Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_envoy_extensions_filters_http_ext_authz_v4alpha_ext_authz_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type AuthorizationRequest

type AuthorizationRequest struct {

	// Authorization request will include the client request headers that have a correspondent match
	// in the :ref:`list <envoy_api_msg_type.matcher.v4alpha.ListStringMatcher>`. Note that in addition to the
	// user's supplied matchers:
	//
	// 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
	//
	// 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
	// a message body. However, the authorization request can include the buffered client request body
	// (controlled by :ref:`with_request_body
	// <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.ExtAuthz.with_request_body>` setting),
	// consequently the value of *Content-Length* of the authorization request reflects the size of
	// its payload size.
	//
	AllowedHeaders *v4alpha1.ListStringMatcher `protobuf:"bytes,1,opt,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"`
	// Sets a list of headers that will be included to the request to authorization service. Note that
	// client request of the same key will be overridden.
	HeadersToAdd []*v4alpha.HeaderValue `protobuf:"bytes,2,rep,name=headers_to_add,json=headersToAdd,proto3" json:"headers_to_add,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthorizationRequest) Descriptor

func (*AuthorizationRequest) Descriptor() ([]byte, []int)

    Deprecated: Use AuthorizationRequest.ProtoReflect.Descriptor instead.

    func (*AuthorizationRequest) GetAllowedHeaders

    func (x *AuthorizationRequest) GetAllowedHeaders() *v4alpha1.ListStringMatcher

    func (*AuthorizationRequest) GetHeadersToAdd

    func (x *AuthorizationRequest) GetHeadersToAdd() []*v4alpha.HeaderValue

    func (*AuthorizationRequest) ProtoMessage

    func (*AuthorizationRequest) ProtoMessage()

    func (*AuthorizationRequest) ProtoReflect

    func (x *AuthorizationRequest) ProtoReflect() protoreflect.Message

    func (*AuthorizationRequest) Reset

    func (x *AuthorizationRequest) Reset()

    func (*AuthorizationRequest) String

    func (x *AuthorizationRequest) String() string

    func (*AuthorizationRequest) Validate

    func (m *AuthorizationRequest) Validate() error

      Validate checks the field values on AuthorizationRequest with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

      type AuthorizationRequestValidationError

      type AuthorizationRequestValidationError struct {
      	// contains filtered or unexported fields
      }

        AuthorizationRequestValidationError is the validation error returned by AuthorizationRequest.Validate if the designated constraints aren't met.

        func (AuthorizationRequestValidationError) Cause

          Cause function returns cause value.

          func (AuthorizationRequestValidationError) Error

            Error satisfies the builtin error interface

            func (AuthorizationRequestValidationError) ErrorName

              ErrorName returns error name.

              func (AuthorizationRequestValidationError) Field

                Field function returns field value.

                func (AuthorizationRequestValidationError) Key

                  Key function returns key value.

                  func (AuthorizationRequestValidationError) Reason

                    Reason function returns reason value.

                    type AuthorizationResponse

                    type AuthorizationResponse struct {
                    
                    	// When this :ref:`list <envoy_api_msg_type.matcher.v4alpha.ListStringMatcher>` is set, authorization
                    	// response headers that have a correspondent match will be added to the original client request.
                    	// Note that coexistent headers will be overridden.
                    	AllowedUpstreamHeaders *v4alpha1.ListStringMatcher `` /* 129-byte string literal not displayed */
                    	// When this :ref:`list <envoy_api_msg_type.matcher.v4alpha.ListStringMatcher>` is set, authorization
                    	// response headers that have a correspondent match will be added to the client's response. Note
                    	// that coexistent headers will be appended.
                    	AllowedUpstreamHeadersToAppend *v4alpha1.ListStringMatcher `` /* 157-byte string literal not displayed */
                    	// When this :ref:`list <envoy_api_msg_type.matcher.v4alpha.ListStringMatcher>`. is set, authorization
                    	// response headers that have a correspondent match will be added to the client's response. Note
                    	// that when this list is *not* set, all the authorization response headers, except *Authority
                    	// (Host)* will be in the response to the client. When a header is included in this list, *Path*,
                    	// *Status*, *Content-Length*, *WWWAuthenticate* and *Location* are automatically added.
                    	AllowedClientHeaders *v4alpha1.ListStringMatcher `protobuf:"bytes,2,opt,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"`
                    	// contains filtered or unexported fields
                    }

                    func (*AuthorizationResponse) Descriptor

                    func (*AuthorizationResponse) Descriptor() ([]byte, []int)

                      Deprecated: Use AuthorizationResponse.ProtoReflect.Descriptor instead.

                      func (*AuthorizationResponse) GetAllowedClientHeaders

                      func (x *AuthorizationResponse) GetAllowedClientHeaders() *v4alpha1.ListStringMatcher

                      func (*AuthorizationResponse) GetAllowedUpstreamHeaders

                      func (x *AuthorizationResponse) GetAllowedUpstreamHeaders() *v4alpha1.ListStringMatcher

                      func (*AuthorizationResponse) GetAllowedUpstreamHeadersToAppend

                      func (x *AuthorizationResponse) GetAllowedUpstreamHeadersToAppend() *v4alpha1.ListStringMatcher

                      func (*AuthorizationResponse) ProtoMessage

                      func (*AuthorizationResponse) ProtoMessage()

                      func (*AuthorizationResponse) ProtoReflect

                      func (x *AuthorizationResponse) ProtoReflect() protoreflect.Message

                      func (*AuthorizationResponse) Reset

                      func (x *AuthorizationResponse) Reset()

                      func (*AuthorizationResponse) String

                      func (x *AuthorizationResponse) String() string

                      func (*AuthorizationResponse) Validate

                      func (m *AuthorizationResponse) Validate() error

                        Validate checks the field values on AuthorizationResponse with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                        type AuthorizationResponseValidationError

                        type AuthorizationResponseValidationError struct {
                        	// contains filtered or unexported fields
                        }

                          AuthorizationResponseValidationError is the validation error returned by AuthorizationResponse.Validate if the designated constraints aren't met.

                          func (AuthorizationResponseValidationError) Cause

                            Cause function returns cause value.

                            func (AuthorizationResponseValidationError) Error

                              Error satisfies the builtin error interface

                              func (AuthorizationResponseValidationError) ErrorName

                                ErrorName returns error name.

                                func (AuthorizationResponseValidationError) Field

                                  Field function returns field value.

                                  func (AuthorizationResponseValidationError) Key

                                    Key function returns key value.

                                    func (AuthorizationResponseValidationError) Reason

                                      Reason function returns reason value.

                                      type BufferSettings

                                      type BufferSettings struct {
                                      
                                      	// Sets the maximum size of a message body that the filter will hold in memory. Envoy will return
                                      	// *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number
                                      	// set in this field. Note that this setting will have precedence over :ref:`failure_mode_allow
                                      	// <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.ExtAuthz.failure_mode_allow>`.
                                      	MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"`
                                      	// When this field is true, Envoy will buffer the message until *max_request_bytes* is reached.
                                      	// The authorization request will be dispatched and no 413 HTTP error will be returned by the
                                      	// filter.
                                      	AllowPartialMessage bool `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"`
                                      	// If true, the body sent to the external authorization service is set with raw bytes, it sets
                                      	// the :ref:`raw_body<envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.raw_body>`
                                      	// field of HTTP request attribute context. Otherwise, :ref:`
                                      	// body<envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` will be filled
                                      	// with UTF-8 string request body.
                                      	PackAsBytes bool `protobuf:"varint,3,opt,name=pack_as_bytes,json=packAsBytes,proto3" json:"pack_as_bytes,omitempty"`
                                      	// contains filtered or unexported fields
                                      }

                                        Configuration for buffering the request data.

                                        func (*BufferSettings) Descriptor

                                        func (*BufferSettings) Descriptor() ([]byte, []int)

                                          Deprecated: Use BufferSettings.ProtoReflect.Descriptor instead.

                                          func (*BufferSettings) GetAllowPartialMessage

                                          func (x *BufferSettings) GetAllowPartialMessage() bool

                                          func (*BufferSettings) GetMaxRequestBytes

                                          func (x *BufferSettings) GetMaxRequestBytes() uint32

                                          func (*BufferSettings) GetPackAsBytes

                                          func (x *BufferSettings) GetPackAsBytes() bool

                                          func (*BufferSettings) ProtoMessage

                                          func (*BufferSettings) ProtoMessage()

                                          func (*BufferSettings) ProtoReflect

                                          func (x *BufferSettings) ProtoReflect() protoreflect.Message

                                          func (*BufferSettings) Reset

                                          func (x *BufferSettings) Reset()

                                          func (*BufferSettings) String

                                          func (x *BufferSettings) String() string

                                          func (*BufferSettings) Validate

                                          func (m *BufferSettings) Validate() error

                                            Validate checks the field values on BufferSettings with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                            type BufferSettingsValidationError

                                            type BufferSettingsValidationError struct {
                                            	// contains filtered or unexported fields
                                            }

                                              BufferSettingsValidationError is the validation error returned by BufferSettings.Validate if the designated constraints aren't met.

                                              func (BufferSettingsValidationError) Cause

                                                Cause function returns cause value.

                                                func (BufferSettingsValidationError) Error

                                                  Error satisfies the builtin error interface

                                                  func (BufferSettingsValidationError) ErrorName

                                                  func (e BufferSettingsValidationError) ErrorName() string

                                                    ErrorName returns error name.

                                                    func (BufferSettingsValidationError) Field

                                                      Field function returns field value.

                                                      func (BufferSettingsValidationError) Key

                                                        Key function returns key value.

                                                        func (BufferSettingsValidationError) Reason

                                                          Reason function returns reason value.

                                                          type CheckSettings

                                                          type CheckSettings struct {
                                                          
                                                          	// Context extensions to set on the CheckRequest's
                                                          	// :ref:`AttributeContext.context_extensions<envoy_api_field_service.auth.v4alpha.AttributeContext.context_extensions>`
                                                          	//
                                                          	// You can use this to provide extra context for the external authorization server on specific
                                                          	// virtual hosts/routes. For example, adding a context extension on the virtual host level can
                                                          	// give the ext-authz server information on what virtual host is used without needing to parse the
                                                          	// host header. If CheckSettings is specified in multiple per-filter-configs, they will be merged
                                                          	// in order, and the result will be used.
                                                          	//
                                                          	// Merge semantics for this field are such that keys from more specific configs override.
                                                          	//
                                                          	// .. note::
                                                          	//
                                                          	//   These settings are only applied to a filter configured with a
                                                          	//   :ref:`grpc_service<envoy_api_field_extensions.filters.http.ext_authz.v4alpha.ExtAuthz.grpc_service>`.
                                                          	ContextExtensions map[string]string `` /* 200-byte string literal not displayed */
                                                          	// When set to true, disable the configured :ref:`with_request_body
                                                          	// <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.ExtAuthz.with_request_body>` for a route.
                                                          	DisableRequestBodyBuffering bool `` /* 147-byte string literal not displayed */
                                                          	// contains filtered or unexported fields
                                                          }

                                                            Extra settings for the check request.

                                                            func (*CheckSettings) Descriptor

                                                            func (*CheckSettings) Descriptor() ([]byte, []int)

                                                              Deprecated: Use CheckSettings.ProtoReflect.Descriptor instead.

                                                              func (*CheckSettings) GetContextExtensions

                                                              func (x *CheckSettings) GetContextExtensions() map[string]string

                                                              func (*CheckSettings) GetDisableRequestBodyBuffering

                                                              func (x *CheckSettings) GetDisableRequestBodyBuffering() bool

                                                              func (*CheckSettings) ProtoMessage

                                                              func (*CheckSettings) ProtoMessage()

                                                              func (*CheckSettings) ProtoReflect

                                                              func (x *CheckSettings) ProtoReflect() protoreflect.Message

                                                              func (*CheckSettings) Reset

                                                              func (x *CheckSettings) Reset()

                                                              func (*CheckSettings) String

                                                              func (x *CheckSettings) String() string

                                                              func (*CheckSettings) Validate

                                                              func (m *CheckSettings) Validate() error

                                                                Validate checks the field values on CheckSettings with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                type CheckSettingsValidationError

                                                                type CheckSettingsValidationError struct {
                                                                	// contains filtered or unexported fields
                                                                }

                                                                  CheckSettingsValidationError is the validation error returned by CheckSettings.Validate if the designated constraints aren't met.

                                                                  func (CheckSettingsValidationError) Cause

                                                                    Cause function returns cause value.

                                                                    func (CheckSettingsValidationError) Error

                                                                      Error satisfies the builtin error interface

                                                                      func (CheckSettingsValidationError) ErrorName

                                                                      func (e CheckSettingsValidationError) ErrorName() string

                                                                        ErrorName returns error name.

                                                                        func (CheckSettingsValidationError) Field

                                                                          Field function returns field value.

                                                                          func (CheckSettingsValidationError) Key

                                                                            Key function returns key value.

                                                                            func (CheckSettingsValidationError) Reason

                                                                              Reason function returns reason value.

                                                                              type ExtAuthz

                                                                              type ExtAuthz struct {
                                                                              
                                                                              	// External authorization service configuration.
                                                                              	//
                                                                              	// Types that are assignable to Services:
                                                                              	//	*ExtAuthz_GrpcService
                                                                              	//	*ExtAuthz_HttpService
                                                                              	Services isExtAuthz_Services `protobuf_oneof:"services"`
                                                                              	// API version for ext_authz transport protocol. This describes the ext_authz gRPC endpoint and
                                                                              	// version of messages used on the wire.
                                                                              	TransportApiVersion v4alpha.ApiVersion `` /* 164-byte string literal not displayed */
                                                                              	//  Changes filter's behaviour on errors:
                                                                              	//
                                                                              	//  1. When set to true, the filter will *accept* client request even if the communication with
                                                                              	//  the authorization service has failed, or if the authorization service has returned a HTTP 5xx
                                                                              	//  error.
                                                                              	//
                                                                              	//  2. When set to false, ext-authz will *reject* client requests and return a *Forbidden*
                                                                              	//  response if the communication with the authorization service has failed, or if the
                                                                              	//  authorization service has returned a HTTP 5xx error.
                                                                              	//
                                                                              	// Note that errors can be *always* tracked in the :ref:`stats
                                                                              	// <config_http_filters_ext_authz_stats>`.
                                                                              	FailureModeAllow bool `protobuf:"varint,2,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"`
                                                                              	// Enables filter to buffer the client request body and send it within the authorization request.
                                                                              	// A “x-envoy-auth-partial-body: false|true“ metadata header will be added to the authorization
                                                                              	// request message indicating if the body data is partial.
                                                                              	WithRequestBody *BufferSettings `protobuf:"bytes,5,opt,name=with_request_body,json=withRequestBody,proto3" json:"with_request_body,omitempty"`
                                                                              	// Clears route cache in order to allow the external authorization service to correctly affect
                                                                              	// routing decisions. Filter clears all cached routes when:
                                                                              	//
                                                                              	// 1. The field is set to *true*.
                                                                              	//
                                                                              	// 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.
                                                                              	//
                                                                              	// 3. At least one *authorization response header* is added to the client request, or is used for
                                                                              	// altering another client request header.
                                                                              	//
                                                                              	ClearRouteCache bool `protobuf:"varint,6,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"`
                                                                              	// Sets the HTTP status that is returned to the client when there is a network error between the
                                                                              	// filter and the authorization server. The default status is HTTP 403 Forbidden.
                                                                              	StatusOnError *v3.HttpStatus `protobuf:"bytes,7,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"`
                                                                              	// Specifies a list of metadata namespaces whose values, if present, will be passed to the
                                                                              	// ext_authz service as an opaque *protobuf::Struct*.
                                                                              	//
                                                                              	// For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
                                                                              	// <envoy_api_field_extensions.filters.http.jwt_authn.v4alpha.JwtProvider.payload_in_metadata>` is set,
                                                                              	// then the following will pass the jwt payload to the authorization server.
                                                                              	//
                                                                              	// .. code-block:: yaml
                                                                              	//
                                                                              	//    metadata_context_namespaces:
                                                                              	//    - envoy.filters.http.jwt_authn
                                                                              	//
                                                                              	MetadataContextNamespaces []string `` /* 138-byte string literal not displayed */
                                                                              	// Specifies if the filter is enabled.
                                                                              	//
                                                                              	// If :ref:`runtime_key <envoy_api_field_config.core.v4alpha.RuntimeFractionalPercent.runtime_key>` is specified,
                                                                              	// Envoy will lookup the runtime key to get the percentage of requests to filter.
                                                                              	//
                                                                              	// If this field is not specified, the filter will be enabled for all requests.
                                                                              	FilterEnabled *v4alpha.RuntimeFractionalPercent `protobuf:"bytes,9,opt,name=filter_enabled,json=filterEnabled,proto3" json:"filter_enabled,omitempty"`
                                                                              	// Specifies if the filter is enabled with metadata matcher.
                                                                              	// If this field is not specified, the filter will be enabled for all requests.
                                                                              	FilterEnabledMetadata *v4alpha1.MetadataMatcher `` /* 127-byte string literal not displayed */
                                                                              	// Specifies whether to deny the requests, when the filter is disabled.
                                                                              	// If :ref:`runtime_key <envoy_api_field_config.core.v4alpha.RuntimeFeatureFlag.runtime_key>` is specified,
                                                                              	// Envoy will lookup the runtime key to determine whether to deny request for
                                                                              	// filter protected path at filter disabling. If filter is disabled in
                                                                              	// typed_per_filter_config for the path, requests will not be denied.
                                                                              	//
                                                                              	// If this field is not specified, all requests will be allowed when disabled.
                                                                              	DenyAtDisable *v4alpha.RuntimeFeatureFlag `protobuf:"bytes,11,opt,name=deny_at_disable,json=denyAtDisable,proto3" json:"deny_at_disable,omitempty"`
                                                                              	// Specifies if the peer certificate is sent to the external service.
                                                                              	//
                                                                              	// When this field is true, Envoy will include the peer X.509 certificate, if available, in the
                                                                              	// :ref:`certificate<envoy_api_field_service.auth.v4alpha.AttributeContext.Peer.certificate>`.
                                                                              	IncludePeerCertificate bool `` /* 131-byte string literal not displayed */
                                                                              	// Optional additional prefix to use when emitting statistics. This allows to distinguish
                                                                              	// emitted statistics between configured *ext_authz* filters in an HTTP filter chain. For example:
                                                                              	//
                                                                              	// .. code-block:: yaml
                                                                              	//
                                                                              	//   http_filters:
                                                                              	//     - name: envoy.filters.http.ext_authz
                                                                              	//       typed_config:
                                                                              	//         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
                                                                              	//         stat_prefix: waf # This emits ext_authz.waf.ok, ext_authz.waf.denied, etc.
                                                                              	//     - name: envoy.filters.http.ext_authz
                                                                              	//       typed_config:
                                                                              	//         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
                                                                              	//         stat_prefix: blocker # This emits ext_authz.blocker.ok, ext_authz.blocker.denied, etc.
                                                                              	//
                                                                              	StatPrefix string `protobuf:"bytes,13,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
                                                                              	// contains filtered or unexported fields
                                                                              }

                                                                                [#next-free-field: 15]

                                                                                func (*ExtAuthz) Descriptor

                                                                                func (*ExtAuthz) Descriptor() ([]byte, []int)

                                                                                  Deprecated: Use ExtAuthz.ProtoReflect.Descriptor instead.

                                                                                  func (*ExtAuthz) GetClearRouteCache

                                                                                  func (x *ExtAuthz) GetClearRouteCache() bool

                                                                                  func (*ExtAuthz) GetDenyAtDisable

                                                                                  func (x *ExtAuthz) GetDenyAtDisable() *v4alpha.RuntimeFeatureFlag

                                                                                  func (*ExtAuthz) GetFailureModeAllow

                                                                                  func (x *ExtAuthz) GetFailureModeAllow() bool

                                                                                  func (*ExtAuthz) GetFilterEnabled

                                                                                  func (x *ExtAuthz) GetFilterEnabled() *v4alpha.RuntimeFractionalPercent

                                                                                  func (*ExtAuthz) GetFilterEnabledMetadata

                                                                                  func (x *ExtAuthz) GetFilterEnabledMetadata() *v4alpha1.MetadataMatcher

                                                                                  func (*ExtAuthz) GetGrpcService

                                                                                  func (x *ExtAuthz) GetGrpcService() *v4alpha.GrpcService

                                                                                  func (*ExtAuthz) GetHttpService

                                                                                  func (x *ExtAuthz) GetHttpService() *HttpService

                                                                                  func (*ExtAuthz) GetIncludePeerCertificate

                                                                                  func (x *ExtAuthz) GetIncludePeerCertificate() bool

                                                                                  func (*ExtAuthz) GetMetadataContextNamespaces

                                                                                  func (x *ExtAuthz) GetMetadataContextNamespaces() []string

                                                                                  func (*ExtAuthz) GetServices

                                                                                  func (m *ExtAuthz) GetServices() isExtAuthz_Services

                                                                                  func (*ExtAuthz) GetStatPrefix

                                                                                  func (x *ExtAuthz) GetStatPrefix() string

                                                                                  func (*ExtAuthz) GetStatusOnError

                                                                                  func (x *ExtAuthz) GetStatusOnError() *v3.HttpStatus

                                                                                  func (*ExtAuthz) GetTransportApiVersion

                                                                                  func (x *ExtAuthz) GetTransportApiVersion() v4alpha.ApiVersion

                                                                                  func (*ExtAuthz) GetWithRequestBody

                                                                                  func (x *ExtAuthz) GetWithRequestBody() *BufferSettings

                                                                                  func (*ExtAuthz) ProtoMessage

                                                                                  func (*ExtAuthz) ProtoMessage()

                                                                                  func (*ExtAuthz) ProtoReflect

                                                                                  func (x *ExtAuthz) ProtoReflect() protoreflect.Message

                                                                                  func (*ExtAuthz) Reset

                                                                                  func (x *ExtAuthz) Reset()

                                                                                  func (*ExtAuthz) String

                                                                                  func (x *ExtAuthz) String() string

                                                                                  func (*ExtAuthz) Validate

                                                                                  func (m *ExtAuthz) Validate() error

                                                                                    Validate checks the field values on ExtAuthz with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                    type ExtAuthzPerRoute

                                                                                    type ExtAuthzPerRoute struct {
                                                                                    
                                                                                    	// Types that are assignable to Override:
                                                                                    	//	*ExtAuthzPerRoute_Disabled
                                                                                    	//	*ExtAuthzPerRoute_CheckSettings
                                                                                    	Override isExtAuthzPerRoute_Override `protobuf_oneof:"override"`
                                                                                    	// contains filtered or unexported fields
                                                                                    }

                                                                                      Extra settings on a per virtualhost/route/weighted-cluster level.

                                                                                      func (*ExtAuthzPerRoute) Descriptor

                                                                                      func (*ExtAuthzPerRoute) Descriptor() ([]byte, []int)

                                                                                        Deprecated: Use ExtAuthzPerRoute.ProtoReflect.Descriptor instead.

                                                                                        func (*ExtAuthzPerRoute) GetCheckSettings

                                                                                        func (x *ExtAuthzPerRoute) GetCheckSettings() *CheckSettings

                                                                                        func (*ExtAuthzPerRoute) GetDisabled

                                                                                        func (x *ExtAuthzPerRoute) GetDisabled() bool

                                                                                        func (*ExtAuthzPerRoute) GetOverride

                                                                                        func (m *ExtAuthzPerRoute) GetOverride() isExtAuthzPerRoute_Override

                                                                                        func (*ExtAuthzPerRoute) ProtoMessage

                                                                                        func (*ExtAuthzPerRoute) ProtoMessage()

                                                                                        func (*ExtAuthzPerRoute) ProtoReflect

                                                                                        func (x *ExtAuthzPerRoute) ProtoReflect() protoreflect.Message

                                                                                        func (*ExtAuthzPerRoute) Reset

                                                                                        func (x *ExtAuthzPerRoute) Reset()

                                                                                        func (*ExtAuthzPerRoute) String

                                                                                        func (x *ExtAuthzPerRoute) String() string

                                                                                        func (*ExtAuthzPerRoute) Validate

                                                                                        func (m *ExtAuthzPerRoute) Validate() error

                                                                                          Validate checks the field values on ExtAuthzPerRoute with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                          type ExtAuthzPerRouteValidationError

                                                                                          type ExtAuthzPerRouteValidationError struct {
                                                                                          	// contains filtered or unexported fields
                                                                                          }

                                                                                            ExtAuthzPerRouteValidationError is the validation error returned by ExtAuthzPerRoute.Validate if the designated constraints aren't met.

                                                                                            func (ExtAuthzPerRouteValidationError) Cause

                                                                                              Cause function returns cause value.

                                                                                              func (ExtAuthzPerRouteValidationError) Error

                                                                                                Error satisfies the builtin error interface

                                                                                                func (ExtAuthzPerRouteValidationError) ErrorName

                                                                                                  ErrorName returns error name.

                                                                                                  func (ExtAuthzPerRouteValidationError) Field

                                                                                                    Field function returns field value.

                                                                                                    func (ExtAuthzPerRouteValidationError) Key

                                                                                                      Key function returns key value.

                                                                                                      func (ExtAuthzPerRouteValidationError) Reason

                                                                                                        Reason function returns reason value.

                                                                                                        type ExtAuthzPerRoute_CheckSettings

                                                                                                        type ExtAuthzPerRoute_CheckSettings struct {
                                                                                                        	// Check request settings for this route.
                                                                                                        	CheckSettings *CheckSettings `protobuf:"bytes,2,opt,name=check_settings,json=checkSettings,proto3,oneof"`
                                                                                                        }

                                                                                                        type ExtAuthzPerRoute_Disabled

                                                                                                        type ExtAuthzPerRoute_Disabled struct {
                                                                                                        	// Disable the ext auth filter for this particular vhost or route.
                                                                                                        	// If disabled is specified in multiple per-filter-configs, the most specific one will be used.
                                                                                                        	Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3,oneof"`
                                                                                                        }

                                                                                                        type ExtAuthzValidationError

                                                                                                        type ExtAuthzValidationError struct {
                                                                                                        	// contains filtered or unexported fields
                                                                                                        }

                                                                                                          ExtAuthzValidationError is the validation error returned by ExtAuthz.Validate if the designated constraints aren't met.

                                                                                                          func (ExtAuthzValidationError) Cause

                                                                                                          func (e ExtAuthzValidationError) Cause() error

                                                                                                            Cause function returns cause value.

                                                                                                            func (ExtAuthzValidationError) Error

                                                                                                            func (e ExtAuthzValidationError) Error() string

                                                                                                              Error satisfies the builtin error interface

                                                                                                              func (ExtAuthzValidationError) ErrorName

                                                                                                              func (e ExtAuthzValidationError) ErrorName() string

                                                                                                                ErrorName returns error name.

                                                                                                                func (ExtAuthzValidationError) Field

                                                                                                                func (e ExtAuthzValidationError) Field() string

                                                                                                                  Field function returns field value.

                                                                                                                  func (ExtAuthzValidationError) Key

                                                                                                                  func (e ExtAuthzValidationError) Key() bool

                                                                                                                    Key function returns key value.

                                                                                                                    func (ExtAuthzValidationError) Reason

                                                                                                                    func (e ExtAuthzValidationError) Reason() string

                                                                                                                      Reason function returns reason value.

                                                                                                                      type ExtAuthz_GrpcService

                                                                                                                      type ExtAuthz_GrpcService struct {
                                                                                                                      	// gRPC service configuration (default timeout: 200ms).
                                                                                                                      	GrpcService *v4alpha.GrpcService `protobuf:"bytes,1,opt,name=grpc_service,json=grpcService,proto3,oneof"`
                                                                                                                      }

                                                                                                                      type ExtAuthz_HttpService

                                                                                                                      type ExtAuthz_HttpService struct {
                                                                                                                      	// HTTP service configuration (default timeout: 200ms).
                                                                                                                      	HttpService *HttpService `protobuf:"bytes,3,opt,name=http_service,json=httpService,proto3,oneof"`
                                                                                                                      }

                                                                                                                      type HttpService

                                                                                                                      type HttpService struct {
                                                                                                                      
                                                                                                                      	// Sets the HTTP server URI which the authorization requests must be sent to.
                                                                                                                      	ServerUri *v4alpha.HttpUri `protobuf:"bytes,1,opt,name=server_uri,json=serverUri,proto3" json:"server_uri,omitempty"`
                                                                                                                      	// Sets a prefix to the value of authorization request header *Path*.
                                                                                                                      	PathPrefix string `protobuf:"bytes,2,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
                                                                                                                      	// Settings used for controlling authorization request metadata.
                                                                                                                      	AuthorizationRequest *AuthorizationRequest `protobuf:"bytes,7,opt,name=authorization_request,json=authorizationRequest,proto3" json:"authorization_request,omitempty"`
                                                                                                                      	// Settings used for controlling authorization response metadata.
                                                                                                                      	AuthorizationResponse *AuthorizationResponse `protobuf:"bytes,8,opt,name=authorization_response,json=authorizationResponse,proto3" json:"authorization_response,omitempty"`
                                                                                                                      	// contains filtered or unexported fields
                                                                                                                      }

                                                                                                                        HttpService is used for raw HTTP communication between the filter and the authorization service. When configured, the filter will parse the client request and use these attributes to call the authorization server. Depending on the response, the filter may reject or accept the client request. Note that in any of these events, metadata can be added, removed or overridden by the filter:

                                                                                                                        *On authorization request*, a list of allowed request headers may be supplied. See :ref:`allowed_headers <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.AuthorizationRequest.allowed_headers>` for details. Additional headers metadata may be added to the authorization request. See :ref:`headers_to_add <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.AuthorizationRequest.headers_to_add>` for details.

                                                                                                                        On authorization response status HTTP 200 OK, the filter will allow traffic to the upstream and additional headers metadata may be added to the original client request. See :ref:`allowed_upstream_headers <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.AuthorizationResponse.allowed_upstream_headers>` for details.

                                                                                                                        On other authorization response statuses, the filter will not allow traffic. Additional headers metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.AuthorizationResponse.allowed_client_headers>` for details. [#next-free-field: 9]

                                                                                                                        func (*HttpService) Descriptor

                                                                                                                        func (*HttpService) Descriptor() ([]byte, []int)

                                                                                                                          Deprecated: Use HttpService.ProtoReflect.Descriptor instead.

                                                                                                                          func (*HttpService) GetAuthorizationRequest

                                                                                                                          func (x *HttpService) GetAuthorizationRequest() *AuthorizationRequest

                                                                                                                          func (*HttpService) GetAuthorizationResponse

                                                                                                                          func (x *HttpService) GetAuthorizationResponse() *AuthorizationResponse

                                                                                                                          func (*HttpService) GetPathPrefix

                                                                                                                          func (x *HttpService) GetPathPrefix() string

                                                                                                                          func (*HttpService) GetServerUri

                                                                                                                          func (x *HttpService) GetServerUri() *v4alpha.HttpUri

                                                                                                                          func (*HttpService) ProtoMessage

                                                                                                                          func (*HttpService) ProtoMessage()

                                                                                                                          func (*HttpService) ProtoReflect

                                                                                                                          func (x *HttpService) ProtoReflect() protoreflect.Message

                                                                                                                          func (*HttpService) Reset

                                                                                                                          func (x *HttpService) Reset()

                                                                                                                          func (*HttpService) String

                                                                                                                          func (x *HttpService) String() string

                                                                                                                          func (*HttpService) Validate

                                                                                                                          func (m *HttpService) Validate() error

                                                                                                                            Validate checks the field values on HttpService with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                            type HttpServiceValidationError

                                                                                                                            type HttpServiceValidationError struct {
                                                                                                                            	// contains filtered or unexported fields
                                                                                                                            }

                                                                                                                              HttpServiceValidationError is the validation error returned by HttpService.Validate if the designated constraints aren't met.

                                                                                                                              func (HttpServiceValidationError) Cause

                                                                                                                                Cause function returns cause value.

                                                                                                                                func (HttpServiceValidationError) Error

                                                                                                                                  Error satisfies the builtin error interface

                                                                                                                                  func (HttpServiceValidationError) ErrorName

                                                                                                                                  func (e HttpServiceValidationError) ErrorName() string

                                                                                                                                    ErrorName returns error name.

                                                                                                                                    func (HttpServiceValidationError) Field

                                                                                                                                      Field function returns field value.

                                                                                                                                      func (HttpServiceValidationError) Key

                                                                                                                                        Key function returns key value.

                                                                                                                                        func (HttpServiceValidationError) Reason

                                                                                                                                          Reason function returns reason value.