Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_envoy_extensions_filters_http_jwt_authn_v4alpha_config_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type FilterStateRule

type FilterStateRule struct {

	// The filter state name to retrieve the `Router::StringAccessor` object.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// A map of string keys to requirements. The string key is the string value
	// in the FilterState with the name specified in the *name* field above.
	Requires map[string]*JwtRequirement `` /* 157-byte string literal not displayed */
	// contains filtered or unexported fields
}

    This message specifies Jwt requirements based on stream_info.filterState. This FilterState should use `Router::StringAccessor` object to set a string value. Other HTTP filters can use it to specify Jwt requirements dynamically.

    Example:

    .. code-block:: yaml

    name: jwt_selector
    requires:
      issuer_1:
        provider_name: issuer1
      issuer_2:
        provider_name: issuer2
    

    If a filter set "jwt_selector" with "issuer_1" to FilterState for a request, jwt_authn filter will use JwtRequirement{"provider_name": "issuer1"} to verify.

    func (*FilterStateRule) Descriptor

    func (*FilterStateRule) Descriptor() ([]byte, []int)

      Deprecated: Use FilterStateRule.ProtoReflect.Descriptor instead.

      func (*FilterStateRule) GetName

      func (x *FilterStateRule) GetName() string

      func (*FilterStateRule) GetRequires

      func (x *FilterStateRule) GetRequires() map[string]*JwtRequirement

      func (*FilterStateRule) ProtoMessage

      func (*FilterStateRule) ProtoMessage()

      func (*FilterStateRule) ProtoReflect

      func (x *FilterStateRule) ProtoReflect() protoreflect.Message

      func (*FilterStateRule) Reset

      func (x *FilterStateRule) Reset()

      func (*FilterStateRule) String

      func (x *FilterStateRule) String() string

      func (*FilterStateRule) Validate

      func (m *FilterStateRule) Validate() error

        Validate checks the field values on FilterStateRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

        type FilterStateRuleValidationError

        type FilterStateRuleValidationError struct {
        	// contains filtered or unexported fields
        }

          FilterStateRuleValidationError is the validation error returned by FilterStateRule.Validate if the designated constraints aren't met.

          func (FilterStateRuleValidationError) Cause

            Cause function returns cause value.

            func (FilterStateRuleValidationError) Error

              Error satisfies the builtin error interface

              func (FilterStateRuleValidationError) ErrorName

              func (e FilterStateRuleValidationError) ErrorName() string

                ErrorName returns error name.

                func (FilterStateRuleValidationError) Field

                  Field function returns field value.

                  func (FilterStateRuleValidationError) Key

                    Key function returns key value.

                    func (FilterStateRuleValidationError) Reason

                      Reason function returns reason value.

                      type JwtAuthentication

                      type JwtAuthentication struct {
                      
                      	// Map of provider names to JwtProviders.
                      	//
                      	// .. code-block:: yaml
                      	//
                      	//   providers:
                      	//     provider1:
                      	//        issuer: issuer1
                      	//        audiences:
                      	//        - audience1
                      	//        - audience2
                      	//        remote_jwks:
                      	//          http_uri:
                      	//            uri: https://example.com/.well-known/jwks.json
                      	//            cluster: example_jwks_cluster
                      	//      provider2:
                      	//        issuer: provider2
                      	//        local_jwks:
                      	//          inline_string: jwks_string
                      	//
                      	Providers map[string]*JwtProvider `` /* 159-byte string literal not displayed */
                      	// Specifies requirements based on the route matches. The first matched requirement will be
                      	// applied. If there are overlapped match conditions, please put the most specific match first.
                      	//
                      	// Examples
                      	//
                      	// .. code-block:: yaml
                      	//
                      	//   rules:
                      	//     - match:
                      	//         prefix: /healthz
                      	//     - match:
                      	//         prefix: /baz
                      	//       requires:
                      	//         provider_name: provider1
                      	//     - match:
                      	//         prefix: /foo
                      	//       requires:
                      	//         requires_any:
                      	//           requirements:
                      	//             - provider_name: provider1
                      	//             - provider_name: provider2
                      	//     - match:
                      	//         prefix: /bar
                      	//       requires:
                      	//         requires_all:
                      	//           requirements:
                      	//             - provider_name: provider1
                      	//             - provider_name: provider2
                      	//
                      	Rules []*RequirementRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
                      	// This message specifies Jwt requirements based on stream_info.filterState.
                      	// Other HTTP filters can use it to specify Jwt requirements dynamically.
                      	// The *rules* field above is checked first, if it could not find any matches,
                      	// check this one.
                      	FilterStateRules *FilterStateRule `protobuf:"bytes,3,opt,name=filter_state_rules,json=filterStateRules,proto3" json:"filter_state_rules,omitempty"`
                      	// When set to true, bypass the `CORS preflight request
                      	// <http://www.w3.org/TR/cors/#cross-origin-request-with-preflight>`_ regardless of JWT
                      	// requirements specified in the rules.
                      	BypassCorsPreflight bool `protobuf:"varint,4,opt,name=bypass_cors_preflight,json=bypassCorsPreflight,proto3" json:"bypass_cors_preflight,omitempty"`
                      	// A map of unique requirement_names to JwtRequirements.
                      	// :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
                      	// in `PerRouteConfig` uses this map to specify a JwtRequirement.
                      	RequirementMap map[string]*JwtRequirement `` /* 191-byte string literal not displayed */
                      	// contains filtered or unexported fields
                      }

                        This is the Envoy HTTP filter config for JWT authentication.

                        For example:

                        .. code-block:: yaml

                        providers:
                           provider1:
                             issuer: issuer1
                             audiences:
                             - audience1
                             - audience2
                             remote_jwks:
                               http_uri:
                                 uri: https://example.com/.well-known/jwks.json
                                 cluster: example_jwks_cluster
                           provider2:
                             issuer: issuer2
                             local_jwks:
                               inline_string: jwks_string
                        
                        rules:
                           # Not jwt verification is required for /health path
                           - match:
                               prefix: /health
                        
                           # Jwt verification for provider1 is required for path prefixed with "prefix"
                           - match:
                               prefix: /prefix
                             requires:
                               provider_name: provider1
                        
                           # Jwt verification for either provider1 or provider2 is required for all other requests.
                           - match:
                               prefix: /
                             requires:
                               requires_any:
                                 requirements:
                                   - provider_name: provider1
                                   - provider_name: provider2
                        

                        [#next-free-field: 6]

                        func (*JwtAuthentication) Descriptor

                        func (*JwtAuthentication) Descriptor() ([]byte, []int)

                          Deprecated: Use JwtAuthentication.ProtoReflect.Descriptor instead.

                          func (*JwtAuthentication) GetBypassCorsPreflight

                          func (x *JwtAuthentication) GetBypassCorsPreflight() bool

                          func (*JwtAuthentication) GetFilterStateRules

                          func (x *JwtAuthentication) GetFilterStateRules() *FilterStateRule

                          func (*JwtAuthentication) GetProviders

                          func (x *JwtAuthentication) GetProviders() map[string]*JwtProvider

                          func (*JwtAuthentication) GetRequirementMap

                          func (x *JwtAuthentication) GetRequirementMap() map[string]*JwtRequirement

                          func (*JwtAuthentication) GetRules

                          func (x *JwtAuthentication) GetRules() []*RequirementRule

                          func (*JwtAuthentication) ProtoMessage

                          func (*JwtAuthentication) ProtoMessage()

                          func (*JwtAuthentication) ProtoReflect

                          func (x *JwtAuthentication) ProtoReflect() protoreflect.Message

                          func (*JwtAuthentication) Reset

                          func (x *JwtAuthentication) Reset()

                          func (*JwtAuthentication) String

                          func (x *JwtAuthentication) String() string

                          func (*JwtAuthentication) Validate

                          func (m *JwtAuthentication) Validate() error

                            Validate checks the field values on JwtAuthentication with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                            type JwtAuthenticationValidationError

                            type JwtAuthenticationValidationError struct {
                            	// contains filtered or unexported fields
                            }

                              JwtAuthenticationValidationError is the validation error returned by JwtAuthentication.Validate if the designated constraints aren't met.

                              func (JwtAuthenticationValidationError) Cause

                                Cause function returns cause value.

                                func (JwtAuthenticationValidationError) Error

                                  Error satisfies the builtin error interface

                                  func (JwtAuthenticationValidationError) ErrorName

                                    ErrorName returns error name.

                                    func (JwtAuthenticationValidationError) Field

                                      Field function returns field value.

                                      func (JwtAuthenticationValidationError) Key

                                        Key function returns key value.

                                        func (JwtAuthenticationValidationError) Reason

                                          Reason function returns reason value.

                                          type JwtHeader

                                          type JwtHeader struct {
                                          
                                          	// The HTTP header name.
                                          	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
                                          	// The value prefix. The value format is "value_prefix<token>"
                                          	// For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the
                                          	// end.
                                          	ValuePrefix string `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"`
                                          	// contains filtered or unexported fields
                                          }

                                            This message specifies a header location to extract JWT token.

                                            func (*JwtHeader) Descriptor

                                            func (*JwtHeader) Descriptor() ([]byte, []int)

                                              Deprecated: Use JwtHeader.ProtoReflect.Descriptor instead.

                                              func (*JwtHeader) GetName

                                              func (x *JwtHeader) GetName() string

                                              func (*JwtHeader) GetValuePrefix

                                              func (x *JwtHeader) GetValuePrefix() string

                                              func (*JwtHeader) ProtoMessage

                                              func (*JwtHeader) ProtoMessage()

                                              func (*JwtHeader) ProtoReflect

                                              func (x *JwtHeader) ProtoReflect() protoreflect.Message

                                              func (*JwtHeader) Reset

                                              func (x *JwtHeader) Reset()

                                              func (*JwtHeader) String

                                              func (x *JwtHeader) String() string

                                              func (*JwtHeader) Validate

                                              func (m *JwtHeader) Validate() error

                                                Validate checks the field values on JwtHeader with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                type JwtHeaderValidationError

                                                type JwtHeaderValidationError struct {
                                                	// contains filtered or unexported fields
                                                }

                                                  JwtHeaderValidationError is the validation error returned by JwtHeader.Validate if the designated constraints aren't met.

                                                  func (JwtHeaderValidationError) Cause

                                                  func (e JwtHeaderValidationError) Cause() error

                                                    Cause function returns cause value.

                                                    func (JwtHeaderValidationError) Error

                                                    func (e JwtHeaderValidationError) Error() string

                                                      Error satisfies the builtin error interface

                                                      func (JwtHeaderValidationError) ErrorName

                                                      func (e JwtHeaderValidationError) ErrorName() string

                                                        ErrorName returns error name.

                                                        func (JwtHeaderValidationError) Field

                                                        func (e JwtHeaderValidationError) Field() string

                                                          Field function returns field value.

                                                          func (JwtHeaderValidationError) Key

                                                            Key function returns key value.

                                                            func (JwtHeaderValidationError) Reason

                                                            func (e JwtHeaderValidationError) Reason() string

                                                              Reason function returns reason value.

                                                              type JwtProvider

                                                              type JwtProvider struct {
                                                              
                                                              	// Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
                                                              	// the JWT, usually a URL or an email address.
                                                              	//
                                                              	// Example: https://securetoken.google.com
                                                              	// Example: 1234567-compute@developer.gserviceaccount.com
                                                              	//
                                                              	Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
                                                              	// The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
                                                              	// allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
                                                              	// will not check audiences in the token.
                                                              	//
                                                              	// Example:
                                                              	//
                                                              	// .. code-block:: yaml
                                                              	//
                                                              	//     audiences:
                                                              	//     - bookstore_android.apps.googleusercontent.com
                                                              	//     - bookstore_web.apps.googleusercontent.com
                                                              	//
                                                              	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
                                                              	// `JSON Web Key Set (JWKS) <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed to
                                                              	// validate signature of a JWT. This field specifies where to fetch JWKS.
                                                              	//
                                                              	// Types that are assignable to JwksSourceSpecifier:
                                                              	//	*JwtProvider_RemoteJwks
                                                              	//	*JwtProvider_LocalJwks
                                                              	JwksSourceSpecifier isJwtProvider_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"`
                                                              	// If false, the JWT is removed in the request after a success verification. If true, the JWT is
                                                              	// not removed in the request. Default value is false.
                                                              	Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"`
                                                              	// Two fields below define where to extract the JWT from an HTTP request.
                                                              	//
                                                              	// If no explicit location is specified, the following default locations are tried in order:
                                                              	//
                                                              	// 1. The Authorization header using the `Bearer schema
                                                              	// <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
                                                              	//
                                                              	//    Authorization: Bearer <token>.
                                                              	//
                                                              	// 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
                                                              	//
                                                              	// Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
                                                              	// its provider specified or from the default locations.
                                                              	//
                                                              	// Specify the HTTP headers to extract JWT token. For examples, following config:
                                                              	//
                                                              	// .. code-block:: yaml
                                                              	//
                                                              	//   from_headers:
                                                              	//   - name: x-goog-iap-jwt-assertion
                                                              	//
                                                              	// can be used to extract token from header::
                                                              	//
                                                              	//   “x-goog-iap-jwt-assertion: <JWT>“.
                                                              	//
                                                              	FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders,proto3" json:"from_headers,omitempty"`
                                                              	// JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
                                                              	//
                                                              	// For example, if config is:
                                                              	//
                                                              	// .. code-block:: yaml
                                                              	//
                                                              	//   from_params:
                                                              	//   - jwt_token
                                                              	//
                                                              	// The JWT format in query parameter is::
                                                              	//
                                                              	//    /path?jwt_token=<JWT>
                                                              	//
                                                              	FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams,proto3" json:"from_params,omitempty"`
                                                              	// This field specifies the header name to forward a successfully verified JWT payload to the
                                                              	// backend. The forwarded data is::
                                                              	//
                                                              	//    base64url_encoded(jwt_payload_in_JSON)
                                                              	//
                                                              	// If it is not specified, the payload will not be forwarded.
                                                              	ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"`
                                                              	// If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
                                                              	// in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
                                                              	// The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
                                                              	// and the value is the *protobuf::Struct* converted from JWT JSON payload.
                                                              	//
                                                              	// For example, if payload_in_metadata is *my_payload*:
                                                              	//
                                                              	// .. code-block:: yaml
                                                              	//
                                                              	//   envoy.filters.http.jwt_authn:
                                                              	//     my_payload:
                                                              	//       iss: https://example.com
                                                              	//       sub: test@example.com
                                                              	//       aud: https://example.com
                                                              	//       exp: 1501281058
                                                              	//
                                                              	PayloadInMetadata string `protobuf:"bytes,9,opt,name=payload_in_metadata,json=payloadInMetadata,proto3" json:"payload_in_metadata,omitempty"`
                                                              	// Specify the clock skew in seconds when verifying JWT time constraint,
                                                              	// such as `exp`, and `nbf`. If not specified, default is 60 seconds.
                                                              	ClockSkewSeconds uint32 `protobuf:"varint,10,opt,name=clock_skew_seconds,json=clockSkewSeconds,proto3" json:"clock_skew_seconds,omitempty"`
                                                              	// contains filtered or unexported fields
                                                              }

                                                                Please see following for JWT authentication flow:

                                                                * `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_ * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_ * `OpenID Connect <http://openid.net/connect>`_

                                                                A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:

                                                                * issuer: the principal that issues the JWT. It has to match the one from the token. * allowed audiences: the ones in the token have to be listed here. * how to fetch public key JWKS to verify the token signature. * how to extract JWT token in the request. * how to pass successfully verified token payload.

                                                                Example:

                                                                .. code-block:: yaml

                                                                issuer: https://example.com
                                                                audiences:
                                                                - bookstore_android.apps.googleusercontent.com
                                                                - bookstore_web.apps.googleusercontent.com
                                                                remote_jwks:
                                                                  http_uri:
                                                                    uri: https://example.com/.well-known/jwks.json
                                                                    cluster: example_jwks_cluster
                                                                  cache_duration:
                                                                    seconds: 300
                                                                

                                                                [#next-free-field: 11]

                                                                func (*JwtProvider) Descriptor

                                                                func (*JwtProvider) Descriptor() ([]byte, []int)

                                                                  Deprecated: Use JwtProvider.ProtoReflect.Descriptor instead.

                                                                  func (*JwtProvider) GetAudiences

                                                                  func (x *JwtProvider) GetAudiences() []string

                                                                  func (*JwtProvider) GetClockSkewSeconds

                                                                  func (x *JwtProvider) GetClockSkewSeconds() uint32

                                                                  func (*JwtProvider) GetForward

                                                                  func (x *JwtProvider) GetForward() bool

                                                                  func (*JwtProvider) GetForwardPayloadHeader

                                                                  func (x *JwtProvider) GetForwardPayloadHeader() string

                                                                  func (*JwtProvider) GetFromHeaders

                                                                  func (x *JwtProvider) GetFromHeaders() []*JwtHeader

                                                                  func (*JwtProvider) GetFromParams

                                                                  func (x *JwtProvider) GetFromParams() []string

                                                                  func (*JwtProvider) GetIssuer

                                                                  func (x *JwtProvider) GetIssuer() string

                                                                  func (*JwtProvider) GetJwksSourceSpecifier

                                                                  func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier

                                                                  func (*JwtProvider) GetLocalJwks

                                                                  func (x *JwtProvider) GetLocalJwks() *v4alpha.DataSource

                                                                  func (*JwtProvider) GetPayloadInMetadata

                                                                  func (x *JwtProvider) GetPayloadInMetadata() string

                                                                  func (*JwtProvider) GetRemoteJwks

                                                                  func (x *JwtProvider) GetRemoteJwks() *RemoteJwks

                                                                  func (*JwtProvider) ProtoMessage

                                                                  func (*JwtProvider) ProtoMessage()

                                                                  func (*JwtProvider) ProtoReflect

                                                                  func (x *JwtProvider) ProtoReflect() protoreflect.Message

                                                                  func (*JwtProvider) Reset

                                                                  func (x *JwtProvider) Reset()

                                                                  func (*JwtProvider) String

                                                                  func (x *JwtProvider) String() string

                                                                  func (*JwtProvider) Validate

                                                                  func (m *JwtProvider) Validate() error

                                                                    Validate checks the field values on JwtProvider with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                    type JwtProviderValidationError

                                                                    type JwtProviderValidationError struct {
                                                                    	// contains filtered or unexported fields
                                                                    }

                                                                      JwtProviderValidationError is the validation error returned by JwtProvider.Validate if the designated constraints aren't met.

                                                                      func (JwtProviderValidationError) Cause

                                                                        Cause function returns cause value.

                                                                        func (JwtProviderValidationError) Error

                                                                          Error satisfies the builtin error interface

                                                                          func (JwtProviderValidationError) ErrorName

                                                                          func (e JwtProviderValidationError) ErrorName() string

                                                                            ErrorName returns error name.

                                                                            func (JwtProviderValidationError) Field

                                                                              Field function returns field value.

                                                                              func (JwtProviderValidationError) Key

                                                                                Key function returns key value.

                                                                                func (JwtProviderValidationError) Reason

                                                                                  Reason function returns reason value.

                                                                                  type JwtProvider_LocalJwks

                                                                                  type JwtProvider_LocalJwks struct {
                                                                                  	// JWKS is in local data source. It could be either in a local file or embedded in the
                                                                                  	// inline_string.
                                                                                  	//
                                                                                  	// Example: local file
                                                                                  	//
                                                                                  	// .. code-block:: yaml
                                                                                  	//
                                                                                  	//    local_jwks:
                                                                                  	//      filename: /etc/envoy/jwks/jwks1.txt
                                                                                  	//
                                                                                  	// Example: inline_string
                                                                                  	//
                                                                                  	// .. code-block:: yaml
                                                                                  	//
                                                                                  	//    local_jwks:
                                                                                  	//      inline_string: ACADADADADA
                                                                                  	//
                                                                                  	LocalJwks *v4alpha.DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,proto3,oneof"`
                                                                                  }

                                                                                  type JwtProvider_RemoteJwks

                                                                                  type JwtProvider_RemoteJwks struct {
                                                                                  	// JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
                                                                                  	// URI and how the fetched JWKS should be cached.
                                                                                  	//
                                                                                  	// Example:
                                                                                  	//
                                                                                  	// .. code-block:: yaml
                                                                                  	//
                                                                                  	//    remote_jwks:
                                                                                  	//      http_uri:
                                                                                  	//        uri: https://www.googleapis.com/oauth2/v1/certs
                                                                                  	//        cluster: jwt.www.googleapis.com|443
                                                                                  	//      cache_duration:
                                                                                  	//        seconds: 300
                                                                                  	//
                                                                                  	RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"`
                                                                                  }

                                                                                  type JwtRequirement

                                                                                  type JwtRequirement struct {
                                                                                  
                                                                                  	// Types that are assignable to RequiresType:
                                                                                  	//	*JwtRequirement_ProviderName
                                                                                  	//	*JwtRequirement_ProviderAndAudiences
                                                                                  	//	*JwtRequirement_RequiresAny
                                                                                  	//	*JwtRequirement_RequiresAll
                                                                                  	//	*JwtRequirement_AllowMissingOrFailed
                                                                                  	//	*JwtRequirement_AllowMissing
                                                                                  	RequiresType isJwtRequirement_RequiresType `protobuf_oneof:"requires_type"`
                                                                                  	// contains filtered or unexported fields
                                                                                  }

                                                                                    This message specifies a Jwt requirement. An empty message means JWT verification is not required. Here are some config examples:

                                                                                    .. code-block:: yaml

                                                                                    # Example 1: not required with an empty message
                                                                                    
                                                                                    # Example 2: require A
                                                                                    provider_name: provider-A
                                                                                    
                                                                                    # Example 3: require A or B
                                                                                    requires_any:
                                                                                      requirements:
                                                                                        - provider_name: provider-A
                                                                                        - provider_name: provider-B
                                                                                    
                                                                                    # Example 4: require A and B
                                                                                    requires_all:
                                                                                      requirements:
                                                                                        - provider_name: provider-A
                                                                                        - provider_name: provider-B
                                                                                    
                                                                                    # Example 5: require A and (B or C)
                                                                                    requires_all:
                                                                                      requirements:
                                                                                        - provider_name: provider-A
                                                                                        - requires_any:
                                                                                          requirements:
                                                                                            - provider_name: provider-B
                                                                                            - provider_name: provider-C
                                                                                    
                                                                                    # Example 6: require A or (B and C)
                                                                                    requires_any:
                                                                                      requirements:
                                                                                        - provider_name: provider-A
                                                                                        - requires_all:
                                                                                          requirements:
                                                                                            - provider_name: provider-B
                                                                                            - provider_name: provider-C
                                                                                    
                                                                                    # Example 7: A is optional (if token from A is provided, it must be valid, but also allows
                                                                                    missing token.)
                                                                                    requires_any:
                                                                                      requirements:
                                                                                      - provider_name: provider-A
                                                                                      - allow_missing: {}
                                                                                    
                                                                                    # Example 8: A is optional and B is required.
                                                                                    requires_all:
                                                                                      requirements:
                                                                                      - requires_any:
                                                                                          requirements:
                                                                                          - provider_name: provider-A
                                                                                          - allow_missing: {}
                                                                                      - provider_name: provider-B
                                                                                    

                                                                                    [#next-free-field: 7]

                                                                                    func (*JwtRequirement) Descriptor

                                                                                    func (*JwtRequirement) Descriptor() ([]byte, []int)

                                                                                      Deprecated: Use JwtRequirement.ProtoReflect.Descriptor instead.

                                                                                      func (*JwtRequirement) GetAllowMissing

                                                                                      func (x *JwtRequirement) GetAllowMissing() *empty.Empty

                                                                                      func (*JwtRequirement) GetAllowMissingOrFailed

                                                                                      func (x *JwtRequirement) GetAllowMissingOrFailed() *empty.Empty

                                                                                      func (*JwtRequirement) GetProviderAndAudiences

                                                                                      func (x *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences

                                                                                      func (*JwtRequirement) GetProviderName

                                                                                      func (x *JwtRequirement) GetProviderName() string

                                                                                      func (*JwtRequirement) GetRequiresAll

                                                                                      func (x *JwtRequirement) GetRequiresAll() *JwtRequirementAndList

                                                                                      func (*JwtRequirement) GetRequiresAny

                                                                                      func (x *JwtRequirement) GetRequiresAny() *JwtRequirementOrList

                                                                                      func (*JwtRequirement) GetRequiresType

                                                                                      func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType

                                                                                      func (*JwtRequirement) ProtoMessage

                                                                                      func (*JwtRequirement) ProtoMessage()

                                                                                      func (*JwtRequirement) ProtoReflect

                                                                                      func (x *JwtRequirement) ProtoReflect() protoreflect.Message

                                                                                      func (*JwtRequirement) Reset

                                                                                      func (x *JwtRequirement) Reset()

                                                                                      func (*JwtRequirement) String

                                                                                      func (x *JwtRequirement) String() string

                                                                                      func (*JwtRequirement) Validate

                                                                                      func (m *JwtRequirement) Validate() error

                                                                                        Validate checks the field values on JwtRequirement with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                        type JwtRequirementAndList

                                                                                        type JwtRequirementAndList struct {
                                                                                        
                                                                                        	// Specify a list of JwtRequirement.
                                                                                        	Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"`
                                                                                        	// contains filtered or unexported fields
                                                                                        }

                                                                                          This message specifies a list of RequiredProvider. Their results are AND-ed; all of them must pass, if one of them fails or missing, it fails.

                                                                                          func (*JwtRequirementAndList) Descriptor

                                                                                          func (*JwtRequirementAndList) Descriptor() ([]byte, []int)

                                                                                            Deprecated: Use JwtRequirementAndList.ProtoReflect.Descriptor instead.

                                                                                            func (*JwtRequirementAndList) GetRequirements

                                                                                            func (x *JwtRequirementAndList) GetRequirements() []*JwtRequirement

                                                                                            func (*JwtRequirementAndList) ProtoMessage

                                                                                            func (*JwtRequirementAndList) ProtoMessage()

                                                                                            func (*JwtRequirementAndList) ProtoReflect

                                                                                            func (x *JwtRequirementAndList) ProtoReflect() protoreflect.Message

                                                                                            func (*JwtRequirementAndList) Reset

                                                                                            func (x *JwtRequirementAndList) Reset()

                                                                                            func (*JwtRequirementAndList) String

                                                                                            func (x *JwtRequirementAndList) String() string

                                                                                            func (*JwtRequirementAndList) Validate

                                                                                            func (m *JwtRequirementAndList) Validate() error

                                                                                              Validate checks the field values on JwtRequirementAndList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                              type JwtRequirementAndListValidationError

                                                                                              type JwtRequirementAndListValidationError struct {
                                                                                              	// contains filtered or unexported fields
                                                                                              }

                                                                                                JwtRequirementAndListValidationError is the validation error returned by JwtRequirementAndList.Validate if the designated constraints aren't met.

                                                                                                func (JwtRequirementAndListValidationError) Cause

                                                                                                  Cause function returns cause value.

                                                                                                  func (JwtRequirementAndListValidationError) Error

                                                                                                    Error satisfies the builtin error interface

                                                                                                    func (JwtRequirementAndListValidationError) ErrorName

                                                                                                      ErrorName returns error name.

                                                                                                      func (JwtRequirementAndListValidationError) Field

                                                                                                        Field function returns field value.

                                                                                                        func (JwtRequirementAndListValidationError) Key

                                                                                                          Key function returns key value.

                                                                                                          func (JwtRequirementAndListValidationError) Reason

                                                                                                            Reason function returns reason value.

                                                                                                            type JwtRequirementOrList

                                                                                                            type JwtRequirementOrList struct {
                                                                                                            
                                                                                                            	// Specify a list of JwtRequirement.
                                                                                                            	Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"`
                                                                                                            	// contains filtered or unexported fields
                                                                                                            }

                                                                                                              This message specifies a list of RequiredProvider. Their results are OR-ed; if any one of them passes, the result is passed

                                                                                                              func (*JwtRequirementOrList) Descriptor

                                                                                                              func (*JwtRequirementOrList) Descriptor() ([]byte, []int)

                                                                                                                Deprecated: Use JwtRequirementOrList.ProtoReflect.Descriptor instead.

                                                                                                                func (*JwtRequirementOrList) GetRequirements

                                                                                                                func (x *JwtRequirementOrList) GetRequirements() []*JwtRequirement

                                                                                                                func (*JwtRequirementOrList) ProtoMessage

                                                                                                                func (*JwtRequirementOrList) ProtoMessage()

                                                                                                                func (*JwtRequirementOrList) ProtoReflect

                                                                                                                func (x *JwtRequirementOrList) ProtoReflect() protoreflect.Message

                                                                                                                func (*JwtRequirementOrList) Reset

                                                                                                                func (x *JwtRequirementOrList) Reset()

                                                                                                                func (*JwtRequirementOrList) String

                                                                                                                func (x *JwtRequirementOrList) String() string

                                                                                                                func (*JwtRequirementOrList) Validate

                                                                                                                func (m *JwtRequirementOrList) Validate() error

                                                                                                                  Validate checks the field values on JwtRequirementOrList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                  type JwtRequirementOrListValidationError

                                                                                                                  type JwtRequirementOrListValidationError struct {
                                                                                                                  	// contains filtered or unexported fields
                                                                                                                  }

                                                                                                                    JwtRequirementOrListValidationError is the validation error returned by JwtRequirementOrList.Validate if the designated constraints aren't met.

                                                                                                                    func (JwtRequirementOrListValidationError) Cause

                                                                                                                      Cause function returns cause value.

                                                                                                                      func (JwtRequirementOrListValidationError) Error

                                                                                                                        Error satisfies the builtin error interface

                                                                                                                        func (JwtRequirementOrListValidationError) ErrorName

                                                                                                                          ErrorName returns error name.

                                                                                                                          func (JwtRequirementOrListValidationError) Field

                                                                                                                            Field function returns field value.

                                                                                                                            func (JwtRequirementOrListValidationError) Key

                                                                                                                              Key function returns key value.

                                                                                                                              func (JwtRequirementOrListValidationError) Reason

                                                                                                                                Reason function returns reason value.

                                                                                                                                type JwtRequirementValidationError

                                                                                                                                type JwtRequirementValidationError struct {
                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                }

                                                                                                                                  JwtRequirementValidationError is the validation error returned by JwtRequirement.Validate if the designated constraints aren't met.

                                                                                                                                  func (JwtRequirementValidationError) Cause

                                                                                                                                    Cause function returns cause value.

                                                                                                                                    func (JwtRequirementValidationError) Error

                                                                                                                                      Error satisfies the builtin error interface

                                                                                                                                      func (JwtRequirementValidationError) ErrorName

                                                                                                                                      func (e JwtRequirementValidationError) ErrorName() string

                                                                                                                                        ErrorName returns error name.

                                                                                                                                        func (JwtRequirementValidationError) Field

                                                                                                                                          Field function returns field value.

                                                                                                                                          func (JwtRequirementValidationError) Key

                                                                                                                                            Key function returns key value.

                                                                                                                                            func (JwtRequirementValidationError) Reason

                                                                                                                                              Reason function returns reason value.

                                                                                                                                              type JwtRequirement_AllowMissing

                                                                                                                                              type JwtRequirement_AllowMissing struct {
                                                                                                                                              	// The requirement is satisfied if JWT is missing, but failed if JWT is
                                                                                                                                              	// presented but invalid. Similar to allow_missing_or_failed, this is used
                                                                                                                                              	// to only verify JWTs and pass the verified payload to another filter. The
                                                                                                                                              	// different is this mode will reject requests with invalid tokens.
                                                                                                                                              	AllowMissing *empty.Empty `protobuf:"bytes,6,opt,name=allow_missing,json=allowMissing,proto3,oneof"`
                                                                                                                                              }

                                                                                                                                              type JwtRequirement_AllowMissingOrFailed

                                                                                                                                              type JwtRequirement_AllowMissingOrFailed struct {
                                                                                                                                              	// The requirement is always satisfied even if JWT is missing or the JWT
                                                                                                                                              	// verification fails. A typical usage is: this filter is used to only verify
                                                                                                                                              	// JWTs and pass the verified JWT payloads to another filter, the other filter
                                                                                                                                              	// will make decision. In this mode, all JWT tokens will be verified.
                                                                                                                                              	AllowMissingOrFailed *empty.Empty `protobuf:"bytes,5,opt,name=allow_missing_or_failed,json=allowMissingOrFailed,proto3,oneof"`
                                                                                                                                              }

                                                                                                                                              type JwtRequirement_ProviderAndAudiences

                                                                                                                                              type JwtRequirement_ProviderAndAudiences struct {
                                                                                                                                              	// Specify a required provider with audiences.
                                                                                                                                              	ProviderAndAudiences *ProviderWithAudiences `protobuf:"bytes,2,opt,name=provider_and_audiences,json=providerAndAudiences,proto3,oneof"`
                                                                                                                                              }

                                                                                                                                              type JwtRequirement_ProviderName

                                                                                                                                              type JwtRequirement_ProviderName struct {
                                                                                                                                              	// Specify a required provider name.
                                                                                                                                              	ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3,oneof"`
                                                                                                                                              }

                                                                                                                                              type JwtRequirement_RequiresAll

                                                                                                                                              type JwtRequirement_RequiresAll struct {
                                                                                                                                              	// Specify list of JwtRequirement. Their results are AND-ed.
                                                                                                                                              	// All of them must pass, if one of them fails or missing, it fails.
                                                                                                                                              	RequiresAll *JwtRequirementAndList `protobuf:"bytes,4,opt,name=requires_all,json=requiresAll,proto3,oneof"`
                                                                                                                                              }

                                                                                                                                              type JwtRequirement_RequiresAny

                                                                                                                                              type JwtRequirement_RequiresAny struct {
                                                                                                                                              	// Specify list of JwtRequirement. Their results are OR-ed.
                                                                                                                                              	// If any one of them passes, the result is passed.
                                                                                                                                              	RequiresAny *JwtRequirementOrList `protobuf:"bytes,3,opt,name=requires_any,json=requiresAny,proto3,oneof"`
                                                                                                                                              }

                                                                                                                                              type PerRouteConfig

                                                                                                                                              type PerRouteConfig struct {
                                                                                                                                              
                                                                                                                                              	// Types that are assignable to RequirementSpecifier:
                                                                                                                                              	//	*PerRouteConfig_Disabled
                                                                                                                                              	//	*PerRouteConfig_RequirementName
                                                                                                                                              	RequirementSpecifier isPerRouteConfig_RequirementSpecifier `protobuf_oneof:"requirement_specifier"`
                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                              }

                                                                                                                                                Specify per-route config.

                                                                                                                                                func (*PerRouteConfig) Descriptor

                                                                                                                                                func (*PerRouteConfig) Descriptor() ([]byte, []int)

                                                                                                                                                  Deprecated: Use PerRouteConfig.ProtoReflect.Descriptor instead.

                                                                                                                                                  func (*PerRouteConfig) GetDisabled

                                                                                                                                                  func (x *PerRouteConfig) GetDisabled() bool

                                                                                                                                                  func (*PerRouteConfig) GetRequirementName

                                                                                                                                                  func (x *PerRouteConfig) GetRequirementName() string

                                                                                                                                                  func (*PerRouteConfig) GetRequirementSpecifier

                                                                                                                                                  func (m *PerRouteConfig) GetRequirementSpecifier() isPerRouteConfig_RequirementSpecifier

                                                                                                                                                  func (*PerRouteConfig) ProtoMessage

                                                                                                                                                  func (*PerRouteConfig) ProtoMessage()

                                                                                                                                                  func (*PerRouteConfig) ProtoReflect

                                                                                                                                                  func (x *PerRouteConfig) ProtoReflect() protoreflect.Message

                                                                                                                                                  func (*PerRouteConfig) Reset

                                                                                                                                                  func (x *PerRouteConfig) Reset()

                                                                                                                                                  func (*PerRouteConfig) String

                                                                                                                                                  func (x *PerRouteConfig) String() string

                                                                                                                                                  func (*PerRouteConfig) Validate

                                                                                                                                                  func (m *PerRouteConfig) Validate() error

                                                                                                                                                    Validate checks the field values on PerRouteConfig with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                    type PerRouteConfigValidationError

                                                                                                                                                    type PerRouteConfigValidationError struct {
                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                    }

                                                                                                                                                      PerRouteConfigValidationError is the validation error returned by PerRouteConfig.Validate if the designated constraints aren't met.

                                                                                                                                                      func (PerRouteConfigValidationError) Cause

                                                                                                                                                        Cause function returns cause value.

                                                                                                                                                        func (PerRouteConfigValidationError) Error

                                                                                                                                                          Error satisfies the builtin error interface

                                                                                                                                                          func (PerRouteConfigValidationError) ErrorName

                                                                                                                                                          func (e PerRouteConfigValidationError) ErrorName() string

                                                                                                                                                            ErrorName returns error name.

                                                                                                                                                            func (PerRouteConfigValidationError) Field

                                                                                                                                                              Field function returns field value.

                                                                                                                                                              func (PerRouteConfigValidationError) Key

                                                                                                                                                                Key function returns key value.

                                                                                                                                                                func (PerRouteConfigValidationError) Reason

                                                                                                                                                                  Reason function returns reason value.

                                                                                                                                                                  type PerRouteConfig_Disabled

                                                                                                                                                                  type PerRouteConfig_Disabled struct {
                                                                                                                                                                  	// Disable Jwt Authentication for this route.
                                                                                                                                                                  	Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3,oneof"`
                                                                                                                                                                  }

                                                                                                                                                                  type PerRouteConfig_RequirementName

                                                                                                                                                                  type PerRouteConfig_RequirementName struct {
                                                                                                                                                                  	// Use requirement_name to specify a JwtRequirement.
                                                                                                                                                                  	// This requirement_name MUST be specified at the
                                                                                                                                                                  	// :ref:`requirement_map <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtAuthentication.requirement_map>`
                                                                                                                                                                  	// in `JwtAuthentication`. If no, the requests using this route will be rejected with 403.
                                                                                                                                                                  	RequirementName string `protobuf:"bytes,2,opt,name=requirement_name,json=requirementName,proto3,oneof"`
                                                                                                                                                                  }

                                                                                                                                                                  type ProviderWithAudiences

                                                                                                                                                                  type ProviderWithAudiences struct {
                                                                                                                                                                  
                                                                                                                                                                  	// Specify a required provider name.
                                                                                                                                                                  	ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"`
                                                                                                                                                                  	// This field overrides the one specified in the JwtProvider.
                                                                                                                                                                  	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                  }

                                                                                                                                                                    Specify a required provider with audiences.

                                                                                                                                                                    func (*ProviderWithAudiences) Descriptor

                                                                                                                                                                    func (*ProviderWithAudiences) Descriptor() ([]byte, []int)

                                                                                                                                                                      Deprecated: Use ProviderWithAudiences.ProtoReflect.Descriptor instead.

                                                                                                                                                                      func (*ProviderWithAudiences) GetAudiences

                                                                                                                                                                      func (x *ProviderWithAudiences) GetAudiences() []string

                                                                                                                                                                      func (*ProviderWithAudiences) GetProviderName

                                                                                                                                                                      func (x *ProviderWithAudiences) GetProviderName() string

                                                                                                                                                                      func (*ProviderWithAudiences) ProtoMessage

                                                                                                                                                                      func (*ProviderWithAudiences) ProtoMessage()

                                                                                                                                                                      func (*ProviderWithAudiences) ProtoReflect

                                                                                                                                                                      func (x *ProviderWithAudiences) ProtoReflect() protoreflect.Message

                                                                                                                                                                      func (*ProviderWithAudiences) Reset

                                                                                                                                                                      func (x *ProviderWithAudiences) Reset()

                                                                                                                                                                      func (*ProviderWithAudiences) String

                                                                                                                                                                      func (x *ProviderWithAudiences) String() string

                                                                                                                                                                      func (*ProviderWithAudiences) Validate

                                                                                                                                                                      func (m *ProviderWithAudiences) Validate() error

                                                                                                                                                                        Validate checks the field values on ProviderWithAudiences with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                        type ProviderWithAudiencesValidationError

                                                                                                                                                                        type ProviderWithAudiencesValidationError struct {
                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                        }

                                                                                                                                                                          ProviderWithAudiencesValidationError is the validation error returned by ProviderWithAudiences.Validate if the designated constraints aren't met.

                                                                                                                                                                          func (ProviderWithAudiencesValidationError) Cause

                                                                                                                                                                            Cause function returns cause value.

                                                                                                                                                                            func (ProviderWithAudiencesValidationError) Error

                                                                                                                                                                              Error satisfies the builtin error interface

                                                                                                                                                                              func (ProviderWithAudiencesValidationError) ErrorName

                                                                                                                                                                                ErrorName returns error name.

                                                                                                                                                                                func (ProviderWithAudiencesValidationError) Field

                                                                                                                                                                                  Field function returns field value.

                                                                                                                                                                                  func (ProviderWithAudiencesValidationError) Key

                                                                                                                                                                                    Key function returns key value.

                                                                                                                                                                                    func (ProviderWithAudiencesValidationError) Reason

                                                                                                                                                                                      Reason function returns reason value.

                                                                                                                                                                                      type RemoteJwks

                                                                                                                                                                                      type RemoteJwks struct {
                                                                                                                                                                                      
                                                                                                                                                                                      	// The HTTP URI to fetch the JWKS. For example:
                                                                                                                                                                                      	//
                                                                                                                                                                                      	// .. code-block:: yaml
                                                                                                                                                                                      	//
                                                                                                                                                                                      	//    http_uri:
                                                                                                                                                                                      	//      uri: https://www.googleapis.com/oauth2/v1/certs
                                                                                                                                                                                      	//      cluster: jwt.www.googleapis.com|443
                                                                                                                                                                                      	//
                                                                                                                                                                                      	HttpUri *v4alpha.HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri,proto3" json:"http_uri,omitempty"`
                                                                                                                                                                                      	// Duration after which the cached JWKS should be expired. If not specified, default cache
                                                                                                                                                                                      	// duration is 5 minutes.
                                                                                                                                                                                      	CacheDuration *duration.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"`
                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                      }

                                                                                                                                                                                        This message specifies how to fetch JWKS from remote and how to cache it.

                                                                                                                                                                                        func (*RemoteJwks) Descriptor

                                                                                                                                                                                        func (*RemoteJwks) Descriptor() ([]byte, []int)

                                                                                                                                                                                          Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.

                                                                                                                                                                                          func (*RemoteJwks) GetCacheDuration

                                                                                                                                                                                          func (x *RemoteJwks) GetCacheDuration() *duration.Duration

                                                                                                                                                                                          func (*RemoteJwks) GetHttpUri

                                                                                                                                                                                          func (x *RemoteJwks) GetHttpUri() *v4alpha.HttpUri

                                                                                                                                                                                          func (*RemoteJwks) ProtoMessage

                                                                                                                                                                                          func (*RemoteJwks) ProtoMessage()

                                                                                                                                                                                          func (*RemoteJwks) ProtoReflect

                                                                                                                                                                                          func (x *RemoteJwks) ProtoReflect() protoreflect.Message

                                                                                                                                                                                          func (*RemoteJwks) Reset

                                                                                                                                                                                          func (x *RemoteJwks) Reset()

                                                                                                                                                                                          func (*RemoteJwks) String

                                                                                                                                                                                          func (x *RemoteJwks) String() string

                                                                                                                                                                                          func (*RemoteJwks) Validate

                                                                                                                                                                                          func (m *RemoteJwks) Validate() error

                                                                                                                                                                                            Validate checks the field values on RemoteJwks with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                            type RemoteJwksValidationError

                                                                                                                                                                                            type RemoteJwksValidationError struct {
                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                            }

                                                                                                                                                                                              RemoteJwksValidationError is the validation error returned by RemoteJwks.Validate if the designated constraints aren't met.

                                                                                                                                                                                              func (RemoteJwksValidationError) Cause

                                                                                                                                                                                              func (e RemoteJwksValidationError) Cause() error

                                                                                                                                                                                                Cause function returns cause value.

                                                                                                                                                                                                func (RemoteJwksValidationError) Error

                                                                                                                                                                                                  Error satisfies the builtin error interface

                                                                                                                                                                                                  func (RemoteJwksValidationError) ErrorName

                                                                                                                                                                                                  func (e RemoteJwksValidationError) ErrorName() string

                                                                                                                                                                                                    ErrorName returns error name.

                                                                                                                                                                                                    func (RemoteJwksValidationError) Field

                                                                                                                                                                                                      Field function returns field value.

                                                                                                                                                                                                      func (RemoteJwksValidationError) Key

                                                                                                                                                                                                        Key function returns key value.

                                                                                                                                                                                                        func (RemoteJwksValidationError) Reason

                                                                                                                                                                                                        func (e RemoteJwksValidationError) Reason() string

                                                                                                                                                                                                          Reason function returns reason value.

                                                                                                                                                                                                          type RequirementRule

                                                                                                                                                                                                          type RequirementRule struct {
                                                                                                                                                                                                          
                                                                                                                                                                                                          	// The route matching parameter. Only when the match is satisfied, the "requires" field will
                                                                                                                                                                                                          	// apply.
                                                                                                                                                                                                          	//
                                                                                                                                                                                                          	// For example: following match will match all requests.
                                                                                                                                                                                                          	//
                                                                                                                                                                                                          	// .. code-block:: yaml
                                                                                                                                                                                                          	//
                                                                                                                                                                                                          	//    match:
                                                                                                                                                                                                          	//      prefix: /
                                                                                                                                                                                                          	//
                                                                                                                                                                                                          	Match *v4alpha1.RouteMatch `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
                                                                                                                                                                                                          	// Specify a Jwt requirement.
                                                                                                                                                                                                          	// If not specified, Jwt verification is disabled.
                                                                                                                                                                                                          	//
                                                                                                                                                                                                          	// Types that are assignable to RequirementType:
                                                                                                                                                                                                          	//	*RequirementRule_Requires
                                                                                                                                                                                                          	//	*RequirementRule_RequirementName
                                                                                                                                                                                                          	RequirementType isRequirementRule_RequirementType `protobuf_oneof:"requirement_type"`
                                                                                                                                                                                                          	// contains filtered or unexported fields
                                                                                                                                                                                                          }

                                                                                                                                                                                                            This message specifies a Jwt requirement for a specific Route condition. Example 1:

                                                                                                                                                                                                            .. code-block:: yaml

                                                                                                                                                                                                            - match:
                                                                                                                                                                                                                prefix: /healthz
                                                                                                                                                                                                            

                                                                                                                                                                                                            In above example, "requires" field is empty for /healthz prefix match, it means that requests matching the path prefix don't require JWT authentication.

                                                                                                                                                                                                            Example 2:

                                                                                                                                                                                                            .. code-block:: yaml

                                                                                                                                                                                                            - match:
                                                                                                                                                                                                                prefix: /
                                                                                                                                                                                                              requires: { provider_name: provider-A }
                                                                                                                                                                                                            

                                                                                                                                                                                                            In above example, all requests matched the path prefix require jwt authentication from "provider-A".

                                                                                                                                                                                                            func (*RequirementRule) Descriptor

                                                                                                                                                                                                            func (*RequirementRule) Descriptor() ([]byte, []int)

                                                                                                                                                                                                              Deprecated: Use RequirementRule.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                              func (*RequirementRule) GetMatch

                                                                                                                                                                                                              func (x *RequirementRule) GetMatch() *v4alpha1.RouteMatch

                                                                                                                                                                                                              func (*RequirementRule) GetRequirementName

                                                                                                                                                                                                              func (x *RequirementRule) GetRequirementName() string

                                                                                                                                                                                                              func (*RequirementRule) GetRequirementType

                                                                                                                                                                                                              func (m *RequirementRule) GetRequirementType() isRequirementRule_RequirementType

                                                                                                                                                                                                              func (*RequirementRule) GetRequires

                                                                                                                                                                                                              func (x *RequirementRule) GetRequires() *JwtRequirement

                                                                                                                                                                                                              func (*RequirementRule) ProtoMessage

                                                                                                                                                                                                              func (*RequirementRule) ProtoMessage()

                                                                                                                                                                                                              func (*RequirementRule) ProtoReflect

                                                                                                                                                                                                              func (x *RequirementRule) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                              func (*RequirementRule) Reset

                                                                                                                                                                                                              func (x *RequirementRule) Reset()

                                                                                                                                                                                                              func (*RequirementRule) String

                                                                                                                                                                                                              func (x *RequirementRule) String() string

                                                                                                                                                                                                              func (*RequirementRule) Validate

                                                                                                                                                                                                              func (m *RequirementRule) Validate() error

                                                                                                                                                                                                                Validate checks the field values on RequirementRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

                                                                                                                                                                                                                type RequirementRuleValidationError

                                                                                                                                                                                                                type RequirementRuleValidationError struct {
                                                                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                                                                }

                                                                                                                                                                                                                  RequirementRuleValidationError is the validation error returned by RequirementRule.Validate if the designated constraints aren't met.

                                                                                                                                                                                                                  func (RequirementRuleValidationError) Cause

                                                                                                                                                                                                                    Cause function returns cause value.

                                                                                                                                                                                                                    func (RequirementRuleValidationError) Error

                                                                                                                                                                                                                      Error satisfies the builtin error interface

                                                                                                                                                                                                                      func (RequirementRuleValidationError) ErrorName

                                                                                                                                                                                                                      func (e RequirementRuleValidationError) ErrorName() string

                                                                                                                                                                                                                        ErrorName returns error name.

                                                                                                                                                                                                                        func (RequirementRuleValidationError) Field

                                                                                                                                                                                                                          Field function returns field value.

                                                                                                                                                                                                                          func (RequirementRuleValidationError) Key

                                                                                                                                                                                                                            Key function returns key value.

                                                                                                                                                                                                                            func (RequirementRuleValidationError) Reason

                                                                                                                                                                                                                              Reason function returns reason value.

                                                                                                                                                                                                                              type RequirementRule_RequirementName

                                                                                                                                                                                                                              type RequirementRule_RequirementName struct {
                                                                                                                                                                                                                              	// Use requirement_name to specify a Jwt requirement.
                                                                                                                                                                                                                              	// This requirement_name MUST be specified at the
                                                                                                                                                                                                                              	// :ref:`requirement_map <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtAuthentication.requirement_map>`
                                                                                                                                                                                                                              	// in `JwtAuthentication`.
                                                                                                                                                                                                                              	RequirementName string `protobuf:"bytes,3,opt,name=requirement_name,json=requirementName,proto3,oneof"`
                                                                                                                                                                                                                              }

                                                                                                                                                                                                                              type RequirementRule_Requires

                                                                                                                                                                                                                              type RequirementRule_Requires struct {
                                                                                                                                                                                                                              	// Specify a Jwt requirement. Please see detail comment in message JwtRequirement.
                                                                                                                                                                                                                              	Requires *JwtRequirement `protobuf:"bytes,2,opt,name=requires,proto3,oneof"`
                                                                                                                                                                                                                              }