v1

package
v1.8.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 29, 2021 License: Apache-2.0 Imports: 55 Imported by: 13

Documentation

Index

Constants

View Source 
const ExtAuthConfigType = resource.TypePrefix + "/enterprise.gloo.solo.io.ExtAuthConfig"

Variables

View Source 
var (
	Settings_ApiVersion_name = map[int32]string{
		0: "V3",
	}
	Settings_ApiVersion_value = map[string]int32{
		"V3": 0,
	}
)

Enum value maps for Settings_ApiVersion.

View Source 
var (
	AuthConfigCrd = crd.NewCrd(
		"authconfigs",
		AuthConfigGVK.Group,
		AuthConfigGVK.Version,
		AuthConfigGVK.Kind,
		"ac",
		false,
		&AuthConfig{})
)
View Source 
var (
	AuthConfigGVK = schema.GroupVersionKind{
		Version: "v1",
		Group:   "enterprise.gloo.solo.io",
		Kind:    "AuthConfig",
	}
)
View Source 
var ExtAuthConfigTypeRecord = client.NewTypeRecord(
	ExtAuthConfigType,

	func() cache.ResourceProto { return &ExtAuthConfig{} },

	func(r cache.ResourceProto) cache.Resource {
		return &ExtAuthConfigXdsResourceWrapper{Resource: r.(*ExtAuthConfig)}
	},
)

Define a type record. This is used by the generic client library.

View Source 
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_extauth_v1_extauth_proto protoreflect.FileDescriptor

Functions

func NewEnterpriseEventLoop added in v1.3.33 

func NewEnterpriseEventLoop(emitter EnterpriseSnapshotEmitter, syncer EnterpriseSyncer) eventloop.EventLoop

func NewEnterpriseSimpleEventLoop added in v1.3.33 

func NewEnterpriseSimpleEventLoop(emitter EnterpriseSimpleEmitter, syncers ...EnterpriseSyncer) eventloop.SimpleEventLoop

func NewExtAuthConfigClient 

func NewExtAuthConfigClient(nodeinfo *core.Node, typedApply ApplyExtAuthConfig) client.Client

func RegisterExtAuthDiscoveryServiceServer 

func RegisterExtAuthDiscoveryServiceServer(s *grpc.Server, srv ExtAuthDiscoveryServiceServer)

Types

type AccessTokenValidation added in v1.5.0 

type AccessTokenValidation struct {

	// Types that are assignable to ValidationType:
	//	*AccessTokenValidation_IntrospectionUrl
	//	*AccessTokenValidation_Jwt
	//	*AccessTokenValidation_Introspection
	ValidationType isAccessTokenValidation_ValidationType `protobuf_oneof:"validation_type"`
	// The URL for the OIDC userinfo endpoint.
	// If provided, the (opaque) access token provided or received from the oauth endpoint
	// will be queried and the userinfo response (or cached response) will be added to the
	// `AuthorizationRequest` state under the "introspection" key.
	// This can be useful to leverage the userinfo response in, for example, an external auth server plugin.
	UserinfoUrl string `protobuf:"bytes,4,opt,name=userinfo_url,json=userinfoUrl,proto3" json:"userinfo_url,omitempty"`
	// How long the token introspection and userinfo endpoint response for a specific access token should be kept
	// in the in-memory cache. The result will be invalidated at this timeout, or at "exp" time from the introspection
	// result, whichever comes sooner. If omitted, defaults to 10 minutes. If zero, then no caching will be done.
	CacheTimeout *duration.Duration `protobuf:"bytes,5,opt,name=cache_timeout,json=cacheTimeout,proto3" json:"cache_timeout,omitempty"`
	// Optional criteria for validating the scopes of a token.
	//
	// Types that are assignable to ScopeValidation:
	//	*AccessTokenValidation_RequiredScopes
	ScopeValidation isAccessTokenValidation_ScopeValidation `protobuf_oneof:"scope_validation"`
	// contains filtered or unexported fields
}

func (*AccessTokenValidation) Descriptor deprecated added in v1.5.0 

func (*AccessTokenValidation) Descriptor() ([]byte, []int)

Deprecated: Use AccessTokenValidation.ProtoReflect.Descriptor instead.

func (*AccessTokenValidation) Equal added in v1.5.0 

func (m *AccessTokenValidation) Equal(that interface{}) bool

Equal function

func (*AccessTokenValidation) GetCacheTimeout added in v1.5.0 

func (x *AccessTokenValidation) GetCacheTimeout() *duration.Duration

func (*AccessTokenValidation) GetIntrospection added in v1.7.0 

func (x *AccessTokenValidation) GetIntrospection() *AccessTokenValidation_IntrospectionValidation

func (*AccessTokenValidation) GetIntrospectionUrl deprecated added in v1.5.0 

func (x *AccessTokenValidation) GetIntrospectionUrl() string

Deprecated: Do not use.

func (*AccessTokenValidation) GetJwt added in v1.6.11 

func (x *AccessTokenValidation) GetJwt() *AccessTokenValidation_JwtValidation

func (*AccessTokenValidation) GetRequiredScopes added in v1.6.11 

func (x *AccessTokenValidation) GetRequiredScopes() *AccessTokenValidation_ScopeList

func (*AccessTokenValidation) GetScopeValidation added in v1.6.11 

func (m *AccessTokenValidation) GetScopeValidation() isAccessTokenValidation_ScopeValidation

func (*AccessTokenValidation) GetUserinfoUrl added in v1.5.0 

func (x *AccessTokenValidation) GetUserinfoUrl() string

func (*AccessTokenValidation) GetValidationType added in v1.5.0 

func (m *AccessTokenValidation) GetValidationType() isAccessTokenValidation_ValidationType

func (*AccessTokenValidation) Hash added in v1.5.0 

func (m *AccessTokenValidation) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AccessTokenValidation) ProtoMessage added in v1.5.0 

func (*AccessTokenValidation) ProtoMessage()

func (*AccessTokenValidation) ProtoReflect added in v1.6.0 

func (x *AccessTokenValidation) ProtoReflect() protoreflect.Message

func (*AccessTokenValidation) Reset added in v1.5.0 

func (x *AccessTokenValidation) Reset()

func (*AccessTokenValidation) String added in v1.5.0 

func (x *AccessTokenValidation) String() string

type AccessTokenValidation_Introspection added in v1.7.0 

type AccessTokenValidation_Introspection struct {
	// Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated
	// [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) specification.
	Introspection *AccessTokenValidation_IntrospectionValidation `protobuf:"bytes,3,opt,name=introspection,proto3,oneof"`
}

type AccessTokenValidation_IntrospectionUrl added in v1.5.0 

type AccessTokenValidation_IntrospectionUrl struct {
	// The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint.
	// If provided, the (opaque) access token provided or received from the oauth authorization endpoint
	// will be validated against this endpoint, or locally cached responses for this access token.
	// This field is deprecated as it does not support authenticated introspection requests
	//
	// Deprecated: Do not use.
	IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3,oneof"`
}

type AccessTokenValidation_IntrospectionValidation added in v1.7.0 

type AccessTokenValidation_IntrospectionValidation struct {

	// The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint.
	// If provided, the (opaque) access token provided or received from the oauth authorization endpoint
	// will be validated against this endpoint, or locally cached responses for this access token.
	IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3" json:"introspection_url,omitempty"`
	// Your client id as registered with the issuer.
	// Optional: Use if the token introspection url requires client authentication.
	ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// Your client secret as registered with the issuer.
	// Optional: Use if the token introspection url requires client authentication.
	ClientSecretRef *core.ResourceRef `protobuf:"bytes,3,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"`
	// The name of the [introspection response](https://tools.ietf.org/html/rfc7662#section-2.2)
	// attribute that contains the ID of the resource owner (e.g. `sub`, `username`).
	// If specified, the external auth server will use the value of the attribute as the identifier of the
	// authenticated user and add it to the request headers and/or dynamic metadata (depending on how the
	// server is configured); if the field is set and the attribute cannot be found, the request will be denied.
	// This field is optional and by default the server will not try to derive the user ID.
	UserIdAttributeName string `protobuf:"bytes,4,opt,name=user_id_attribute_name,json=userIdAttributeName,proto3" json:"user_id_attribute_name,omitempty"`
	// contains filtered or unexported fields
}

Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)

If the token introspection url requires client authentication, both the client_id and client_secret are required. If only one is provided, the config will be rejected. These values will be encoded in a basic auth header in order to authenticate the client.

func (*AccessTokenValidation_IntrospectionValidation) Descriptor deprecated added in v1.7.0 

func (*AccessTokenValidation_IntrospectionValidation) Descriptor() ([]byte, []int)

Deprecated: Use AccessTokenValidation_IntrospectionValidation.ProtoReflect.Descriptor instead.

func (*AccessTokenValidation_IntrospectionValidation) Equal added in v1.7.0 

func (m *AccessTokenValidation_IntrospectionValidation) Equal(that interface{}) bool

Equal function

func (*AccessTokenValidation_IntrospectionValidation) GetClientId added in v1.7.0 

func (x *AccessTokenValidation_IntrospectionValidation) GetClientId() string

func (*AccessTokenValidation_IntrospectionValidation) GetClientSecretRef added in v1.7.0 

func (x *AccessTokenValidation_IntrospectionValidation) GetClientSecretRef() *core.ResourceRef

func (*AccessTokenValidation_IntrospectionValidation) GetIntrospectionUrl added in v1.7.0 

func (x *AccessTokenValidation_IntrospectionValidation) GetIntrospectionUrl() string

func (*AccessTokenValidation_IntrospectionValidation) GetUserIdAttributeName added in v1.7.0 

func (x *AccessTokenValidation_IntrospectionValidation) GetUserIdAttributeName() string

func (*AccessTokenValidation_IntrospectionValidation) Hash added in v1.7.0 

func (m *AccessTokenValidation_IntrospectionValidation) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AccessTokenValidation_IntrospectionValidation) ProtoMessage added in v1.7.0 

func (*AccessTokenValidation_IntrospectionValidation) ProtoMessage()

func (*AccessTokenValidation_IntrospectionValidation) ProtoReflect added in v1.7.0 

func (x *AccessTokenValidation_IntrospectionValidation) ProtoReflect() protoreflect.Message

func (*AccessTokenValidation_IntrospectionValidation) Reset added in v1.7.0 

func (x *AccessTokenValidation_IntrospectionValidation) Reset()

func (*AccessTokenValidation_IntrospectionValidation) String added in v1.7.0 

func (x *AccessTokenValidation_IntrospectionValidation) String() string

type AccessTokenValidation_Jwt added in v1.6.11 

type AccessTokenValidation_Jwt struct {
	// Validate access tokens that conform to the
	// [JSON Web Token (JWT)](https://tools.ietf.org/html/rfc7519) specification.
	Jwt *AccessTokenValidation_JwtValidation `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"`
}

type AccessTokenValidation_JwtValidation added in v1.6.11 

type AccessTokenValidation_JwtValidation struct {

	// Types that are assignable to JwksSourceSpecifier:
	//	*AccessTokenValidation_JwtValidation_RemoteJwks_
	//	*AccessTokenValidation_JwtValidation_LocalJwks_
	JwksSourceSpecifier isAccessTokenValidation_JwtValidation_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"`
	// Allow only tokens that have been issued by this principal (i.e. whose "iss" claim matches this value).
	// If empty, issuer validation will be skipped.
	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// contains filtered or unexported fields
}

Defines how JSON Web Token (JWT) access tokens are validated.

Tokens are validated using a JSON Web Key Set (as defined in [Section 5 of RFC7517](https://tools.ietf.org/html/rfc7517#section-5)), which can be either inlined in the configuration or fetched from a remote location via HTTP. Any keys in the JWKS that are not intended for signature verification (i.e. whose ["use" parameter](https://tools.ietf.org/html/rfc7517#section-4.2) is not "sig") will be ignored by the system, as will keys that do not specify a ["kid" (Key ID) parameter](https://tools.ietf.org/html/rfc7517#section-4.2).

The JWT to be validated must define non-empty "kid" and "alg" headers. The "kid" header determines which key in the JWKS will be used to verify the signature of the token; if no matching key is found, the token will be rejected.

If present, the server will verify the "exp", "iat", and "nbf" standard JWT claims. Validation of the "iss" claim and of token scopes can be configured as well. If the JWT has been successfully validated, its set of claims will be added to the `AuthorizationRequest` state under the "jwtAccessToken" key.

func (*AccessTokenValidation_JwtValidation) Descriptor deprecated added in v1.6.11 

func (*AccessTokenValidation_JwtValidation) Descriptor() ([]byte, []int)

Deprecated: Use AccessTokenValidation_JwtValidation.ProtoReflect.Descriptor instead.

func (*AccessTokenValidation_JwtValidation) Equal added in v1.6.11 

func (m *AccessTokenValidation_JwtValidation) Equal(that interface{}) bool

Equal function

func (*AccessTokenValidation_JwtValidation) GetIssuer added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation) GetIssuer() string

func (*AccessTokenValidation_JwtValidation) GetJwksSourceSpecifier added in v1.6.11 

func (m *AccessTokenValidation_JwtValidation) GetJwksSourceSpecifier() isAccessTokenValidation_JwtValidation_JwksSourceSpecifier

func (*AccessTokenValidation_JwtValidation) GetLocalJwks added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation) GetLocalJwks() *AccessTokenValidation_JwtValidation_LocalJwks

func (*AccessTokenValidation_JwtValidation) GetRemoteJwks added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation) GetRemoteJwks() *AccessTokenValidation_JwtValidation_RemoteJwks

func (*AccessTokenValidation_JwtValidation) Hash added in v1.6.11 

func (m *AccessTokenValidation_JwtValidation) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AccessTokenValidation_JwtValidation) ProtoMessage added in v1.6.11 

func (*AccessTokenValidation_JwtValidation) ProtoMessage()

func (*AccessTokenValidation_JwtValidation) ProtoReflect added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation) ProtoReflect() protoreflect.Message

func (*AccessTokenValidation_JwtValidation) Reset added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation) Reset()

func (*AccessTokenValidation_JwtValidation) String added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation) String() string

type AccessTokenValidation_JwtValidation_LocalJwks added in v1.6.11 

type AccessTokenValidation_JwtValidation_LocalJwks struct {

	// JWKS is embedded as a string.
	InlineString string `protobuf:"bytes,1,opt,name=inline_string,json=inlineString,proto3" json:"inline_string,omitempty"`
	// contains filtered or unexported fields
}

Represents a locally available JWKS.

func (*AccessTokenValidation_JwtValidation_LocalJwks) Descriptor deprecated added in v1.6.11 

func (*AccessTokenValidation_JwtValidation_LocalJwks) Descriptor() ([]byte, []int)

Deprecated: Use AccessTokenValidation_JwtValidation_LocalJwks.ProtoReflect.Descriptor instead.

func (*AccessTokenValidation_JwtValidation_LocalJwks) Equal added in v1.6.11 

func (m *AccessTokenValidation_JwtValidation_LocalJwks) Equal(that interface{}) bool

Equal function

func (*AccessTokenValidation_JwtValidation_LocalJwks) GetInlineString added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_LocalJwks) GetInlineString() string

func (*AccessTokenValidation_JwtValidation_LocalJwks) Hash added in v1.6.11 

func (m *AccessTokenValidation_JwtValidation_LocalJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AccessTokenValidation_JwtValidation_LocalJwks) ProtoMessage added in v1.6.11 

func (*AccessTokenValidation_JwtValidation_LocalJwks) ProtoMessage()

func (*AccessTokenValidation_JwtValidation_LocalJwks) ProtoReflect added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_LocalJwks) ProtoReflect() protoreflect.Message

func (*AccessTokenValidation_JwtValidation_LocalJwks) Reset added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_LocalJwks) Reset()

func (*AccessTokenValidation_JwtValidation_LocalJwks) String added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_LocalJwks) String() string

type AccessTokenValidation_JwtValidation_LocalJwks_ added in v1.6.11 

type AccessTokenValidation_JwtValidation_LocalJwks_ struct {
	// Loads the JWKS from a local data source.
	LocalJwks *AccessTokenValidation_JwtValidation_LocalJwks `protobuf:"bytes,2,opt,name=local_jwks,json=localJwks,proto3,oneof"`
}

type AccessTokenValidation_JwtValidation_RemoteJwks added in v1.6.11 

type AccessTokenValidation_JwtValidation_RemoteJwks struct {

	// The HTTP URI to fetch the JWKS.
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// The frequency at which the JWKS should be refreshed.
	// If not specified, the default value is 5 minutes.
	RefreshInterval *duration.Duration `protobuf:"bytes,2,opt,name=refresh_interval,json=refreshInterval,proto3" json:"refresh_interval,omitempty"`
	// contains filtered or unexported fields
}

Specifies how to fetch JWKS from remote and how to cache it.

func (*AccessTokenValidation_JwtValidation_RemoteJwks) Descriptor deprecated added in v1.6.11 

func (*AccessTokenValidation_JwtValidation_RemoteJwks) Descriptor() ([]byte, []int)

Deprecated: Use AccessTokenValidation_JwtValidation_RemoteJwks.ProtoReflect.Descriptor instead.

func (*AccessTokenValidation_JwtValidation_RemoteJwks) Equal added in v1.6.11 

func (m *AccessTokenValidation_JwtValidation_RemoteJwks) Equal(that interface{}) bool

Equal function

func (*AccessTokenValidation_JwtValidation_RemoteJwks) GetRefreshInterval added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_RemoteJwks) GetRefreshInterval() *duration.Duration

func (*AccessTokenValidation_JwtValidation_RemoteJwks) GetUrl added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_RemoteJwks) GetUrl() string

func (*AccessTokenValidation_JwtValidation_RemoteJwks) Hash added in v1.6.11 

func (m *AccessTokenValidation_JwtValidation_RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AccessTokenValidation_JwtValidation_RemoteJwks) ProtoMessage added in v1.6.11 

func (*AccessTokenValidation_JwtValidation_RemoteJwks) ProtoMessage()

func (*AccessTokenValidation_JwtValidation_RemoteJwks) ProtoReflect added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_RemoteJwks) ProtoReflect() protoreflect.Message

func (*AccessTokenValidation_JwtValidation_RemoteJwks) Reset added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_RemoteJwks) Reset()

func (*AccessTokenValidation_JwtValidation_RemoteJwks) String added in v1.6.11 

func (x *AccessTokenValidation_JwtValidation_RemoteJwks) String() string

type AccessTokenValidation_JwtValidation_RemoteJwks_ added in v1.6.11 

type AccessTokenValidation_JwtValidation_RemoteJwks_ struct {
	// Fetches the JWKS from a remote location.
	RemoteJwks *AccessTokenValidation_JwtValidation_RemoteJwks `protobuf:"bytes,1,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"`
}

type AccessTokenValidation_RequiredScopes added in v1.6.11 

type AccessTokenValidation_RequiredScopes struct {
	// Require access token to have all of the scopes in the given list.
	// This configuration applies to both opaque and JWT tokens. In the case of opaque tokens,
	// this will check the scopes returned in the "scope" member of introspection response
	// (as described in [Section 2.2 of RFC7662](https://tools.ietf.org/html/rfc7662#section-2.2).
	// In case of JWTs the scopes to be validated are expected to be contained in the "scope" claim of the
	// token in the form of a space-separated string.
	// Omitting this field means that scope validation will be skipped.
	RequiredScopes *AccessTokenValidation_ScopeList `protobuf:"bytes,6,opt,name=required_scopes,json=requiredScopes,proto3,oneof"`
}

type AccessTokenValidation_ScopeList added in v1.6.11 

type AccessTokenValidation_ScopeList struct {
	Scope []string `protobuf:"bytes,1,rep,name=scope,proto3" json:"scope,omitempty"`
	// contains filtered or unexported fields
}

func (*AccessTokenValidation_ScopeList) Descriptor deprecated added in v1.6.11 

func (*AccessTokenValidation_ScopeList) Descriptor() ([]byte, []int)

Deprecated: Use AccessTokenValidation_ScopeList.ProtoReflect.Descriptor instead.

func (*AccessTokenValidation_ScopeList) Equal added in v1.6.11 

func (m *AccessTokenValidation_ScopeList) Equal(that interface{}) bool

Equal function

func (*AccessTokenValidation_ScopeList) GetScope added in v1.6.11 

func (x *AccessTokenValidation_ScopeList) GetScope() []string

func (*AccessTokenValidation_ScopeList) Hash added in v1.6.11 

func (m *AccessTokenValidation_ScopeList) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AccessTokenValidation_ScopeList) ProtoMessage added in v1.6.11 

func (*AccessTokenValidation_ScopeList) ProtoMessage()

func (*AccessTokenValidation_ScopeList) ProtoReflect added in v1.6.11 

func (x *AccessTokenValidation_ScopeList) ProtoReflect() protoreflect.Message

func (*AccessTokenValidation_ScopeList) Reset added in v1.6.11 

func (x *AccessTokenValidation_ScopeList) Reset()

func (*AccessTokenValidation_ScopeList) String added in v1.6.11 

func (x *AccessTokenValidation_ScopeList) String() string

type ApiKeyAuth 

type ApiKeyAuth struct {

	// Identify all valid API key secrets that match the provided label selector.<br/>
	// API key secrets must be in one of the watch namespaces for gloo to locate them.
	LabelSelector map[string]string `` /* 188-byte string literal not displayed */
	// A way to directly reference API key secrets. This configuration can be useful for testing,
	// but in general the more flexible label selector should be preferred.
	ApiKeySecretRefs []*core.ResourceRef `protobuf:"bytes,2,rep,name=api_key_secret_refs,json=apiKeySecretRefs,proto3" json:"api_key_secret_refs,omitempty"`
	// When receiving a request, the Gloo Edge Enterprise external auth server will look for an API key in a header
	// with this name. This field is optional; if not provided it defaults to `api-key`.
	HeaderName string `protobuf:"bytes,3,opt,name=header_name,json=headerName,proto3" json:"header_name,omitempty"`
	// API key secrets might contain additional data (e.g. the ID of the user that the API key belongs to)
	// in the form of extra keys included in the secret's `data` field.
	// This configuration can be used to add this data to the headers of successfully authenticated requests.
	// Each key in the map represents the name of header to be added; the corresponding value determines the key
	// in the secret data that will be inspected to determine the value for the header.
	HeadersFromMetadata map[string]*ApiKeyAuth_SecretKey `` /* 208-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ApiKeyAuth) Descriptor deprecated 

func (*ApiKeyAuth) Descriptor() ([]byte, []int)

Deprecated: Use ApiKeyAuth.ProtoReflect.Descriptor instead.

func (*ApiKeyAuth) Equal 

func (m *ApiKeyAuth) Equal(that interface{}) bool

Equal function

func (*ApiKeyAuth) GetApiKeySecretRefs 

func (x *ApiKeyAuth) GetApiKeySecretRefs() []*core.ResourceRef

func (*ApiKeyAuth) GetHeaderName added in v1.5.0 

func (x *ApiKeyAuth) GetHeaderName() string

func (*ApiKeyAuth) GetHeadersFromMetadata added in v1.5.0 

func (x *ApiKeyAuth) GetHeadersFromMetadata() map[string]*ApiKeyAuth_SecretKey

func (*ApiKeyAuth) GetLabelSelector 

func (x *ApiKeyAuth) GetLabelSelector() map[string]string

func (*ApiKeyAuth) Hash added in v1.2.13 

func (m *ApiKeyAuth) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ApiKeyAuth) ProtoMessage 

func (*ApiKeyAuth) ProtoMessage()

func (*ApiKeyAuth) ProtoReflect added in v1.6.0 

func (x *ApiKeyAuth) ProtoReflect() protoreflect.Message

func (*ApiKeyAuth) Reset 

func (x *ApiKeyAuth) Reset()

func (*ApiKeyAuth) String 

func (x *ApiKeyAuth) String() string

type ApiKeyAuth_SecretKey added in v1.5.0 

type ApiKeyAuth_SecretKey struct {

	// (Required) The key of the secret data entry to inspect.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// If this field is set to `true`, Gloo will reject an API key secret that does not contain the given key.
	// Defaults to `false`. In this case, if a secret does not contain the requested data, no header will be added
	// to the request.
	Required bool `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty"`
	// contains filtered or unexported fields
}

func (*ApiKeyAuth_SecretKey) Descriptor deprecated added in v1.5.0 

func (*ApiKeyAuth_SecretKey) Descriptor() ([]byte, []int)

Deprecated: Use ApiKeyAuth_SecretKey.ProtoReflect.Descriptor instead.

func (*ApiKeyAuth_SecretKey) Equal added in v1.5.0 

func (m *ApiKeyAuth_SecretKey) Equal(that interface{}) bool

Equal function

func (*ApiKeyAuth_SecretKey) GetName added in v1.5.0 

func (x *ApiKeyAuth_SecretKey) GetName() string

func (*ApiKeyAuth_SecretKey) GetRequired added in v1.5.0 

func (x *ApiKeyAuth_SecretKey) GetRequired() bool

func (*ApiKeyAuth_SecretKey) Hash added in v1.5.0 

func (m *ApiKeyAuth_SecretKey) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ApiKeyAuth_SecretKey) ProtoMessage added in v1.5.0 

func (*ApiKeyAuth_SecretKey) ProtoMessage()

func (*ApiKeyAuth_SecretKey) ProtoReflect added in v1.6.0 

func (x *ApiKeyAuth_SecretKey) ProtoReflect() protoreflect.Message

func (*ApiKeyAuth_SecretKey) Reset added in v1.5.0 

func (x *ApiKeyAuth_SecretKey) Reset()

func (*ApiKeyAuth_SecretKey) String added in v1.5.0 

func (x *ApiKeyAuth_SecretKey) String() string

type ApiKeySecret 

type ApiKeySecret struct {

	// If true, generate an API key.
	// This field is deprecated as it was used only internally by `glooctl` and is not actually part of the secret API.
	//
	// Deprecated: Do not use.
	GenerateApiKey bool `protobuf:"varint,1,opt,name=generate_api_key,json=generateApiKey,proto3" json:"generate_api_key,omitempty"`
	// The value of the API key.
	ApiKey string `protobuf:"bytes,2,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"`
	// A list of labels (key=value) for the apikey secret.<br/>
	// These labels are used when creating an ApiKeySecret via `glooctl` and then are copied to the metadata of the created secret.
	// This field is deprecated as it was used only internally by `glooctl` and is not actually part of the secret API.
	//
	// Deprecated: Do not use.
	Labels []string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"`
	// If the secret data contains entries in addition to the API key one, they will be copied to this field.
	Metadata map[string]string `` /* 157-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ApiKeySecret) Descriptor deprecated 

func (*ApiKeySecret) Descriptor() ([]byte, []int)

Deprecated: Use ApiKeySecret.ProtoReflect.Descriptor instead.

func (*ApiKeySecret) Equal 

func (m *ApiKeySecret) Equal(that interface{}) bool

Equal function

func (*ApiKeySecret) GetApiKey 

func (x *ApiKeySecret) GetApiKey() string

func (*ApiKeySecret) GetGenerateApiKey deprecated 

func (x *ApiKeySecret) GetGenerateApiKey() bool

Deprecated: Do not use.

func (*ApiKeySecret) GetLabels deprecated 

func (x *ApiKeySecret) GetLabels() []string

Deprecated: Do not use.

func (*ApiKeySecret) GetMetadata added in v1.5.0 

func (x *ApiKeySecret) GetMetadata() map[string]string

func (*ApiKeySecret) Hash added in v1.2.13 

func (m *ApiKeySecret) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ApiKeySecret) ProtoMessage 

func (*ApiKeySecret) ProtoMessage()

func (*ApiKeySecret) ProtoReflect added in v1.6.0 

func (x *ApiKeySecret) ProtoReflect() protoreflect.Message

func (*ApiKeySecret) Reset 

func (x *ApiKeySecret) Reset()

func (*ApiKeySecret) String 

func (x *ApiKeySecret) String() string

type ApplyExtAuthConfig 

type ApplyExtAuthConfig func(version string, resources []*ExtAuthConfig) error

The apply functions receives resources and returns an error if they were applied correctly. In theory the configuration can become valid in the future (i.e. eventually consistent), but I don't think we need to worry about that now As our current use cases only have one configuration resource, so no interactions are expected.

type AuthConfig 

type AuthConfig struct {

	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by gloo during validation
	Status *core.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// Metadata contains the object metadata for this resource
	Metadata *core.Metadata `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// List of auth configs to be checked for requests on a route referencing this auth config,
	// By default, every config must be authorized for the entire request to be authorized. This
	// behavior can be changed by defining names for each config and defining `boolean_expr` below.
	//
	// State is shared between successful requests on the chain, i.e., the headers returned from each
	// successful auth service get appended into the final auth response.
	Configs []*AuthConfig_Config `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"`
	// How to handle processing of named configs within an auth config chain.
	// An example config might be: `( basic1 || basic2 || (oidc1 && !oidc2) )`
	// The boolean expression is evaluated left to right but honors parenthesis and short-circuiting.
	BooleanExpr *wrappers.StringValue `protobuf:"bytes,10,opt,name=boolean_expr,json=booleanExpr,proto3" json:"boolean_expr,omitempty"`
	// contains filtered or unexported fields
}

This is the user-facing auth configuration. When processed by Gloo, certain configuration types (i.a. oauth, opa) will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the final config format that will be included in the extauth snapshot.

func NewAuthConfig 

func NewAuthConfig(namespace, name string) *AuthConfig

func (*AuthConfig) DeepCopyInto 

func (o *AuthConfig) DeepCopyInto(out *AuthConfig)

func (*AuthConfig) DeepCopyObject 

func (o *AuthConfig) DeepCopyObject() runtime.Object

func (*AuthConfig) Descriptor deprecated 

func (*AuthConfig) Descriptor() ([]byte, []int)

Deprecated: Use AuthConfig.ProtoReflect.Descriptor instead.

func (*AuthConfig) Equal 

func (m *AuthConfig) Equal(that interface{}) bool

Equal function

func (*AuthConfig) GetBooleanExpr added in v1.5.0 

func (x *AuthConfig) GetBooleanExpr() *wrappers.StringValue

func (*AuthConfig) GetConfigs 

func (x *AuthConfig) GetConfigs() []*AuthConfig_Config

func (*AuthConfig) GetMetadata 

func (x *AuthConfig) GetMetadata() *core.Metadata

func (*AuthConfig) GetObjectKind 

func (o *AuthConfig) GetObjectKind() schema.ObjectKind

func (*AuthConfig) GetStatus 

func (x *AuthConfig) GetStatus() *core.Status

func (*AuthConfig) GroupVersionKind 

func (r *AuthConfig) GroupVersionKind() schema.GroupVersionKind

func (*AuthConfig) Hash 

func (m *AuthConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AuthConfig) MustHash added in v1.2.13 

func (r *AuthConfig) MustHash() uint64

func (*AuthConfig) ProtoMessage 

func (*AuthConfig) ProtoMessage()

func (*AuthConfig) ProtoReflect added in v1.6.0 

func (x *AuthConfig) ProtoReflect() protoreflect.Message

func (*AuthConfig) Reset 

func (x *AuthConfig) Reset()

func (*AuthConfig) SetMetadata 

func (r *AuthConfig) SetMetadata(meta *core.Metadata)

func (*AuthConfig) SetStatus 

func (r *AuthConfig) SetStatus(status *core.Status)

func (*AuthConfig) String 

func (x *AuthConfig) String() string

type AuthConfigClient 

type AuthConfigClient interface {
	BaseClient() clients.ResourceClient
	Register() error
	Read(namespace, name string, opts clients.ReadOpts) (*AuthConfig, error)
	Write(resource *AuthConfig, opts clients.WriteOpts) (*AuthConfig, error)
	Delete(namespace, name string, opts clients.DeleteOpts) error
	List(namespace string, opts clients.ListOpts) (AuthConfigList, error)
	AuthConfigWatcher
}

func NewAuthConfigClient 

func NewAuthConfigClient(ctx context.Context, rcFactory factory.ResourceClientFactory) (AuthConfigClient, error)

func NewAuthConfigClientWithBase 

func NewAuthConfigClientWithBase(rc clients.ResourceClient) AuthConfigClient

func NewAuthConfigClientWithToken 

func NewAuthConfigClientWithToken(ctx context.Context, rcFactory factory.ResourceClientFactory, token string) (AuthConfigClient, error)

type AuthConfigList 

type AuthConfigList []*AuthConfig

func (AuthConfigList) AsInputResources 

func (list AuthConfigList) AsInputResources() resources.InputResourceList

func (AuthConfigList) AsInterfaces 

func (list AuthConfigList) AsInterfaces() []interface{}

func (AuthConfigList) AsResources 

func (list AuthConfigList) AsResources() resources.ResourceList

func (AuthConfigList) Clone 

func (list AuthConfigList) Clone() AuthConfigList

func (AuthConfigList) Each 

func (list AuthConfigList) Each(f func(element *AuthConfig))

func (AuthConfigList) EachResource 

func (list AuthConfigList) EachResource(f func(element resources.Resource))

func (AuthConfigList) Find 

func (list AuthConfigList) Find(namespace, name string) (*AuthConfig, error)

func (AuthConfigList) Names 

func (list AuthConfigList) Names() []string

func (AuthConfigList) NamespacesDotNames 

func (list AuthConfigList) NamespacesDotNames() []string

func (AuthConfigList) Sort 

func (list AuthConfigList) Sort() AuthConfigList

type AuthConfigReconciler 

type AuthConfigReconciler interface {
	Reconcile(namespace string, desiredResources AuthConfigList, transition TransitionAuthConfigFunc, opts clients.ListOpts) error
}

func NewAuthConfigReconciler 

func NewAuthConfigReconciler(client AuthConfigClient) AuthConfigReconciler

type AuthConfigWatcher 

type AuthConfigWatcher interface {
	// watch namespace-scoped AuthConfigs
	Watch(namespace string, opts clients.WatchOpts) (<-chan AuthConfigList, <-chan error, error)
}

type AuthConfig_Config 

type AuthConfig_Config struct {

	// optional: used when defining complex boolean logic, if `boolean_expr` is defined below. Also used
	// in logging. If omitted, an automatically generated name will be used (e.g. config_0, of the
	// pattern 'config_$INDEX_IN_CHAIN'). In the case of plugin auth, this field is ignored in favor of
	// the name assigned on the plugin config itself.
	Name *wrappers.StringValue `protobuf:"bytes,9,opt,name=name,proto3" json:"name,omitempty"`
	// Types that are assignable to AuthConfig:
	//	*AuthConfig_Config_BasicAuth
	//	*AuthConfig_Config_Oauth
	//	*AuthConfig_Config_Oauth2
	//	*AuthConfig_Config_ApiKeyAuth
	//	*AuthConfig_Config_PluginAuth
	//	*AuthConfig_Config_OpaAuth
	//	*AuthConfig_Config_Ldap
	//	*AuthConfig_Config_Jwt
	//	*AuthConfig_Config_PassThroughAuth
	AuthConfig isAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"`
	// contains filtered or unexported fields
}

func (*AuthConfig_Config) Descriptor deprecated 

func (*AuthConfig_Config) Descriptor() ([]byte, []int)

Deprecated: Use AuthConfig_Config.ProtoReflect.Descriptor instead.

func (*AuthConfig_Config) Equal 

func (m *AuthConfig_Config) Equal(that interface{}) bool

Equal function

func (*AuthConfig_Config) GetApiKeyAuth 

func (x *AuthConfig_Config) GetApiKeyAuth() *ApiKeyAuth

func (*AuthConfig_Config) GetAuthConfig 

func (m *AuthConfig_Config) GetAuthConfig() isAuthConfig_Config_AuthConfig

func (*AuthConfig_Config) GetBasicAuth 

func (x *AuthConfig_Config) GetBasicAuth() *BasicAuth

func (*AuthConfig_Config) GetJwt added in v1.6.0 

func (x *AuthConfig_Config) GetJwt() *empty.Empty

func (*AuthConfig_Config) GetLdap 

func (x *AuthConfig_Config) GetLdap() *Ldap

func (*AuthConfig_Config) GetName added in v1.5.0 

func (x *AuthConfig_Config) GetName() *wrappers.StringValue

func (*AuthConfig_Config) GetOauth deprecated 

func (x *AuthConfig_Config) GetOauth() *OAuth

Deprecated: Do not use.

func (*AuthConfig_Config) GetOauth2 added in v1.5.0 

func (x *AuthConfig_Config) GetOauth2() *OAuth2

func (*AuthConfig_Config) GetOpaAuth 

func (x *AuthConfig_Config) GetOpaAuth() *OpaAuth

func (*AuthConfig_Config) GetPassThroughAuth added in v1.6.0 

func (x *AuthConfig_Config) GetPassThroughAuth() *PassThroughAuth

func (*AuthConfig_Config) GetPluginAuth 

func (x *AuthConfig_Config) GetPluginAuth() *AuthPlugin

func (*AuthConfig_Config) Hash added in v1.2.13 

func (m *AuthConfig_Config) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AuthConfig_Config) ProtoMessage 

func (*AuthConfig_Config) ProtoMessage()

func (*AuthConfig_Config) ProtoReflect added in v1.6.0 

func (x *AuthConfig_Config) ProtoReflect() protoreflect.Message

func (*AuthConfig_Config) Reset 

func (x *AuthConfig_Config) Reset()

func (*AuthConfig_Config) String 

func (x *AuthConfig_Config) String() string

type AuthConfig_Config_ApiKeyAuth 

type AuthConfig_Config_ApiKeyAuth struct {
	ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof"`
}

type AuthConfig_Config_BasicAuth 

type AuthConfig_Config_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof"`
}

type AuthConfig_Config_Jwt added in v1.6.0 

type AuthConfig_Config_Jwt struct {
	// This is a "dummy" extauth service which can be used to support multiple auth mechanisms with JWT authentication.
	// If Jwt authentication is to be used in the [boolean expression](https://docs.solo.io/gloo-edge/latest/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk/#authconfig) in an AuthConfig, you can use this auth config type to include Jwt as an Auth config.
	// In addition, `allow_missing_or_failed_jwt` must be set on the Virtual Host or Route that uses JWT auth or else the JWT filter will short circuit this behaviour.
	Jwt *empty.Empty `protobuf:"bytes,11,opt,name=jwt,proto3,oneof"`
}

type AuthConfig_Config_Ldap 

type AuthConfig_Config_Ldap struct {
	Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof"`
}

type AuthConfig_Config_Oauth 

type AuthConfig_Config_Oauth struct {
	// Deprecated: Do not use.
	Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof"`
}

type AuthConfig_Config_Oauth2 added in v1.5.0 

type AuthConfig_Config_Oauth2 struct {
	Oauth2 *OAuth2 `protobuf:"bytes,8,opt,name=oauth2,proto3,oneof"`
}

type AuthConfig_Config_OpaAuth 

type AuthConfig_Config_OpaAuth struct {
	OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof"`
}

type AuthConfig_Config_PassThroughAuth added in v1.6.0 

type AuthConfig_Config_PassThroughAuth struct {
	PassThroughAuth *PassThroughAuth `protobuf:"bytes,12,opt,name=pass_through_auth,json=passThroughAuth,proto3,oneof"`
}

type AuthConfig_Config_PluginAuth 

type AuthConfig_Config_PluginAuth struct {
	PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof"`
}

type AuthPlugin 

type AuthPlugin struct {

	// Name of the plugin
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Name of the compiled plugin file. If not specified, Gloo Edge will look for an ".so" file with same name as the plugin.
	PluginFileName string `protobuf:"bytes,2,opt,name=plugin_file_name,json=pluginFileName,proto3" json:"plugin_file_name,omitempty"`
	// Name of the exported symbol that implements the plugin interface in the plugin.
	// If not specified, defaults to the name of the plugin
	ExportedSymbolName string          `protobuf:"bytes,3,opt,name=exported_symbol_name,json=exportedSymbolName,proto3" json:"exported_symbol_name,omitempty"`
	Config             *_struct.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthPlugin) Descriptor deprecated 

func (*AuthPlugin) Descriptor() ([]byte, []int)

Deprecated: Use AuthPlugin.ProtoReflect.Descriptor instead.

func (*AuthPlugin) Equal 

func (m *AuthPlugin) Equal(that interface{}) bool

Equal function

func (*AuthPlugin) GetConfig 

func (x *AuthPlugin) GetConfig() *_struct.Struct

func (*AuthPlugin) GetExportedSymbolName 

func (x *AuthPlugin) GetExportedSymbolName() string

func (*AuthPlugin) GetName 

func (x *AuthPlugin) GetName() string

func (*AuthPlugin) GetPluginFileName 

func (x *AuthPlugin) GetPluginFileName() string

func (*AuthPlugin) Hash added in v1.2.13 

func (m *AuthPlugin) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AuthPlugin) ProtoMessage 

func (*AuthPlugin) ProtoMessage()

func (*AuthPlugin) ProtoReflect added in v1.6.0 

func (x *AuthPlugin) ProtoReflect() protoreflect.Message

func (*AuthPlugin) Reset 

func (x *AuthPlugin) Reset()

func (*AuthPlugin) String 

func (x *AuthPlugin) String() string

type BasicAuth 

type BasicAuth struct {
	Realm string         `protobuf:"bytes,1,opt,name=realm,proto3" json:"realm,omitempty"`
	Apr   *BasicAuth_Apr `protobuf:"bytes,2,opt,name=apr,proto3" json:"apr,omitempty"`
	// contains filtered or unexported fields
}

func (*BasicAuth) Descriptor deprecated 

func (*BasicAuth) Descriptor() ([]byte, []int)

Deprecated: Use BasicAuth.ProtoReflect.Descriptor instead.

func (*BasicAuth) Equal 

func (m *BasicAuth) Equal(that interface{}) bool

Equal function

func (*BasicAuth) GetApr 

func (x *BasicAuth) GetApr() *BasicAuth_Apr

func (*BasicAuth) GetRealm 

func (x *BasicAuth) GetRealm() string

func (*BasicAuth) Hash added in v1.2.13 

func (m *BasicAuth) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*BasicAuth) ProtoMessage 

func (*BasicAuth) ProtoMessage()

func (*BasicAuth) ProtoReflect added in v1.6.0 

func (x *BasicAuth) ProtoReflect() protoreflect.Message

func (*BasicAuth) Reset 

func (x *BasicAuth) Reset()

func (*BasicAuth) String 

func (x *BasicAuth) String() string

type BasicAuth_Apr 

type BasicAuth_Apr struct {
	Users map[string]*BasicAuth_Apr_SaltedHashedPassword `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*BasicAuth_Apr) Descriptor deprecated 

func (*BasicAuth_Apr) Descriptor() ([]byte, []int)

Deprecated: Use BasicAuth_Apr.ProtoReflect.Descriptor instead.

func (*BasicAuth_Apr) Equal 

func (m *BasicAuth_Apr) Equal(that interface{}) bool

Equal function

func (*BasicAuth_Apr) GetUsers 

func (x *BasicAuth_Apr) GetUsers() map[string]*BasicAuth_Apr_SaltedHashedPassword

func (*BasicAuth_Apr) Hash added in v1.2.13 

func (m *BasicAuth_Apr) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*BasicAuth_Apr) ProtoMessage 

func (*BasicAuth_Apr) ProtoMessage()

func (*BasicAuth_Apr) ProtoReflect added in v1.6.0 

func (x *BasicAuth_Apr) ProtoReflect() protoreflect.Message

func (*BasicAuth_Apr) Reset 

func (x *BasicAuth_Apr) Reset()

func (*BasicAuth_Apr) String 

func (x *BasicAuth_Apr) String() string

type BasicAuth_Apr_SaltedHashedPassword 

type BasicAuth_Apr_SaltedHashedPassword struct {
	Salt           string `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"`
	HashedPassword string `protobuf:"bytes,2,opt,name=hashed_password,json=hashedPassword,proto3" json:"hashed_password,omitempty"`
	// contains filtered or unexported fields
}

func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor deprecated 

func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor() ([]byte, []int)

Deprecated: Use BasicAuth_Apr_SaltedHashedPassword.ProtoReflect.Descriptor instead.

func (*BasicAuth_Apr_SaltedHashedPassword) Equal 

func (m *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool

Equal function

func (*BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword 

func (x *BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword() string

func (*BasicAuth_Apr_SaltedHashedPassword) GetSalt 

func (x *BasicAuth_Apr_SaltedHashedPassword) GetSalt() string

func (*BasicAuth_Apr_SaltedHashedPassword) Hash added in v1.2.13 

func (m *BasicAuth_Apr_SaltedHashedPassword) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage 

func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage()

func (*BasicAuth_Apr_SaltedHashedPassword) ProtoReflect added in v1.6.0 

func (x *BasicAuth_Apr_SaltedHashedPassword) ProtoReflect() protoreflect.Message

func (*BasicAuth_Apr_SaltedHashedPassword) Reset 

func (x *BasicAuth_Apr_SaltedHashedPassword) Reset()

func (*BasicAuth_Apr_SaltedHashedPassword) String 

func (x *BasicAuth_Apr_SaltedHashedPassword) String() string

type BufferSettings 

type BufferSettings struct {

	// Sets the maximum size of a message body that the filter will hold in memory. Envoy will return
	// *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number
	// set in this field. Note that this setting will have precedence over failure_mode_allow.
	// Defaults to 4KB.
	MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"`
	// When this field is true, Envoy will buffer the message until *max_request_bytes* is reached.
	// The authorization request will be dispatched and no 413 HTTP error will be returned by the
	// filter.
	AllowPartialMessage bool `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"`
	// When this field is true, Envoy will send the body sent to the external authorization service with raw bytes.
	PackAsBytes bool `protobuf:"varint,3,opt,name=pack_as_bytes,json=packAsBytes,proto3" json:"pack_as_bytes,omitempty"`
	// contains filtered or unexported fields
}

Configuration for buffering the request data.

func (*BufferSettings) Descriptor deprecated 

func (*BufferSettings) Descriptor() ([]byte, []int)

Deprecated: Use BufferSettings.ProtoReflect.Descriptor instead.

func (*BufferSettings) Equal 

func (m *BufferSettings) Equal(that interface{}) bool

Equal function

func (*BufferSettings) GetAllowPartialMessage 

func (x *BufferSettings) GetAllowPartialMessage() bool

func (*BufferSettings) GetMaxRequestBytes 

func (x *BufferSettings) GetMaxRequestBytes() uint32

func (*BufferSettings) GetPackAsBytes added in v1.6.2 

func (x *BufferSettings) GetPackAsBytes() bool

func (*BufferSettings) Hash added in v1.2.13 

func (m *BufferSettings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*BufferSettings) ProtoMessage 

func (*BufferSettings) ProtoMessage()

func (*BufferSettings) ProtoReflect added in v1.6.0 

func (x *BufferSettings) ProtoReflect() protoreflect.Message

func (*BufferSettings) Reset 

func (x *BufferSettings) Reset()

func (*BufferSettings) String 

func (x *BufferSettings) String() string

type CustomAuth 

type CustomAuth struct {

	// When a request matches the virtual host, route, or weighted destination on which this configuration is defined,
	// Gloo will add the given context_extensions to the request that is sent to the external authorization server.
	// This allows the server to base the auth decision on metadata that you define on the source of the request.
	//
	// This attribute is analogous to Envoy's config.filter.http.ext_authz.v2.CheckSettings. See the official
	// [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/ext_authz/v2/ext_authz.proto.html?highlight=ext_authz#config-filter-http-ext-authz-v2-checksettings)
	// for more details.
	ContextExtensions map[string]string `` /* 200-byte string literal not displayed */
	// [Enterprise-only]
	// Only required in the case where multiple auth servers are configured in Settings
	// This name must match a key in the named_extauth Settings.
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Gloo is not expected to configure the ext auth server in this case. This is used with custom auth servers.

func (*CustomAuth) Descriptor deprecated 

func (*CustomAuth) Descriptor() ([]byte, []int)

Deprecated: Use CustomAuth.ProtoReflect.Descriptor instead.

func (*CustomAuth) Equal 

func (m *CustomAuth) Equal(that interface{}) bool

Equal function

func (*CustomAuth) GetContextExtensions 

func (x *CustomAuth) GetContextExtensions() map[string]string

func (*CustomAuth) GetName added in v1.8.0 

func (x *CustomAuth) GetName() string

func (*CustomAuth) Hash added in v1.2.13 

func (m *CustomAuth) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*CustomAuth) ProtoMessage 

func (*CustomAuth) ProtoMessage()

func (*CustomAuth) ProtoReflect added in v1.6.0 

func (x *CustomAuth) ProtoReflect() protoreflect.Message

func (*CustomAuth) Reset 

func (x *CustomAuth) Reset()

func (*CustomAuth) String 

func (x *CustomAuth) String() string

type DiscoveryOverride added in v1.6.0 

type DiscoveryOverride struct {

	// url of the provider authorization endpoint
	AuthEndpoint string `protobuf:"bytes,1,opt,name=auth_endpoint,json=authEndpoint,proto3" json:"auth_endpoint,omitempty"`
	// url of the provider token endpoint
	TokenEndpoint string `protobuf:"bytes,2,opt,name=token_endpoint,json=tokenEndpoint,proto3" json:"token_endpoint,omitempty"`
	// url of the provider json web key set
	JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"`
	// list of scope values that the provider supports
	Scopes []string `protobuf:"bytes,4,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// list of response types that the provider supports
	ResponseTypes []string `protobuf:"bytes,5,rep,name=response_types,json=responseTypes,proto3" json:"response_types,omitempty"`
	// list of subject identifier types that the provider supports
	Subjects []string `protobuf:"bytes,6,rep,name=subjects,proto3" json:"subjects,omitempty"`
	// list of json web signature signing algorithms that the provider supports for encoding claims in a jwt
	IdTokenAlgs []string `protobuf:"bytes,7,rep,name=id_token_algs,json=idTokenAlgs,proto3" json:"id_token_algs,omitempty"`
	// list of client authentication methods supported by the provider token endpoint
	AuthMethods []string `protobuf:"bytes,8,rep,name=auth_methods,json=authMethods,proto3" json:"auth_methods,omitempty"`
	// list of claim types that the provider supports
	Claims []string `protobuf:"bytes,9,rep,name=claims,proto3" json:"claims,omitempty"`
	// contains filtered or unexported fields
}

OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration The discovery override defines any properties that should override this discovery configuration https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

func (*DiscoveryOverride) Descriptor deprecated added in v1.6.0 

func (*DiscoveryOverride) Descriptor() ([]byte, []int)

Deprecated: Use DiscoveryOverride.ProtoReflect.Descriptor instead.

func (*DiscoveryOverride) Equal added in v1.6.0 

func (m *DiscoveryOverride) Equal(that interface{}) bool

Equal function

func (*DiscoveryOverride) GetAuthEndpoint added in v1.6.0 

func (x *DiscoveryOverride) GetAuthEndpoint() string

func (*DiscoveryOverride) GetAuthMethods added in v1.6.0 

func (x *DiscoveryOverride) GetAuthMethods() []string

func (*DiscoveryOverride) GetClaims added in v1.6.0 

func (x *DiscoveryOverride) GetClaims() []string

func (*DiscoveryOverride) GetIdTokenAlgs added in v1.6.0 

func (x *DiscoveryOverride) GetIdTokenAlgs() []string

func (*DiscoveryOverride) GetJwksUri added in v1.6.0 

func (x *DiscoveryOverride) GetJwksUri() string

func (*DiscoveryOverride) GetResponseTypes added in v1.6.0 

func (x *DiscoveryOverride) GetResponseTypes() []string

func (*DiscoveryOverride) GetScopes added in v1.6.0 

func (x *DiscoveryOverride) GetScopes() []string

func (*DiscoveryOverride) GetSubjects added in v1.6.0 

func (x *DiscoveryOverride) GetSubjects() []string

func (*DiscoveryOverride) GetTokenEndpoint added in v1.6.0 

func (x *DiscoveryOverride) GetTokenEndpoint() string

func (*DiscoveryOverride) Hash added in v1.6.0 

func (m *DiscoveryOverride) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*DiscoveryOverride) ProtoMessage added in v1.6.0 

func (*DiscoveryOverride) ProtoMessage()

func (*DiscoveryOverride) ProtoReflect added in v1.6.0 

func (x *DiscoveryOverride) ProtoReflect() protoreflect.Message

func (*DiscoveryOverride) Reset added in v1.6.0 

func (x *DiscoveryOverride) Reset()

func (*DiscoveryOverride) String added in v1.6.0 

func (x *DiscoveryOverride) String() string

type EnterpriseEmitter added in v1.3.33 

type EnterpriseEmitter interface {
	EnterpriseSnapshotEmitter
	Register() error
	AuthConfig() AuthConfigClient
}

func NewEnterpriseEmitter added in v1.3.33 

func NewEnterpriseEmitter(authConfigClient AuthConfigClient) EnterpriseEmitter

func NewEnterpriseEmitterWithEmit added in v1.3.33 

func NewEnterpriseEmitterWithEmit(authConfigClient AuthConfigClient, emit <-chan struct{}) EnterpriseEmitter

type EnterpriseSimpleEmitter added in v1.3.33 

type EnterpriseSimpleEmitter interface {
	Snapshots(ctx context.Context) (<-chan *EnterpriseSnapshot, <-chan error, error)
}

func NewEnterpriseSimpleEmitter added in v1.3.33 

func NewEnterpriseSimpleEmitter(aggregatedWatch clients.ResourceWatch) EnterpriseSimpleEmitter

func NewEnterpriseSimpleEmitterWithEmit added in v1.3.33 

func NewEnterpriseSimpleEmitterWithEmit(aggregatedWatch clients.ResourceWatch, emit <-chan struct{}) EnterpriseSimpleEmitter

type EnterpriseSnapshot added in v1.3.33 

type EnterpriseSnapshot struct {
	AuthConfigs AuthConfigList
}

func (EnterpriseSnapshot) Clone added in v1.3.33 

func (s EnterpriseSnapshot) Clone() EnterpriseSnapshot

func (EnterpriseSnapshot) Hash added in v1.3.33 

func (s EnterpriseSnapshot) Hash(hasher hash.Hash64) (uint64, error)

func (EnterpriseSnapshot) HashFields added in v1.3.33 

func (s EnterpriseSnapshot) HashFields() []zap.Field

func (EnterpriseSnapshot) Stringer added in v1.3.33 

func (s EnterpriseSnapshot) Stringer() EnterpriseSnapshotStringer

type EnterpriseSnapshotEmitter added in v1.3.33 

type EnterpriseSnapshotEmitter interface {
	Snapshots(watchNamespaces []string, opts clients.WatchOpts) (<-chan *EnterpriseSnapshot, <-chan error, error)
}

type EnterpriseSnapshotStringer added in v1.3.33 

type EnterpriseSnapshotStringer struct {
	Version     uint64
	AuthConfigs []string
}

func (EnterpriseSnapshotStringer) String added in v1.3.33 

func (ss EnterpriseSnapshotStringer) String() string

type EnterpriseSyncDecider deprecated added in v1.3.33 

type EnterpriseSyncDecider interface {
	EnterpriseSyncer
	ShouldSync(old, new *EnterpriseSnapshot) bool
}

Deprecated: use EnterpriseSyncDeciderWithContext

type EnterpriseSyncDeciderWithContext added in v1.3.33 

type EnterpriseSyncDeciderWithContext interface {
	EnterpriseSyncer
	ShouldSync(ctx context.Context, old, new *EnterpriseSnapshot) bool
}

type EnterpriseSyncer added in v1.3.33 

type EnterpriseSyncer interface {
	Sync(context.Context, *EnterpriseSnapshot) error
}

type EnterpriseSyncers added in v1.3.33 

type EnterpriseSyncers []EnterpriseSyncer

func (EnterpriseSyncers) Sync added in v1.3.33 

func (s EnterpriseSyncers) Sync(ctx context.Context, snapshot *EnterpriseSnapshot) error

type ExtAuthConfig 

type ExtAuthConfig struct {

	// @solo-kit:resource.name
	// This is the identifier of the AuthConfig resource that this configuration is associated with.
	// Any request to the external auth server includes an identifier that is matched against this field to determine
	// which AuthConfig should be applied to it.
	AuthConfigRefName string `protobuf:"bytes,1,opt,name=auth_config_ref_name,json=authConfigRefName,proto3" json:"auth_config_ref_name,omitempty"`
	// List of auth configs to be checked for requests on a route referencing this auth config,
	// By default, every config must be authorized for the entire request to be authorized. This
	// behavior can be changed by defining names for each config and defining `boolean_expr` below.
	//
	// State is shared between successful requests on the chain, i.e., the headers returned from each
	// successful auth service get appended into the final auth response.
	Configs []*ExtAuthConfig_Config `protobuf:"bytes,8,rep,name=configs,proto3" json:"configs,omitempty"`
	// How to handle processing of named configs within an auth config chain.
	// An example config might be: `( basic1 || basic2 || (oidc1 && !oidc2) )`
	// The boolean expression is evaluated left to right but honors parenthesis and short-circuiting.
	BooleanExpr *wrappers.StringValue `protobuf:"bytes,10,opt,name=boolean_expr,json=booleanExpr,proto3" json:"boolean_expr,omitempty"`
	// contains filtered or unexported fields
}

@solo-kit:xds-service=ExtAuthDiscoveryService @solo-kit:resource.no_references

func (*ExtAuthConfig) Descriptor deprecated 

func (*ExtAuthConfig) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig) Equal 

func (m *ExtAuthConfig) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig) GetAuthConfigRefName 

func (x *ExtAuthConfig) GetAuthConfigRefName() string

func (*ExtAuthConfig) GetBooleanExpr added in v1.5.0 

func (x *ExtAuthConfig) GetBooleanExpr() *wrappers.StringValue

func (*ExtAuthConfig) GetConfigs 

func (x *ExtAuthConfig) GetConfigs() []*ExtAuthConfig_Config

func (*ExtAuthConfig) Hash added in v1.2.13 

func (m *ExtAuthConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig) ProtoMessage 

func (*ExtAuthConfig) ProtoMessage()

func (*ExtAuthConfig) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig) Reset 

func (x *ExtAuthConfig) Reset()

func (*ExtAuthConfig) String 

func (x *ExtAuthConfig) String() string

type ExtAuthConfigXdsResourceWrapper 

type ExtAuthConfigXdsResourceWrapper struct {
	// TODO(yuval-k): This is public for mitchellh hashstructure to work properly. consider better alternatives.
	Resource *ExtAuthConfig
}

Defined a resource - to be used by snapshot

func NewExtAuthConfigXdsResourceWrapper 

func NewExtAuthConfigXdsResourceWrapper(resourceProto *ExtAuthConfig) *ExtAuthConfigXdsResourceWrapper

func (*ExtAuthConfigXdsResourceWrapper) References 

func (e *ExtAuthConfigXdsResourceWrapper) References() []cache.XdsResourceReference

func (*ExtAuthConfigXdsResourceWrapper) ResourceProto 

func (e *ExtAuthConfigXdsResourceWrapper) ResourceProto() cache.ResourceProto

func (*ExtAuthConfigXdsResourceWrapper) Self 

func (e *ExtAuthConfigXdsResourceWrapper) Self() cache.XdsResourceReference

type ExtAuthConfig_AccessTokenValidationConfig added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig struct {

	// Types that are assignable to ValidationType:
	//	*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionUrl
	//	*ExtAuthConfig_AccessTokenValidationConfig_Jwt
	//	*ExtAuthConfig_AccessTokenValidationConfig_Introspection
	ValidationType isExtAuthConfig_AccessTokenValidationConfig_ValidationType `protobuf_oneof:"validation_type"`
	// The URL for the OIDC userinfo endpoint.
	// If provided, the (opaque) access token provided or received from the oauth endpoint
	// will be queried and the userinfo response (or cached response) will be added to the
	// `AuthorizationRequest` state under the "introspection" key.
	// This can be useful to leverage the userinfo response in, for example, an external auth server plugin.
	UserinfoUrl string `protobuf:"bytes,4,opt,name=userinfo_url,json=userinfoUrl,proto3" json:"userinfo_url,omitempty"`
	// How long the token introspection and userinfo endpoint response for a specific access token should be kept
	// in the in-memory cache. The result will be invalidated at this timeout, or at "exp" time from the introspection
	// result, whichever comes sooner. If omitted, defaults to 10 minutes. If zero, then no caching will be done.
	CacheTimeout *duration.Duration `protobuf:"bytes,5,opt,name=cache_timeout,json=cacheTimeout,proto3" json:"cache_timeout,omitempty"`
	// Optional criteria for validating the scopes of a token.
	//
	// Types that are assignable to ScopeValidation:
	//	*ExtAuthConfig_AccessTokenValidationConfig_RequiredScopes
	ScopeValidation isExtAuthConfig_AccessTokenValidationConfig_ScopeValidation `protobuf_oneof:"scope_validation"`
	// contains filtered or unexported fields
}

func (*ExtAuthConfig_AccessTokenValidationConfig) Descriptor deprecated added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_AccessTokenValidationConfig) Equal added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_AccessTokenValidationConfig) GetCacheTimeout added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) GetCacheTimeout() *duration.Duration

func (*ExtAuthConfig_AccessTokenValidationConfig) GetIntrospection added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) GetIntrospection() *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation

func (*ExtAuthConfig_AccessTokenValidationConfig) GetIntrospectionUrl deprecated added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) GetIntrospectionUrl() string

Deprecated: Do not use.

func (*ExtAuthConfig_AccessTokenValidationConfig) GetJwt added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) GetJwt() *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation

func (*ExtAuthConfig_AccessTokenValidationConfig) GetRequiredScopes added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) GetRequiredScopes() *ExtAuthConfig_AccessTokenValidationConfig_ScopeList

func (*ExtAuthConfig_AccessTokenValidationConfig) GetScopeValidation added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig) GetScopeValidation() isExtAuthConfig_AccessTokenValidationConfig_ScopeValidation

func (*ExtAuthConfig_AccessTokenValidationConfig) GetUserinfoUrl added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) GetUserinfoUrl() string

func (*ExtAuthConfig_AccessTokenValidationConfig) GetValidationType added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig) GetValidationType() isExtAuthConfig_AccessTokenValidationConfig_ValidationType

func (*ExtAuthConfig_AccessTokenValidationConfig) Hash added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_AccessTokenValidationConfig) ProtoMessage added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig) ProtoMessage()

func (*ExtAuthConfig_AccessTokenValidationConfig) ProtoReflect added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_AccessTokenValidationConfig) Reset added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) Reset()

func (*ExtAuthConfig_AccessTokenValidationConfig) String added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig) String() string

type ExtAuthConfig_AccessTokenValidationConfig_Introspection added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_Introspection struct {
	// Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated
	// [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) specification.
	Introspection *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation `protobuf:"bytes,3,opt,name=introspection,proto3,oneof"`
}

type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionUrl added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionUrl struct {
	// The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint.
	// If provided, the (opaque) access token provided or received from the oauth authorization endpoint
	// will be validated against this endpoint, or locally cached responses for this access token.
	// This field is deprecated as it does not support authenticated introspection requests
	//
	// Deprecated: Do not use.
	IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3,oneof"`
}

type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation struct {

	// The URL for the [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662) endpoint.
	// If provided, the (opaque) access token provided or received from the oauth authorization endpoint
	// will be validated against this endpoint, or locally cached responses for this access token.
	IntrospectionUrl string `protobuf:"bytes,1,opt,name=introspection_url,json=introspectionUrl,proto3" json:"introspection_url,omitempty"`
	// Your client id as registered with the issuer.
	// Optional: Use if the token introspection url requires client authentication.
	ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// Your client secret as registered with the issuer.
	// Optional: Use if the token introspection url requires client authentication.
	ClientSecret string `protobuf:"bytes,3,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// The name of the [introspection response](https://tools.ietf.org/html/rfc7662#section-2.2)
	// attribute that contains the ID of the resource owner (e.g. `sub`, `username`).
	// If specified, the external auth server will use the value of the attribute as the identifier of the
	// authenticated user and add it to the request headers and/or dynamic metadata (depending on how the
	// server is configured); if the field is set and the attribute cannot be found, the request will be denied.
	// This field is optional and by default the server will not try to derive the user ID.
	UserIdAttributeName string `protobuf:"bytes,4,opt,name=user_id_attribute_name,json=userIdAttributeName,proto3" json:"user_id_attribute_name,omitempty"`
	// contains filtered or unexported fields
}

Defines how (opaque) access tokens, received from the oauth authorization endpoint, are validated [OAuth2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)

If the token introspection url requires client authentication, both the client_id and client_secret are required. If only one is provided, the config will be rejected. These values will be encoded in a basic auth header in order to authenticate the client.

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Descriptor deprecated added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Equal added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientId added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientId() string

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientSecret added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetClientSecret() string

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetIntrospectionUrl added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetIntrospectionUrl() string

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetUserIdAttributeName added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) GetUserIdAttributeName() string

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Hash added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoMessage added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoMessage()

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoReflect added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Reset added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) Reset()

func (*ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) String added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_IntrospectionValidation) String() string

type ExtAuthConfig_AccessTokenValidationConfig_Jwt added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_Jwt struct {
	// Validate access tokens that conform to the
	// [JSON Web Token (JWT)](https://tools.ietf.org/html/rfc7519) specification.
	Jwt *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"`
}

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation struct {

	// Types that are assignable to JwksSourceSpecifier:
	//	*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks_
	//	*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks_
	JwksSourceSpecifier isExtAuthConfig_AccessTokenValidationConfig_JwtValidation_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"`
	// Allow only tokens that have been issued by this principal (i.e. whose "iss" claim matches this value).
	// If empty, issuer validation will be skipped.
	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// contains filtered or unexported fields
}

Defines how JSON Web Token (JWT) access tokens are validated.

Tokens are validated using a JSON Web Key Set (as defined in [Section 5 of RFC7517](https://tools.ietf.org/html/rfc7517#section-5)), which can be either inlined in the configuration or fetched from a remote location via HTTP. Any keys in the JWKS that are not intended for signature verification (i.e. whose ["use" parameter](https://tools.ietf.org/html/rfc7517#section-4.2) is not "sig") will be ignored by the system, as will keys that do not specify a ["kid" (Key ID) parameter](https://tools.ietf.org/html/rfc7517#section-4.2).

The JWT to be validated must define non-empty "kid" and "alg" headers. The "kid" header determines which key in the JWKS will be used to verify the signature of the token; if no matching key is found, the token will be rejected.

If present, the server will verify the "exp", "iat", and "nbf" standard JWT claims. Validation of the "iss" claim and of token scopes can be configured as well. If the JWT has been successfully validated, its set of claims will be added to the `AuthorizationRequest` state under the "jwtAccessToken" key.

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Descriptor deprecated added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_JwtValidation.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Equal added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetIssuer added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetIssuer() string

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetJwksSourceSpecifier added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetJwksSourceSpecifier() isExtAuthConfig_AccessTokenValidationConfig_JwtValidation_JwksSourceSpecifier

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetLocalJwks added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetLocalJwks() *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetRemoteJwks added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) GetRemoteJwks() *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Hash added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoMessage added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoMessage()

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoReflect added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Reset added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) Reset()

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) String added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation) String() string

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks struct {

	// JWKS is embedded as a string.
	InlineString string `protobuf:"bytes,1,opt,name=inline_string,json=inlineString,proto3" json:"inline_string,omitempty"`
	// contains filtered or unexported fields
}

Represents a locally available JWKS.

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Descriptor deprecated added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Equal added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) GetInlineString added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) GetInlineString() string

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Hash added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoMessage added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoMessage()

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoReflect added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Reset added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) Reset()

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) String added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks) String() string

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks_ added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks_ struct {
	// Loads the JWKS from a local data source.
	LocalJwks *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_LocalJwks `protobuf:"bytes,2,opt,name=local_jwks,json=localJwks,proto3,oneof"`
}

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks struct {

	// The HTTP URI to fetch the JWKS.
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// The frequency at which the JWKS should be refreshed.
	// If not specified, the default value is 5 minutes.
	RefreshInterval *duration.Duration `protobuf:"bytes,2,opt,name=refresh_interval,json=refreshInterval,proto3" json:"refresh_interval,omitempty"`
	// contains filtered or unexported fields
}

Specifies how to fetch JWKS from remote and how to cache it.

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Descriptor deprecated added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Equal added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetRefreshInterval added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetRefreshInterval() *duration.Duration

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetUrl added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) GetUrl() string

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Hash added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoMessage added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoMessage()

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoReflect added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Reset added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) Reset()

func (*ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) String added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks) String() string

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks_ added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks_ struct {
	// Fetches the JWKS from a remote location.
	RemoteJwks *ExtAuthConfig_AccessTokenValidationConfig_JwtValidation_RemoteJwks `protobuf:"bytes,1,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"`
}

type ExtAuthConfig_AccessTokenValidationConfig_RequiredScopes added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_RequiredScopes struct {
	// Require access token to have all of the scopes in the given list.
	// This configuration applies to both opaque and JWT tokens. In the case of opaque tokens,
	// this will check the scopes returned in the "scope" member of introspection response
	// (as described in [Section 2.2 of RFC7662](https://tools.ietf.org/html/rfc7662#section-2.2).
	// In case of JWTs the scopes to be validated are expected to be contained in the "scope" claim of the
	// token in the form of a space-separated string.
	// Omitting this field means that scope validation will be skipped.
	RequiredScopes *ExtAuthConfig_AccessTokenValidationConfig_ScopeList `protobuf:"bytes,6,opt,name=required_scopes,json=requiredScopes,proto3,oneof"`
}

type ExtAuthConfig_AccessTokenValidationConfig_ScopeList added in v1.7.0 

type ExtAuthConfig_AccessTokenValidationConfig_ScopeList struct {
	Scope []string `protobuf:"bytes,1,rep,name=scope,proto3" json:"scope,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Descriptor deprecated added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_AccessTokenValidationConfig_ScopeList.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Equal added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) GetScope added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) GetScope() []string

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Hash added in v1.7.0 

func (m *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoMessage added in v1.7.0 

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoMessage()

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoReflect added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Reset added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) Reset()

func (*ExtAuthConfig_AccessTokenValidationConfig_ScopeList) String added in v1.7.0 

func (x *ExtAuthConfig_AccessTokenValidationConfig_ScopeList) String() string

type ExtAuthConfig_ApiKeyAuthConfig 

type ExtAuthConfig_ApiKeyAuthConfig struct {

	// A mapping of valid API keys to their associated metadata.
	// This map is automatically populated with the information from the relevant `ApiKeySecret`s.
	ValidApiKeys map[string]*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata `` /* 187-byte string literal not displayed */
	// (Optional) When receiving a request, the Gloo Edge Enterprise external auth server will look for an API key
	// in a header with this name. This field is optional; if not provided it defaults to `api-key`.
	HeaderName string `protobuf:"bytes,2,opt,name=header_name,json=headerName,proto3" json:"header_name,omitempty"`
	// Determines the key metadata that will be included as headers on the upstream request.
	// Each entry represents a header to add: the key is the name of the header, and the
	// value is the key that will be used to look up the data entry in the key metadata.
	HeadersFromKeyMetadata map[string]string `` /* 219-byte string literal not displayed */
	// contains filtered or unexported fields
}

**NOTE: This configuration is not user-facing and will be auto generated**

func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor deprecated 

func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_ApiKeyAuthConfig.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_ApiKeyAuthConfig) Equal 

func (m *ExtAuthConfig_ApiKeyAuthConfig) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_ApiKeyAuthConfig) GetHeaderName added in v1.5.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig) GetHeaderName() string

func (*ExtAuthConfig_ApiKeyAuthConfig) GetHeadersFromKeyMetadata added in v1.5.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig) GetHeadersFromKeyMetadata() map[string]string

func (*ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeys added in v1.5.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeys() map[string]*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata

func (*ExtAuthConfig_ApiKeyAuthConfig) Hash added in v1.2.13 

func (m *ExtAuthConfig_ApiKeyAuthConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage 

func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage()

func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_ApiKeyAuthConfig) Reset 

func (x *ExtAuthConfig_ApiKeyAuthConfig) Reset()

func (*ExtAuthConfig_ApiKeyAuthConfig) String 

func (x *ExtAuthConfig_ApiKeyAuthConfig) String() string

type ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata added in v1.5.0 

type ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata struct {

	// The user is mapped as the name of `Secret` which contains the `ApiKeySecret`
	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	// The metadata present on the `ApiKeySecret`.
	Metadata map[string]string `` /* 157-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Descriptor deprecated added in v1.5.0 

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Equal added in v1.5.0 

func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetMetadata added in v1.5.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetMetadata() map[string]string

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetUsername added in v1.5.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) GetUsername() string

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Hash added in v1.5.0 

func (m *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoMessage added in v1.5.0 

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoMessage()

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Reset added in v1.5.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) Reset()

func (*ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) String added in v1.5.0 

func (x *ExtAuthConfig_ApiKeyAuthConfig_KeyMetadata) String() string

type ExtAuthConfig_Config 

type ExtAuthConfig_Config struct {

	// optional: used when defining complex boolean logic, if `boolean_expr` is defined below. Also used
	// in logging. If omitted, an automatically generated name will be used (e.g. config_0, of the
	// pattern 'config_$INDEX_IN_CHAIN'). In the case of plugin auth, this field is ignored in favor of
	// the name assigned on the plugin config itself.
	Name *wrappers.StringValue `protobuf:"bytes,11,opt,name=name,proto3" json:"name,omitempty"`
	// Types that are assignable to AuthConfig:
	//	*ExtAuthConfig_Config_Oauth
	//	*ExtAuthConfig_Config_Oauth2
	//	*ExtAuthConfig_Config_BasicAuth
	//	*ExtAuthConfig_Config_ApiKeyAuth
	//	*ExtAuthConfig_Config_PluginAuth
	//	*ExtAuthConfig_Config_OpaAuth
	//	*ExtAuthConfig_Config_Ldap
	//	*ExtAuthConfig_Config_Jwt
	//	*ExtAuthConfig_Config_PassThroughAuth
	AuthConfig isExtAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"`
	// contains filtered or unexported fields
}

func (*ExtAuthConfig_Config) Descriptor deprecated 

func (*ExtAuthConfig_Config) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_Config.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_Config) Equal 

func (m *ExtAuthConfig_Config) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_Config) GetApiKeyAuth 

func (x *ExtAuthConfig_Config) GetApiKeyAuth() *ExtAuthConfig_ApiKeyAuthConfig

func (*ExtAuthConfig_Config) GetAuthConfig 

func (m *ExtAuthConfig_Config) GetAuthConfig() isExtAuthConfig_Config_AuthConfig

func (*ExtAuthConfig_Config) GetBasicAuth 

func (x *ExtAuthConfig_Config) GetBasicAuth() *BasicAuth

func (*ExtAuthConfig_Config) GetJwt added in v1.6.0 

func (x *ExtAuthConfig_Config) GetJwt() *empty.Empty

func (*ExtAuthConfig_Config) GetLdap 

func (x *ExtAuthConfig_Config) GetLdap() *Ldap

func (*ExtAuthConfig_Config) GetName added in v1.5.0 

func (x *ExtAuthConfig_Config) GetName() *wrappers.StringValue

func (*ExtAuthConfig_Config) GetOauth deprecated 

func (x *ExtAuthConfig_Config) GetOauth() *ExtAuthConfig_OAuthConfig

Deprecated: Do not use.

func (*ExtAuthConfig_Config) GetOauth2 added in v1.5.0 

func (x *ExtAuthConfig_Config) GetOauth2() *ExtAuthConfig_OAuth2Config

func (*ExtAuthConfig_Config) GetOpaAuth 

func (x *ExtAuthConfig_Config) GetOpaAuth() *ExtAuthConfig_OpaAuthConfig

func (*ExtAuthConfig_Config) GetPassThroughAuth added in v1.6.0 

func (x *ExtAuthConfig_Config) GetPassThroughAuth() *PassThroughAuth

func (*ExtAuthConfig_Config) GetPluginAuth 

func (x *ExtAuthConfig_Config) GetPluginAuth() *AuthPlugin

func (*ExtAuthConfig_Config) Hash added in v1.2.13 

func (m *ExtAuthConfig_Config) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_Config) ProtoMessage 

func (*ExtAuthConfig_Config) ProtoMessage()

func (*ExtAuthConfig_Config) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig_Config) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_Config) Reset 

func (x *ExtAuthConfig_Config) Reset()

func (*ExtAuthConfig_Config) String 

func (x *ExtAuthConfig_Config) String() string

type ExtAuthConfig_Config_ApiKeyAuth 

type ExtAuthConfig_Config_ApiKeyAuth struct {
	ApiKeyAuth *ExtAuthConfig_ApiKeyAuthConfig `protobuf:"bytes,5,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof"`
}

type ExtAuthConfig_Config_BasicAuth 

type ExtAuthConfig_Config_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,4,opt,name=basic_auth,json=basicAuth,proto3,oneof"`
}

type ExtAuthConfig_Config_Jwt added in v1.6.0 

type ExtAuthConfig_Config_Jwt struct {
	// This is a "dummy" extauth service which can be used to support multiple auth mechanisms with JWT authentication.
	// If Jwt authentication is to be used in the [boolean expression](https://docs.solo.io/gloo-edge/latest/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/extauth/v1/extauth.proto.sk/#authconfig) in an AuthConfig, you can use this auth config type to include Jwt as an Auth config.
	// In addition, `allow_missing_or_failed_jwt` must be set on the Virtual Host or Route that uses JWT auth or else the JWT filter will short circuit this behaviour.
	Jwt *empty.Empty `protobuf:"bytes,12,opt,name=jwt,proto3,oneof"`
}

type ExtAuthConfig_Config_Ldap 

type ExtAuthConfig_Config_Ldap struct {
	Ldap *Ldap `protobuf:"bytes,8,opt,name=ldap,proto3,oneof"`
}

type ExtAuthConfig_Config_Oauth 

type ExtAuthConfig_Config_Oauth struct {
	// Deprecated: Do not use.
	Oauth *ExtAuthConfig_OAuthConfig `protobuf:"bytes,3,opt,name=oauth,proto3,oneof"`
}

type ExtAuthConfig_Config_Oauth2 added in v1.5.0 

type ExtAuthConfig_Config_Oauth2 struct {
	Oauth2 *ExtAuthConfig_OAuth2Config `protobuf:"bytes,9,opt,name=oauth2,proto3,oneof"`
}

type ExtAuthConfig_Config_OpaAuth 

type ExtAuthConfig_Config_OpaAuth struct {
	OpaAuth *ExtAuthConfig_OpaAuthConfig `protobuf:"bytes,7,opt,name=opa_auth,json=opaAuth,proto3,oneof"`
}

type ExtAuthConfig_Config_PassThroughAuth added in v1.6.0 

type ExtAuthConfig_Config_PassThroughAuth struct {
	PassThroughAuth *PassThroughAuth `protobuf:"bytes,13,opt,name=pass_through_auth,json=passThroughAuth,proto3,oneof"`
}

type ExtAuthConfig_Config_PluginAuth 

type ExtAuthConfig_Config_PluginAuth struct {
	PluginAuth *AuthPlugin `protobuf:"bytes,6,opt,name=plugin_auth,json=pluginAuth,proto3,oneof"`
}

type ExtAuthConfig_OAuth2Config added in v1.5.0 

type ExtAuthConfig_OAuth2Config struct {

	// Types that are assignable to OauthType:
	//	*ExtAuthConfig_OAuth2Config_OidcAuthorizationCode
	//	*ExtAuthConfig_OAuth2Config_AccessTokenValidationConfig
	OauthType isExtAuthConfig_OAuth2Config_OauthType `protobuf_oneof:"oauth_type"`
	// contains filtered or unexported fields
}

func (*ExtAuthConfig_OAuth2Config) Descriptor deprecated added in v1.5.0 

func (*ExtAuthConfig_OAuth2Config) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_OAuth2Config.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_OAuth2Config) Equal added in v1.5.0 

func (m *ExtAuthConfig_OAuth2Config) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_OAuth2Config) GetAccessTokenValidationConfig added in v1.7.0 

func (x *ExtAuthConfig_OAuth2Config) GetAccessTokenValidationConfig() *ExtAuthConfig_AccessTokenValidationConfig

func (*ExtAuthConfig_OAuth2Config) GetOauthType added in v1.5.0 

func (m *ExtAuthConfig_OAuth2Config) GetOauthType() isExtAuthConfig_OAuth2Config_OauthType

func (*ExtAuthConfig_OAuth2Config) GetOidcAuthorizationCode added in v1.5.0 

func (x *ExtAuthConfig_OAuth2Config) GetOidcAuthorizationCode() *ExtAuthConfig_OidcAuthorizationCodeConfig

func (*ExtAuthConfig_OAuth2Config) Hash added in v1.5.0 

func (m *ExtAuthConfig_OAuth2Config) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_OAuth2Config) ProtoMessage added in v1.5.0 

func (*ExtAuthConfig_OAuth2Config) ProtoMessage()

func (*ExtAuthConfig_OAuth2Config) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig_OAuth2Config) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_OAuth2Config) Reset added in v1.5.0 

func (x *ExtAuthConfig_OAuth2Config) Reset()

func (*ExtAuthConfig_OAuth2Config) String added in v1.5.0 

func (x *ExtAuthConfig_OAuth2Config) String() string

type ExtAuthConfig_OAuth2Config_AccessTokenValidationConfig added in v1.7.0 

type ExtAuthConfig_OAuth2Config_AccessTokenValidationConfig struct {
	// provide the access token on the request and let gloo handle authorization.
	//
	// according to https://tools.ietf.org/html/rfc6750 you can pass tokens through:
	// - form-encoded body parameter. recommended, more likely to appear. e.g.: Authorization: Bearer mytoken123
	// - URI query parameter e.g. access_token=mytoken123
	// - and (preferably) secure cookies
	AccessTokenValidationConfig *ExtAuthConfig_AccessTokenValidationConfig `protobuf:"bytes,3,opt,name=access_token_validation_config,json=accessTokenValidationConfig,proto3,oneof"`
}

type ExtAuthConfig_OAuth2Config_OidcAuthorizationCode added in v1.5.0 

type ExtAuthConfig_OAuth2Config_OidcAuthorizationCode struct {
	// provide issuer location and let gloo handle OIDC flow for you.
	// requests authorized by validating the contents of ID token.
	// can also authorize the access token if configured.
	OidcAuthorizationCode *ExtAuthConfig_OidcAuthorizationCodeConfig `protobuf:"bytes,1,opt,name=oidc_authorization_code,json=oidcAuthorizationCode,proto3,oneof"`
}

type ExtAuthConfig_OAuthConfig 

type ExtAuthConfig_OAuthConfig struct {

	// your client id as registered with the issuer
	//
	// Deprecated: Do not use.
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	//
	// Deprecated: Do not use.
	ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	//
	// Deprecated: Do not use.
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider.
	//
	// Deprecated: Do not use.
	AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */
	// we to redirect after successful auth, if we can't determine the original
	// url this should be your publicly available app url.
	//
	// Deprecated: Do not use.
	AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// needs to not be used by the application
	//
	// Deprecated: Do not use.
	CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// scopes to request in addition to the openid scope.
	//
	// Deprecated: Do not use.
	Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// contains filtered or unexported fields
}

Deprecated, prefer OAuth2Config

func (*ExtAuthConfig_OAuthConfig) Descriptor deprecated 

func (*ExtAuthConfig_OAuthConfig) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_OAuthConfig.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_OAuthConfig) Equal 

func (m *ExtAuthConfig_OAuthConfig) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_OAuthConfig) GetAppUrl deprecated 

func (x *ExtAuthConfig_OAuthConfig) GetAppUrl() string

Deprecated: Do not use.

func (*ExtAuthConfig_OAuthConfig) GetAuthEndpointQueryParams deprecated added in v1.3.0 

func (x *ExtAuthConfig_OAuthConfig) GetAuthEndpointQueryParams() map[string]string

Deprecated: Do not use.

func (*ExtAuthConfig_OAuthConfig) GetCallbackPath deprecated 

func (x *ExtAuthConfig_OAuthConfig) GetCallbackPath() string

Deprecated: Do not use.

func (*ExtAuthConfig_OAuthConfig) GetClientId deprecated 

func (x *ExtAuthConfig_OAuthConfig) GetClientId() string

Deprecated: Do not use.

func (*ExtAuthConfig_OAuthConfig) GetClientSecret deprecated 

func (x *ExtAuthConfig_OAuthConfig) GetClientSecret() string

Deprecated: Do not use.

func (*ExtAuthConfig_OAuthConfig) GetIssuerUrl deprecated 

func (x *ExtAuthConfig_OAuthConfig) GetIssuerUrl() string

Deprecated: Do not use.

func (*ExtAuthConfig_OAuthConfig) GetScopes deprecated 

func (x *ExtAuthConfig_OAuthConfig) GetScopes() []string

Deprecated: Do not use.

func (*ExtAuthConfig_OAuthConfig) Hash added in v1.2.13 

func (m *ExtAuthConfig_OAuthConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_OAuthConfig) ProtoMessage 

func (*ExtAuthConfig_OAuthConfig) ProtoMessage()

func (*ExtAuthConfig_OAuthConfig) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig_OAuthConfig) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_OAuthConfig) Reset 

func (x *ExtAuthConfig_OAuthConfig) Reset()

func (*ExtAuthConfig_OAuthConfig) String 

func (x *ExtAuthConfig_OAuthConfig) String() string

type ExtAuthConfig_OidcAuthorizationCodeConfig added in v1.5.0 

type ExtAuthConfig_OidcAuthorizationCodeConfig struct {

	// your client id as registered with the issuer
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider.
	// this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/)
	// to set the `code_challenge` and `code_challenge_method`.
	AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */
	// extra query parameters to apply to the Ext-Auth service's token request to the identity provider.
	// this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/)
	// to set the `code_verifier`.
	TokenEndpointQueryParams map[string]string `` /* 226-byte string literal not displayed */
	// we to redirect after successful auth, if we can't determine the original
	// url this should be your publicly available app url.
	AppUrl string `protobuf:"bytes,5,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// needs to not be used by the application
	CallbackPath string `protobuf:"bytes,6,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// a path relative to app url that will be used for logging out from an OIDC session.
	// should not be used by the application.
	// If not provided, logout functionality will be disabled.
	LogoutPath string `protobuf:"bytes,9,opt,name=logout_path,json=logoutPath,proto3" json:"logout_path,omitempty"`
	// url to redirect to after logout.
	// This should be a publicly available URL. If not provided, will default to the `app_url`.
	AfterLogoutUrl string `protobuf:"bytes,15,opt,name=after_logout_url,json=afterLogoutUrl,proto3" json:"after_logout_url,omitempty"`
	// scopes to request in addition to the openid scope.
	Scopes  []string     `protobuf:"bytes,7,rep,name=scopes,proto3" json:"scopes,omitempty"`
	Session *UserSession `protobuf:"bytes,8,opt,name=session,proto3" json:"session,omitempty"`
	// Configures headers added to requests.
	Headers *HeaderConfiguration `protobuf:"bytes,10,opt,name=headers,proto3" json:"headers,omitempty"`
	// OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration
	// The configuration override defines any properties that should override this discovery configuration
	// For example, the following AuthConfig CRD could be defined as:
	//    “`yaml
	//    apiVersion: enterprise.gloo.solo.io/v1
	//    kind: AuthConfig
	//    metadata:
	//      name: google-oidc
	//      namespace: gloo-system
	//    spec:
	//      configs:
	//      - oauth:
	//          app_url: http://localhost:8080
	//          callback_path: /callback
	//          client_id: $CLIENT_ID
	//          client_secret_ref:
	//            name: google
	//            namespace: gloo-system
	//          issuer_url: https://accounts.google.com
	//          discovery_override:
	//            token_endpoint: "https://token.url/gettoken"
	//    “`
	//
	// And this will ensure that regardless of what value is discovered at
	// <issuerUrl>/.well-known/openid-configuration, "https://token.url/gettoken" will be used as the token endpoint
	DiscoveryOverride *DiscoveryOverride `protobuf:"bytes,11,opt,name=discovery_override,json=discoveryOverride,proto3" json:"discovery_override,omitempty"`
	// The interval at which OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration
	// If not specified, the default value is 30 minutes.
	DiscoveryPollInterval *duration.Duration `` /* 127-byte string literal not displayed */
	// If a user executes a request with a key that is not found in the JWKS, it could be
	// that the keys have rotated on the remote source, and not yet in the local cache.
	// This policy lets you define the behavior for how to refresh the local cache during a request
	// where an invalid key is provided
	JwksCacheRefreshPolicy *JwksOnDemandCacheRefreshPolicy `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Descriptor deprecated added in v1.5.0 

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_OidcAuthorizationCodeConfig.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Equal added in v1.5.0 

func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetAfterLogoutUrl added in v1.8.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAfterLogoutUrl() string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetAppUrl added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAppUrl() string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetAuthEndpointQueryParams added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetAuthEndpointQueryParams() map[string]string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetCallbackPath added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetCallbackPath() string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientId added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientId() string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientSecret added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetClientSecret() string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryOverride added in v1.6.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryOverride() *DiscoveryOverride

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryPollInterval added in v1.5.17 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetDiscoveryPollInterval() *duration.Duration

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetHeaders added in v1.5.8 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetHeaders() *HeaderConfiguration

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetIssuerUrl added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetIssuerUrl() string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetJwksCacheRefreshPolicy added in v1.5.18 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetJwksCacheRefreshPolicy() *JwksOnDemandCacheRefreshPolicy

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetLogoutPath added in v1.5.8 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetLogoutPath() string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetScopes added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetScopes() []string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetSession added in v1.5.8 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetSession() *UserSession

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) GetTokenEndpointQueryParams added in v1.7.7 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) GetTokenEndpointQueryParams() map[string]string

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Hash added in v1.5.0 

func (m *ExtAuthConfig_OidcAuthorizationCodeConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoMessage added in v1.5.0 

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoMessage()

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) Reset added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) Reset()

func (*ExtAuthConfig_OidcAuthorizationCodeConfig) String added in v1.5.0 

func (x *ExtAuthConfig_OidcAuthorizationCodeConfig) String() string

type ExtAuthConfig_OpaAuthConfig 

type ExtAuthConfig_OpaAuthConfig struct {

	// An optional modules (filename, module content) maps containing modules assist in the resolution of `query`.
	Modules map[string]string `` /* 155-byte string literal not displayed */
	// The query that determines the auth decision. The result of this query must be either a boolean
	// or an array with boolean as the first element. A boolean `true` value means that the request
	// will be authorized. Any other value, or error, means that the request will be denied.
	Query string `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtAuthConfig_OpaAuthConfig) Descriptor deprecated 

func (*ExtAuthConfig_OpaAuthConfig) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthConfig_OpaAuthConfig.ProtoReflect.Descriptor instead.

func (*ExtAuthConfig_OpaAuthConfig) Equal 

func (m *ExtAuthConfig_OpaAuthConfig) Equal(that interface{}) bool

Equal function

func (*ExtAuthConfig_OpaAuthConfig) GetModules 

func (x *ExtAuthConfig_OpaAuthConfig) GetModules() map[string]string

func (*ExtAuthConfig_OpaAuthConfig) GetQuery 

func (x *ExtAuthConfig_OpaAuthConfig) GetQuery() string

func (*ExtAuthConfig_OpaAuthConfig) Hash added in v1.2.13 

func (m *ExtAuthConfig_OpaAuthConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage 

func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage()

func (*ExtAuthConfig_OpaAuthConfig) ProtoReflect added in v1.6.0 

func (x *ExtAuthConfig_OpaAuthConfig) ProtoReflect() protoreflect.Message

func (*ExtAuthConfig_OpaAuthConfig) Reset 

func (x *ExtAuthConfig_OpaAuthConfig) Reset()

func (*ExtAuthConfig_OpaAuthConfig) String 

func (x *ExtAuthConfig_OpaAuthConfig) String() string

type ExtAuthDiscoveryServiceClient 

type ExtAuthDiscoveryServiceClient interface {
	StreamExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_StreamExtAuthConfigClient, error)
	DeltaExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_DeltaExtAuthConfigClient, error)
	FetchExtAuthConfig(ctx context.Context, in *v2.DiscoveryRequest, opts ...grpc.CallOption) (*v2.DiscoveryResponse, error)
}

ExtAuthDiscoveryServiceClient is the client API for ExtAuthDiscoveryService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewExtAuthDiscoveryServiceClient 

func NewExtAuthDiscoveryServiceClient(cc grpc.ClientConnInterface) ExtAuthDiscoveryServiceClient

type ExtAuthDiscoveryServiceServer 

type ExtAuthDiscoveryServiceServer interface {
	StreamExtAuthConfig(ExtAuthDiscoveryService_StreamExtAuthConfigServer) error
	DeltaExtAuthConfig(ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error
	FetchExtAuthConfig(context.Context, *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)
}

ExtAuthDiscoveryServiceServer is the server API for ExtAuthDiscoveryService service.

func NewExtAuthDiscoveryServiceServer 

func NewExtAuthDiscoveryServiceServer(genericServer server.Server) ExtAuthDiscoveryServiceServer

type ExtAuthDiscoveryService_DeltaExtAuthConfigClient 

type ExtAuthDiscoveryService_DeltaExtAuthConfigClient interface {
	Send(*v2.DeltaDiscoveryRequest) error
	Recv() (*v2.DeltaDiscoveryResponse, error)
	grpc.ClientStream
}

type ExtAuthDiscoveryService_DeltaExtAuthConfigServer 

type ExtAuthDiscoveryService_DeltaExtAuthConfigServer interface {
	Send(*v2.DeltaDiscoveryResponse) error
	Recv() (*v2.DeltaDiscoveryRequest, error)
	grpc.ServerStream
}

type ExtAuthDiscoveryService_StreamExtAuthConfigClient 

type ExtAuthDiscoveryService_StreamExtAuthConfigClient interface {
	Send(*v2.DiscoveryRequest) error
	Recv() (*v2.DiscoveryResponse, error)
	grpc.ClientStream
}

type ExtAuthDiscoveryService_StreamExtAuthConfigServer 

type ExtAuthDiscoveryService_StreamExtAuthConfigServer interface {
	Send(*v2.DiscoveryResponse) error
	Recv() (*v2.DiscoveryRequest, error)
	grpc.ServerStream
}

type ExtAuthExtension 

type ExtAuthExtension struct {

	// Types that are assignable to Spec:
	//	*ExtAuthExtension_Disable
	//	*ExtAuthExtension_ConfigRef
	//	*ExtAuthExtension_CustomAuth
	Spec isExtAuthExtension_Spec `protobuf_oneof:"spec"`
	// contains filtered or unexported fields
}

Auth configurations defined on virtual hosts, routes, and weighted destinations will be unmarshalled to this message.

func (*ExtAuthExtension) Descriptor deprecated 

func (*ExtAuthExtension) Descriptor() ([]byte, []int)

Deprecated: Use ExtAuthExtension.ProtoReflect.Descriptor instead.

func (*ExtAuthExtension) Equal 

func (m *ExtAuthExtension) Equal(that interface{}) bool

Equal function

func (*ExtAuthExtension) GetConfigRef 

func (x *ExtAuthExtension) GetConfigRef() *core.ResourceRef

func (*ExtAuthExtension) GetCustomAuth 

func (x *ExtAuthExtension) GetCustomAuth() *CustomAuth

func (*ExtAuthExtension) GetDisable 

func (x *ExtAuthExtension) GetDisable() bool

func (*ExtAuthExtension) GetSpec 

func (m *ExtAuthExtension) GetSpec() isExtAuthExtension_Spec

func (*ExtAuthExtension) Hash added in v1.2.13 

func (m *ExtAuthExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtAuthExtension) ProtoMessage 

func (*ExtAuthExtension) ProtoMessage()

func (*ExtAuthExtension) ProtoReflect added in v1.6.0 

func (x *ExtAuthExtension) ProtoReflect() protoreflect.Message

func (*ExtAuthExtension) Reset 

func (x *ExtAuthExtension) Reset()

func (*ExtAuthExtension) String 

func (x *ExtAuthExtension) String() string

type ExtAuthExtension_ConfigRef 

type ExtAuthExtension_ConfigRef struct {
	// A reference to an AuthConfig. This is used to configure the Gloo Edge Enterprise extauth server.
	ConfigRef *core.ResourceRef `protobuf:"bytes,2,opt,name=config_ref,json=configRef,proto3,oneof"`
}

type ExtAuthExtension_CustomAuth 

type ExtAuthExtension_CustomAuth struct {
	// Use this field if you are running your own custom extauth server.
	CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof"`
}

type ExtAuthExtension_Disable 

type ExtAuthExtension_Disable struct {
	//  Set to true to disable auth on the virtual host/route.
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3,oneof"`
}

type HeaderConfiguration added in v1.5.8 

type HeaderConfiguration struct {

	// If set, the id token will be forward upstream using this header name.
	IdTokenHeader string `protobuf:"bytes,1,opt,name=id_token_header,json=idTokenHeader,proto3" json:"id_token_header,omitempty"`
	// If set, the access token will be forward upstream using this header name.
	AccessTokenHeader string `protobuf:"bytes,2,opt,name=access_token_header,json=accessTokenHeader,proto3" json:"access_token_header,omitempty"`
	// contains filtered or unexported fields
}

func (*HeaderConfiguration) Descriptor deprecated added in v1.5.8 

func (*HeaderConfiguration) Descriptor() ([]byte, []int)

Deprecated: Use HeaderConfiguration.ProtoReflect.Descriptor instead.

func (*HeaderConfiguration) Equal added in v1.5.8 

func (m *HeaderConfiguration) Equal(that interface{}) bool

Equal function

func (*HeaderConfiguration) GetAccessTokenHeader added in v1.6.0 

func (x *HeaderConfiguration) GetAccessTokenHeader() string

func (*HeaderConfiguration) GetIdTokenHeader added in v1.5.8 

func (x *HeaderConfiguration) GetIdTokenHeader() string

func (*HeaderConfiguration) Hash added in v1.5.8 

func (m *HeaderConfiguration) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*HeaderConfiguration) ProtoMessage added in v1.5.8 

func (*HeaderConfiguration) ProtoMessage()

func (*HeaderConfiguration) ProtoReflect added in v1.6.0 

func (x *HeaderConfiguration) ProtoReflect() protoreflect.Message

func (*HeaderConfiguration) Reset added in v1.5.8 

func (x *HeaderConfiguration) Reset()

func (*HeaderConfiguration) String added in v1.5.8 

func (x *HeaderConfiguration) String() string

type HttpService 

type HttpService struct {

	// Sets a prefix to the value of authorization request header *Path*.
	PathPrefix string                `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	Request    *HttpService_Request  `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Response   *HttpService_Response `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"`
	// contains filtered or unexported fields
}

func (*HttpService) Descriptor deprecated 

func (*HttpService) Descriptor() ([]byte, []int)

Deprecated: Use HttpService.ProtoReflect.Descriptor instead.

func (*HttpService) Equal 

func (m *HttpService) Equal(that interface{}) bool

Equal function

func (*HttpService) GetPathPrefix 

func (x *HttpService) GetPathPrefix() string

func (*HttpService) GetRequest 

func (x *HttpService) GetRequest() *HttpService_Request

func (*HttpService) GetResponse 

func (x *HttpService) GetResponse() *HttpService_Response

func (*HttpService) Hash added in v1.2.13 

func (m *HttpService) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*HttpService) ProtoMessage 

func (*HttpService) ProtoMessage()

func (*HttpService) ProtoReflect added in v1.6.0 

func (x *HttpService) ProtoReflect() protoreflect.Message

func (*HttpService) Reset 

func (x *HttpService) Reset()

func (*HttpService) String 

func (x *HttpService) String() string

type HttpService_Request 

type HttpService_Request struct {

	// These headers will be copied from the incoming request to the request going
	// to the auth server. Note that in addition to the user's supplied matchers:
	//
	// 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
	//
	// 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
	// a message body.
	AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"`
	// These headers that will be included to the request to authorization service. Note that
	// client request of the same key will be overridden.
	HeadersToAdd map[string]string `` /* 187-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*HttpService_Request) Descriptor deprecated 

func (*HttpService_Request) Descriptor() ([]byte, []int)

Deprecated: Use HttpService_Request.ProtoReflect.Descriptor instead.

func (*HttpService_Request) Equal 

func (m *HttpService_Request) Equal(that interface{}) bool

Equal function

func (*HttpService_Request) GetAllowedHeaders 

func (x *HttpService_Request) GetAllowedHeaders() []string

func (*HttpService_Request) GetHeadersToAdd 

func (x *HttpService_Request) GetHeadersToAdd() map[string]string

func (*HttpService_Request) Hash added in v1.2.13 

func (m *HttpService_Request) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*HttpService_Request) ProtoMessage 

func (*HttpService_Request) ProtoMessage()

func (*HttpService_Request) ProtoReflect added in v1.6.0 

func (x *HttpService_Request) ProtoReflect() protoreflect.Message

func (*HttpService_Request) Reset 

func (x *HttpService_Request) Reset()

func (*HttpService_Request) String 

func (x *HttpService_Request) String() string

type HttpService_Response 

type HttpService_Response struct {

	// When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream.
	// Note that coexistent headers will be overridden.
	AllowedUpstreamHeaders []string `` /* 129-byte string literal not displayed */
	// When this. is set, authorization response headers that will be added to the client's response when auth request is denied.
	// Note that when this list is *not* set, all the authorization response headers, except *Authority
	// (Host)* will be in the response to the client. When a header is included in this list, *Path*,
	// *Status*, *Content-Length*, *WWW-Authenticate* and *Location* are automatically added.
	AllowedClientHeaders []string `protobuf:"bytes,2,rep,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"`
	// contains filtered or unexported fields
}

func (*HttpService_Response) Descriptor deprecated 

func (*HttpService_Response) Descriptor() ([]byte, []int)

Deprecated: Use HttpService_Response.ProtoReflect.Descriptor instead.

func (*HttpService_Response) Equal 

func (m *HttpService_Response) Equal(that interface{}) bool

Equal function

func (*HttpService_Response) GetAllowedClientHeaders 

func (x *HttpService_Response) GetAllowedClientHeaders() []string

func (*HttpService_Response) GetAllowedUpstreamHeaders 

func (x *HttpService_Response) GetAllowedUpstreamHeaders() []string

func (*HttpService_Response) Hash added in v1.2.13 

func (m *HttpService_Response) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*HttpService_Response) ProtoMessage 

func (*HttpService_Response) ProtoMessage()

func (*HttpService_Response) ProtoReflect added in v1.6.0 

func (x *HttpService_Response) ProtoReflect() protoreflect.Message

func (*HttpService_Response) Reset 

func (x *HttpService_Response) Reset()

func (*HttpService_Response) String 

func (x *HttpService_Response) String() string

type JwksOnDemandCacheRefreshPolicy added in v1.5.18 

type JwksOnDemandCacheRefreshPolicy struct {

	// Types that are assignable to Policy:
	//	*JwksOnDemandCacheRefreshPolicy_Never
	//	*JwksOnDemandCacheRefreshPolicy_Always
	//	*JwksOnDemandCacheRefreshPolicy_MaxIdpReqPerPollingInterval
	Policy isJwksOnDemandCacheRefreshPolicy_Policy `protobuf_oneof:"policy"`
	// contains filtered or unexported fields
}

The json web key set (JWKS) (https://tools.ietf.org/html/rfc7517) is discovered at an interval from a remote source. When keys rotate in the remote source, there may be a delay in the local source picking up those new keys. Therefore, a user could execute a request with a token that has been signed by a key in the remote JWKS, but the local cache doesn't have the key yet. The request would fail because the key isn't contained in the local set. Since most IdPs publish key keys in their remote JWKS before they are used, this is not an issue most of the time. This policy lets you define the behavior for when a user has a token with a key not yet in the local cache.

func (*JwksOnDemandCacheRefreshPolicy) Descriptor deprecated added in v1.5.18 

func (*JwksOnDemandCacheRefreshPolicy) Descriptor() ([]byte, []int)

Deprecated: Use JwksOnDemandCacheRefreshPolicy.ProtoReflect.Descriptor instead.

func (*JwksOnDemandCacheRefreshPolicy) Equal added in v1.5.18 

func (m *JwksOnDemandCacheRefreshPolicy) Equal(that interface{}) bool

Equal function

func (*JwksOnDemandCacheRefreshPolicy) GetAlways added in v1.5.18 

func (x *JwksOnDemandCacheRefreshPolicy) GetAlways() *empty.Empty

func (*JwksOnDemandCacheRefreshPolicy) GetMaxIdpReqPerPollingInterval added in v1.5.18 

func (x *JwksOnDemandCacheRefreshPolicy) GetMaxIdpReqPerPollingInterval() uint32

func (*JwksOnDemandCacheRefreshPolicy) GetNever added in v1.5.18 

func (x *JwksOnDemandCacheRefreshPolicy) GetNever() *empty.Empty

func (*JwksOnDemandCacheRefreshPolicy) GetPolicy added in v1.5.18 

func (m *JwksOnDemandCacheRefreshPolicy) GetPolicy() isJwksOnDemandCacheRefreshPolicy_Policy

func (*JwksOnDemandCacheRefreshPolicy) Hash added in v1.5.18 

func (m *JwksOnDemandCacheRefreshPolicy) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*JwksOnDemandCacheRefreshPolicy) ProtoMessage added in v1.5.18 

func (*JwksOnDemandCacheRefreshPolicy) ProtoMessage()

func (*JwksOnDemandCacheRefreshPolicy) ProtoReflect added in v1.6.19 

func (x *JwksOnDemandCacheRefreshPolicy) ProtoReflect() protoreflect.Message

func (*JwksOnDemandCacheRefreshPolicy) Reset added in v1.5.18 

func (x *JwksOnDemandCacheRefreshPolicy) Reset()

func (*JwksOnDemandCacheRefreshPolicy) String added in v1.5.18 

func (x *JwksOnDemandCacheRefreshPolicy) String() string

type JwksOnDemandCacheRefreshPolicy_Always added in v1.5.18 

type JwksOnDemandCacheRefreshPolicy_Always struct {
	// If a key is not in the cache, fetch the most recent keys from the IdP and update the cache.
	// NOTE: This should only be done in trusted environments, since missing keys will each trigger
	// a request to the IdP. Using this in an environment exposed to the internet will allow malicious agents to
	// execute a DDoS attack by spamming protected endpoints with tokens signed by invalid keys.
	Always *empty.Empty `protobuf:"bytes,2,opt,name=always,proto3,oneof"`
}

type JwksOnDemandCacheRefreshPolicy_MaxIdpReqPerPollingInterval added in v1.5.18 

type JwksOnDemandCacheRefreshPolicy_MaxIdpReqPerPollingInterval struct {
	// If a key is not in the cache, fetch the most recent keys from the IdP and update the cache.
	// This value sets the number of requests to the IdP per polling interval. If that limit is exceeded,
	// we will stop fetching from the IdP for the remainder of the polling interval.
	MaxIdpReqPerPollingInterval uint32 `protobuf:"varint,3,opt,name=max_idp_req_per_polling_interval,json=maxIdpReqPerPollingInterval,proto3,oneof"`
}

type JwksOnDemandCacheRefreshPolicy_Never added in v1.5.18 

type JwksOnDemandCacheRefreshPolicy_Never struct {
	// Never refresh the local JWKS cache on demand. If a key is not in the cache, it is assumed to be malicious.
	// This is the default policy since we assume that IdPs publish keys before they rotate them,
	// and frequent polling finds the newest keys.
	Never *empty.Empty `protobuf:"bytes,1,opt,name=never,proto3,oneof"`
}

type Ldap 

type Ldap struct {

	// Address of the LDAP server to query. Should be in the form ADDRESS:PORT, e.g. `ldap.default.svc.cluster.local:389`.
	Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder.
	// When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the
	// placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope).
	// E.g. "uid=%s,ou=people,dc=solo,dc=io"
	UserDnTemplate string `protobuf:"bytes,2,opt,name=userDnTemplate,proto3" json:"userDnTemplate,omitempty"`
	// Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look
	// for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided.
	MembershipAttributeName string `protobuf:"bytes,3,opt,name=membershipAttributeName,proto3" json:"membershipAttributeName,omitempty"`
	// In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must
	// contain at least of one of the group DNs specified via this option.
	// E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" }
	AllowedGroups []string `protobuf:"bytes,4,rep,name=allowedGroups,proto3" json:"allowedGroups,omitempty"`
	// Use this property to tune the pool of connections to the LDAP server that Gloo maintains.
	Pool *Ldap_ConnectionPool `protobuf:"bytes,5,opt,name=pool,proto3" json:"pool,omitempty"`
	// contains filtered or unexported fields
}

Authenticates and authorizes requests by querying an LDAP server. Gloo makes the following assumptions:

  • Requests provide credentials via the basic HTTP authentication header. Gloo will BIND to the LDAP server using the credentials extracted from the header.
  • Your LDAP server is configured so that each entry you want to authorize has an attribute that indicates its group memberships. A common way of achieving this is by using the [*memberof* overlay](http://www.openldap.org/software/man.cgi?query=slapo-memberof).

func (*Ldap) Descriptor deprecated 

func (*Ldap) Descriptor() ([]byte, []int)

Deprecated: Use Ldap.ProtoReflect.Descriptor instead.

func (*Ldap) Equal 

func (m *Ldap) Equal(that interface{}) bool

Equal function

func (*Ldap) GetAddress 

func (x *Ldap) GetAddress() string

func (*Ldap) GetAllowedGroups 

func (x *Ldap) GetAllowedGroups() []string

func (*Ldap) GetMembershipAttributeName 

func (x *Ldap) GetMembershipAttributeName() string

func (*Ldap) GetPool 

func (x *Ldap) GetPool() *Ldap_ConnectionPool

func (*Ldap) GetUserDnTemplate 

func (x *Ldap) GetUserDnTemplate() string

func (*Ldap) Hash added in v1.2.13 

func (m *Ldap) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Ldap) ProtoMessage 

func (*Ldap) ProtoMessage()

func (*Ldap) ProtoReflect added in v1.6.0 

func (x *Ldap) ProtoReflect() protoreflect.Message

func (*Ldap) Reset 

func (x *Ldap) Reset()

func (*Ldap) String 

func (x *Ldap) String() string

type Ldap_ConnectionPool 

type Ldap_ConnectionPool struct {

	// Maximum number connections that are pooled at any give time. The default value is 5.
	MaxSize *wrappers.UInt32Value `protobuf:"bytes,1,opt,name=maxSize,proto3" json:"maxSize,omitempty"`
	// Number of connections that the pool will be pre-populated with upon initialization. The default value is 2.
	InitialSize *wrappers.UInt32Value `protobuf:"bytes,2,opt,name=initialSize,proto3" json:"initialSize,omitempty"`
	// contains filtered or unexported fields
}

Configuration properties for pooling connections to the LDAP server. If the pool is exhausted when a connection is requested (meaning that all the polled connections are in use), the connection will be created on the fly.

func (*Ldap_ConnectionPool) Descriptor deprecated 

func (*Ldap_ConnectionPool) Descriptor() ([]byte, []int)

Deprecated: Use Ldap_ConnectionPool.ProtoReflect.Descriptor instead.

func (*Ldap_ConnectionPool) Equal 

func (m *Ldap_ConnectionPool) Equal(that interface{}) bool

Equal function

func (*Ldap_ConnectionPool) GetInitialSize 

func (x *Ldap_ConnectionPool) GetInitialSize() *wrappers.UInt32Value

func (*Ldap_ConnectionPool) GetMaxSize 

func (x *Ldap_ConnectionPool) GetMaxSize() *wrappers.UInt32Value

func (*Ldap_ConnectionPool) Hash added in v1.2.13 

func (m *Ldap_ConnectionPool) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Ldap_ConnectionPool) ProtoMessage 

func (*Ldap_ConnectionPool) ProtoMessage()

func (*Ldap_ConnectionPool) ProtoReflect added in v1.6.0 

func (x *Ldap_ConnectionPool) ProtoReflect() protoreflect.Message

func (*Ldap_ConnectionPool) Reset 

func (x *Ldap_ConnectionPool) Reset()

func (*Ldap_ConnectionPool) String 

func (x *Ldap_ConnectionPool) String() string

type OAuth deprecated 

type OAuth struct {

	// your client id as registered with the issuer
	//
	// Deprecated: Do not use.
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	//
	// Deprecated: Do not use.
	ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	//
	// Deprecated: Do not use.
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider.
	//
	// Deprecated: Do not use.
	AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */
	// we to redirect after successful auth, if we can't determine the original
	// url this should be your publicly available app url.
	//
	// Deprecated: Do not use.
	AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// needs to not be used by the application
	//
	// Deprecated: Do not use.
	CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// Scopes to request in addition to openid scope.
	//
	// Deprecated: Do not use.
	Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// contains filtered or unexported fields
}

Deprecated: Prefer OAuth2

func (*OAuth) Descriptor deprecated 

func (*OAuth) Descriptor() ([]byte, []int)

Deprecated: Use OAuth.ProtoReflect.Descriptor instead.

func (*OAuth) Equal 

func (m *OAuth) Equal(that interface{}) bool

Equal function

func (*OAuth) GetAppUrl deprecated 

func (x *OAuth) GetAppUrl() string

Deprecated: Do not use.

func (*OAuth) GetAuthEndpointQueryParams deprecated added in v1.3.0 

func (x *OAuth) GetAuthEndpointQueryParams() map[string]string

Deprecated: Do not use.

func (*OAuth) GetCallbackPath deprecated 

func (x *OAuth) GetCallbackPath() string

Deprecated: Do not use.

func (*OAuth) GetClientId deprecated 

func (x *OAuth) GetClientId() string

Deprecated: Do not use.

func (*OAuth) GetClientSecretRef deprecated 

func (x *OAuth) GetClientSecretRef() *core.ResourceRef

Deprecated: Do not use.

func (*OAuth) GetIssuerUrl deprecated 

func (x *OAuth) GetIssuerUrl() string

Deprecated: Do not use.

func (*OAuth) GetScopes deprecated 

func (x *OAuth) GetScopes() []string

Deprecated: Do not use.

func (*OAuth) Hash added in v1.2.13 

func (m *OAuth) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*OAuth) ProtoMessage 

func (*OAuth) ProtoMessage()

func (*OAuth) ProtoReflect added in v1.6.0 

func (x *OAuth) ProtoReflect() protoreflect.Message

func (*OAuth) Reset 

func (x *OAuth) Reset()

func (*OAuth) String 

func (x *OAuth) String() string

type OAuth2 added in v1.5.0 

type OAuth2 struct {

	// Types that are assignable to OauthType:
	//	*OAuth2_OidcAuthorizationCode
	//	*OAuth2_AccessTokenValidation
	OauthType isOAuth2_OauthType `protobuf_oneof:"oauth_type"`
	// contains filtered or unexported fields
}

func (*OAuth2) Descriptor deprecated added in v1.5.0 

func (*OAuth2) Descriptor() ([]byte, []int)

Deprecated: Use OAuth2.ProtoReflect.Descriptor instead.

func (*OAuth2) Equal added in v1.5.0 

func (m *OAuth2) Equal(that interface{}) bool

Equal function

func (*OAuth2) GetAccessTokenValidation added in v1.5.0 

func (x *OAuth2) GetAccessTokenValidation() *AccessTokenValidation

func (*OAuth2) GetOauthType added in v1.5.0 

func (m *OAuth2) GetOauthType() isOAuth2_OauthType

func (*OAuth2) GetOidcAuthorizationCode added in v1.5.0 

func (x *OAuth2) GetOidcAuthorizationCode() *OidcAuthorizationCode

func (*OAuth2) Hash added in v1.5.0 

func (m *OAuth2) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*OAuth2) ProtoMessage added in v1.5.0 

func (*OAuth2) ProtoMessage()

func (*OAuth2) ProtoReflect added in v1.6.0 

func (x *OAuth2) ProtoReflect() protoreflect.Message

func (*OAuth2) Reset added in v1.5.0 

func (x *OAuth2) Reset()

func (*OAuth2) String added in v1.5.0 

func (x *OAuth2) String() string

type OAuth2_AccessTokenValidation added in v1.5.0 

type OAuth2_AccessTokenValidation struct {
	// provide the access token on the request and let gloo handle authorization.
	//
	// according to https://tools.ietf.org/html/rfc6750 you can pass tokens through:
	// - form-encoded body parameter. recommended, more likely to appear. e.g.: Authorization: Bearer mytoken123
	// - URI query parameter e.g. access_token=mytoken123
	// - and (preferably) secure cookies
	AccessTokenValidation *AccessTokenValidation `protobuf:"bytes,2,opt,name=access_token_validation,json=accessTokenValidation,proto3,oneof"`
}

type OAuth2_OidcAuthorizationCode added in v1.5.0 

type OAuth2_OidcAuthorizationCode struct {
	// provide issuer location and let gloo handle OIDC flow for you.
	// requests authorized by validating the contents of ID token.
	// can also authorize the access token if configured.
	OidcAuthorizationCode *OidcAuthorizationCode `protobuf:"bytes,1,opt,name=oidc_authorization_code,json=oidcAuthorizationCode,proto3,oneof"`
}

type OauthSecret 

type OauthSecret struct {
	ClientSecret string `protobuf:"bytes,1,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// contains filtered or unexported fields
}

func (*OauthSecret) Descriptor deprecated 

func (*OauthSecret) Descriptor() ([]byte, []int)

Deprecated: Use OauthSecret.ProtoReflect.Descriptor instead.

func (*OauthSecret) Equal 

func (m *OauthSecret) Equal(that interface{}) bool

Equal function

func (*OauthSecret) GetClientSecret 

func (x *OauthSecret) GetClientSecret() string

func (*OauthSecret) Hash added in v1.2.13 

func (m *OauthSecret) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*OauthSecret) ProtoMessage 

func (*OauthSecret) ProtoMessage()

func (*OauthSecret) ProtoReflect added in v1.6.0 

func (x *OauthSecret) ProtoReflect() protoreflect.Message

func (*OauthSecret) Reset 

func (x *OauthSecret) Reset()

func (*OauthSecret) String 

func (x *OauthSecret) String() string

type OidcAuthorizationCode added in v1.5.0 

type OidcAuthorizationCode struct {

	// your client id as registered with the issuer
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// extra query parameters to apply to the Ext-Auth service's authorization request to the identity provider.
	// this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/)
	// to set the `code_challenge` and `code_challenge_method`.
	AuthEndpointQueryParams map[string]string `` /* 222-byte string literal not displayed */
	// extra query parameters to apply to the Ext-Auth service's token request to the identity provider.
	// this can be useful for flows such as PKCE (https://www.oauth.com/oauth2-servers/pkce/authorization-request/)
	// to set the `code_verifier`.
	TokenEndpointQueryParams map[string]string `` /* 226-byte string literal not displayed */
	// where to redirect after successful auth, if we can't determine the original url.
	// this should be your publicly available app url.
	AppUrl string `protobuf:"bytes,5,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// should not be used by the application.
	CallbackPath string `protobuf:"bytes,6,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// a path relative to app url that will be used for logging out from an OIDC session.
	// should not be used by the application.
	// If not provided, logout functionality will be disabled.
	LogoutPath string `protobuf:"bytes,9,opt,name=logout_path,json=logoutPath,proto3" json:"logout_path,omitempty"`
	// url to redirect to after logout.
	// This should be a publicly available URL. If not provided, will default to the `app_url`.
	AfterLogoutUrl string `protobuf:"bytes,15,opt,name=after_logout_url,json=afterLogoutUrl,proto3" json:"after_logout_url,omitempty"`
	// Scopes to request in addition to openid scope.
	Scopes []string `protobuf:"bytes,7,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// Configuration related to the user session.
	Session *UserSession `protobuf:"bytes,8,opt,name=session,proto3" json:"session,omitempty"`
	// Configures headers added to requests.
	Headers *HeaderConfiguration `protobuf:"bytes,10,opt,name=headers,proto3" json:"headers,omitempty"`
	// OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration
	// The discovery override defines any properties that should override this discovery configuration
	// For example, the following AuthConfig CRD could be defined as:
	//    “`yaml
	//    apiVersion: enterprise.gloo.solo.io/v1
	//    kind: AuthConfig
	//    metadata:
	//      name: google-oidc
	//      namespace: gloo-system
	//    spec:
	//      configs:
	//      - oauth:
	//          app_url: http://localhost:8080
	//          callback_path: /callback
	//          client_id: $CLIENT_ID
	//          client_secret_ref:
	//            name: google
	//            namespace: gloo-system
	//          issuer_url: https://accounts.google.com
	//          discovery_override:
	//            token_endpoint: "https://token.url/gettoken"
	//    “`
	//
	// And this will ensure that regardless of what value is discovered at
	// <issuerUrl>/.well-known/openid-configuration, "https://token.url/gettoken" will be used as the token endpoint
	DiscoveryOverride *DiscoveryOverride `protobuf:"bytes,11,opt,name=discovery_override,json=discoveryOverride,proto3" json:"discovery_override,omitempty"`
	// The interval at which OIDC configuration is discovered at <issuerUrl>/.well-known/openid-configuration
	// If not specified, the default value is 30 minutes.
	DiscoveryPollInterval *duration.Duration `` /* 127-byte string literal not displayed */
	// If a user executes a request with a key that is not found in the JWKS, it could be
	// that the keys have rotated on the remote source, and not yet in the local cache.
	// This policy lets you define the behavior for how to refresh the local cache during a request
	// where an invalid key is provided
	JwksCacheRefreshPolicy *JwksOnDemandCacheRefreshPolicy `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*OidcAuthorizationCode) Descriptor deprecated added in v1.5.0 

func (*OidcAuthorizationCode) Descriptor() ([]byte, []int)

Deprecated: Use OidcAuthorizationCode.ProtoReflect.Descriptor instead.

func (*OidcAuthorizationCode) Equal added in v1.5.0 

func (m *OidcAuthorizationCode) Equal(that interface{}) bool

Equal function

func (*OidcAuthorizationCode) GetAfterLogoutUrl added in v1.8.0 

func (x *OidcAuthorizationCode) GetAfterLogoutUrl() string

func (*OidcAuthorizationCode) GetAppUrl added in v1.5.0 

func (x *OidcAuthorizationCode) GetAppUrl() string

func (*OidcAuthorizationCode) GetAuthEndpointQueryParams added in v1.5.0 

func (x *OidcAuthorizationCode) GetAuthEndpointQueryParams() map[string]string

func (*OidcAuthorizationCode) GetCallbackPath added in v1.5.0 

func (x *OidcAuthorizationCode) GetCallbackPath() string

func (*OidcAuthorizationCode) GetClientId added in v1.5.0 

func (x *OidcAuthorizationCode) GetClientId() string

func (*OidcAuthorizationCode) GetClientSecretRef added in v1.5.0 

func (x *OidcAuthorizationCode) GetClientSecretRef() *core.ResourceRef

func (*OidcAuthorizationCode) GetDiscoveryOverride added in v1.6.0 

func (x *OidcAuthorizationCode) GetDiscoveryOverride() *DiscoveryOverride

func (*OidcAuthorizationCode) GetDiscoveryPollInterval added in v1.5.17 

func (x *OidcAuthorizationCode) GetDiscoveryPollInterval() *duration.Duration

func (*OidcAuthorizationCode) GetHeaders added in v1.5.8 

func (x *OidcAuthorizationCode) GetHeaders() *HeaderConfiguration

func (*OidcAuthorizationCode) GetIssuerUrl added in v1.5.0 

func (x *OidcAuthorizationCode) GetIssuerUrl() string

func (*OidcAuthorizationCode) GetJwksCacheRefreshPolicy added in v1.5.18 

func (x *OidcAuthorizationCode) GetJwksCacheRefreshPolicy() *JwksOnDemandCacheRefreshPolicy

func (*OidcAuthorizationCode) GetLogoutPath added in v1.5.8 

func (x *OidcAuthorizationCode) GetLogoutPath() string

func (*OidcAuthorizationCode) GetScopes added in v1.5.0 

func (x *OidcAuthorizationCode) GetScopes() []string

func (*OidcAuthorizationCode) GetSession added in v1.5.8 

func (x *OidcAuthorizationCode) GetSession() *UserSession

func (*OidcAuthorizationCode) GetTokenEndpointQueryParams added in v1.7.7 

func (x *OidcAuthorizationCode) GetTokenEndpointQueryParams() map[string]string

func (*OidcAuthorizationCode) Hash added in v1.5.0 

func (m *OidcAuthorizationCode) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*OidcAuthorizationCode) ProtoMessage added in v1.5.0 

func (*OidcAuthorizationCode) ProtoMessage()

func (*OidcAuthorizationCode) ProtoReflect added in v1.6.0 

func (x *OidcAuthorizationCode) ProtoReflect() protoreflect.Message

func (*OidcAuthorizationCode) Reset added in v1.5.0 

func (x *OidcAuthorizationCode) Reset()

func (*OidcAuthorizationCode) String added in v1.5.0 

func (x *OidcAuthorizationCode) String() string

type OpaAuth 

type OpaAuth struct {

	// An optional resource reference to config maps containing modules to assist in the resolution of `query`.
	Modules []*core.ResourceRef `protobuf:"bytes,1,rep,name=modules,proto3" json:"modules,omitempty"`
	// The query that determines the auth decision. The result of this query must be either a boolean
	// or an array with boolean as the first element. A boolean `true` value means that the request
	// will be authorized. Any other value, or error, means that the request will be denied.
	Query string `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"`
	// contains filtered or unexported fields
}

func (*OpaAuth) Descriptor deprecated 

func (*OpaAuth) Descriptor() ([]byte, []int)

Deprecated: Use OpaAuth.ProtoReflect.Descriptor instead.

func (*OpaAuth) Equal 

func (m *OpaAuth) Equal(that interface{}) bool

Equal function

func (*OpaAuth) GetModules 

func (x *OpaAuth) GetModules() []*core.ResourceRef

func (*OpaAuth) GetQuery 

func (x *OpaAuth) GetQuery() string

func (*OpaAuth) Hash added in v1.2.13 

func (m *OpaAuth) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*OpaAuth) ProtoMessage 

func (*OpaAuth) ProtoMessage()

func (*OpaAuth) ProtoReflect added in v1.6.0 

func (x *OpaAuth) ProtoReflect() protoreflect.Message

func (*OpaAuth) Reset 

func (x *OpaAuth) Reset()

func (*OpaAuth) String 

func (x *OpaAuth) String() string

type PassThroughAuth added in v1.6.0 

type PassThroughAuth struct {

	// Types that are assignable to Protocol:
	//	*PassThroughAuth_Grpc
	Protocol isPassThroughAuth_Protocol `protobuf_oneof:"protocol"`
	// Custom config to be passed per request to the passthrough auth service.
	Config *_struct.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
	// contains filtered or unexported fields
}

Authorizes requests by querying a custom extauth server.

func (*PassThroughAuth) Descriptor deprecated added in v1.6.0 

func (*PassThroughAuth) Descriptor() ([]byte, []int)

Deprecated: Use PassThroughAuth.ProtoReflect.Descriptor instead.

func (*PassThroughAuth) Equal added in v1.6.0 

func (m *PassThroughAuth) Equal(that interface{}) bool

Equal function

func (*PassThroughAuth) GetConfig added in v1.6.11 

func (x *PassThroughAuth) GetConfig() *_struct.Struct

func (*PassThroughAuth) GetGrpc added in v1.6.0 

func (x *PassThroughAuth) GetGrpc() *PassThroughGrpc

func (*PassThroughAuth) GetProtocol added in v1.6.0 

func (m *PassThroughAuth) GetProtocol() isPassThroughAuth_Protocol

func (*PassThroughAuth) Hash added in v1.6.0 

func (m *PassThroughAuth) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*PassThroughAuth) ProtoMessage added in v1.6.0 

func (*PassThroughAuth) ProtoMessage()

func (*PassThroughAuth) ProtoReflect added in v1.6.0 

func (x *PassThroughAuth) ProtoReflect() protoreflect.Message

func (*PassThroughAuth) Reset added in v1.6.0 

func (x *PassThroughAuth) Reset()

func (*PassThroughAuth) String added in v1.6.0 

func (x *PassThroughAuth) String() string

type PassThroughAuth_Grpc added in v1.6.0 

type PassThroughAuth_Grpc struct {
	Grpc *PassThroughGrpc `protobuf:"bytes,1,opt,name=grpc,proto3,oneof"`
}

type PassThroughGrpc added in v1.6.0 

type PassThroughGrpc struct {

	// Address of the auth server to query. Should be in the form ADDRESS:PORT, e.g. `default.svc.cluster.local:389`.
	Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// Timeout for the auth server to respond. Defaults to 5s
	ConnectionTimeout *duration.Duration `protobuf:"bytes,2,opt,name=connection_timeout,json=connectionTimeout,proto3" json:"connection_timeout,omitempty"`
	// contains filtered or unexported fields
}

Authorizes requests by querying a custom extauth grpc server Assumes that the server implements the envoy external authorization spec: https://github.com/envoyproxy/envoy/blob/ae1ed1fa74f096dabe8dd5b19fc70333621b0309/api/envoy/service/auth/v3/external_auth.proto#L29

func (*PassThroughGrpc) Descriptor deprecated added in v1.6.0 

func (*PassThroughGrpc) Descriptor() ([]byte, []int)

Deprecated: Use PassThroughGrpc.ProtoReflect.Descriptor instead.

func (*PassThroughGrpc) Equal added in v1.6.0 

func (m *PassThroughGrpc) Equal(that interface{}) bool

Equal function

func (*PassThroughGrpc) GetAddress added in v1.6.0 

func (x *PassThroughGrpc) GetAddress() string

func (*PassThroughGrpc) GetConnectionTimeout added in v1.6.0 

func (x *PassThroughGrpc) GetConnectionTimeout() *duration.Duration

func (*PassThroughGrpc) Hash added in v1.6.0 

func (m *PassThroughGrpc) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*PassThroughGrpc) ProtoMessage added in v1.6.0 

func (*PassThroughGrpc) ProtoMessage()

func (*PassThroughGrpc) ProtoReflect added in v1.6.0 

func (x *PassThroughGrpc) ProtoReflect() protoreflect.Message

func (*PassThroughGrpc) Reset added in v1.6.0 

func (x *PassThroughGrpc) Reset()

func (*PassThroughGrpc) String added in v1.6.0 

func (x *PassThroughGrpc) String() string

type RedisOptions added in v1.5.8 

type RedisOptions struct {

	// address of the redis. can be address:port or unix://path/to/unix.sock
	Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
	// db to use. can leave unset for db 0.
	Db int32 `protobuf:"varint,2,opt,name=db,proto3" json:"db,omitempty"`
	// size of the connection pool. can leave unset for default.
	// defaults to 10 connections per every CPU
	PoolSize int32 `protobuf:"varint,3,opt,name=pool_size,json=poolSize,proto3" json:"pool_size,omitempty"`
	// contains filtered or unexported fields
}

func (*RedisOptions) Descriptor deprecated added in v1.5.8 

func (*RedisOptions) Descriptor() ([]byte, []int)

Deprecated: Use RedisOptions.ProtoReflect.Descriptor instead.

func (*RedisOptions) Equal added in v1.5.8 

func (m *RedisOptions) Equal(that interface{}) bool

Equal function

func (*RedisOptions) GetDb added in v1.5.8 

func (x *RedisOptions) GetDb() int32

func (*RedisOptions) GetHost added in v1.5.8 

func (x *RedisOptions) GetHost() string

func (*RedisOptions) GetPoolSize added in v1.5.8 

func (x *RedisOptions) GetPoolSize() int32

func (*RedisOptions) Hash added in v1.5.8 

func (m *RedisOptions) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*RedisOptions) ProtoMessage added in v1.5.8 

func (*RedisOptions) ProtoMessage()

func (*RedisOptions) ProtoReflect added in v1.6.0 

func (x *RedisOptions) ProtoReflect() protoreflect.Message

func (*RedisOptions) Reset added in v1.5.8 

func (x *RedisOptions) Reset()

func (*RedisOptions) String added in v1.5.8 

func (x *RedisOptions) String() string

type Settings 

type Settings struct {

	// The upstream to ask about auth decisions
	ExtauthzServerRef *core.ResourceRef `protobuf:"bytes,1,opt,name=extauthz_server_ref,json=extauthzServerRef,proto3" json:"extauthz_server_ref,omitempty"`
	// If this is set, communication to the upstream will be via HTTP and not GRPC.
	HttpService *HttpService `protobuf:"bytes,2,opt,name=http_service,json=httpService,proto3" json:"http_service,omitempty"`
	// If the auth server trusted id of the user, it will be set in this header.
	// Specifically this means that this header will be sanitized form the incoming request.
	UserIdHeader string `protobuf:"bytes,3,opt,name=user_id_header,json=userIdHeader,proto3" json:"user_id_header,omitempty"`
	// Timeout for the ext auth service to respond. Defaults to 200ms
	RequestTimeout *duration.Duration `protobuf:"bytes,4,opt,name=request_timeout,json=requestTimeout,proto3" json:"request_timeout,omitempty"`
	// In case of a failure or timeout querying the auth server, normally a request is denied.
	// if this is set to true, the request will be allowed.
	FailureModeAllow bool `protobuf:"varint,5,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"`
	// Set this if you also want to send the body of the request, and not just the headers.
	RequestBody *BufferSettings `protobuf:"bytes,6,opt,name=request_body,json=requestBody,proto3" json:"request_body,omitempty"`
	// Clears route cache in order to allow the external authorization service to correctly affect
	// routing decisions. Filter clears all cached routes when:
	//
	// 1. The field is set to *true*.
	//
	// 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.
	//
	// 3. At least one *authorization response header* is added to the client request, or is used for
	// altering another client request header.
	//
	ClearRouteCache bool `protobuf:"varint,7,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"`
	// Sets the HTTP status that is returned to the client when there is a network error between the
	// filter and the authorization server. The default status is HTTP 403 Forbidden.
	// If set, this must be one of the following:
	// - 100
	// - 200 201 202 203 204 205 206 207 208 226
	// - 300 301 302 303 304 305 307 308
	// - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431
	// - 500 501 502 503 504 505 506 507 508 510 511
	StatusOnError uint32 `protobuf:"varint,8,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"`
	// Determines the API version for the `ext_authz` transport protocol that will be used by Envoy
	// to communicate with the auth server. Defaults to `V2`. For more info, see the `transport_api_version` field
	// [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_authz/v3/ext_authz.proto#extensions-filters-http-ext-authz-v3-extauthz).
	TransportApiVersion Settings_ApiVersion `` /* 170-byte string literal not displayed */
	// Optional additional prefix to use when emitting statistics.
	// This allows to distinguish emitted statistics between configured ext_authz filters in an HTTP filter chain.
	StatPrefix string `protobuf:"bytes,10,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
	// contains filtered or unexported fields
}

Global external auth settings

func (*Settings) Descriptor deprecated 

func (*Settings) Descriptor() ([]byte, []int)

Deprecated: Use Settings.ProtoReflect.Descriptor instead.

func (*Settings) Equal 

func (m *Settings) Equal(that interface{}) bool

Equal function

func (*Settings) GetClearRouteCache 

func (x *Settings) GetClearRouteCache() bool

func (*Settings) GetExtauthzServerRef 

func (x *Settings) GetExtauthzServerRef() *core.ResourceRef

func (*Settings) GetFailureModeAllow 

func (x *Settings) GetFailureModeAllow() bool

func (*Settings) GetHttpService 

func (x *Settings) GetHttpService() *HttpService

func (*Settings) GetRequestBody 

func (x *Settings) GetRequestBody() *BufferSettings

func (*Settings) GetRequestTimeout 

func (x *Settings) GetRequestTimeout() *duration.Duration

func (*Settings) GetStatPrefix added in v1.8.0 

func (x *Settings) GetStatPrefix() string

func (*Settings) GetStatusOnError 

func (x *Settings) GetStatusOnError() uint32

func (*Settings) GetTransportApiVersion added in v1.6.11 

func (x *Settings) GetTransportApiVersion() Settings_ApiVersion

func (*Settings) GetUserIdHeader 

func (x *Settings) GetUserIdHeader() string

func (*Settings) Hash added in v1.2.13 

func (m *Settings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Settings) ProtoMessage 

func (*Settings) ProtoMessage()

func (*Settings) ProtoReflect added in v1.6.0 

func (x *Settings) ProtoReflect() protoreflect.Message

func (*Settings) Reset 

func (x *Settings) Reset()

func (*Settings) String 

func (x *Settings) String() string

type Settings_ApiVersion added in v1.6.11 

type Settings_ApiVersion int32

Describes the transport protocol version to use when connecting to the ext auth server. 

const (
	// Use v3 API.
	Settings_V3 Settings_ApiVersion = 0
)

func (Settings_ApiVersion) Descriptor added in v1.6.11 

func (Settings_ApiVersion) Descriptor() protoreflect.EnumDescriptor

func (Settings_ApiVersion) Enum added in v1.6.11 

func (x Settings_ApiVersion) Enum() *Settings_ApiVersion

func (Settings_ApiVersion) EnumDescriptor deprecated added in v1.6.11 

func (Settings_ApiVersion) EnumDescriptor() ([]byte, []int)

Deprecated: Use Settings_ApiVersion.Descriptor instead.

func (Settings_ApiVersion) Number added in v1.6.11 

func (x Settings_ApiVersion) Number() protoreflect.EnumNumber

func (Settings_ApiVersion) String added in v1.6.11 

func (x Settings_ApiVersion) String() string

func (Settings_ApiVersion) Type added in v1.6.11 

func (Settings_ApiVersion) Type() protoreflect.EnumType

type TransitionAuthConfigFunc 

type TransitionAuthConfigFunc func(original, desired *AuthConfig) (bool, error)

Option to copy anything from the original to the desired before writing. Return value of false means don't update

type UnimplementedExtAuthDiscoveryServiceServer 

type UnimplementedExtAuthDiscoveryServiceServer struct {
}

UnimplementedExtAuthDiscoveryServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig 

func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig(ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error

func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig 

func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig(context.Context, *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)

func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig 

func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig(ExtAuthDiscoveryService_StreamExtAuthConfigServer) error

type UserSession added in v1.5.8 

type UserSession struct {

	// should we fail auth flow when failing to get a session from redis, or allow it to continue,
	// potentially starting a new auth flow and setting a new session.
	FailOnFetchFailure bool `protobuf:"varint,1,opt,name=fail_on_fetch_failure,json=failOnFetchFailure,proto3" json:"fail_on_fetch_failure,omitempty"`
	// Set-Cookie options
	CookieOptions *UserSession_CookieOptions `protobuf:"bytes,2,opt,name=cookie_options,json=cookieOptions,proto3" json:"cookie_options,omitempty"`
	// Types that are assignable to Session:
	//	*UserSession_Cookie
	//	*UserSession_Redis
	Session isUserSession_Session `protobuf_oneof:"session"`
	// contains filtered or unexported fields
}

func (*UserSession) Descriptor deprecated added in v1.5.8 

func (*UserSession) Descriptor() ([]byte, []int)

Deprecated: Use UserSession.ProtoReflect.Descriptor instead.

func (*UserSession) Equal added in v1.5.8 

func (m *UserSession) Equal(that interface{}) bool

Equal function

func (*UserSession) GetCookie added in v1.5.8 

func (x *UserSession) GetCookie() *UserSession_InternalSession

func (*UserSession) GetCookieOptions added in v1.5.8 

func (x *UserSession) GetCookieOptions() *UserSession_CookieOptions

func (*UserSession) GetFailOnFetchFailure added in v1.5.8 

func (x *UserSession) GetFailOnFetchFailure() bool

func (*UserSession) GetRedis added in v1.5.8 

func (x *UserSession) GetRedis() *UserSession_RedisSession

func (*UserSession) GetSession added in v1.5.8 

func (m *UserSession) GetSession() isUserSession_Session

func (*UserSession) Hash added in v1.5.8 

func (m *UserSession) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*UserSession) ProtoMessage added in v1.5.8 

func (*UserSession) ProtoMessage()

func (*UserSession) ProtoReflect added in v1.6.0 

func (x *UserSession) ProtoReflect() protoreflect.Message

func (*UserSession) Reset added in v1.5.8 

func (x *UserSession) Reset()

func (*UserSession) String added in v1.5.8 

func (x *UserSession) String() string
type UserSession_Cookie struct {
	// Set the tokens in the cookie itself. No need for server side state.
	Cookie *UserSession_InternalSession `protobuf:"bytes,3,opt,name=cookie,proto3,oneof"`
}

type UserSession_CookieOptions added in v1.5.8 

type UserSession_CookieOptions struct {

	// Max age for the cookie. Leave unset for a default of 30 days (2592000 seconds).
	// To disable cookie expiry, set explicitly to 0.
	MaxAge *wrappers.UInt32Value `protobuf:"bytes,1,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"`
	// Use a non-secure cookie. Note - this should only be used for testing and in trusted
	// environments.
	NotSecure bool `protobuf:"varint,2,opt,name=not_secure,json=notSecure,proto3" json:"not_secure,omitempty"`
	// Path of the cookie. If unset, defaults to "/". Set it explicitly to "" to avoid setting a
	// path.
	Path *wrappers.StringValue `protobuf:"bytes,3,opt,name=path,proto3" json:"path,omitempty"`
	// Cookie domain
	Domain string `protobuf:"bytes,4,opt,name=domain,proto3" json:"domain,omitempty"`
	// contains filtered or unexported fields
}

func (*UserSession_CookieOptions) Descriptor deprecated added in v1.5.8 

func (*UserSession_CookieOptions) Descriptor() ([]byte, []int)

Deprecated: Use UserSession_CookieOptions.ProtoReflect.Descriptor instead.

func (*UserSession_CookieOptions) Equal added in v1.5.8 

func (m *UserSession_CookieOptions) Equal(that interface{}) bool

Equal function

func (*UserSession_CookieOptions) GetDomain added in v1.5.8 

func (x *UserSession_CookieOptions) GetDomain() string

func (*UserSession_CookieOptions) GetMaxAge added in v1.5.8 

func (x *UserSession_CookieOptions) GetMaxAge() *wrappers.UInt32Value

func (*UserSession_CookieOptions) GetNotSecure added in v1.5.8 

func (x *UserSession_CookieOptions) GetNotSecure() bool

func (*UserSession_CookieOptions) GetPath added in v1.5.8 

func (x *UserSession_CookieOptions) GetPath() *wrappers.StringValue

func (*UserSession_CookieOptions) Hash added in v1.5.8 

func (m *UserSession_CookieOptions) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*UserSession_CookieOptions) ProtoMessage added in v1.5.8 

func (*UserSession_CookieOptions) ProtoMessage()

func (*UserSession_CookieOptions) ProtoReflect added in v1.6.0 

func (x *UserSession_CookieOptions) ProtoReflect() protoreflect.Message

func (*UserSession_CookieOptions) Reset added in v1.5.8 

func (x *UserSession_CookieOptions) Reset()

func (*UserSession_CookieOptions) String added in v1.5.8 

func (x *UserSession_CookieOptions) String() string

type UserSession_InternalSession added in v1.5.8 

type UserSession_InternalSession struct {
	// contains filtered or unexported fields
}

func (*UserSession_InternalSession) Descriptor deprecated added in v1.5.8 

func (*UserSession_InternalSession) Descriptor() ([]byte, []int)

Deprecated: Use UserSession_InternalSession.ProtoReflect.Descriptor instead.

func (*UserSession_InternalSession) Equal added in v1.5.8 

func (m *UserSession_InternalSession) Equal(that interface{}) bool

Equal function

func (*UserSession_InternalSession) Hash added in v1.5.8 

func (m *UserSession_InternalSession) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*UserSession_InternalSession) ProtoMessage added in v1.5.8 

func (*UserSession_InternalSession) ProtoMessage()

func (*UserSession_InternalSession) ProtoReflect added in v1.6.0 

func (x *UserSession_InternalSession) ProtoReflect() protoreflect.Message

func (*UserSession_InternalSession) Reset added in v1.5.8 

func (x *UserSession_InternalSession) Reset()

func (*UserSession_InternalSession) String added in v1.5.8 

func (x *UserSession_InternalSession) String() string

type UserSession_Redis added in v1.5.8 

type UserSession_Redis struct {
	// Use redis to store the tokens and just store a random id in the cookie.
	Redis *UserSession_RedisSession `protobuf:"bytes,4,opt,name=redis,proto3,oneof"`
}

type UserSession_RedisSession added in v1.5.8 

type UserSession_RedisSession struct {

	// Options to connect to redis
	Options *RedisOptions `protobuf:"bytes,1,opt,name=options,proto3" json:"options,omitempty"`
	// Key prefix inside redis
	KeyPrefix string `protobuf:"bytes,2,opt,name=key_prefix,json=keyPrefix,proto3" json:"key_prefix,omitempty"`
	// Cookie name to set and store the session id. If empty the default "__session" is used.
	CookieName string `protobuf:"bytes,3,opt,name=cookie_name,json=cookieName,proto3" json:"cookie_name,omitempty"`
	// When set, refresh expired id-tokens using the refresh-token. Defaults to true.
	// Explicitly set to false to disable refreshing.
	AllowRefreshing *wrappers.BoolValue `protobuf:"bytes,4,opt,name=allow_refreshing,json=allowRefreshing,proto3" json:"allow_refreshing,omitempty"`
	// contains filtered or unexported fields
}

func (*UserSession_RedisSession) Descriptor deprecated added in v1.5.8 

func (*UserSession_RedisSession) Descriptor() ([]byte, []int)

Deprecated: Use UserSession_RedisSession.ProtoReflect.Descriptor instead.

func (*UserSession_RedisSession) Equal added in v1.5.8 

func (m *UserSession_RedisSession) Equal(that interface{}) bool

Equal function

func (*UserSession_RedisSession) GetAllowRefreshing added in v1.6.0 

func (x *UserSession_RedisSession) GetAllowRefreshing() *wrappers.BoolValue

func (*UserSession_RedisSession) GetCookieName added in v1.5.8 

func (x *UserSession_RedisSession) GetCookieName() string

func (*UserSession_RedisSession) GetKeyPrefix added in v1.5.8 

func (x *UserSession_RedisSession) GetKeyPrefix() string

func (*UserSession_RedisSession) GetOptions added in v1.5.8 

func (x *UserSession_RedisSession) GetOptions() *RedisOptions

func (*UserSession_RedisSession) Hash added in v1.5.8 

func (m *UserSession_RedisSession) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*UserSession_RedisSession) ProtoMessage added in v1.5.8 

func (*UserSession_RedisSession) ProtoMessage()

func (*UserSession_RedisSession) ProtoReflect added in v1.6.0 

func (x *UserSession_RedisSession) ProtoReflect() protoreflect.Message

func (*UserSession_RedisSession) Reset added in v1.5.8 

func (x *UserSession_RedisSession) Reset()

func (*UserSession_RedisSession) String added in v1.5.8 

func (x *UserSession_RedisSession) String() string

Source Files

View all Source files

Directories

Path Synopsis
kube
apis/enterprise.gloo.solo.io/v1
Package v1 is the v1 version of the API.
 Package v1 is the v1 version of the API.
client/clientset/versioned
This package has the automatically generated clientset.
 This package has the automatically generated clientset.
client/clientset/versioned/fake
This package has the automatically generated fake clientset.
 This package has the automatically generated fake clientset.
client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
 This package contains the scheme of the automatically generated clientset.
client/clientset/versioned/typed/enterprise.gloo.solo.io/v1
This package has the automatically generated typed clients.
 This package has the automatically generated typed clients.
client/clientset/versioned/typed/enterprise.gloo.solo.io/v1/fake
Package fake has the automatically generated clients.
 Package fake has the automatically generated clients.
client/informers/externalversions
client/informers/externalversions/enterprise.gloo.solo.io
client/informers/externalversions/enterprise.gloo.solo.io/v1
client/informers/externalversions/internalinterfaces
client/listers/enterprise.gloo.solo.io/v1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.