorizationRequest) XXX_Size() int
- func (m *AuthorizationRequest) XXX_Unmarshal(b []byte) error
- type AuthorizationRequestValidationError
- type AuthorizationResponse
- func (*AuthorizationResponse) Descriptor() ([]byte, []int)
- func (m *AuthorizationResponse) GetAllowedClientHeaders() *matcher.ListStringMatcher
- func (m *AuthorizationResponse) GetAllowedUpstreamHeaders() *matcher.ListStringMatcher
- func (m *AuthorizationResponse) Marshal() (dAtA []byte, err error)
- func (m *AuthorizationResponse) MarshalTo(dAtA []byte) (int, error)
- func (*AuthorizationResponse) ProtoMessage()
- func (m *AuthorizationResponse) Reset()
- func (m *AuthorizationResponse) Size() (n int)
- func (m *AuthorizationResponse) String() string
- func (m *AuthorizationResponse) Unmarshal(dAtA []byte) error
- func (m *AuthorizationResponse) Validate() error
- func (m *AuthorizationResponse) XXX_DiscardUnknown()
- func (m *AuthorizationResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *AuthorizationResponse) XXX_Merge(src proto.Message)
- func (m *AuthorizationResponse) XXX_Size() int
- func (m *AuthorizationResponse) XXX_Unmarshal(b []byte) error
- type AuthorizationResponseValidationError
- type CheckSettings
- func (*CheckSettings) Descriptor() ([]byte, []int)
- func (m *CheckSettings) GetContextExtensions() map[string]string
- func (m *CheckSettings) Marshal() (dAtA []byte, err error)
- func (m *CheckSettings) MarshalTo(dAtA []byte) (int, error)
- func (*CheckSettings) ProtoMessage()
- func (m *CheckSettings) Reset()
- func (m *CheckSettings) Size() (n int)
- func (m *CheckSettings) String() string
- func (m *CheckSettings) Unmarshal(dAtA []byte) error
- func (m *CheckSettings) Validate() error
- func (m *CheckSettings) XXX_DiscardUnknown()
- func (m *CheckSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *CheckSettings) XXX_Merge(src proto.Message)
- func (m *CheckSettings) XXX_Size() int
- func (m *CheckSettings) XXX_Unmarshal(b []byte) error
- type CheckSettingsValidationError
- type ExtAuthz
- func (*ExtAuthz) Descriptor() ([]byte, []int)
- func (m *ExtAuthz) GetFailureModeAllow() bool
- func (m *ExtAuthz) GetGrpcService() *core.GrpcService
- func (m *ExtAuthz) GetHttpService() *HttpService
- func (m *ExtAuthz) GetServices() isExtAuthz_Services
- func (m *ExtAuthz) Marshal() (dAtA []byte, err error)
- func (m *ExtAuthz) MarshalTo(dAtA []byte) (int, error)
- func (*ExtAuthz) ProtoMessage()
- func (m *ExtAuthz) Reset()
- func (m *ExtAuthz) Size() (n int)
- func (m *ExtAuthz) String() string
- func (m *ExtAuthz) Unmarshal(dAtA []byte) error
- func (m *ExtAuthz) Validate() error
- func (m *ExtAuthz) XXX_DiscardUnknown()
- func (m *ExtAuthz) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *ExtAuthz) XXX_Merge(src proto.Message)
- func (*ExtAuthz) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *ExtAuthz) XXX_Size() int
- func (m *ExtAuthz) XXX_Unmarshal(b []byte) error
- type ExtAuthzPerRoute
- func (*ExtAuthzPerRoute) Descriptor() ([]byte, []int)
- func (m *ExtAuthzPerRoute) GetCheckSettings() *CheckSettings
- func (m *ExtAuthzPerRoute) GetDisabled() bool
- func (m *ExtAuthzPerRoute) GetOverride() isExtAuthzPerRoute_Override
- func (m *ExtAuthzPerRoute) Marshal() (dAtA []byte, err error)
- func (m *ExtAuthzPerRoute) MarshalTo(dAtA []byte) (int, error)
- func (*ExtAuthzPerRoute) ProtoMessage()
- func (m *ExtAuthzPerRoute) Reset()
- func (m *ExtAuthzPerRoute) Size() (n int)
- func (m *ExtAuthzPerRoute) String() string
- func (m *ExtAuthzPerRoute) Unmarshal(dAtA []byte) error
- func (m *ExtAuthzPerRoute) Validate() error
- func (m *ExtAuthzPerRoute) XXX_DiscardUnknown()
- func (m *ExtAuthzPerRoute) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *ExtAuthzPerRoute) XXX_Merge(src proto.Message)
- func (*ExtAuthzPerRoute) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *ExtAuthzPerRoute) XXX_Size() int
- func (m *ExtAuthzPerRoute) XXX_Unmarshal(b []byte) error
- type ExtAuthzPerRouteValidationError
- type ExtAuthzPerRoute_CheckSettings
- type ExtAuthzPerRoute_Disabled
- type ExtAuthzValidationError
- type ExtAuthz_GrpcService
- type ExtAuthz_HttpService
- type HttpService
- func (*HttpService) Descriptor() ([]byte, []int)
- func (m *HttpService) GetAuthorizationRequest() *AuthorizationRequest
- func (m *HttpService) GetAuthorizationResponse() *AuthorizationResponse
- func (m *HttpService) GetPathPrefix() string
- func (m *HttpService) GetServerUri() *core.HttpUri
- func (m *HttpService) Marshal() (dAtA []byte, err error)
- func (m *HttpService) MarshalTo(dAtA []byte) (int, error)
- func (*HttpService) ProtoMessage()
- func (m *HttpService) Reset()
- func (m *HttpService) Size() (n int)
- func (m *HttpService) String() string
- func (m *HttpService) Unmarshal(dAtA []byte) error
- func (m *HttpService) Validate() error
- func (m *HttpService) XXX_DiscardUnknown()
- func (m *HttpService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *HttpService) XXX_Merge(src proto.Message)
- func (m *HttpService) XXX_Size() int
- func (m *HttpService) XXX_Unmarshal(b []byte) error
- type HttpServiceValidationError
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthExtAuthz = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowExtAuthz = fmt.Errorf("proto: integer overflow") )
Functions ¶
This section is empty.
Types ¶
type AuthorizationRequest ¶ added in v0.6.7
type AuthorizationRequest struct { // Sets a list of matchers that are used to determine which client request headers should // be forwarded *from the filter* to the authorization server. Note that *Content-Length*, // *Authority*, *Method*, *Path* and *Authorization* are always dispatched to the authorization // server by default. The message will not contain body data and the *Content-Length* will be set // to zero. AllowedHeaders *matcher.ListStringMatcher `protobuf:"bytes,1,opt,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"` // Sets a list of headers and their values that will be added to the request to external // authorization server. Note that these will override the headers coming from the downstream. HeadersToAdd []*core.HeaderValue `protobuf:"bytes,2,rep,name=headers_to_add,json=headersToAdd,proto3" json:"headers_to_add,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*AuthorizationRequest) Descriptor ¶ added in v0.6.7
func (*AuthorizationRequest) Descriptor() ([]byte, []int)
func (*AuthorizationRequest) GetAllowedHeaders ¶ added in v0.6.7
func (m *AuthorizationRequest) GetAllowedHeaders() *matcher.ListStringMatcher
func (*AuthorizationRequest) GetHeadersToAdd ¶ added in v0.6.7
func (m *AuthorizationRequest) GetHeadersToAdd() []*core.HeaderValue
func (*AuthorizationRequest) Marshal ¶ added in v0.6.7
func (m *AuthorizationRequest) Marshal() (dAtA []byte, err error)
func (*AuthorizationRequest) MarshalTo ¶ added in v0.6.7
func (m *AuthorizationRequest) MarshalTo(dAtA []byte) (int, error)
func (*AuthorizationRequest) ProtoMessage ¶ added in v0.6.7
func (*AuthorizationRequest) ProtoMessage()
func (*AuthorizationRequest) Reset ¶ added in v0.6.7
func (m *AuthorizationRequest) Reset()
func (*AuthorizationRequest) Size ¶ added in v0.6.7
func (m *AuthorizationRequest) Size() (n int)
func (*AuthorizationRequest) String ¶ added in v0.6.7
func (m *AuthorizationRequest) String() string
func (*AuthorizationRequest) Unmarshal ¶ added in v0.6.7
func (m *AuthorizationRequest) Unmarshal(dAtA []byte) error
func (*AuthorizationRequest) Validate ¶ added in v0.6.7
func (m *AuthorizationRequest) Validate() error
Validate checks the field values on AuthorizationRequest with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*AuthorizationRequest) XXX_DiscardUnknown ¶ added in v0.6.7
func (m *AuthorizationRequest) XXX_DiscardUnknown()
func (*AuthorizationRequest) XXX_Marshal ¶ added in v0.6.7
func (m *AuthorizationRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AuthorizationRequest) XXX_Merge ¶ added in v0.6.7
func (dst *AuthorizationRequest) XXX_Merge(src proto.Message)
func (*AuthorizationRequest) XXX_Size ¶ added in v0.6.7
func (m *AuthorizationRequest) XXX_Size() int
func (*AuthorizationRequest) XXX_Unmarshal ¶ added in v0.6.7
func (m *AuthorizationRequest) XXX_Unmarshal(b []byte) error
type AuthorizationRequestValidationError ¶ added in v0.6.7
AuthorizationRequestValidationError is the validation error returned by AuthorizationRequest.Validate if the designated constraints aren't met.
func (AuthorizationRequestValidationError) Error ¶ added in v0.6.7
func (e AuthorizationRequestValidationError) Error() string
Error satisfies the builtin error interface
type AuthorizationResponse ¶ added in v0.6.7
type AuthorizationResponse struct { // Sets a list of matchers that are used to determine which authorization response headers should // be forwarded *from the filter* to the upstream service only when the HTTP status is a 200 OK. // Note that these headers will override that the original request headers when respectively // matched. AllowedUpstreamHeaders *matcher.ListStringMatcher `` /* 129-byte string literal not displayed */ // Sets a list of keys that are used to determine which authorization response headers should // be forwarded *from the filter* to the client when the HTTP status is *NOT* a 200 OK. Note that // when this list is empty, all the authorization response headers, except *Authority* will be // sent to the client (default). When a header is included in this list, *Path*, *Status*, // *Content-Length*, *WWWAuthenticate* and *Location* are automatically added. AllowedClientHeaders *matcher.ListStringMatcher `protobuf:"bytes,2,opt,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*AuthorizationResponse) Descriptor ¶ added in v0.6.7
func (*AuthorizationResponse) Descriptor() ([]byte, []int)
func (*AuthorizationResponse) GetAllowedClientHeaders ¶ added in v0.6.7
func (m *AuthorizationResponse) GetAllowedClientHeaders() *matcher.ListStringMatcher
func (*AuthorizationResponse) GetAllowedUpstreamHeaders ¶ added in v0.6.7
func (m *AuthorizationResponse) GetAllowedUpstreamHeaders() *matcher.ListStringMatcher
func (*AuthorizationResponse) Marshal ¶ added in v0.6.7
func (m *AuthorizationResponse) Marshal() (dAtA []byte, err error)
func (*AuthorizationResponse) MarshalTo ¶ added in v0.6.7
func (m *AuthorizationResponse) MarshalTo(dAtA []byte) (int, error)
func (*AuthorizationResponse) ProtoMessage ¶ added in v0.6.7
func (*AuthorizationResponse) ProtoMessage()
func (*AuthorizationResponse) Reset ¶ added in v0.6.7
func (m *AuthorizationResponse) Reset()
func (*AuthorizationResponse) Size ¶ added in v0.6.7
func (m *AuthorizationResponse) Size() (n int)
func (*AuthorizationResponse) String ¶ added in v0.6.7
func (m *AuthorizationResponse) String() string
func (*AuthorizationResponse) Unmarshal ¶ added in v0.6.7
func (m *AuthorizationResponse) Unmarshal(dAtA []byte) error
func (*AuthorizationResponse) Validate ¶ added in v0.6.7
func (m *AuthorizationResponse) Validate() error
Validate checks the field values on AuthorizationResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*AuthorizationResponse) XXX_DiscardUnknown ¶ added in v0.6.7
func (m *AuthorizationResponse) XXX_DiscardUnknown()
func (*AuthorizationResponse) XXX_Marshal ¶ added in v0.6.7
func (m *AuthorizationResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AuthorizationResponse) XXX_Merge ¶ added in v0.6.7
func (dst *AuthorizationResponse) XXX_Merge(src proto.Message)
func (*AuthorizationResponse) XXX_Size ¶ added in v0.6.7
func (m *AuthorizationResponse) XXX_Size() int
func (*AuthorizationResponse) XXX_Unmarshal ¶ added in v0.6.7
func (m *AuthorizationResponse) XXX_Unmarshal(b []byte) error
type AuthorizationResponseValidationError ¶ added in v0.6.7
type AuthorizationResponseValidationError struct { Field string Reason string Cause error Key bool }
AuthorizationResponseValidationError is the validation error returned by AuthorizationResponse.Validate if the designated constraints aren't met.
func (AuthorizationResponseValidationError) Error ¶ added in v0.6.7
func (e AuthorizationResponseValidationError) Error() string
Error satisfies the builtin error interface
type CheckSettings ¶ added in v0.6.3
type CheckSettings struct { // Context extensions to set on the CheckRequest's // :ref:`AttributeContext.context_extensions<envoy_api_field_service.auth.v2alpha.AttributeContext.context_extensions>` // // Merge semantics for this field are such that keys from more specific configs override. // // .. note:: // // These settings are only applied to a filter configured with a // :ref:`grpc_service<envoy_api_field_config.filter.http.ext_authz.v2alpha.ExtAuthz.grpc_service>`. ContextExtensions map[string]string `` /* 200-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Extra settings for the check request. You can use this to provide extra context for the ext-authz server on specific virtual hosts \ routes. For example, adding a context extension on the virtual host level can give the ext-authz server information on what virtual host is used without needing to parse the host header. If CheckSettings is specified in multiple per-filter-configs, they will be merged in order, and the result will be be used.
func (*CheckSettings) Descriptor ¶ added in v0.6.3
func (*CheckSettings) Descriptor() ([]byte, []int)
func (*CheckSettings) GetContextExtensions ¶ added in v0.6.3
func (m *CheckSettings) GetContextExtensions() map[string]string
func (*CheckSettings) Marshal ¶ added in v0.6.3
func (m *CheckSettings) Marshal() (dAtA []byte, err error)
func (*CheckSettings) MarshalTo ¶ added in v0.6.3
func (m *CheckSettings) MarshalTo(dAtA []byte) (int, error)
func (*CheckSettings) ProtoMessage ¶ added in v0.6.3
func (*CheckSettings) ProtoMessage()
func (*CheckSettings) Reset ¶ added in v0.6.3
func (m *CheckSettings) Reset()
func (*CheckSettings) Size ¶ added in v0.6.3
func (m *CheckSettings) Size() (n int)
func (*CheckSettings) String ¶ added in v0.6.3
func (m *CheckSettings) String() string
func (*CheckSettings) Unmarshal ¶ added in v0.6.3
func (m *CheckSettings) Unmarshal(dAtA []byte) error
func (*CheckSettings) Validate ¶ added in v0.6.3
func (m *CheckSettings) Validate() error
Validate checks the field values on CheckSettings with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*CheckSettings) XXX_DiscardUnknown ¶ added in v0.6.3
func (m *CheckSettings) XXX_DiscardUnknown()
func (*CheckSettings) XXX_Marshal ¶ added in v0.6.3
func (m *CheckSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*CheckSettings) XXX_Merge ¶ added in v0.6.3
func (dst *CheckSettings) XXX_Merge(src proto.Message)
func (*CheckSettings) XXX_Size ¶ added in v0.6.3
func (m *CheckSettings) XXX_Size() int
func (*CheckSettings) XXX_Unmarshal ¶ added in v0.6.3
func (m *CheckSettings) XXX_Unmarshal(b []byte) error
type CheckSettingsValidationError ¶ added in v0.6.3
CheckSettingsValidationError is the validation error returned by CheckSettings.Validate if the designated constraints aren't met.
func (CheckSettingsValidationError) Error ¶ added in v0.6.3
func (e CheckSettingsValidationError) Error() string
Error satisfies the builtin error interface
type ExtAuthz ¶
type ExtAuthz struct { // Types that are valid to be assigned to Services: // *ExtAuthz_GrpcService // *ExtAuthz_HttpService Services isExtAuthz_Services `protobuf_oneof:"services"` // Allows bypassing the filter on errors during the authorization process. // // 1. When *failure_mode_allow* is true, traffic will be allowed in the presence of an error. // This includes any of the HTTP 5xx errors, or a communication failure between the filter and // the authorization server. // 2. When *failure_mode_allow* is false, the filter will *always* return a *Forbidden response* // to the client. It will *not allow* traffic to the upstream in the presence of an error. This // includes any of the HTTP 5xx errors, or a communication failure between the filter and the // authorization server. // // Note that filter will produce stats on error. See *Statistics* at :ref:`configuration overview // <config_http_filters_ext_authz>`. FailureModeAllow bool `protobuf:"varint,2,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
External Authorization filter calls out to an external service over either gRPC or raw HTTP clients.
func (*ExtAuthz) Descriptor ¶
func (*ExtAuthz) GetFailureModeAllow ¶
func (*ExtAuthz) GetGrpcService ¶
func (m *ExtAuthz) GetGrpcService() *core.GrpcService
func (*ExtAuthz) GetHttpService ¶
func (m *ExtAuthz) GetHttpService() *HttpService
func (*ExtAuthz) GetServices ¶
func (m *ExtAuthz) GetServices() isExtAuthz_Services
func (*ExtAuthz) ProtoMessage ¶
func (*ExtAuthz) ProtoMessage()
func (*ExtAuthz) Validate ¶
Validate checks the field values on ExtAuthz with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*ExtAuthz) XXX_DiscardUnknown ¶
func (m *ExtAuthz) XXX_DiscardUnknown()
func (*ExtAuthz) XXX_Marshal ¶
func (*ExtAuthz) XXX_OneofFuncs ¶
func (*ExtAuthz) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*ExtAuthz) XXX_Unmarshal ¶
type ExtAuthzPerRoute ¶ added in v0.6.3
type ExtAuthzPerRoute struct { // Types that are valid to be assigned to Override: // *ExtAuthzPerRoute_Disabled // *ExtAuthzPerRoute_CheckSettings Override isExtAuthzPerRoute_Override `protobuf_oneof:"override"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Extra settings on a per virtualhost/route/weighter-cluster level.
func (*ExtAuthzPerRoute) Descriptor ¶ added in v0.6.3
func (*ExtAuthzPerRoute) Descriptor() ([]byte, []int)
func (*ExtAuthzPerRoute) GetCheckSettings ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) GetCheckSettings() *CheckSettings
func (*ExtAuthzPerRoute) GetDisabled ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) GetDisabled() bool
func (*ExtAuthzPerRoute) GetOverride ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) GetOverride() isExtAuthzPerRoute_Override
func (*ExtAuthzPerRoute) Marshal ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) Marshal() (dAtA []byte, err error)
func (*ExtAuthzPerRoute) MarshalTo ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) MarshalTo(dAtA []byte) (int, error)
func (*ExtAuthzPerRoute) ProtoMessage ¶ added in v0.6.3
func (*ExtAuthzPerRoute) ProtoMessage()
func (*ExtAuthzPerRoute) Reset ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) Reset()
func (*ExtAuthzPerRoute) Size ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) Size() (n int)
func (*ExtAuthzPerRoute) String ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) String() string
func (*ExtAuthzPerRoute) Unmarshal ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) Unmarshal(dAtA []byte) error
func (*ExtAuthzPerRoute) Validate ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) Validate() error
Validate checks the field values on ExtAuthzPerRoute with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*ExtAuthzPerRoute) XXX_DiscardUnknown ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) XXX_DiscardUnknown()
func (*ExtAuthzPerRoute) XXX_Marshal ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*ExtAuthzPerRoute) XXX_Merge ¶ added in v0.6.3
func (dst *ExtAuthzPerRoute) XXX_Merge(src proto.Message)
func (*ExtAuthzPerRoute) XXX_OneofFuncs ¶ added in v0.6.3
func (*ExtAuthzPerRoute) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*ExtAuthzPerRoute) XXX_Size ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) XXX_Size() int
func (*ExtAuthzPerRoute) XXX_Unmarshal ¶ added in v0.6.3
func (m *ExtAuthzPerRoute) XXX_Unmarshal(b []byte) error
type ExtAuthzPerRouteValidationError ¶ added in v0.6.3
ExtAuthzPerRouteValidationError is the validation error returned by ExtAuthzPerRoute.Validate if the designated constraints aren't met.
func (ExtAuthzPerRouteValidationError) Error ¶ added in v0.6.3
func (e ExtAuthzPerRouteValidationError) Error() string
Error satisfies the builtin error interface
type ExtAuthzPerRoute_CheckSettings ¶ added in v0.6.3
type ExtAuthzPerRoute_CheckSettings struct {
CheckSettings *CheckSettings `protobuf:"bytes,2,opt,name=check_settings,json=checkSettings,proto3,oneof"`
}
func (*ExtAuthzPerRoute_CheckSettings) MarshalTo ¶ added in v0.6.3
func (m *ExtAuthzPerRoute_CheckSettings) MarshalTo(dAtA []byte) (int, error)
func (*ExtAuthzPerRoute_CheckSettings) Size ¶ added in v0.6.3
func (m *ExtAuthzPerRoute_CheckSettings) Size() (n int)
type ExtAuthzPerRoute_Disabled ¶ added in v0.6.3
type ExtAuthzPerRoute_Disabled struct {
Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3,oneof"`
}
func (*ExtAuthzPerRoute_Disabled) MarshalTo ¶ added in v0.6.3
func (m *ExtAuthzPerRoute_Disabled) MarshalTo(dAtA []byte) (int, error)
func (*ExtAuthzPerRoute_Disabled) Size ¶ added in v0.6.3
func (m *ExtAuthzPerRoute_Disabled) Size() (n int)
type ExtAuthzValidationError ¶
ExtAuthzValidationError is the validation error returned by ExtAuthz.Validate if the designated constraints aren't met.
func (ExtAuthzValidationError) Error ¶
func (e ExtAuthzValidationError) Error() string
Error satisfies the builtin error interface
type ExtAuthz_GrpcService ¶
type ExtAuthz_GrpcService struct {
GrpcService *core.GrpcService `protobuf:"bytes,1,opt,name=grpc_service,json=grpcService,proto3,oneof"`
}
func (*ExtAuthz_GrpcService) MarshalTo ¶
func (m *ExtAuthz_GrpcService) MarshalTo(dAtA []byte) (int, error)
func (*ExtAuthz_GrpcService) Size ¶
func (m *ExtAuthz_GrpcService) Size() (n int)
type ExtAuthz_HttpService ¶
type ExtAuthz_HttpService struct {
HttpService *HttpService `protobuf:"bytes,3,opt,name=http_service,json=httpService,proto3,oneof"`
}
func (*ExtAuthz_HttpService) MarshalTo ¶
func (m *ExtAuthz_HttpService) MarshalTo(dAtA []byte) (int, error)
func (*ExtAuthz_HttpService) Size ¶
func (m *ExtAuthz_HttpService) Size() (n int)
type HttpService ¶
type HttpService struct { // Sets the HTTP server URI which the authorization requests must be sent to. ServerUri *core.HttpUri `protobuf:"bytes,1,opt,name=server_uri,json=serverUri,proto3" json:"server_uri,omitempty"` // Sets an optional prefix to the value of authorization request header *Path*. PathPrefix string `protobuf:"bytes,2,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` // Settings for controlling request headers forwarded from the filter to the authorization server. AuthorizationRequest *AuthorizationRequest `protobuf:"bytes,7,opt,name=authorization_request,json=authorizationRequest,proto3" json:"authorization_request,omitempty"` // Settings for controlling authorization response forwarded from the filter to a client, // or to an upstream service. AuthorizationResponse *AuthorizationResponse `protobuf:"bytes,8,opt,name=authorization_response,json=authorizationResponse,proto3" json:"authorization_response,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
External Authorization filter calls an authorization server by passing the raw HTTP request headers to the server. This allows the authorization service to take a decision whether the request should be authorized or not.
A successful check allows the authorization service adding or overriding headers from the original request before dispatching them to the upstream. This is done by configuring which headers in the authorization response should be sent to the upstream. See :ref:`allowed_upstream_headers <envoy_api_field_config.filter.http.ext_authz.v2alpha.AuthorizationResponse.allowed_upstream_headers>` for more details.
A failed check will cause this filter to close the HTTP request with 403 (Forbidden), unless a different status code has been indicated by the authorization server via response headers. In addition to the the status code and with exception of the *Authority*, the filter will send all headers from the authorization server back to the client by default. See :ref:`allowed_client_headers <envoy_api_field_config.filter.http.ext_authz.v2alpha.AuthorizationResponse.allowed_client_headers>` for more details.
.. note:: Unlike the gRPC client that request and response headers are passed in the message, headers forwarded by via the raw HTTP client will affect the request or the response.
func (*HttpService) Descriptor ¶
func (*HttpService) Descriptor() ([]byte, []int)
func (*HttpService) GetAuthorizationRequest ¶ added in v0.6.7
func (m *HttpService) GetAuthorizationRequest() *AuthorizationRequest
func (*HttpService) GetAuthorizationResponse ¶ added in v0.6.7
func (m *HttpService) GetAuthorizationResponse() *AuthorizationResponse
func (*HttpService) GetPathPrefix ¶
func (m *HttpService) GetPathPrefix() string
func (*HttpService) GetServerUri ¶
func (m *HttpService) GetServerUri() *core.HttpUri
func (*HttpService) Marshal ¶
func (m *HttpService) Marshal() (dAtA []byte, err error)
func (*HttpService) ProtoMessage ¶
func (*HttpService) ProtoMessage()
func (*HttpService) Reset ¶
func (m *HttpService) Reset()
func (*HttpService) Size ¶
func (m *HttpService) Size() (n int)
func (*HttpService) String ¶
func (m *HttpService) String() string
func (*HttpService) Unmarshal ¶
func (m *HttpService) Unmarshal(dAtA []byte) error
func (*HttpService) Validate ¶
func (m *HttpService) Validate() error
Validate checks the field values on HttpService with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*HttpService) XXX_DiscardUnknown ¶
func (m *HttpService) XXX_DiscardUnknown()
func (*HttpService) XXX_Marshal ¶
func (m *HttpService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*HttpService) XXX_Merge ¶
func (dst *HttpService) XXX_Merge(src proto.Message)
func (*HttpService) XXX_Size ¶
func (m *HttpService) XXX_Size() int
func (*HttpService) XXX_Unmarshal ¶
func (m *HttpService) XXX_Unmarshal(b []byte) error
type HttpServiceValidationError ¶
HttpServiceValidationError is the validation error returned by HttpService.Validate if the designated constraints aren't met.
func (HttpServiceValidationError) Error ¶
func (e HttpServiceValidationError) Error() string
Error satisfies the builtin error interface