Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidLengthConfig = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowConfig   = fmt.Errorf("proto: integer overflow")
)

Functions

This section is empty.

Types

type FilterStateRule

type FilterStateRule struct {
	// The filter state name to retrieve the `Router::StringAccessor` object.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// A map of string keys to requirements. The string key is the string value
	// in the FilterState with the name specified in the *name* field above.
	Requires             map[string]*JwtRequirement `` /* 157-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
	XXX_unrecognized     []byte                     `json:"-"`
	XXX_sizecache        int32                      `json:"-"`
}

This message specifies Jwt requirements based on stream_info.filterState. This FilterState should use `Router::StringAccessor` object to set a string value. Other HTTP filters can use it to specify Jwt requirements dynamically.

Example:

.. code-block:: yaml

name: jwt_selector
requires:
  issuer_1:
    provider_name: issuer1
  issuer_2:
    provider_name: issuer2

If a filter set "jwt_selector" with "issuer_1" to FilterState for a request, jwt_authn filter will use JwtRequirement{"provider_name": "issuer1"} to verify.

func (*FilterStateRule) Descriptor

func (*FilterStateRule) Descriptor() ([]byte, []int)

func (*FilterStateRule) GetName

func (m *FilterStateRule) GetName() string

func (*FilterStateRule) GetRequires

func (m *FilterStateRule) GetRequires() map[string]*JwtRequirement

func (*FilterStateRule) Marshal

func (m *FilterStateRule) Marshal() (dAtA []byte, err error)

func (*FilterStateRule) MarshalTo

func (m *FilterStateRule) MarshalTo(dAtA []byte) (int, error)

func (*FilterStateRule) ProtoMessage

func (*FilterStateRule) ProtoMessage()

func (*FilterStateRule) Reset

func (m *FilterStateRule) Reset()

func (*FilterStateRule) Size

func (m *FilterStateRule) Size() (n int)

func (*FilterStateRule) String

func (m *FilterStateRule) String() string

func (*FilterStateRule) Unmarshal

func (m *FilterStateRule) Unmarshal(dAtA []byte) error

func (*FilterStateRule) Validate

func (m *FilterStateRule) Validate() error

Validate checks the field values on FilterStateRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*FilterStateRule) XXX_DiscardUnknown

func (m *FilterStateRule) XXX_DiscardUnknown()

func (*FilterStateRule) XXX_Marshal

func (m *FilterStateRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FilterStateRule) XXX_Merge

func (m *FilterStateRule) XXX_Merge(src proto.Message)

func (*FilterStateRule) XXX_Size

func (m *FilterStateRule) XXX_Size() int

func (*FilterStateRule) XXX_Unmarshal

func (m *FilterStateRule) XXX_Unmarshal(b []byte) error

type FilterStateRuleValidationError

type FilterStateRuleValidationError struct {
	// contains filtered or unexported fields
}

FilterStateRuleValidationError is the validation error returned by FilterStateRule.Validate if the designated constraints aren't met.

func (FilterStateRuleValidationError) Cause

Cause function returns cause value.

func (FilterStateRuleValidationError) Error

Error satisfies the builtin error interface

func (FilterStateRuleValidationError) ErrorName

func (e FilterStateRuleValidationError) ErrorName() string

ErrorName returns error name.

func (FilterStateRuleValidationError) Field

Field function returns field value.

func (FilterStateRuleValidationError) Key

Key function returns key value.

func (FilterStateRuleValidationError) Reason

Reason function returns reason value.

type JwtAuthentication

type JwtAuthentication struct {
	// Map of provider names to JwtProviders.
	//
	// .. code-block:: yaml
	//
	//   providers:
	//     provider1:
	//        issuer: issuer1
	//        audiences:
	//        - audience1
	//        - audience2
	//        remote_jwks:
	//          http_uri:
	//            uri: https://example.com/.well-known/jwks.json
	//            cluster: example_jwks_cluster
	//      provider2:
	//        issuer: provider2
	//        local_jwks:
	//          inline_string: jwks_string
	//
	Providers map[string]*JwtProvider `` /* 159-byte string literal not displayed */
	// Specifies requirements based on the route matches. The first matched requirement will be
	// applied. If there are overlapped match conditions, please put the most specific match first.
	//
	// Examples
	//
	// .. code-block:: yaml
	//
	// rules:
	//   - match:
	//       prefix: /healthz
	//   - match:
	//       prefix: /baz
	//     requires:
	//       provider_name: provider1
	//   - match:
	//       prefix: /foo
	//     requires:
	//       requires_any:
	//         requirements:
	//           - provider_name: provider1
	//           - provider_name: provider2
	//   - match:
	//       prefix: /bar
	//     requires:
	//       requires_all:
	//         requirements:
	//           - provider_name: provider1
	//           - provider_name: provider2
	//
	Rules []*RequirementRule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
	// This message specifies Jwt requirements based on stream_info.filterState.
	// Other HTTP filters can use it to specify Jwt requirements dynamically.
	// The *rules* field above is checked first, if it could not find any matches,
	// check this one.
	FilterStateRules     *FilterStateRule `protobuf:"bytes,3,opt,name=filter_state_rules,json=filterStateRules,proto3" json:"filter_state_rules,omitempty"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

This is the Envoy HTTP filter config for JWT authentication.

For example:

.. code-block:: yaml

providers:
   provider1:
     issuer: issuer1
     audiences:
     - audience1
     - audience2
     remote_jwks:
       http_uri:
         uri: https://example.com/.well-known/jwks.json
         cluster: example_jwks_cluster
   provider2:
     issuer: issuer2
     local_jwks:
       inline_string: jwks_string

rules:
   # Not jwt verification is required for /health path
   - match:
       prefix: /health

   # Jwt verification for provider1 is required for path prefixed with "prefix"
   - match:
       prefix: /prefix
     requires:
       provider_name: provider1

   # Jwt verification for either provider1 or provider2 is required for all other requests.
   - match:
       prefix: /
     requires:
       requires_any:
         requirements:
           - provider_name: provider1
           - provider_name: provider2

func (*JwtAuthentication) Descriptor

func (*JwtAuthentication) Descriptor() ([]byte, []int)

func (*JwtAuthentication) GetFilterStateRules

func (m *JwtAuthentication) GetFilterStateRules() *FilterStateRule

func (*JwtAuthentication) GetProviders

func (m *JwtAuthentication) GetProviders() map[string]*JwtProvider

func (*JwtAuthentication) GetRules

func (m *JwtAuthentication) GetRules() []*RequirementRule

func (*JwtAuthentication) Marshal

func (m *JwtAuthentication) Marshal() (dAtA []byte, err error)

func (*JwtAuthentication) MarshalTo

func (m *JwtAuthentication) MarshalTo(dAtA []byte) (int, error)

func (*JwtAuthentication) ProtoMessage

func (*JwtAuthentication) ProtoMessage()

func (*JwtAuthentication) Reset

func (m *JwtAuthentication) Reset()

func (*JwtAuthentication) Size

func (m *JwtAuthentication) Size() (n int)

func (*JwtAuthentication) String

func (m *JwtAuthentication) String() string

func (*JwtAuthentication) Unmarshal

func (m *JwtAuthentication) Unmarshal(dAtA []byte) error

func (*JwtAuthentication) Validate

func (m *JwtAuthentication) Validate() error

Validate checks the field values on JwtAuthentication with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtAuthentication) XXX_DiscardUnknown

func (m *JwtAuthentication) XXX_DiscardUnknown()

func (*JwtAuthentication) XXX_Marshal

func (m *JwtAuthentication) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtAuthentication) XXX_Merge

func (m *JwtAuthentication) XXX_Merge(src proto.Message)

func (*JwtAuthentication) XXX_Size

func (m *JwtAuthentication) XXX_Size() int

func (*JwtAuthentication) XXX_Unmarshal

func (m *JwtAuthentication) XXX_Unmarshal(b []byte) error

type JwtAuthenticationValidationError

type JwtAuthenticationValidationError struct {
	// contains filtered or unexported fields
}

JwtAuthenticationValidationError is the validation error returned by JwtAuthentication.Validate if the designated constraints aren't met.

func (JwtAuthenticationValidationError) Cause

Cause function returns cause value.

func (JwtAuthenticationValidationError) Error

Error satisfies the builtin error interface

func (JwtAuthenticationValidationError) ErrorName

ErrorName returns error name.

func (JwtAuthenticationValidationError) Field

Field function returns field value.

func (JwtAuthenticationValidationError) Key

Key function returns key value.

func (JwtAuthenticationValidationError) Reason

Reason function returns reason value.

type JwtHeader

type JwtHeader struct {
	// The HTTP header name.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The value prefix. The value format is "value_prefix<token>"
	// For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the
	// end.
	ValuePrefix          string   `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

This message specifies a header location to extract JWT token.

func (*JwtHeader) Descriptor

func (*JwtHeader) Descriptor() ([]byte, []int)

func (*JwtHeader) GetName

func (m *JwtHeader) GetName() string

func (*JwtHeader) GetValuePrefix

func (m *JwtHeader) GetValuePrefix() string

func (*JwtHeader) Marshal

func (m *JwtHeader) Marshal() (dAtA []byte, err error)

func (*JwtHeader) MarshalTo

func (m *JwtHeader) MarshalTo(dAtA []byte) (int, error)

func (*JwtHeader) ProtoMessage

func (*JwtHeader) ProtoMessage()

func (*JwtHeader) Reset

func (m *JwtHeader) Reset()

func (*JwtHeader) Size

func (m *JwtHeader) Size() (n int)

func (*JwtHeader) String

func (m *JwtHeader) String() string

func (*JwtHeader) Unmarshal

func (m *JwtHeader) Unmarshal(dAtA []byte) error

func (*JwtHeader) Validate

func (m *JwtHeader) Validate() error

Validate checks the field values on JwtHeader with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtHeader) XXX_DiscardUnknown

func (m *JwtHeader) XXX_DiscardUnknown()

func (*JwtHeader) XXX_Marshal

func (m *JwtHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtHeader) XXX_Merge

func (m *JwtHeader) XXX_Merge(src proto.Message)

func (*JwtHeader) XXX_Size

func (m *JwtHeader) XXX_Size() int

func (*JwtHeader) XXX_Unmarshal

func (m *JwtHeader) XXX_Unmarshal(b []byte) error

type JwtHeaderValidationError

type JwtHeaderValidationError struct {
	// contains filtered or unexported fields
}

JwtHeaderValidationError is the validation error returned by JwtHeader.Validate if the designated constraints aren't met.

func (JwtHeaderValidationError) Cause

func (e JwtHeaderValidationError) Cause() error

Cause function returns cause value.

func (JwtHeaderValidationError) Error

func (e JwtHeaderValidationError) Error() string

Error satisfies the builtin error interface

func (JwtHeaderValidationError) ErrorName

func (e JwtHeaderValidationError) ErrorName() string

ErrorName returns error name.

func (JwtHeaderValidationError) Field

func (e JwtHeaderValidationError) Field() string

Field function returns field value.

func (JwtHeaderValidationError) Key

Key function returns key value.

func (JwtHeaderValidationError) Reason

func (e JwtHeaderValidationError) Reason() string

Reason function returns reason value.

type JwtProvider

type JwtProvider struct {
	// Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
	// the JWT, usually a URL or an email address.
	//
	// Example: https://securetoken.google.com
	// Example: 1234567-compute@developer.gserviceaccount.com
	//
	Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
	// allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
	// will not check audiences in the token.
	//
	// Example:
	//
	// .. code-block:: yaml
	//
	//     audiences:
	//     - bookstore_android.apps.googleusercontent.com
	//     - bookstore_web.apps.googleusercontent.com
	//
	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
	// `JSON Web Key Set (JWKS) <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed to
	// validate signature of a JWT. This field specifies where to fetch JWKS.
	//
	// Types that are valid to be assigned to JwksSourceSpecifier:
	//	*JwtProvider_RemoteJwks
	//	*JwtProvider_LocalJwks
	JwksSourceSpecifier isJwtProvider_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"`
	// If false, the JWT is removed in the request after a success verification. If true, the JWT is
	// not removed in the request. Default value is false.
	Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"`
	// Two fields below define where to extract the JWT from an HTTP request.
	//
	// If no explicit location is specified, the following default locations are tried in order:
	//
	// 1. The Authorization header using the `Bearer schema
	// <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
	//
	//    Authorization: Bearer <token>.
	//
	// 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
	//
	// Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
	// its provider specified or from the default locations.
	//
	// Specify the HTTP headers to extract JWT token. For examples, following config:
	//
	// .. code-block:: yaml
	//
	//   from_headers:
	//   - name: x-goog-iap-jwt-assertion
	//
	// can be used to extract token from header::
	//
	//   x-goog-iap-jwt-assertion: <JWT>.
	//
	FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders,proto3" json:"from_headers,omitempty"`
	// JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
	//
	// For example, if config is:
	//
	// .. code-block:: yaml
	//
	//   from_params:
	//   - jwt_token
	//
	// The JWT format in query parameter is::
	//
	//    /path?jwt_token=<JWT>
	//
	FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams,proto3" json:"from_params,omitempty"`
	// This field specifies the header name to forward a successfully verified JWT payload to the
	// backend. The forwarded data is::
	//
	//    base64_encoded(jwt_payload_in_JSON)
	//
	// If it is not specified, the payload will not be forwarded.
	ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"`
	// If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
	// in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
	// The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
	// and the value is the *protobuf::Struct* converted from JWT JSON payload.
	//
	// For example, if payload_in_metadata is *my_payload*:
	//
	// .. code-block:: yaml
	//
	//   envoy.filters.http.jwt_authn:
	//     my_payload:
	//       iss: https://example.com
	//       sub: test@example.com
	//       aud: https://example.com
	//       exp: 1501281058
	//
	PayloadInMetadata    string   `protobuf:"bytes,9,opt,name=payload_in_metadata,json=payloadInMetadata,proto3" json:"payload_in_metadata,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Please see following for JWT authentication flow:

* `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_ * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_ * `OpenID Connect <http://openid.net/connect>`_

A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:

* issuer: the principal that issues the JWT. It has to match the one from the token. * allowed audiences: the ones in the token have to be listed here. * how to fetch public key JWKS to verify the token signature. * how to extract JWT token in the request. * how to pass successfully verified token payload.

Example:

.. code-block:: yaml

issuer: https://example.com
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
remote_jwks:
  http_uri:
    uri: https://example.com/.well-known/jwks.json
    cluster: example_jwks_cluster
  cache_duration:
    seconds: 300

func (*JwtProvider) Descriptor

func (*JwtProvider) Descriptor() ([]byte, []int)

func (*JwtProvider) GetAudiences

func (m *JwtProvider) GetAudiences() []string

func (*JwtProvider) GetForward

func (m *JwtProvider) GetForward() bool

func (*JwtProvider) GetForwardPayloadHeader

func (m *JwtProvider) GetForwardPayloadHeader() string

func (*JwtProvider) GetFromHeaders

func (m *JwtProvider) GetFromHeaders() []*JwtHeader

func (*JwtProvider) GetFromParams

func (m *JwtProvider) GetFromParams() []string

func (*JwtProvider) GetIssuer

func (m *JwtProvider) GetIssuer() string

func (*JwtProvider) GetJwksSourceSpecifier

func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier

func (*JwtProvider) GetLocalJwks

func (m *JwtProvider) GetLocalJwks() *core.DataSource

func (*JwtProvider) GetPayloadInMetadata

func (m *JwtProvider) GetPayloadInMetadata() string

func (*JwtProvider) GetRemoteJwks

func (m *JwtProvider) GetRemoteJwks() *RemoteJwks

func (*JwtProvider) Marshal

func (m *JwtProvider) Marshal() (dAtA []byte, err error)

func (*JwtProvider) MarshalTo

func (m *JwtProvider) MarshalTo(dAtA []byte) (int, error)

func (*JwtProvider) ProtoMessage

func (*JwtProvider) ProtoMessage()

func (*JwtProvider) Reset

func (m *JwtProvider) Reset()

func (*JwtProvider) Size

func (m *JwtProvider) Size() (n int)

func (*JwtProvider) String

func (m *JwtProvider) String() string

func (*JwtProvider) Unmarshal

func (m *JwtProvider) Unmarshal(dAtA []byte) error

func (*JwtProvider) Validate

func (m *JwtProvider) Validate() error

Validate checks the field values on JwtProvider with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtProvider) XXX_DiscardUnknown

func (m *JwtProvider) XXX_DiscardUnknown()

func (*JwtProvider) XXX_Marshal

func (m *JwtProvider) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtProvider) XXX_Merge

func (m *JwtProvider) XXX_Merge(src proto.Message)

func (*JwtProvider) XXX_OneofFuncs

func (*JwtProvider) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*JwtProvider) XXX_Size

func (m *JwtProvider) XXX_Size() int

func (*JwtProvider) XXX_Unmarshal

func (m *JwtProvider) XXX_Unmarshal(b []byte) error

type JwtProviderValidationError

type JwtProviderValidationError struct {
	// contains filtered or unexported fields
}

JwtProviderValidationError is the validation error returned by JwtProvider.Validate if the designated constraints aren't met.

func (JwtProviderValidationError) Cause

Cause function returns cause value.

func (JwtProviderValidationError) Error

Error satisfies the builtin error interface

func (JwtProviderValidationError) ErrorName

func (e JwtProviderValidationError) ErrorName() string

ErrorName returns error name.

func (JwtProviderValidationError) Field

Field function returns field value.

func (JwtProviderValidationError) Key

Key function returns key value.

func (JwtProviderValidationError) Reason

Reason function returns reason value.

type JwtProvider_LocalJwks

type JwtProvider_LocalJwks struct {
	LocalJwks *core.DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,proto3,oneof"`
}

func (*JwtProvider_LocalJwks) MarshalTo

func (m *JwtProvider_LocalJwks) MarshalTo(dAtA []byte) (int, error)

func (*JwtProvider_LocalJwks) Size

func (m *JwtProvider_LocalJwks) Size() (n int)

type JwtProvider_RemoteJwks

type JwtProvider_RemoteJwks struct {
	RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"`
}

func (*JwtProvider_RemoteJwks) MarshalTo

func (m *JwtProvider_RemoteJwks) MarshalTo(dAtA []byte) (int, error)

func (*JwtProvider_RemoteJwks) Size

func (m *JwtProvider_RemoteJwks) Size() (n int)

type JwtRequirement

type JwtRequirement struct {
	// Types that are valid to be assigned to RequiresType:
	//	*JwtRequirement_ProviderName
	//	*JwtRequirement_ProviderAndAudiences
	//	*JwtRequirement_RequiresAny
	//	*JwtRequirement_RequiresAll
	//	*JwtRequirement_AllowMissingOrFailed
	RequiresType         isJwtRequirement_RequiresType `protobuf_oneof:"requires_type"`
	XXX_NoUnkeyedLiteral struct{}                      `json:"-"`
	XXX_unrecognized     []byte                        `json:"-"`
	XXX_sizecache        int32                         `json:"-"`
}

This message specifies a Jwt requirement. An empty message means JWT verification is not required. Here are some config examples:

.. code-block:: yaml

# Example 1: not required with an empty message

# Example 2: require A
provider_name: provider-A

# Example 3: require A or B
requires_any:
  requirements:
    - provider_name: provider-A
    - provider_name: provider-B

# Example 4: require A and B
requires_all:
  requirements:
    - provider_name: provider-A
    - provider_name: provider-B

# Example 5: require A and (B or C)
requires_all:
  requirements:
    - provider_name: provider-A
    - requires_any:
      requirements:
        - provider_name: provider-B
        - provider_name: provider-C

# Example 6: require A or (B and C)
requires_any:
  requirements:
    - provider_name: provider-A
    - requires_all:
      requirements:
        - provider_name: provider-B
        - provider_name: provider-C

func (*JwtRequirement) Descriptor

func (*JwtRequirement) Descriptor() ([]byte, []int)

func (*JwtRequirement) GetAllowMissingOrFailed

func (m *JwtRequirement) GetAllowMissingOrFailed() *types.Empty

func (*JwtRequirement) GetProviderAndAudiences

func (m *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences

func (*JwtRequirement) GetProviderName

func (m *JwtRequirement) GetProviderName() string

func (*JwtRequirement) GetRequiresAll

func (m *JwtRequirement) GetRequiresAll() *JwtRequirementAndList

func (*JwtRequirement) GetRequiresAny

func (m *JwtRequirement) GetRequiresAny() *JwtRequirementOrList

func (*JwtRequirement) GetRequiresType

func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType

func (*JwtRequirement) Marshal

func (m *JwtRequirement) Marshal() (dAtA []byte, err error)

func (*JwtRequirement) MarshalTo

func (m *JwtRequirement) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement) ProtoMessage

func (*JwtRequirement) ProtoMessage()

func (*JwtRequirement) Reset

func (m *JwtRequirement) Reset()

func (*JwtRequirement) Size

func (m *JwtRequirement) Size() (n int)

func (*JwtRequirement) String

func (m *JwtRequirement) String() string

func (*JwtRequirement) Unmarshal

func (m *JwtRequirement) Unmarshal(dAtA []byte) error

func (*JwtRequirement) Validate

func (m *JwtRequirement) Validate() error

Validate checks the field values on JwtRequirement with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtRequirement) XXX_DiscardUnknown

func (m *JwtRequirement) XXX_DiscardUnknown()

func (*JwtRequirement) XXX_Marshal

func (m *JwtRequirement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtRequirement) XXX_Merge

func (m *JwtRequirement) XXX_Merge(src proto.Message)

func (*JwtRequirement) XXX_OneofFuncs

func (*JwtRequirement) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*JwtRequirement) XXX_Size

func (m *JwtRequirement) XXX_Size() int

func (*JwtRequirement) XXX_Unmarshal

func (m *JwtRequirement) XXX_Unmarshal(b []byte) error

type JwtRequirementAndList

type JwtRequirementAndList struct {
	// Specify a list of JwtRequirement.
	Requirements         []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

This message specifies a list of RequiredProvider. Their results are AND-ed; all of them must pass, if one of them fails or missing, it fails.

func (*JwtRequirementAndList) Descriptor

func (*JwtRequirementAndList) Descriptor() ([]byte, []int)

func (*JwtRequirementAndList) GetRequirements

func (m *JwtRequirementAndList) GetRequirements() []*JwtRequirement

func (*JwtRequirementAndList) Marshal

func (m *JwtRequirementAndList) Marshal() (dAtA []byte, err error)

func (*JwtRequirementAndList) MarshalTo

func (m *JwtRequirementAndList) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirementAndList) ProtoMessage

func (*JwtRequirementAndList) ProtoMessage()

func (*JwtRequirementAndList) Reset

func (m *JwtRequirementAndList) Reset()

func (*JwtRequirementAndList) Size

func (m *JwtRequirementAndList) Size() (n int)

func (*JwtRequirementAndList) String

func (m *JwtRequirementAndList) String() string

func (*JwtRequirementAndList) Unmarshal

func (m *JwtRequirementAndList) Unmarshal(dAtA []byte) error

func (*JwtRequirementAndList) Validate

func (m *JwtRequirementAndList) Validate() error

Validate checks the field values on JwtRequirementAndList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtRequirementAndList) XXX_DiscardUnknown

func (m *JwtRequirementAndList) XXX_DiscardUnknown()

func (*JwtRequirementAndList) XXX_Marshal

func (m *JwtRequirementAndList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtRequirementAndList) XXX_Merge

func (m *JwtRequirementAndList) XXX_Merge(src proto.Message)

func (*JwtRequirementAndList) XXX_Size

func (m *JwtRequirementAndList) XXX_Size() int

func (*JwtRequirementAndList) XXX_Unmarshal

func (m *JwtRequirementAndList) XXX_Unmarshal(b []byte) error

type JwtRequirementAndListValidationError

type JwtRequirementAndListValidationError struct {
	// contains filtered or unexported fields
}

JwtRequirementAndListValidationError is the validation error returned by JwtRequirementAndList.Validate if the designated constraints aren't met.

func (JwtRequirementAndListValidationError) Cause

Cause function returns cause value.

func (JwtRequirementAndListValidationError) Error

Error satisfies the builtin error interface

func (JwtRequirementAndListValidationError) ErrorName

ErrorName returns error name.

func (JwtRequirementAndListValidationError) Field

Field function returns field value.

func (JwtRequirementAndListValidationError) Key

Key function returns key value.

func (JwtRequirementAndListValidationError) Reason

Reason function returns reason value.

type JwtRequirementOrList

type JwtRequirementOrList struct {
	// Specify a list of JwtRequirement.
	Requirements         []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements,proto3" json:"requirements,omitempty"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

This message specifies a list of RequiredProvider. Their results are OR-ed; if any one of them passes, the result is passed

func (*JwtRequirementOrList) Descriptor

func (*JwtRequirementOrList) Descriptor() ([]byte, []int)

func (*JwtRequirementOrList) GetRequirements

func (m *JwtRequirementOrList) GetRequirements() []*JwtRequirement

func (*JwtRequirementOrList) Marshal

func (m *JwtRequirementOrList) Marshal() (dAtA []byte, err error)

func (*JwtRequirementOrList) MarshalTo

func (m *JwtRequirementOrList) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirementOrList) ProtoMessage

func (*JwtRequirementOrList) ProtoMessage()

func (*JwtRequirementOrList) Reset

func (m *JwtRequirementOrList) Reset()

func (*JwtRequirementOrList) Size

func (m *JwtRequirementOrList) Size() (n int)

func (*JwtRequirementOrList) String

func (m *JwtRequirementOrList) String() string

func (*JwtRequirementOrList) Unmarshal

func (m *JwtRequirementOrList) Unmarshal(dAtA []byte) error

func (*JwtRequirementOrList) Validate

func (m *JwtRequirementOrList) Validate() error

Validate checks the field values on JwtRequirementOrList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtRequirementOrList) XXX_DiscardUnknown

func (m *JwtRequirementOrList) XXX_DiscardUnknown()

func (*JwtRequirementOrList) XXX_Marshal

func (m *JwtRequirementOrList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtRequirementOrList) XXX_Merge

func (m *JwtRequirementOrList) XXX_Merge(src proto.Message)

func (*JwtRequirementOrList) XXX_Size

func (m *JwtRequirementOrList) XXX_Size() int

func (*JwtRequirementOrList) XXX_Unmarshal

func (m *JwtRequirementOrList) XXX_Unmarshal(b []byte) error

type JwtRequirementOrListValidationError

type JwtRequirementOrListValidationError struct {
	// contains filtered or unexported fields
}

JwtRequirementOrListValidationError is the validation error returned by JwtRequirementOrList.Validate if the designated constraints aren't met.

func (JwtRequirementOrListValidationError) Cause

Cause function returns cause value.

func (JwtRequirementOrListValidationError) Error

Error satisfies the builtin error interface

func (JwtRequirementOrListValidationError) ErrorName

ErrorName returns error name.

func (JwtRequirementOrListValidationError) Field

Field function returns field value.

func (JwtRequirementOrListValidationError) Key

Key function returns key value.

func (JwtRequirementOrListValidationError) Reason

Reason function returns reason value.

type JwtRequirementValidationError

type JwtRequirementValidationError struct {
	// contains filtered or unexported fields
}

JwtRequirementValidationError is the validation error returned by JwtRequirement.Validate if the designated constraints aren't met.

func (JwtRequirementValidationError) Cause

Cause function returns cause value.

func (JwtRequirementValidationError) Error

Error satisfies the builtin error interface

func (JwtRequirementValidationError) ErrorName

func (e JwtRequirementValidationError) ErrorName() string

ErrorName returns error name.

func (JwtRequirementValidationError) Field

Field function returns field value.

func (JwtRequirementValidationError) Key

Key function returns key value.

func (JwtRequirementValidationError) Reason

Reason function returns reason value.

type JwtRequirement_AllowMissingOrFailed

type JwtRequirement_AllowMissingOrFailed struct {
	AllowMissingOrFailed *types.Empty `protobuf:"bytes,5,opt,name=allow_missing_or_failed,json=allowMissingOrFailed,proto3,oneof"`
}

func (*JwtRequirement_AllowMissingOrFailed) MarshalTo

func (m *JwtRequirement_AllowMissingOrFailed) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_AllowMissingOrFailed) Size

type JwtRequirement_ProviderAndAudiences

type JwtRequirement_ProviderAndAudiences struct {
	ProviderAndAudiences *ProviderWithAudiences `protobuf:"bytes,2,opt,name=provider_and_audiences,json=providerAndAudiences,proto3,oneof"`
}

func (*JwtRequirement_ProviderAndAudiences) MarshalTo

func (m *JwtRequirement_ProviderAndAudiences) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_ProviderAndAudiences) Size

type JwtRequirement_ProviderName

type JwtRequirement_ProviderName struct {
	ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3,oneof"`
}

func (*JwtRequirement_ProviderName) MarshalTo

func (m *JwtRequirement_ProviderName) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_ProviderName) Size

func (m *JwtRequirement_ProviderName) Size() (n int)

type JwtRequirement_RequiresAll

type JwtRequirement_RequiresAll struct {
	RequiresAll *JwtRequirementAndList `protobuf:"bytes,4,opt,name=requires_all,json=requiresAll,proto3,oneof"`
}

func (*JwtRequirement_RequiresAll) MarshalTo

func (m *JwtRequirement_RequiresAll) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_RequiresAll) Size

func (m *JwtRequirement_RequiresAll) Size() (n int)

type JwtRequirement_RequiresAny

type JwtRequirement_RequiresAny struct {
	RequiresAny *JwtRequirementOrList `protobuf:"bytes,3,opt,name=requires_any,json=requiresAny,proto3,oneof"`
}

func (*JwtRequirement_RequiresAny) MarshalTo

func (m *JwtRequirement_RequiresAny) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_RequiresAny) Size

func (m *JwtRequirement_RequiresAny) Size() (n int)

type ProviderWithAudiences

type ProviderWithAudiences struct {
	// Specify a required provider name.
	ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"`
	// This field overrides the one specified in the JwtProvider.
	Audiences            []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Specify a required provider with audiences.

func (*ProviderWithAudiences) Descriptor

func (*ProviderWithAudiences) Descriptor() ([]byte, []int)

func (*ProviderWithAudiences) GetAudiences

func (m *ProviderWithAudiences) GetAudiences() []string

func (*ProviderWithAudiences) GetProviderName

func (m *ProviderWithAudiences) GetProviderName() string

func (*ProviderWithAudiences) Marshal

func (m *ProviderWithAudiences) Marshal() (dAtA []byte, err error)

func (*ProviderWithAudiences) MarshalTo

func (m *ProviderWithAudiences) MarshalTo(dAtA []byte) (int, error)

func (*ProviderWithAudiences) ProtoMessage

func (*ProviderWithAudiences) ProtoMessage()

func (*ProviderWithAudiences) Reset

func (m *ProviderWithAudiences) Reset()

func (*ProviderWithAudiences) Size

func (m *ProviderWithAudiences) Size() (n int)

func (*ProviderWithAudiences) String

func (m *ProviderWithAudiences) String() string

func (*ProviderWithAudiences) Unmarshal

func (m *ProviderWithAudiences) Unmarshal(dAtA []byte) error

func (*ProviderWithAudiences) Validate

func (m *ProviderWithAudiences) Validate() error

Validate checks the field values on ProviderWithAudiences with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*ProviderWithAudiences) XXX_DiscardUnknown

func (m *ProviderWithAudiences) XXX_DiscardUnknown()

func (*ProviderWithAudiences) XXX_Marshal

func (m *ProviderWithAudiences) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ProviderWithAudiences) XXX_Merge

func (m *ProviderWithAudiences) XXX_Merge(src proto.Message)

func (*ProviderWithAudiences) XXX_Size

func (m *ProviderWithAudiences) XXX_Size() int

func (*ProviderWithAudiences) XXX_Unmarshal

func (m *ProviderWithAudiences) XXX_Unmarshal(b []byte) error

type ProviderWithAudiencesValidationError

type ProviderWithAudiencesValidationError struct {
	// contains filtered or unexported fields
}

ProviderWithAudiencesValidationError is the validation error returned by ProviderWithAudiences.Validate if the designated constraints aren't met.

func (ProviderWithAudiencesValidationError) Cause

Cause function returns cause value.

func (ProviderWithAudiencesValidationError) Error

Error satisfies the builtin error interface

func (ProviderWithAudiencesValidationError) ErrorName

ErrorName returns error name.

func (ProviderWithAudiencesValidationError) Field

Field function returns field value.

func (ProviderWithAudiencesValidationError) Key

Key function returns key value.

func (ProviderWithAudiencesValidationError) Reason

Reason function returns reason value.

type RemoteJwks

type RemoteJwks struct {
	// The HTTP URI to fetch the JWKS. For example:
	//
	// .. code-block:: yaml
	//
	//    http_uri:
	//      uri: https://www.googleapis.com/oauth2/v1/certs
	//      cluster: jwt.www.googleapis.com|443
	//
	HttpUri *core.HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri,proto3" json:"http_uri,omitempty"`
	// Duration after which the cached JWKS should be expired. If not specified, default cache
	// duration is 5 minutes.
	CacheDuration        *types.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

This message specifies how to fetch JWKS from remote and how to cache it.

func (*RemoteJwks) Descriptor

func (*RemoteJwks) Descriptor() ([]byte, []int)

func (*RemoteJwks) GetCacheDuration

func (m *RemoteJwks) GetCacheDuration() *types.Duration

func (*RemoteJwks) GetHttpUri

func (m *RemoteJwks) GetHttpUri() *core.HttpUri

func (*RemoteJwks) Marshal

func (m *RemoteJwks) Marshal() (dAtA []byte, err error)

func (*RemoteJwks) MarshalTo

func (m *RemoteJwks) MarshalTo(dAtA []byte) (int, error)

func (*RemoteJwks) ProtoMessage

func (*RemoteJwks) ProtoMessage()

func (*RemoteJwks) Reset

func (m *RemoteJwks) Reset()

func (*RemoteJwks) Size

func (m *RemoteJwks) Size() (n int)

func (*RemoteJwks) String

func (m *RemoteJwks) String() string

func (*RemoteJwks) Unmarshal

func (m *RemoteJwks) Unmarshal(dAtA []byte) error

func (*RemoteJwks) Validate

func (m *RemoteJwks) Validate() error

Validate checks the field values on RemoteJwks with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*RemoteJwks) XXX_DiscardUnknown

func (m *RemoteJwks) XXX_DiscardUnknown()

func (*RemoteJwks) XXX_Marshal

func (m *RemoteJwks) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RemoteJwks) XXX_Merge

func (m *RemoteJwks) XXX_Merge(src proto.Message)

func (*RemoteJwks) XXX_Size

func (m *RemoteJwks) XXX_Size() int

func (*RemoteJwks) XXX_Unmarshal

func (m *RemoteJwks) XXX_Unmarshal(b []byte) error

type RemoteJwksValidationError

type RemoteJwksValidationError struct {
	// contains filtered or unexported fields
}

RemoteJwksValidationError is the validation error returned by RemoteJwks.Validate if the designated constraints aren't met.

func (RemoteJwksValidationError) Cause

func (e RemoteJwksValidationError) Cause() error

Cause function returns cause value.

func (RemoteJwksValidationError) Error

Error satisfies the builtin error interface

func (RemoteJwksValidationError) ErrorName

func (e RemoteJwksValidationError) ErrorName() string

ErrorName returns error name.

func (RemoteJwksValidationError) Field

Field function returns field value.

func (RemoteJwksValidationError) Key

Key function returns key value.

func (RemoteJwksValidationError) Reason

func (e RemoteJwksValidationError) Reason() string

Reason function returns reason value.

type RequirementRule

type RequirementRule struct {
	// The route matching parameter. Only when the match is satisfied, the "requires" field will
	// apply.
	//
	// For example: following match will match all requests.
	//
	// .. code-block:: yaml
	//
	//    match:
	//      prefix: /
	//
	Match *route.RouteMatch `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"`
	// Specify a Jwt Requirement. Please detail comment in message JwtRequirement.
	Requires             *JwtRequirement `protobuf:"bytes,2,opt,name=requires,proto3" json:"requires,omitempty"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

This message specifies a Jwt requirement for a specific Route condition. Example 1:

.. code-block:: yaml

- match:
    prefix: /healthz

In above example, "requires" field is empty for /healthz prefix match, it means that requests matching the path prefix don't require JWT authentication.

Example 2:

.. code-block:: yaml

- match:
    prefix: /
  requires: { provider_name: provider-A }

In above example, all requests matched the path prefix require jwt authentication from "provider-A".

func (*RequirementRule) Descriptor

func (*RequirementRule) Descriptor() ([]byte, []int)

func (*RequirementRule) GetMatch

func (m *RequirementRule) GetMatch() *route.RouteMatch

func (*RequirementRule) GetRequires

func (m *RequirementRule) GetRequires() *JwtRequirement

func (*RequirementRule) Marshal

func (m *RequirementRule) Marshal() (dAtA []byte, err error)

func (*RequirementRule) MarshalTo

func (m *RequirementRule) MarshalTo(dAtA []byte) (int, error)

func (*RequirementRule) ProtoMessage

func (*RequirementRule) ProtoMessage()

func (*RequirementRule) Reset

func (m *RequirementRule) Reset()

func (*RequirementRule) Size

func (m *RequirementRule) Size() (n int)

func (*RequirementRule) String

func (m *RequirementRule) String() string

func (*RequirementRule) Unmarshal

func (m *RequirementRule) Unmarshal(dAtA []byte) error

func (*RequirementRule) Validate

func (m *RequirementRule) Validate() error

Validate checks the field values on RequirementRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*RequirementRule) XXX_DiscardUnknown

func (m *RequirementRule) XXX_DiscardUnknown()

func (*RequirementRule) XXX_Marshal

func (m *RequirementRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RequirementRule) XXX_Merge

func (m *RequirementRule) XXX_Merge(src proto.Message)

func (*RequirementRule) XXX_Size

func (m *RequirementRule) XXX_Size() int

func (*RequirementRule) XXX_Unmarshal

func (m *RequirementRule) XXX_Unmarshal(b []byte) error

type RequirementRuleValidationError

type RequirementRuleValidationError struct {
	// contains filtered or unexported fields
}

RequirementRuleValidationError is the validation error returned by RequirementRule.Validate if the designated constraints aren't met.

func (RequirementRuleValidationError) Cause

Cause function returns cause value.

func (RequirementRuleValidationError) Error

Error satisfies the builtin error interface

func (RequirementRuleValidationError) ErrorName

func (e RequirementRuleValidationError) ErrorName() string

ErrorName returns error name.

func (RequirementRuleValidationError) Field

Field function returns field value.

func (RequirementRuleValidationError) Key

Key function returns key value.

func (RequirementRuleValidationError) Reason

Reason function returns reason value.