v1

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 25, 2019 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source 
const ExtAuthConfigType = cache.TypePrefix + "/enterprise.gloo.solo.io.ExtAuthConfig"

Variables

View Source 
var (
	AuthConfigCrd = crd.NewCrd(
		"authconfigs",
		AuthConfigGVK.Group,
		AuthConfigGVK.Version,
		AuthConfigGVK.Kind,
		"ac",
		false,
		&AuthConfig{})
)
View Source 
var (
	AuthConfigGVK = schema.GroupVersionKind{
		Version: "v1",
		Group:   "enterprise.gloo.solo.io",
		Kind:    "AuthConfig",
	}
)
View Source 
var ExtAuthConfigTypeRecord = client.NewTypeRecord(
	ExtAuthConfigType,

	func() cache.ResourceProto { return &ExtAuthConfig{} },

	func(r cache.ResourceProto) cache.Resource {
		return &ExtAuthConfigXdsResourceWrapper{Resource: r.(*ExtAuthConfig)}
	},
)

Define a type record. This is used by the generic client library.

Functions

func NewExtAuthConfigClient 

func NewExtAuthConfigClient(nodeinfo *core.Node, typedApply ApplyExtAuthConfig) client.Client

func RegisterExtAuthDiscoveryServiceServer 

func RegisterExtAuthDiscoveryServiceServer(s *grpc.Server, srv ExtAuthDiscoveryServiceServer)

Types

type ApiKeyAuth 

type ApiKeyAuth struct {
	// identify all valid apikey secrets using the provided label selector.
	// apikey secrets must be in gloo's watch namespaces for gloo to locate them
	LabelSelector map[string]string `` /* 188-byte string literal not displayed */
	// a way to reference apikey secrets individually (good for testing); prefer apikey groups via label selector
	ApiKeySecretRefs     []*core.ResourceRef `protobuf:"bytes,2,rep,name=api_key_secret_refs,json=apiKeySecretRefs,proto3" json:"api_key_secret_refs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

func (*ApiKeyAuth) Descriptor 

func (*ApiKeyAuth) Descriptor() ([]byte, []int)

func (*ApiKeyAuth) Equal 

func (this *ApiKeyAuth) Equal(that interface{}) bool

func (*ApiKeyAuth) GetApiKeySecretRefs 

func (m *ApiKeyAuth) GetApiKeySecretRefs() []*core.ResourceRef

func (*ApiKeyAuth) GetLabelSelector 

func (m *ApiKeyAuth) GetLabelSelector() map[string]string

func (*ApiKeyAuth) ProtoMessage 

func (*ApiKeyAuth) ProtoMessage()

func (*ApiKeyAuth) Reset 

func (m *ApiKeyAuth) Reset()

func (*ApiKeyAuth) String 

func (m *ApiKeyAuth) String() string

func (*ApiKeyAuth) XXX_DiscardUnknown 

func (m *ApiKeyAuth) XXX_DiscardUnknown()

func (*ApiKeyAuth) XXX_Marshal 

func (m *ApiKeyAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ApiKeyAuth) XXX_Merge 

func (m *ApiKeyAuth) XXX_Merge(src proto.Message)

func (*ApiKeyAuth) XXX_Size 

func (m *ApiKeyAuth) XXX_Size() int

func (*ApiKeyAuth) XXX_Unmarshal 

func (m *ApiKeyAuth) XXX_Unmarshal(b []byte) error

type ApiKeySecret 

type ApiKeySecret struct {
	// if true, generate an apikey
	GenerateApiKey bool `protobuf:"varint,1,opt,name=generate_api_key,json=generateApiKey,proto3" json:"generate_api_key,omitempty"`
	// if present, use the provided apikey
	ApiKey string `protobuf:"bytes,2,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"`
	// a list of labels (key=value) for the apikey secret.
	// virtual services may look for these labels using a provided label selector
	Labels               []string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ApiKeySecret) Descriptor 

func (*ApiKeySecret) Descriptor() ([]byte, []int)

func (*ApiKeySecret) Equal 

func (this *ApiKeySecret) Equal(that interface{}) bool

func (*ApiKeySecret) GetApiKey 

func (m *ApiKeySecret) GetApiKey() string

func (*ApiKeySecret) GetGenerateApiKey 

func (m *ApiKeySecret) GetGenerateApiKey() bool

func (*ApiKeySecret) GetLabels 

func (m *ApiKeySecret) GetLabels() []string

func (*ApiKeySecret) ProtoMessage 

func (*ApiKeySecret) ProtoMessage()

func (*ApiKeySecret) Reset 

func (m *ApiKeySecret) Reset()

func (*ApiKeySecret) String 

func (m *ApiKeySecret) String() string

func (*ApiKeySecret) XXX_DiscardUnknown 

func (m *ApiKeySecret) XXX_DiscardUnknown()

func (*ApiKeySecret) XXX_Marshal 

func (m *ApiKeySecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ApiKeySecret) XXX_Merge 

func (m *ApiKeySecret) XXX_Merge(src proto.Message)

func (*ApiKeySecret) XXX_Size 

func (m *ApiKeySecret) XXX_Size() int

func (*ApiKeySecret) XXX_Unmarshal 

func (m *ApiKeySecret) XXX_Unmarshal(b []byte) error

type ApplyExtAuthConfig 

type ApplyExtAuthConfig func(version string, resources []*ExtAuthConfig) error

The apply functions receives resources and returns an error if they were applied correctly. In theory the configuration can become valid in the future (i.e. eventually consistent), but I don't think we need to worry about that now As our current use cases only have one configuration resource, so no interactions are expected.

type AuthConfig 

type AuthConfig struct {
	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by gloo during validation
	Status core.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status" testdiff:"ignore"`
	// Metadata contains the object metadata for this resource
	Metadata             core.Metadata        `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata"`
	Configs              []*AuthConfig_Config `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

This is the user-facing auth configuration. When processed by Gloo, certain configuration types (i.a. oauth, opa) will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the final config format that will be included in the extauth snapshot.

func NewAuthConfig 

func NewAuthConfig(namespace, name string) *AuthConfig

func (*AuthConfig) DeepCopyInto 

func (o *AuthConfig) DeepCopyInto(out *AuthConfig)

func (*AuthConfig) DeepCopyObject 

func (o *AuthConfig) DeepCopyObject() runtime.Object

func (*AuthConfig) Descriptor 

func (*AuthConfig) Descriptor() ([]byte, []int)

func (*AuthConfig) Equal 

func (this *AuthConfig) Equal(that interface{}) bool

func (*AuthConfig) GetConfigs 

func (m *AuthConfig) GetConfigs() []*AuthConfig_Config

func (*AuthConfig) GetMetadata 

func (m *AuthConfig) GetMetadata() core.Metadata

func (*AuthConfig) GetObjectKind 

func (o *AuthConfig) GetObjectKind() schema.ObjectKind

func (*AuthConfig) GetStatus 

func (m *AuthConfig) GetStatus() core.Status

func (*AuthConfig) GroupVersionKind 

func (r *AuthConfig) GroupVersionKind() schema.GroupVersionKind

func (*AuthConfig) Hash 

func (r *AuthConfig) Hash() uint64

func (*AuthConfig) ProtoMessage 

func (*AuthConfig) ProtoMessage()

func (*AuthConfig) Reset 

func (m *AuthConfig) Reset()

func (*AuthConfig) SetMetadata 

func (r *AuthConfig) SetMetadata(meta core.Metadata)

func (*AuthConfig) SetStatus 

func (r *AuthConfig) SetStatus(status core.Status)

func (*AuthConfig) String 

func (m *AuthConfig) String() string

func (*AuthConfig) XXX_DiscardUnknown 

func (m *AuthConfig) XXX_DiscardUnknown()

func (*AuthConfig) XXX_Marshal 

func (m *AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthConfig) XXX_Merge 

func (m *AuthConfig) XXX_Merge(src proto.Message)

func (*AuthConfig) XXX_Size 

func (m *AuthConfig) XXX_Size() int

func (*AuthConfig) XXX_Unmarshal 

func (m *AuthConfig) XXX_Unmarshal(b []byte) error

type AuthConfigClient 

type AuthConfigClient interface {
	BaseClient() clients.ResourceClient
	Register() error
	Read(namespace, name string, opts clients.ReadOpts) (*AuthConfig, error)
	Write(resource *AuthConfig, opts clients.WriteOpts) (*AuthConfig, error)
	Delete(namespace, name string, opts clients.DeleteOpts) error
	List(namespace string, opts clients.ListOpts) (AuthConfigList, error)
	AuthConfigWatcher
}

func NewAuthConfigClient 

func NewAuthConfigClient(rcFactory factory.ResourceClientFactory) (AuthConfigClient, error)

func NewAuthConfigClientWithBase 

func NewAuthConfigClientWithBase(rc clients.ResourceClient) AuthConfigClient

func NewAuthConfigClientWithToken 

func NewAuthConfigClientWithToken(rcFactory factory.ResourceClientFactory, token string) (AuthConfigClient, error)

type AuthConfigList 

type AuthConfigList []*AuthConfig

func (AuthConfigList) AsInputResources 

func (list AuthConfigList) AsInputResources() resources.InputResourceList

func (AuthConfigList) AsInterfaces 

func (list AuthConfigList) AsInterfaces() []interface{}

func (AuthConfigList) AsResources 

func (list AuthConfigList) AsResources() resources.ResourceList

func (AuthConfigList) Clone 

func (list AuthConfigList) Clone() AuthConfigList

func (AuthConfigList) Each 

func (list AuthConfigList) Each(f func(element *AuthConfig))

func (AuthConfigList) EachResource 

func (list AuthConfigList) EachResource(f func(element resources.Resource))

func (AuthConfigList) Find 

func (list AuthConfigList) Find(namespace, name string) (*AuthConfig, error)

namespace is optional, if left empty, names can collide if the list contains more than one with the same name

func (AuthConfigList) Names 

func (list AuthConfigList) Names() []string

func (AuthConfigList) NamespacesDotNames 

func (list AuthConfigList) NamespacesDotNames() []string

func (AuthConfigList) Sort 

func (list AuthConfigList) Sort() AuthConfigList

type AuthConfigReconciler 

type AuthConfigReconciler interface {
	Reconcile(namespace string, desiredResources AuthConfigList, transition TransitionAuthConfigFunc, opts clients.ListOpts) error
}

func NewAuthConfigReconciler 

func NewAuthConfigReconciler(client AuthConfigClient) AuthConfigReconciler

type AuthConfigWatcher 

type AuthConfigWatcher interface {
	// watch namespace-scoped AuthConfigs
	Watch(namespace string, opts clients.WatchOpts) (<-chan AuthConfigList, <-chan error, error)
}

type AuthConfig_Config 

type AuthConfig_Config struct {
	// Types that are valid to be assigned to AuthConfig:
	//	*AuthConfig_Config_BasicAuth
	//	*AuthConfig_Config_Oauth
	//	*AuthConfig_Config_ApiKeyAuth
	//	*AuthConfig_Config_PluginAuth
	//	*AuthConfig_Config_OpaAuth
	//	*AuthConfig_Config_Ldap
	AuthConfig           isAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"`
	XXX_NoUnkeyedLiteral struct{}                       `json:"-"`
	XXX_unrecognized     []byte                         `json:"-"`
	XXX_sizecache        int32                          `json:"-"`
}

func (*AuthConfig_Config) Descriptor 

func (*AuthConfig_Config) Descriptor() ([]byte, []int)

func (*AuthConfig_Config) Equal 

func (this *AuthConfig_Config) Equal(that interface{}) bool

func (*AuthConfig_Config) GetApiKeyAuth 

func (m *AuthConfig_Config) GetApiKeyAuth() *ApiKeyAuth

func (*AuthConfig_Config) GetAuthConfig 

func (m *AuthConfig_Config) GetAuthConfig() isAuthConfig_Config_AuthConfig

func (*AuthConfig_Config) GetBasicAuth 

func (m *AuthConfig_Config) GetBasicAuth() *BasicAuth

func (*AuthConfig_Config) GetLdap 

func (m *AuthConfig_Config) GetLdap() *Ldap

func (*AuthConfig_Config) GetOauth 

func (m *AuthConfig_Config) GetOauth() *OAuth

func (*AuthConfig_Config) GetOpaAuth 

func (m *AuthConfig_Config) GetOpaAuth() *OpaAuth

func (*AuthConfig_Config) GetPluginAuth 

func (m *AuthConfig_Config) GetPluginAuth() *AuthPlugin

func (*AuthConfig_Config) ProtoMessage 

func (*AuthConfig_Config) ProtoMessage()

func (*AuthConfig_Config) Reset 

func (m *AuthConfig_Config) Reset()

func (*AuthConfig_Config) String 

func (m *AuthConfig_Config) String() string

func (*AuthConfig_Config) XXX_DiscardUnknown 

func (m *AuthConfig_Config) XXX_DiscardUnknown()

func (*AuthConfig_Config) XXX_Marshal 

func (m *AuthConfig_Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthConfig_Config) XXX_Merge 

func (m *AuthConfig_Config) XXX_Merge(src proto.Message)

func (*AuthConfig_Config) XXX_OneofWrappers 

func (*AuthConfig_Config) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*AuthConfig_Config) XXX_Size 

func (m *AuthConfig_Config) XXX_Size() int

func (*AuthConfig_Config) XXX_Unmarshal 

func (m *AuthConfig_Config) XXX_Unmarshal(b []byte) error

type AuthConfig_Config_ApiKeyAuth 

type AuthConfig_Config_ApiKeyAuth struct {
	ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"`
}

func (*AuthConfig_Config_ApiKeyAuth) Equal 

func (this *AuthConfig_Config_ApiKeyAuth) Equal(that interface{}) bool

type AuthConfig_Config_BasicAuth 

type AuthConfig_Config_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"`
}

func (*AuthConfig_Config_BasicAuth) Equal 

func (this *AuthConfig_Config_BasicAuth) Equal(that interface{}) bool

type AuthConfig_Config_Ldap 

type AuthConfig_Config_Ldap struct {
	Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"`
}

func (*AuthConfig_Config_Ldap) Equal 

func (this *AuthConfig_Config_Ldap) Equal(that interface{}) bool

type AuthConfig_Config_Oauth 

type AuthConfig_Config_Oauth struct {
	Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"`
}

func (*AuthConfig_Config_Oauth) Equal 

func (this *AuthConfig_Config_Oauth) Equal(that interface{}) bool

type AuthConfig_Config_OpaAuth 

type AuthConfig_Config_OpaAuth struct {
	OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"`
}

func (*AuthConfig_Config_OpaAuth) Equal 

func (this *AuthConfig_Config_OpaAuth) Equal(that interface{}) bool

type AuthConfig_Config_PluginAuth 

type AuthConfig_Config_PluginAuth struct {
	PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"`
}

func (*AuthConfig_Config_PluginAuth) Equal 

func (this *AuthConfig_Config_PluginAuth) Equal(that interface{}) bool

type AuthPlugin 

type AuthPlugin struct {
	// Name of the plugin
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Name of the compiled plugin file. If not specified, GlooE will look for an ".so" file with same name as the plugin.
	PluginFileName string `protobuf:"bytes,2,opt,name=plugin_file_name,json=pluginFileName,proto3" json:"plugin_file_name,omitempty"`
	// Name of the exported symbol that implements the plugin interface in the plugin.
	// If not specified, defaults to the name of the plugin
	ExportedSymbolName   string        `protobuf:"bytes,3,opt,name=exported_symbol_name,json=exportedSymbolName,proto3" json:"exported_symbol_name,omitempty"`
	Config               *types.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

func (*AuthPlugin) Descriptor 

func (*AuthPlugin) Descriptor() ([]byte, []int)

func (*AuthPlugin) Equal 

func (this *AuthPlugin) Equal(that interface{}) bool

func (*AuthPlugin) GetConfig 

func (m *AuthPlugin) GetConfig() *types.Struct

func (*AuthPlugin) GetExportedSymbolName 

func (m *AuthPlugin) GetExportedSymbolName() string

func (*AuthPlugin) GetName 

func (m *AuthPlugin) GetName() string

func (*AuthPlugin) GetPluginFileName 

func (m *AuthPlugin) GetPluginFileName() string

func (*AuthPlugin) ProtoMessage 

func (*AuthPlugin) ProtoMessage()

func (*AuthPlugin) Reset 

func (m *AuthPlugin) Reset()

func (*AuthPlugin) String 

func (m *AuthPlugin) String() string

func (*AuthPlugin) XXX_DiscardUnknown 

func (m *AuthPlugin) XXX_DiscardUnknown()

func (*AuthPlugin) XXX_Marshal 

func (m *AuthPlugin) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthPlugin) XXX_Merge 

func (m *AuthPlugin) XXX_Merge(src proto.Message)

func (*AuthPlugin) XXX_Size 

func (m *AuthPlugin) XXX_Size() int

func (*AuthPlugin) XXX_Unmarshal 

func (m *AuthPlugin) XXX_Unmarshal(b []byte) error

type BasicAuth 

type BasicAuth struct {
	Realm                string         `protobuf:"bytes,1,opt,name=realm,proto3" json:"realm,omitempty"`
	Apr                  *BasicAuth_Apr `protobuf:"bytes,2,opt,name=apr,proto3" json:"apr,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

func (*BasicAuth) Descriptor 

func (*BasicAuth) Descriptor() ([]byte, []int)

func (*BasicAuth) Equal 

func (this *BasicAuth) Equal(that interface{}) bool

func (*BasicAuth) GetApr 

func (m *BasicAuth) GetApr() *BasicAuth_Apr

func (*BasicAuth) GetRealm 

func (m *BasicAuth) GetRealm() string

func (*BasicAuth) ProtoMessage 

func (*BasicAuth) ProtoMessage()

func (*BasicAuth) Reset 

func (m *BasicAuth) Reset()

func (*BasicAuth) String 

func (m *BasicAuth) String() string

func (*BasicAuth) XXX_DiscardUnknown 

func (m *BasicAuth) XXX_DiscardUnknown()

func (*BasicAuth) XXX_Marshal 

func (m *BasicAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BasicAuth) XXX_Merge 

func (m *BasicAuth) XXX_Merge(src proto.Message)

func (*BasicAuth) XXX_Size 

func (m *BasicAuth) XXX_Size() int

func (*BasicAuth) XXX_Unmarshal 

func (m *BasicAuth) XXX_Unmarshal(b []byte) error

type BasicAuth_Apr 

type BasicAuth_Apr struct {
	Users                map[string]*BasicAuth_Apr_SaltedHashedPassword `` /* 151-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                                       `json:"-"`
	XXX_unrecognized     []byte                                         `json:"-"`
	XXX_sizecache        int32                                          `json:"-"`
}

func (*BasicAuth_Apr) Descriptor 

func (*BasicAuth_Apr) Descriptor() ([]byte, []int)

func (*BasicAuth_Apr) Equal 

func (this *BasicAuth_Apr) Equal(that interface{}) bool

func (*BasicAuth_Apr) GetUsers 

func (m *BasicAuth_Apr) GetUsers() map[string]*BasicAuth_Apr_SaltedHashedPassword

func (*BasicAuth_Apr) ProtoMessage 

func (*BasicAuth_Apr) ProtoMessage()

func (*BasicAuth_Apr) Reset 

func (m *BasicAuth_Apr) Reset()

func (*BasicAuth_Apr) String 

func (m *BasicAuth_Apr) String() string

func (*BasicAuth_Apr) XXX_DiscardUnknown 

func (m *BasicAuth_Apr) XXX_DiscardUnknown()

func (*BasicAuth_Apr) XXX_Marshal 

func (m *BasicAuth_Apr) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BasicAuth_Apr) XXX_Merge 

func (m *BasicAuth_Apr) XXX_Merge(src proto.Message)

func (*BasicAuth_Apr) XXX_Size 

func (m *BasicAuth_Apr) XXX_Size() int

func (*BasicAuth_Apr) XXX_Unmarshal 

func (m *BasicAuth_Apr) XXX_Unmarshal(b []byte) error

type BasicAuth_Apr_SaltedHashedPassword 

type BasicAuth_Apr_SaltedHashedPassword struct {
	Salt                 string   `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"`
	HashedPassword       string   `protobuf:"bytes,2,opt,name=hashed_password,json=hashedPassword,proto3" json:"hashed_password,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor 

func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor() ([]byte, []int)

func (*BasicAuth_Apr_SaltedHashedPassword) Equal 

func (this *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool

func (*BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword 

func (m *BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword() string

func (*BasicAuth_Apr_SaltedHashedPassword) GetSalt 

func (m *BasicAuth_Apr_SaltedHashedPassword) GetSalt() string

func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage 

func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage()

func (*BasicAuth_Apr_SaltedHashedPassword) Reset 

func (m *BasicAuth_Apr_SaltedHashedPassword) Reset()

func (*BasicAuth_Apr_SaltedHashedPassword) String 

func (m *BasicAuth_Apr_SaltedHashedPassword) String() string

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_DiscardUnknown 

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_DiscardUnknown()

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Marshal 

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Merge 

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Merge(src proto.Message)

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Size 

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Size() int

func (*BasicAuth_Apr_SaltedHashedPassword) XXX_Unmarshal 

func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Unmarshal(b []byte) error

type BufferSettings 

type BufferSettings struct {
	// Sets the maximum size of a message body that the filter will hold in memory. Envoy will return
	// *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number
	// set in this field. Note that this setting will have precedence over failure_mode_allow.
	// Defaults to 4KB.
	MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"`
	// When this field is true, Envoy will buffer the message until *max_request_bytes* is reached.
	// The authorization request will be dispatched and no 413 HTTP error will be returned by the
	// filter.
	AllowPartialMessage  bool     `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Configuration for buffering the request data.

func (*BufferSettings) Descriptor 

func (*BufferSettings) Descriptor() ([]byte, []int)

func (*BufferSettings) Equal 

func (this *BufferSettings) Equal(that interface{}) bool

func (*BufferSettings) GetAllowPartialMessage 

func (m *BufferSettings) GetAllowPartialMessage() bool

func (*BufferSettings) GetMaxRequestBytes 

func (m *BufferSettings) GetMaxRequestBytes() uint32

func (*BufferSettings) ProtoMessage 

func (*BufferSettings) ProtoMessage()

func (*BufferSettings) Reset 

func (m *BufferSettings) Reset()

func (*BufferSettings) String 

func (m *BufferSettings) String() string

func (*BufferSettings) XXX_DiscardUnknown 

func (m *BufferSettings) XXX_DiscardUnknown()

func (*BufferSettings) XXX_Marshal 

func (m *BufferSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BufferSettings) XXX_Merge 

func (m *BufferSettings) XXX_Merge(src proto.Message)

func (*BufferSettings) XXX_Size 

func (m *BufferSettings) XXX_Size() int

func (*BufferSettings) XXX_Unmarshal 

func (m *BufferSettings) XXX_Unmarshal(b []byte) error

type CustomAuth 

type CustomAuth struct {
	// When a request matches the virtual host, route, or weighted destination on which this configuration is defined,
	// Gloo will add the given context_extensions to the request that is sent to the external authorization server.
	// This allows the server to base the auth decision on metadata that you define on the source of the request.
	//
	// This attribute is analogous to Envoy's config.filter.http.ext_authz.v2.CheckSettings. See the official
	// [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/ext_authz/v2/ext_authz.proto.html?highlight=ext_authz#config-filter-http-ext-authz-v2-checksettings)
	// for more details.
	ContextExtensions    map[string]string `` /* 200-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

Gloo is not expected to configure the ext auth server in this case. This is used with custom auth servers.

func (*CustomAuth) Descriptor 

func (*CustomAuth) Descriptor() ([]byte, []int)

func (*CustomAuth) Equal 

func (this *CustomAuth) Equal(that interface{}) bool

func (*CustomAuth) GetContextExtensions 

func (m *CustomAuth) GetContextExtensions() map[string]string

func (*CustomAuth) ProtoMessage 

func (*CustomAuth) ProtoMessage()

func (*CustomAuth) Reset 

func (m *CustomAuth) Reset()

func (*CustomAuth) String 

func (m *CustomAuth) String() string

func (*CustomAuth) XXX_DiscardUnknown 

func (m *CustomAuth) XXX_DiscardUnknown()

func (*CustomAuth) XXX_Marshal 

func (m *CustomAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CustomAuth) XXX_Merge 

func (m *CustomAuth) XXX_Merge(src proto.Message)

func (*CustomAuth) XXX_Size 

func (m *CustomAuth) XXX_Size() int

func (*CustomAuth) XXX_Unmarshal 

func (m *CustomAuth) XXX_Unmarshal(b []byte) error

type ExtAuthConfig 

type ExtAuthConfig struct {
	// @solo-kit:resource.name
	// This is the identifier of the AuthConfig resource that this configuration is associated with.
	// Any request to the external auth server includes an identifier that is matched against this field to determine
	// which AuthConfig should be applied to it.
	AuthConfigRefName    string                  `protobuf:"bytes,1,opt,name=auth_config_ref_name,json=authConfigRefName,proto3" json:"auth_config_ref_name,omitempty"`
	Configs              []*ExtAuthConfig_Config `protobuf:"bytes,8,rep,name=configs,proto3" json:"configs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

@solo-kit:xds-service=ExtAuthDiscoveryService @solo-kit:resource.no_references

func (*ExtAuthConfig) Descriptor 

func (*ExtAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig) Equal 

func (this *ExtAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig) GetAuthConfigRefName 

func (m *ExtAuthConfig) GetAuthConfigRefName() string

func (*ExtAuthConfig) GetConfigs 

func (m *ExtAuthConfig) GetConfigs() []*ExtAuthConfig_Config

func (*ExtAuthConfig) ProtoMessage 

func (*ExtAuthConfig) ProtoMessage()

func (*ExtAuthConfig) Reset 

func (m *ExtAuthConfig) Reset()

func (*ExtAuthConfig) String 

func (m *ExtAuthConfig) String() string

func (*ExtAuthConfig) XXX_DiscardUnknown 

func (m *ExtAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig) XXX_Marshal 

func (m *ExtAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig) XXX_Merge 

func (m *ExtAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig) XXX_Size 

func (m *ExtAuthConfig) XXX_Size() int

func (*ExtAuthConfig) XXX_Unmarshal 

func (m *ExtAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthConfigXdsResourceWrapper 

type ExtAuthConfigXdsResourceWrapper struct {
	// TODO(yuval-k): This is public for mitchellh hashstructure to work properly. consider better alternatives.
	Resource *ExtAuthConfig
}

Defined a resource - to be used by snapshot

func NewExtAuthConfigXdsResourceWrapper 

func NewExtAuthConfigXdsResourceWrapper(resourceProto *ExtAuthConfig) *ExtAuthConfigXdsResourceWrapper

func (*ExtAuthConfigXdsResourceWrapper) References 

func (e *ExtAuthConfigXdsResourceWrapper) References() []cache.XdsResourceReference

func (*ExtAuthConfigXdsResourceWrapper) ResourceProto 

func (e *ExtAuthConfigXdsResourceWrapper) ResourceProto() cache.ResourceProto

func (*ExtAuthConfigXdsResourceWrapper) Self 

func (e *ExtAuthConfigXdsResourceWrapper) Self() cache.XdsResourceReference

type ExtAuthConfig_ApiKeyAuthConfig 

type ExtAuthConfig_ApiKeyAuthConfig struct {
	// a map of valid apikeys to their associated plaintext users.
	ValidApiKeyAndUser   map[string]string `` /* 209-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor 

func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_ApiKeyAuthConfig) Equal 

func (this *ExtAuthConfig_ApiKeyAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeyAndUser 

func (m *ExtAuthConfig_ApiKeyAuthConfig) GetValidApiKeyAndUser() map[string]string

func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage 

func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage()

func (*ExtAuthConfig_ApiKeyAuthConfig) Reset 

func (m *ExtAuthConfig_ApiKeyAuthConfig) Reset()

func (*ExtAuthConfig_ApiKeyAuthConfig) String 

func (m *ExtAuthConfig_ApiKeyAuthConfig) String() string

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_DiscardUnknown 

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Marshal 

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Merge 

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Size 

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Size() int

func (*ExtAuthConfig_ApiKeyAuthConfig) XXX_Unmarshal 

func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthConfig_Config 

type ExtAuthConfig_Config struct {
	// Types that are valid to be assigned to AuthConfig:
	//	*ExtAuthConfig_Config_Oauth
	//	*ExtAuthConfig_Config_BasicAuth
	//	*ExtAuthConfig_Config_ApiKeyAuth
	//	*ExtAuthConfig_Config_PluginAuth
	//	*ExtAuthConfig_Config_OpaAuth
	//	*ExtAuthConfig_Config_Ldap
	AuthConfig           isExtAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

func (*ExtAuthConfig_Config) Descriptor 

func (*ExtAuthConfig_Config) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_Config) Equal 

func (this *ExtAuthConfig_Config) Equal(that interface{}) bool

func (*ExtAuthConfig_Config) GetApiKeyAuth 

func (m *ExtAuthConfig_Config) GetApiKeyAuth() *ExtAuthConfig_ApiKeyAuthConfig

func (*ExtAuthConfig_Config) GetAuthConfig 

func (m *ExtAuthConfig_Config) GetAuthConfig() isExtAuthConfig_Config_AuthConfig

func (*ExtAuthConfig_Config) GetBasicAuth 

func (m *ExtAuthConfig_Config) GetBasicAuth() *BasicAuth

func (*ExtAuthConfig_Config) GetLdap 

func (m *ExtAuthConfig_Config) GetLdap() *Ldap

func (*ExtAuthConfig_Config) GetOauth 

func (m *ExtAuthConfig_Config) GetOauth() *ExtAuthConfig_OAuthConfig

func (*ExtAuthConfig_Config) GetOpaAuth 

func (m *ExtAuthConfig_Config) GetOpaAuth() *ExtAuthConfig_OpaAuthConfig

func (*ExtAuthConfig_Config) GetPluginAuth 

func (m *ExtAuthConfig_Config) GetPluginAuth() *AuthPlugin

func (*ExtAuthConfig_Config) ProtoMessage 

func (*ExtAuthConfig_Config) ProtoMessage()

func (*ExtAuthConfig_Config) Reset 

func (m *ExtAuthConfig_Config) Reset()

func (*ExtAuthConfig_Config) String 

func (m *ExtAuthConfig_Config) String() string

func (*ExtAuthConfig_Config) XXX_DiscardUnknown 

func (m *ExtAuthConfig_Config) XXX_DiscardUnknown()

func (*ExtAuthConfig_Config) XXX_Marshal 

func (m *ExtAuthConfig_Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_Config) XXX_Merge 

func (m *ExtAuthConfig_Config) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_Config) XXX_OneofWrappers 

func (*ExtAuthConfig_Config) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*ExtAuthConfig_Config) XXX_Size 

func (m *ExtAuthConfig_Config) XXX_Size() int

func (*ExtAuthConfig_Config) XXX_Unmarshal 

func (m *ExtAuthConfig_Config) XXX_Unmarshal(b []byte) error

type ExtAuthConfig_Config_ApiKeyAuth 

type ExtAuthConfig_Config_ApiKeyAuth struct {
	ApiKeyAuth *ExtAuthConfig_ApiKeyAuthConfig `protobuf:"bytes,5,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"`
}

func (*ExtAuthConfig_Config_ApiKeyAuth) Equal 

func (this *ExtAuthConfig_Config_ApiKeyAuth) Equal(that interface{}) bool

type ExtAuthConfig_Config_BasicAuth 

type ExtAuthConfig_Config_BasicAuth struct {
	BasicAuth *BasicAuth `protobuf:"bytes,4,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"`
}

func (*ExtAuthConfig_Config_BasicAuth) Equal 

func (this *ExtAuthConfig_Config_BasicAuth) Equal(that interface{}) bool

type ExtAuthConfig_Config_Ldap 

type ExtAuthConfig_Config_Ldap struct {
	Ldap *Ldap `protobuf:"bytes,8,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"`
}

func (*ExtAuthConfig_Config_Ldap) Equal 

func (this *ExtAuthConfig_Config_Ldap) Equal(that interface{}) bool

type ExtAuthConfig_Config_Oauth 

type ExtAuthConfig_Config_Oauth struct {
	Oauth *ExtAuthConfig_OAuthConfig `protobuf:"bytes,3,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"`
}

func (*ExtAuthConfig_Config_Oauth) Equal 

func (this *ExtAuthConfig_Config_Oauth) Equal(that interface{}) bool

type ExtAuthConfig_Config_OpaAuth 

type ExtAuthConfig_Config_OpaAuth struct {
	OpaAuth *ExtAuthConfig_OpaAuthConfig `protobuf:"bytes,7,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"`
}

func (*ExtAuthConfig_Config_OpaAuth) Equal 

func (this *ExtAuthConfig_Config_OpaAuth) Equal(that interface{}) bool

type ExtAuthConfig_Config_PluginAuth 

type ExtAuthConfig_Config_PluginAuth struct {
	PluginAuth *AuthPlugin `protobuf:"bytes,6,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"`
}

func (*ExtAuthConfig_Config_PluginAuth) Equal 

func (this *ExtAuthConfig_Config_PluginAuth) Equal(that interface{}) bool

type ExtAuthConfig_OAuthConfig 

type ExtAuthConfig_OAuthConfig struct {
	// your client id as registered with the issuer
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// we to redirect after successful auth, if we can't determine the original
	// url this should be your publicly available app url.
	AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// needs to not be used by the application
	CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// scopes to request in addition to the openid scope.
	Scopes               []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ExtAuthConfig_OAuthConfig) Descriptor 

func (*ExtAuthConfig_OAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_OAuthConfig) Equal 

func (this *ExtAuthConfig_OAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig_OAuthConfig) GetAppUrl 

func (m *ExtAuthConfig_OAuthConfig) GetAppUrl() string

func (*ExtAuthConfig_OAuthConfig) GetCallbackPath 

func (m *ExtAuthConfig_OAuthConfig) GetCallbackPath() string

func (*ExtAuthConfig_OAuthConfig) GetClientId 

func (m *ExtAuthConfig_OAuthConfig) GetClientId() string

func (*ExtAuthConfig_OAuthConfig) GetClientSecret 

func (m *ExtAuthConfig_OAuthConfig) GetClientSecret() string

func (*ExtAuthConfig_OAuthConfig) GetIssuerUrl 

func (m *ExtAuthConfig_OAuthConfig) GetIssuerUrl() string

func (*ExtAuthConfig_OAuthConfig) GetScopes 

func (m *ExtAuthConfig_OAuthConfig) GetScopes() []string

func (*ExtAuthConfig_OAuthConfig) ProtoMessage 

func (*ExtAuthConfig_OAuthConfig) ProtoMessage()

func (*ExtAuthConfig_OAuthConfig) Reset 

func (m *ExtAuthConfig_OAuthConfig) Reset()

func (*ExtAuthConfig_OAuthConfig) String 

func (m *ExtAuthConfig_OAuthConfig) String() string

func (*ExtAuthConfig_OAuthConfig) XXX_DiscardUnknown 

func (m *ExtAuthConfig_OAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig_OAuthConfig) XXX_Marshal 

func (m *ExtAuthConfig_OAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_OAuthConfig) XXX_Merge 

func (m *ExtAuthConfig_OAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_OAuthConfig) XXX_Size 

func (m *ExtAuthConfig_OAuthConfig) XXX_Size() int

func (*ExtAuthConfig_OAuthConfig) XXX_Unmarshal 

func (m *ExtAuthConfig_OAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthConfig_OpaAuthConfig 

type ExtAuthConfig_OpaAuthConfig struct {
	// An optional modules (filename, module content) maps containing modules assist in the resolution of `query`.
	Modules map[string]string `` /* 155-byte string literal not displayed */
	// The query that determines the auth decision. The result of this query must be either a boolean
	// or an array with boolean as the first element. A boolean `true` value means that the request
	// will be authorized. Any other value, or error, means that the request will be denied.
	Query                string   `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*ExtAuthConfig_OpaAuthConfig) Descriptor 

func (*ExtAuthConfig_OpaAuthConfig) Descriptor() ([]byte, []int)

func (*ExtAuthConfig_OpaAuthConfig) Equal 

func (this *ExtAuthConfig_OpaAuthConfig) Equal(that interface{}) bool

func (*ExtAuthConfig_OpaAuthConfig) GetModules 

func (m *ExtAuthConfig_OpaAuthConfig) GetModules() map[string]string

func (*ExtAuthConfig_OpaAuthConfig) GetQuery 

func (m *ExtAuthConfig_OpaAuthConfig) GetQuery() string

func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage 

func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage()

func (*ExtAuthConfig_OpaAuthConfig) Reset 

func (m *ExtAuthConfig_OpaAuthConfig) Reset()

func (*ExtAuthConfig_OpaAuthConfig) String 

func (m *ExtAuthConfig_OpaAuthConfig) String() string

func (*ExtAuthConfig_OpaAuthConfig) XXX_DiscardUnknown 

func (m *ExtAuthConfig_OpaAuthConfig) XXX_DiscardUnknown()

func (*ExtAuthConfig_OpaAuthConfig) XXX_Marshal 

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthConfig_OpaAuthConfig) XXX_Merge 

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Merge(src proto.Message)

func (*ExtAuthConfig_OpaAuthConfig) XXX_Size 

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Size() int

func (*ExtAuthConfig_OpaAuthConfig) XXX_Unmarshal 

func (m *ExtAuthConfig_OpaAuthConfig) XXX_Unmarshal(b []byte) error

type ExtAuthDiscoveryServiceClient 

type ExtAuthDiscoveryServiceClient interface {
	StreamExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_StreamExtAuthConfigClient, error)
	DeltaExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_DeltaExtAuthConfigClient, error)
	FetchExtAuthConfig(ctx context.Context, in *v2.DiscoveryRequest, opts ...grpc.CallOption) (*v2.DiscoveryResponse, error)
}

ExtAuthDiscoveryServiceClient is the client API for ExtAuthDiscoveryService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewExtAuthDiscoveryServiceClient 

func NewExtAuthDiscoveryServiceClient(cc *grpc.ClientConn) ExtAuthDiscoveryServiceClient

type ExtAuthDiscoveryServiceServer 

type ExtAuthDiscoveryServiceServer interface {
	StreamExtAuthConfig(ExtAuthDiscoveryService_StreamExtAuthConfigServer) error
	DeltaExtAuthConfig(ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error
	FetchExtAuthConfig(context.Context, *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)
}

ExtAuthDiscoveryServiceServer is the server API for ExtAuthDiscoveryService service.

func NewExtAuthDiscoveryServiceServer 

func NewExtAuthDiscoveryServiceServer(genericServer server.Server) ExtAuthDiscoveryServiceServer

type ExtAuthDiscoveryService_DeltaExtAuthConfigClient 

type ExtAuthDiscoveryService_DeltaExtAuthConfigClient interface {
	Send(*v2.DeltaDiscoveryRequest) error
	Recv() (*v2.DeltaDiscoveryResponse, error)
	grpc.ClientStream
}

type ExtAuthDiscoveryService_DeltaExtAuthConfigServer 

type ExtAuthDiscoveryService_DeltaExtAuthConfigServer interface {
	Send(*v2.DeltaDiscoveryResponse) error
	Recv() (*v2.DeltaDiscoveryRequest, error)
	grpc.ServerStream
}

type ExtAuthDiscoveryService_StreamExtAuthConfigClient 

type ExtAuthDiscoveryService_StreamExtAuthConfigClient interface {
	Send(*v2.DiscoveryRequest) error
	Recv() (*v2.DiscoveryResponse, error)
	grpc.ClientStream
}

type ExtAuthDiscoveryService_StreamExtAuthConfigServer 

type ExtAuthDiscoveryService_StreamExtAuthConfigServer interface {
	Send(*v2.DiscoveryResponse) error
	Recv() (*v2.DiscoveryRequest, error)
	grpc.ServerStream
}

type ExtAuthExtension 

type ExtAuthExtension struct {
	// Types that are valid to be assigned to Spec:
	//	*ExtAuthExtension_Disable
	//	*ExtAuthExtension_ConfigRef
	//	*ExtAuthExtension_CustomAuth
	Spec                 isExtAuthExtension_Spec `protobuf_oneof:"spec"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

Auth configurations defined on virtual hosts, routes, and weighted destinations will be unmarshalled to this message.

func (*ExtAuthExtension) Descriptor 

func (*ExtAuthExtension) Descriptor() ([]byte, []int)

func (*ExtAuthExtension) Equal 

func (this *ExtAuthExtension) Equal(that interface{}) bool

func (*ExtAuthExtension) GetConfigRef 

func (m *ExtAuthExtension) GetConfigRef() *core.ResourceRef

func (*ExtAuthExtension) GetCustomAuth 

func (m *ExtAuthExtension) GetCustomAuth() *CustomAuth

func (*ExtAuthExtension) GetDisable 

func (m *ExtAuthExtension) GetDisable() bool

func (*ExtAuthExtension) GetSpec 

func (m *ExtAuthExtension) GetSpec() isExtAuthExtension_Spec

func (*ExtAuthExtension) ProtoMessage 

func (*ExtAuthExtension) ProtoMessage()

func (*ExtAuthExtension) Reset 

func (m *ExtAuthExtension) Reset()

func (*ExtAuthExtension) String 

func (m *ExtAuthExtension) String() string

func (*ExtAuthExtension) XXX_DiscardUnknown 

func (m *ExtAuthExtension) XXX_DiscardUnknown()

func (*ExtAuthExtension) XXX_Marshal 

func (m *ExtAuthExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthExtension) XXX_Merge 

func (m *ExtAuthExtension) XXX_Merge(src proto.Message)

func (*ExtAuthExtension) XXX_OneofWrappers 

func (*ExtAuthExtension) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*ExtAuthExtension) XXX_Size 

func (m *ExtAuthExtension) XXX_Size() int

func (*ExtAuthExtension) XXX_Unmarshal 

func (m *ExtAuthExtension) XXX_Unmarshal(b []byte) error

type ExtAuthExtension_ConfigRef 

type ExtAuthExtension_ConfigRef struct {
	ConfigRef *core.ResourceRef `protobuf:"bytes,2,opt,name=config_ref,json=configRef,proto3,oneof" json:"config_ref,omitempty"`
}

func (*ExtAuthExtension_ConfigRef) Equal 

func (this *ExtAuthExtension_ConfigRef) Equal(that interface{}) bool

type ExtAuthExtension_CustomAuth 

type ExtAuthExtension_CustomAuth struct {
	CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"`
}

func (*ExtAuthExtension_CustomAuth) Equal 

func (this *ExtAuthExtension_CustomAuth) Equal(that interface{}) bool

type ExtAuthExtension_Disable 

type ExtAuthExtension_Disable struct {
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3,oneof" json:"disable,omitempty"`
}

func (*ExtAuthExtension_Disable) Equal 

func (this *ExtAuthExtension_Disable) Equal(that interface{}) bool

type HttpService 

type HttpService struct {
	// Sets a prefix to the value of authorization request header *Path*.
	PathPrefix           string                `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	Request              *HttpService_Request  `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"`
	Response             *HttpService_Response `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"`
	XXX_NoUnkeyedLiteral struct{}              `json:"-"`
	XXX_unrecognized     []byte                `json:"-"`
	XXX_sizecache        int32                 `json:"-"`
}

func (*HttpService) Descriptor 

func (*HttpService) Descriptor() ([]byte, []int)

func (*HttpService) Equal 

func (this *HttpService) Equal(that interface{}) bool

func (*HttpService) GetPathPrefix 

func (m *HttpService) GetPathPrefix() string

func (*HttpService) GetRequest 

func (m *HttpService) GetRequest() *HttpService_Request

func (*HttpService) GetResponse 

func (m *HttpService) GetResponse() *HttpService_Response

func (*HttpService) ProtoMessage 

func (*HttpService) ProtoMessage()

func (*HttpService) Reset 

func (m *HttpService) Reset()

func (*HttpService) String 

func (m *HttpService) String() string

func (*HttpService) XXX_DiscardUnknown 

func (m *HttpService) XXX_DiscardUnknown()

func (*HttpService) XXX_Marshal 

func (m *HttpService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpService) XXX_Merge 

func (m *HttpService) XXX_Merge(src proto.Message)

func (*HttpService) XXX_Size 

func (m *HttpService) XXX_Size() int

func (*HttpService) XXX_Unmarshal 

func (m *HttpService) XXX_Unmarshal(b []byte) error

type HttpService_Request 

type HttpService_Request struct {
	// These headers will be copied from the incoming request to the request going
	// to the auth server. Note that in addition to the user's supplied matchers:
	//
	// 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
	//
	// 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
	// a message body.
	AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"`
	// These headers that will be included to the request to authorization service. Note that
	// client request of the same key will be overridden.
	HeadersToAdd         map[string]string `` /* 187-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*HttpService_Request) Descriptor 

func (*HttpService_Request) Descriptor() ([]byte, []int)

func (*HttpService_Request) Equal 

func (this *HttpService_Request) Equal(that interface{}) bool

func (*HttpService_Request) GetAllowedHeaders 

func (m *HttpService_Request) GetAllowedHeaders() []string

func (*HttpService_Request) GetHeadersToAdd 

func (m *HttpService_Request) GetHeadersToAdd() map[string]string

func (*HttpService_Request) ProtoMessage 

func (*HttpService_Request) ProtoMessage()

func (*HttpService_Request) Reset 

func (m *HttpService_Request) Reset()

func (*HttpService_Request) String 

func (m *HttpService_Request) String() string

func (*HttpService_Request) XXX_DiscardUnknown 

func (m *HttpService_Request) XXX_DiscardUnknown()

func (*HttpService_Request) XXX_Marshal 

func (m *HttpService_Request) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpService_Request) XXX_Merge 

func (m *HttpService_Request) XXX_Merge(src proto.Message)

func (*HttpService_Request) XXX_Size 

func (m *HttpService_Request) XXX_Size() int

func (*HttpService_Request) XXX_Unmarshal 

func (m *HttpService_Request) XXX_Unmarshal(b []byte) error

type HttpService_Response 

type HttpService_Response struct {
	// When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream.
	// Note that coexistent headers will be overridden.
	AllowedUpstreamHeaders []string `` /* 129-byte string literal not displayed */
	// When this. is set, authorization response headers that will be added to the client's response when auth request is denied.
	// Note that when this list is *not* set, all the authorization response headers, except *Authority
	// (Host)* will be in the response to the client. When a header is included in this list, *Path*,
	// *Status*, *Content-Length*, *WWW-Authenticate* and *Location* are automatically added.
	AllowedClientHeaders []string `protobuf:"bytes,2,rep,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*HttpService_Response) Descriptor 

func (*HttpService_Response) Descriptor() ([]byte, []int)

func (*HttpService_Response) Equal 

func (this *HttpService_Response) Equal(that interface{}) bool

func (*HttpService_Response) GetAllowedClientHeaders 

func (m *HttpService_Response) GetAllowedClientHeaders() []string

func (*HttpService_Response) GetAllowedUpstreamHeaders 

func (m *HttpService_Response) GetAllowedUpstreamHeaders() []string

func (*HttpService_Response) ProtoMessage 

func (*HttpService_Response) ProtoMessage()

func (*HttpService_Response) Reset 

func (m *HttpService_Response) Reset()

func (*HttpService_Response) String 

func (m *HttpService_Response) String() string

func (*HttpService_Response) XXX_DiscardUnknown 

func (m *HttpService_Response) XXX_DiscardUnknown()

func (*HttpService_Response) XXX_Marshal 

func (m *HttpService_Response) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpService_Response) XXX_Merge 

func (m *HttpService_Response) XXX_Merge(src proto.Message)

func (*HttpService_Response) XXX_Size 

func (m *HttpService_Response) XXX_Size() int

func (*HttpService_Response) XXX_Unmarshal 

func (m *HttpService_Response) XXX_Unmarshal(b []byte) error

type Ldap 

type Ldap struct {
	// Address of the LDAP server to query. Should be in the form ADDRESS:PORT, e.g. `ldap.default.svc.cluster.local:389`.
	Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder.
	// When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the
	// placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope).
	// E.g. "uid=%s,ou=people,dc=solo,dc=io"
	UserDnTemplate string `protobuf:"bytes,2,opt,name=userDnTemplate,proto3" json:"userDnTemplate,omitempty"`
	// Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look
	// for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided.
	MembershipAttributeName string `protobuf:"bytes,3,opt,name=membershipAttributeName,proto3" json:"membershipAttributeName,omitempty"`
	// In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must
	// contain at least of one of the group DNs specified via this option.
	// E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" }
	AllowedGroups []string `protobuf:"bytes,4,rep,name=allowedGroups,proto3" json:"allowedGroups,omitempty"`
	// Use this property to tune the pool of connections to the LDAP server that Gloo maintains.
	Pool                 *Ldap_ConnectionPool `protobuf:"bytes,5,opt,name=pool,proto3" json:"pool,omitempty"`
	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
	XXX_unrecognized     []byte               `json:"-"`
	XXX_sizecache        int32                `json:"-"`
}

Authenticates and authorizes requests by querying an LDAP server. Gloo makes the following assumptions:

  • Requests provide credentials via the basic HTTP authentication header. Gloo will BIND to the LDAP server using the credentials extracted from the header.
  • Your LDAP server is configured so that each entry you want to authorize has an attribute that indicates its group memberships. A common way of achieving this is by using the [*memberof* overlay](http://www.openldap.org/software/man.cgi?query=slapo-memberof).

func (*Ldap) Descriptor 

func (*Ldap) Descriptor() ([]byte, []int)

func (*Ldap) Equal 

func (this *Ldap) Equal(that interface{}) bool

func (*Ldap) GetAddress 

func (m *Ldap) GetAddress() string

func (*Ldap) GetAllowedGroups 

func (m *Ldap) GetAllowedGroups() []string

func (*Ldap) GetMembershipAttributeName 

func (m *Ldap) GetMembershipAttributeName() string

func (*Ldap) GetPool 

func (m *Ldap) GetPool() *Ldap_ConnectionPool

func (*Ldap) GetUserDnTemplate 

func (m *Ldap) GetUserDnTemplate() string

func (*Ldap) ProtoMessage 

func (*Ldap) ProtoMessage()

func (*Ldap) Reset 

func (m *Ldap) Reset()

func (*Ldap) String 

func (m *Ldap) String() string

func (*Ldap) XXX_DiscardUnknown 

func (m *Ldap) XXX_DiscardUnknown()

func (*Ldap) XXX_Marshal 

func (m *Ldap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Ldap) XXX_Merge 

func (m *Ldap) XXX_Merge(src proto.Message)

func (*Ldap) XXX_Size 

func (m *Ldap) XXX_Size() int

func (*Ldap) XXX_Unmarshal 

func (m *Ldap) XXX_Unmarshal(b []byte) error

type Ldap_ConnectionPool 

type Ldap_ConnectionPool struct {
	// Maximum number connections that are pooled at any give time. The default value is 5.
	MaxSize *types.UInt32Value `protobuf:"bytes,1,opt,name=maxSize,proto3" json:"maxSize,omitempty"`
	// Number of connections that the pool will be pre-populated with upon initialization. The default value is 2.
	InitialSize          *types.UInt32Value `protobuf:"bytes,2,opt,name=initialSize,proto3" json:"initialSize,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

Configuration properties for pooling connections to the LDAP server. If the pool is exhausted when a connection is requested (meaning that all the polled connections are in use), the connection will be created on the fly.

func (*Ldap_ConnectionPool) Descriptor 

func (*Ldap_ConnectionPool) Descriptor() ([]byte, []int)

func (*Ldap_ConnectionPool) Equal 

func (this *Ldap_ConnectionPool) Equal(that interface{}) bool

func (*Ldap_ConnectionPool) GetInitialSize 

func (m *Ldap_ConnectionPool) GetInitialSize() *types.UInt32Value

func (*Ldap_ConnectionPool) GetMaxSize 

func (m *Ldap_ConnectionPool) GetMaxSize() *types.UInt32Value

func (*Ldap_ConnectionPool) ProtoMessage 

func (*Ldap_ConnectionPool) ProtoMessage()

func (*Ldap_ConnectionPool) Reset 

func (m *Ldap_ConnectionPool) Reset()

func (*Ldap_ConnectionPool) String 

func (m *Ldap_ConnectionPool) String() string

func (*Ldap_ConnectionPool) XXX_DiscardUnknown 

func (m *Ldap_ConnectionPool) XXX_DiscardUnknown()

func (*Ldap_ConnectionPool) XXX_Marshal 

func (m *Ldap_ConnectionPool) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Ldap_ConnectionPool) XXX_Merge 

func (m *Ldap_ConnectionPool) XXX_Merge(src proto.Message)

func (*Ldap_ConnectionPool) XXX_Size 

func (m *Ldap_ConnectionPool) XXX_Size() int

func (*Ldap_ConnectionPool) XXX_Unmarshal 

func (m *Ldap_ConnectionPool) XXX_Unmarshal(b []byte) error

type OAuth 

type OAuth struct {
	// your client id as registered with the issuer
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// your client secret as registered with the issuer
	ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"`
	// The url of the issuer. We will look for OIDC information in issuerUrl+
	// ".well-known/openid-configuration"
	IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"`
	// we to redirect after successful auth, if we can't determine the original
	// url this should be your publicly available app url.
	AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"`
	// a callback path relative to app url that will be used for OIDC callbacks.
	// needs to not be used by the application
	CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"`
	// Scopes to request in addition to openid scope.
	Scopes               []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*OAuth) Descriptor 

func (*OAuth) Descriptor() ([]byte, []int)

func (*OAuth) Equal 

func (this *OAuth) Equal(that interface{}) bool

func (*OAuth) GetAppUrl 

func (m *OAuth) GetAppUrl() string

func (*OAuth) GetCallbackPath 

func (m *OAuth) GetCallbackPath() string

func (*OAuth) GetClientId 

func (m *OAuth) GetClientId() string

func (*OAuth) GetClientSecretRef 

func (m *OAuth) GetClientSecretRef() *core.ResourceRef

func (*OAuth) GetIssuerUrl 

func (m *OAuth) GetIssuerUrl() string

func (*OAuth) GetScopes 

func (m *OAuth) GetScopes() []string

func (*OAuth) ProtoMessage 

func (*OAuth) ProtoMessage()

func (*OAuth) Reset 

func (m *OAuth) Reset()

func (*OAuth) String 

func (m *OAuth) String() string

func (*OAuth) XXX_DiscardUnknown 

func (m *OAuth) XXX_DiscardUnknown()

func (*OAuth) XXX_Marshal 

func (m *OAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OAuth) XXX_Merge 

func (m *OAuth) XXX_Merge(src proto.Message)

func (*OAuth) XXX_Size 

func (m *OAuth) XXX_Size() int

func (*OAuth) XXX_Unmarshal 

func (m *OAuth) XXX_Unmarshal(b []byte) error

type OauthSecret 

type OauthSecret struct {
	ClientSecret         string   `protobuf:"bytes,1,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*OauthSecret) Descriptor 

func (*OauthSecret) Descriptor() ([]byte, []int)

func (*OauthSecret) Equal 

func (this *OauthSecret) Equal(that interface{}) bool

func (*OauthSecret) GetClientSecret 

func (m *OauthSecret) GetClientSecret() string

func (*OauthSecret) ProtoMessage 

func (*OauthSecret) ProtoMessage()

func (*OauthSecret) Reset 

func (m *OauthSecret) Reset()

func (*OauthSecret) String 

func (m *OauthSecret) String() string

func (*OauthSecret) XXX_DiscardUnknown 

func (m *OauthSecret) XXX_DiscardUnknown()

func (*OauthSecret) XXX_Marshal 

func (m *OauthSecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OauthSecret) XXX_Merge 

func (m *OauthSecret) XXX_Merge(src proto.Message)

func (*OauthSecret) XXX_Size 

func (m *OauthSecret) XXX_Size() int

func (*OauthSecret) XXX_Unmarshal 

func (m *OauthSecret) XXX_Unmarshal(b []byte) error

type OpaAuth 

type OpaAuth struct {
	// An optional resource reference to config maps containing modules to assist in the resolution of `query`.
	Modules []*core.ResourceRef `protobuf:"bytes,1,rep,name=modules,proto3" json:"modules,omitempty"`
	// The query that determines the auth decision. The result of this query must be either a boolean
	// or an array with boolean as the first element. A boolean `true` value means that the request
	// will be authorized. Any other value, or error, means that the request will be denied.
	Query                string   `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*OpaAuth) Descriptor 

func (*OpaAuth) Descriptor() ([]byte, []int)

func (*OpaAuth) Equal 

func (this *OpaAuth) Equal(that interface{}) bool

func (*OpaAuth) GetModules 

func (m *OpaAuth) GetModules() []*core.ResourceRef

func (*OpaAuth) GetQuery 

func (m *OpaAuth) GetQuery() string

func (*OpaAuth) ProtoMessage 

func (*OpaAuth) ProtoMessage()

func (*OpaAuth) Reset 

func (m *OpaAuth) Reset()

func (*OpaAuth) String 

func (m *OpaAuth) String() string

func (*OpaAuth) XXX_DiscardUnknown 

func (m *OpaAuth) XXX_DiscardUnknown()

func (*OpaAuth) XXX_Marshal 

func (m *OpaAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OpaAuth) XXX_Merge 

func (m *OpaAuth) XXX_Merge(src proto.Message)

func (*OpaAuth) XXX_Size 

func (m *OpaAuth) XXX_Size() int

func (*OpaAuth) XXX_Unmarshal 

func (m *OpaAuth) XXX_Unmarshal(b []byte) error

type Settings 

type Settings struct {
	// The upstream to ask about auth decisions
	ExtauthzServerRef *core.ResourceRef `protobuf:"bytes,1,opt,name=extauthz_server_ref,json=extauthzServerRef,proto3" json:"extauthz_server_ref,omitempty"`
	// If this is set, communication to the upstream will be via HTTP and not GRPC.
	HttpService *HttpService `protobuf:"bytes,2,opt,name=http_service,json=httpService,proto3" json:"http_service,omitempty"`
	// If the auth server trusted id of the user, it will be set in this header.
	// Specifically this means that this header will be sanitized form the incoming request.
	UserIdHeader string `protobuf:"bytes,3,opt,name=user_id_header,json=userIdHeader,proto3" json:"user_id_header,omitempty"`
	// Timeout for the ext auth service to respond. Defaults to 200ms
	RequestTimeout *time.Duration `protobuf:"bytes,4,opt,name=request_timeout,json=requestTimeout,proto3,stdduration" json:"request_timeout,omitempty"`
	// In case of a failure or timeout querying the auth server, normally a request is denied.
	// if this is set to true, the request will be allowed.
	FailureModeAllow bool `protobuf:"varint,5,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"`
	// Set this if you also want to send the body of the request, and not just the headers.
	RequestBody *BufferSettings `protobuf:"bytes,6,opt,name=request_body,json=requestBody,proto3" json:"request_body,omitempty"`
	// Clears route cache in order to allow the external authorization service to correctly affect
	// routing decisions. Filter clears all cached routes when:
	//
	// 1. The field is set to *true*.
	//
	// 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.
	//
	// 3. At least one *authorization response header* is added to the client request, or is used for
	// altering another client request header.
	//
	ClearRouteCache bool `protobuf:"varint,7,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"`
	// Sets the HTTP status that is returned to the client when there is a network error between the
	// filter and the authorization server. The default status is HTTP 403 Forbidden.
	// If set, this must be one of the following:
	// - 100
	// - 200 201 202 203 204 205 206 207 208 226
	// - 300 301 302 303 304 305 307 308
	// - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431
	// - 500 501 502 503 504 505 506 507 508 510 511
	StatusOnError        uint32   `protobuf:"varint,8,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Global external auth settings

func (*Settings) Descriptor 

func (*Settings) Descriptor() ([]byte, []int)

func (*Settings) Equal 

func (this *Settings) Equal(that interface{}) bool

func (*Settings) GetClearRouteCache 

func (m *Settings) GetClearRouteCache() bool

func (*Settings) GetExtauthzServerRef 

func (m *Settings) GetExtauthzServerRef() *core.ResourceRef

func (*Settings) GetFailureModeAllow 

func (m *Settings) GetFailureModeAllow() bool

func (*Settings) GetHttpService 

func (m *Settings) GetHttpService() *HttpService

func (*Settings) GetRequestBody 

func (m *Settings) GetRequestBody() *BufferSettings

func (*Settings) GetRequestTimeout 

func (m *Settings) GetRequestTimeout() *time.Duration

func (*Settings) GetStatusOnError 

func (m *Settings) GetStatusOnError() uint32

func (*Settings) GetUserIdHeader 

func (m *Settings) GetUserIdHeader() string

func (*Settings) ProtoMessage 

func (*Settings) ProtoMessage()

func (*Settings) Reset 

func (m *Settings) Reset()

func (*Settings) String 

func (m *Settings) String() string

func (*Settings) XXX_DiscardUnknown 

func (m *Settings) XXX_DiscardUnknown()

func (*Settings) XXX_Marshal 

func (m *Settings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Settings) XXX_Merge 

func (m *Settings) XXX_Merge(src proto.Message)

func (*Settings) XXX_Size 

func (m *Settings) XXX_Size() int

func (*Settings) XXX_Unmarshal 

func (m *Settings) XXX_Unmarshal(b []byte) error

type TransitionAuthConfigFunc 

type TransitionAuthConfigFunc func(original, desired *AuthConfig) (bool, error)

Option to copy anything from the original to the desired before writing. Return value of false means don't update

type UnimplementedExtAuthDiscoveryServiceServer 

type UnimplementedExtAuthDiscoveryServiceServer struct {
}

UnimplementedExtAuthDiscoveryServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig 

func (*UnimplementedExtAuthDiscoveryServiceServer) DeltaExtAuthConfig(srv ExtAuthDiscoveryService_DeltaExtAuthConfigServer) error

func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig 

func (*UnimplementedExtAuthDiscoveryServiceServer) FetchExtAuthConfig(ctx context.Context, req *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)

func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig 

func (*UnimplementedExtAuthDiscoveryServiceServer) StreamExtAuthConfig(srv ExtAuthDiscoveryService_StreamExtAuthConfigServer) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.