envoy_config_filter_http_jwt_authn_v2alpha

package
v0.0.0-...-113c6ea Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2019 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package envoy_config_filter_http_jwt_authn_v2alpha is a generated protocol buffer package.

It is generated from these files: 

envoy/config/filter/http/jwt_authn/v2alpha/config.proto

It has these top-level messages: 

JwtProvider
RemoteJwks
JwtHeader
ProviderWithAudiences
JwtRequirement
JwtRequirementOrList
JwtRequirementAndList
RequirementRule
JwtAuthentication

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidLengthConfig = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowConfig   = fmt.Errorf("proto: integer overflow")
)

Functions

This section is empty.

Types

type JwtAuthentication 

type JwtAuthentication struct {
	// Map of provider names to JwtProviders.
	//
	// .. code-block:: yaml
	//
	//   providers:
	//     provider1:
	//        issuer: issuer1
	//        audiences:
	//        - audience1
	//        - audience2
	//        remote_jwks:
	//          http_uri:
	//            uri: https://example.com/.well-known/jwks.json
	//            cluster: example_jwks_cluster
	//      provider2:
	//        issuer: provider2
	//        local_jwks:
	//          inline_string: jwks_string
	//
	Providers map[string]*JwtProvider `` /* 145-byte string literal not displayed */
	// Specifies requirements based on the route matches. The first matched requirement will be
	// applied. If there are overlapped match conditions, please put the most specific match first.
	//
	// Examples
	//
	// .. code-block:: yaml
	//
	// rules:
	//   - match: { prefix: "/healthz" }
	//   - match: { prefix: "/baz" }
	//     requires:
	//       provider_name: "provider1"
	//   - match: { prefix: "/foo" }
	//     requires:
	//       requires_any:
	//         requirements:
	//           - provider_name: "provider1"
	//           - provider_name: "provider2"
	//   - match: { prefix: "/bar" }
	//     requires:
	//       requires_all:
	//         requirements:
	//           - provider_name: "provider1"
	//           - provider_name: "provider2"
	//
	Rules []*RequirementRule `protobuf:"bytes,2,rep,name=rules" json:"rules,omitempty"`
}

This is the Envoy HTTP filter config for JWT authentication.

For example:

.. code-block:: yaml 

providers:
   provider1:
     issuer: issuer1
     audiences:
     - audience1
     - audience2
     remote_jwks:
       http_uri:
         uri: https://example.com/.well-known/jwks.json
         cluster: example_jwks_cluster
   provider2:
     issuer: issuer2
     local_jwks:
       inline_string: jwks_string

rules:
   # Not jwt verification is required for /health path
   - match:
       prefix: "/health"

   # Jwt verification for provider1 is required for path prefixed with "prefix"
   - match:
       prefix: "/prefix"
     requires:
       provider_name: "provider1"

   # Jwt verification for either provider1 or provider2 is required for all other requests.
   - match:
       prefix: "/"
     requires:
       requires_any:
         requirements:
           - provider_name: "provider1"
           - provider_name: "provider2"

// [#not-implemented-hide:]

func (*JwtAuthentication) Descriptor 

func (*JwtAuthentication) Descriptor() ([]byte, []int)

func (*JwtAuthentication) GetProviders 

func (m *JwtAuthentication) GetProviders() map[string]*JwtProvider

func (*JwtAuthentication) GetRules 

func (m *JwtAuthentication) GetRules() []*RequirementRule

func (*JwtAuthentication) Marshal 

func (m *JwtAuthentication) Marshal() (dAtA []byte, err error)

func (*JwtAuthentication) MarshalTo 

func (m *JwtAuthentication) MarshalTo(dAtA []byte) (int, error)

func (*JwtAuthentication) ProtoMessage 

func (*JwtAuthentication) ProtoMessage()

func (*JwtAuthentication) Reset 

func (m *JwtAuthentication) Reset()

func (*JwtAuthentication) Size 

func (m *JwtAuthentication) Size() (n int)

func (*JwtAuthentication) String 

func (m *JwtAuthentication) String() string

func (*JwtAuthentication) Unmarshal 

func (m *JwtAuthentication) Unmarshal(dAtA []byte) error

func (*JwtAuthentication) Validate 

func (m *JwtAuthentication) Validate() error

Validate checks the field values on JwtAuthentication with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type JwtAuthenticationValidationError 

type JwtAuthenticationValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

JwtAuthenticationValidationError is the validation error returned by JwtAuthentication.Validate if the designated constraints aren't met.

func (JwtAuthenticationValidationError) Error 

func (e JwtAuthenticationValidationError) Error() string

Error satisfies the builtin error interface

type JwtHeader 

type JwtHeader struct {
	// The HTTP header name.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The value prefix. The value format is "value_prefix<token>"
	// For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the
	// end.
	ValuePrefix string `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"`
}

This message specifies a header location to extract JWT token.

func (*JwtHeader) Descriptor 

func (*JwtHeader) Descriptor() ([]byte, []int)

func (*JwtHeader) GetName 

func (m *JwtHeader) GetName() string

func (*JwtHeader) GetValuePrefix 

func (m *JwtHeader) GetValuePrefix() string

func (*JwtHeader) Marshal 

func (m *JwtHeader) Marshal() (dAtA []byte, err error)

func (*JwtHeader) MarshalTo 

func (m *JwtHeader) MarshalTo(dAtA []byte) (int, error)

func (*JwtHeader) ProtoMessage 

func (*JwtHeader) ProtoMessage()

func (*JwtHeader) Reset 

func (m *JwtHeader) Reset()

func (*JwtHeader) Size 

func (m *JwtHeader) Size() (n int)

func (*JwtHeader) String 

func (m *JwtHeader) String() string

func (*JwtHeader) Unmarshal 

func (m *JwtHeader) Unmarshal(dAtA []byte) error

func (*JwtHeader) Validate 

func (m *JwtHeader) Validate() error

Validate checks the field values on JwtHeader with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type JwtHeaderValidationError 

type JwtHeaderValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

JwtHeaderValidationError is the validation error returned by JwtHeader.Validate if the designated constraints aren't met.

func (JwtHeaderValidationError) Error 

func (e JwtHeaderValidationError) Error() string

Error satisfies the builtin error interface

type JwtProvider 

type JwtProvider struct {
	// Identifies the principal that issued the JWT. See `here
	//  <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address.
	//
	// Example: https://securetoken.google.com
	// Example: 1234567-compute@developer.gserviceaccount.com
	//
	Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
	// allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
	// will not check audiences in the token.
	//
	// Example:
	//
	// .. code-block:: yaml
	//
	//     audiences:
	//     - bookstore_android.apps.googleusercontent.com
	//     - bookstore_web.apps.googleusercontent.com
	//
	Audiences []string `protobuf:"bytes,2,rep,name=audiences" json:"audiences,omitempty"`
	// `JSON Web Key Set <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed. to validate
	// signature of the JWT. This field specifies where to fetch JWKS.
	//
	// Types that are valid to be assigned to JwksSourceSpecifier:
	//	*JwtProvider_RemoteJwks
	//	*JwtProvider_LocalJwks
	JwksSourceSpecifier isJwtProvider_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"`
	// If false, the JWT is removed in the request after a success verification. If true, the JWT is
	// not removed in the request. Default value is false.
	Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"`
	// Specify the HTTP headers to extract JWT token. For examples, following config:
	//
	// .. code-block:: yaml
	//
	//   from_headers:
	//   - name: x-goog-iap-jwt-assertion
	//
	// can be used to extract token from header::
	//
	//   x-goog-iap-jwt-assertion: <JWT>.
	//
	FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders" json:"from_headers,omitempty"`
	// JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
	//
	// For example, if config is:
	//
	// .. code-block:: yaml
	//
	//   from_params:
	//   - jwt_token
	//
	// The JWT format in query parameter is::
	//
	//    /path?jwt_token=<JWT>
	//
	FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams" json:"from_params,omitempty"`
	// This field specifies the header name to forward a successfully verified JWT payload to the
	// backend. The forwarded data is::
	//
	//    base64_encoded(jwt_payload_in_JSON)
	//
	// If it is not specified, the payload will not be forwarded.
	// Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
	// same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
	// multiple JWTs from different issuers want to forward their payloads, their
	// `forward_payload_header` should be different.
	ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"`
}

This message specifies how a JSON Web Token (JWT) can be verified. JWT format is defined `here <https://tools.ietf.org/html/rfc7519>`_. Please see `OAuth2.0 

<https://tools.ietf.org/html/rfc6749>`_ and `OIDC1.0  <http://openid.net/connect>`_ for

the authentication flow.

Example:

.. code-block:: yaml 

issuer: https://example.com
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
remote_jwks:
  http_uri:
    uri: https://example.com/.well-known/jwks.json
    cluster: example_jwks_cluster
  cache_duration:
    seconds: 300

[#not-implemented-hide:]

func (*JwtProvider) Descriptor 

func (*JwtProvider) Descriptor() ([]byte, []int)

func (*JwtProvider) GetAudiences 

func (m *JwtProvider) GetAudiences() []string

func (*JwtProvider) GetForward 

func (m *JwtProvider) GetForward() bool

func (*JwtProvider) GetForwardPayloadHeader 

func (m *JwtProvider) GetForwardPayloadHeader() string

func (*JwtProvider) GetFromHeaders 

func (m *JwtProvider) GetFromHeaders() []*JwtHeader

func (*JwtProvider) GetFromParams 

func (m *JwtProvider) GetFromParams() []string

func (*JwtProvider) GetIssuer 

func (m *JwtProvider) GetIssuer() string

func (*JwtProvider) GetJwksSourceSpecifier 

func (m *JwtProvider) GetJwksSourceSpecifier() isJwtProvider_JwksSourceSpecifier

func (*JwtProvider) GetLocalJwks 

func (m *JwtProvider) GetLocalJwks() *envoy_api_v2_core.DataSource

func (*JwtProvider) GetRemoteJwks 

func (m *JwtProvider) GetRemoteJwks() *RemoteJwks

func (*JwtProvider) Marshal 

func (m *JwtProvider) Marshal() (dAtA []byte, err error)

func (*JwtProvider) MarshalTo 

func (m *JwtProvider) MarshalTo(dAtA []byte) (int, error)

func (*JwtProvider) ProtoMessage 

func (*JwtProvider) ProtoMessage()

func (*JwtProvider) Reset 

func (m *JwtProvider) Reset()

func (*JwtProvider) Size 

func (m *JwtProvider) Size() (n int)

func (*JwtProvider) String 

func (m *JwtProvider) String() string

func (*JwtProvider) Unmarshal 

func (m *JwtProvider) Unmarshal(dAtA []byte) error

func (*JwtProvider) Validate 

func (m *JwtProvider) Validate() error

Validate checks the field values on JwtProvider with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtProvider) XXX_OneofFuncs 

func (*JwtProvider) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type JwtProviderValidationError 

type JwtProviderValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

JwtProviderValidationError is the validation error returned by JwtProvider.Validate if the designated constraints aren't met.

func (JwtProviderValidationError) Error 

func (e JwtProviderValidationError) Error() string

Error satisfies the builtin error interface

type JwtProvider_LocalJwks 

type JwtProvider_LocalJwks struct {
	LocalJwks *envoy_api_v2_core.DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,oneof"`
}

func (*JwtProvider_LocalJwks) MarshalTo 

func (m *JwtProvider_LocalJwks) MarshalTo(dAtA []byte) (int, error)

func (*JwtProvider_LocalJwks) Size 

func (m *JwtProvider_LocalJwks) Size() (n int)

type JwtProvider_RemoteJwks 

type JwtProvider_RemoteJwks struct {
	RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,oneof"`
}

func (*JwtProvider_RemoteJwks) MarshalTo 

func (m *JwtProvider_RemoteJwks) MarshalTo(dAtA []byte) (int, error)

func (*JwtProvider_RemoteJwks) Size 

func (m *JwtProvider_RemoteJwks) Size() (n int)

type JwtRequirement 

type JwtRequirement struct {
	// Types that are valid to be assigned to RequiresType:
	//	*JwtRequirement_ProviderName
	//	*JwtRequirement_ProviderAndAudiences
	//	*JwtRequirement_RequiresAny
	//	*JwtRequirement_RequiresAll
	//	*JwtRequirement_AllowMissingOrFailed
	RequiresType isJwtRequirement_RequiresType `protobuf_oneof:"requires_type"`
}

This message specifies a Jwt requirement. An empty message means JWT verification is not required. Here are some config examples:

.. code-block:: yaml 

# Example 1: not required with an empty message

# Example 2: require A
provider_name: "provider-A"

# Example 3: require A or B
requires_any:
  requirements:
    - provider_name: "provider-A"
    - provider_name: "provider-B"

# Example 4: require A and B
requires_all:
  requirements:
    - provider_name: "provider-A"
    - provider_name: "provider-B"

# Example 5: require A and (B or C)
requires_all:
  requirements:
    - provider_name: "provider-A"
    - requires_any:
      requirements:
        - provider_name: "provider-B"
        - provider_name: "provider-C"

# Example 6: require A or (B and C)
requires_any:
  requirements:
    - provider_name: "provider-A"
    - requires_all:
      requirements:
        - provider_name: "provider-B"
        - provider_name: "provider-C"

func (*JwtRequirement) Descriptor 

func (*JwtRequirement) Descriptor() ([]byte, []int)

func (*JwtRequirement) GetAllowMissingOrFailed 

func (m *JwtRequirement) GetAllowMissingOrFailed() *google_protobuf1.BoolValue

func (*JwtRequirement) GetProviderAndAudiences 

func (m *JwtRequirement) GetProviderAndAudiences() *ProviderWithAudiences

func (*JwtRequirement) GetProviderName 

func (m *JwtRequirement) GetProviderName() string

func (*JwtRequirement) GetRequiresAll 

func (m *JwtRequirement) GetRequiresAll() *JwtRequirementAndList

func (*JwtRequirement) GetRequiresAny 

func (m *JwtRequirement) GetRequiresAny() *JwtRequirementOrList

func (*JwtRequirement) GetRequiresType 

func (m *JwtRequirement) GetRequiresType() isJwtRequirement_RequiresType

func (*JwtRequirement) Marshal 

func (m *JwtRequirement) Marshal() (dAtA []byte, err error)

func (*JwtRequirement) MarshalTo 

func (m *JwtRequirement) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement) ProtoMessage 

func (*JwtRequirement) ProtoMessage()

func (*JwtRequirement) Reset 

func (m *JwtRequirement) Reset()

func (*JwtRequirement) Size 

func (m *JwtRequirement) Size() (n int)

func (*JwtRequirement) String 

func (m *JwtRequirement) String() string

func (*JwtRequirement) Unmarshal 

func (m *JwtRequirement) Unmarshal(dAtA []byte) error

func (*JwtRequirement) Validate 

func (m *JwtRequirement) Validate() error

Validate checks the field values on JwtRequirement with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*JwtRequirement) XXX_OneofFuncs 

func (*JwtRequirement) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type JwtRequirementAndList 

type JwtRequirementAndList struct {
	// Specify a list of JwtRequirement.
	Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements" json:"requirements,omitempty"`
}

This message specifies a list of RequiredProvider. Their results are AND-ed; all of them must pass, if one of them fails or missing, it fails.

func (*JwtRequirementAndList) Descriptor 

func (*JwtRequirementAndList) Descriptor() ([]byte, []int)

func (*JwtRequirementAndList) GetRequirements 

func (m *JwtRequirementAndList) GetRequirements() []*JwtRequirement

func (*JwtRequirementAndList) Marshal 

func (m *JwtRequirementAndList) Marshal() (dAtA []byte, err error)

func (*JwtRequirementAndList) MarshalTo 

func (m *JwtRequirementAndList) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirementAndList) ProtoMessage 

func (*JwtRequirementAndList) ProtoMessage()

func (*JwtRequirementAndList) Reset 

func (m *JwtRequirementAndList) Reset()

func (*JwtRequirementAndList) Size 

func (m *JwtRequirementAndList) Size() (n int)

func (*JwtRequirementAndList) String 

func (m *JwtRequirementAndList) String() string

func (*JwtRequirementAndList) Unmarshal 

func (m *JwtRequirementAndList) Unmarshal(dAtA []byte) error

func (*JwtRequirementAndList) Validate 

func (m *JwtRequirementAndList) Validate() error

Validate checks the field values on JwtRequirementAndList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type JwtRequirementAndListValidationError 

type JwtRequirementAndListValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

JwtRequirementAndListValidationError is the validation error returned by JwtRequirementAndList.Validate if the designated constraints aren't met.

func (JwtRequirementAndListValidationError) Error 

func (e JwtRequirementAndListValidationError) Error() string

Error satisfies the builtin error interface

type JwtRequirementOrList 

type JwtRequirementOrList struct {
	// Specify a list of JwtRequirement.
	Requirements []*JwtRequirement `protobuf:"bytes,1,rep,name=requirements" json:"requirements,omitempty"`
}

This message specifies a list of RequiredProvider. Their results are OR-ed; if any one of them passes, the result is passed

func (*JwtRequirementOrList) Descriptor 

func (*JwtRequirementOrList) Descriptor() ([]byte, []int)

func (*JwtRequirementOrList) GetRequirements 

func (m *JwtRequirementOrList) GetRequirements() []*JwtRequirement

func (*JwtRequirementOrList) Marshal 

func (m *JwtRequirementOrList) Marshal() (dAtA []byte, err error)

func (*JwtRequirementOrList) MarshalTo 

func (m *JwtRequirementOrList) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirementOrList) ProtoMessage 

func (*JwtRequirementOrList) ProtoMessage()

func (*JwtRequirementOrList) Reset 

func (m *JwtRequirementOrList) Reset()

func (*JwtRequirementOrList) Size 

func (m *JwtRequirementOrList) Size() (n int)

func (*JwtRequirementOrList) String 

func (m *JwtRequirementOrList) String() string

func (*JwtRequirementOrList) Unmarshal 

func (m *JwtRequirementOrList) Unmarshal(dAtA []byte) error

func (*JwtRequirementOrList) Validate 

func (m *JwtRequirementOrList) Validate() error

Validate checks the field values on JwtRequirementOrList with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type JwtRequirementOrListValidationError 

type JwtRequirementOrListValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

JwtRequirementOrListValidationError is the validation error returned by JwtRequirementOrList.Validate if the designated constraints aren't met.

func (JwtRequirementOrListValidationError) Error 

func (e JwtRequirementOrListValidationError) Error() string

Error satisfies the builtin error interface

type JwtRequirementValidationError 

type JwtRequirementValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

JwtRequirementValidationError is the validation error returned by JwtRequirement.Validate if the designated constraints aren't met.

func (JwtRequirementValidationError) Error 

func (e JwtRequirementValidationError) Error() string

Error satisfies the builtin error interface

type JwtRequirement_AllowMissingOrFailed 

type JwtRequirement_AllowMissingOrFailed struct {
	AllowMissingOrFailed *google_protobuf1.BoolValue `protobuf:"bytes,5,opt,name=allow_missing_or_failed,json=allowMissingOrFailed,oneof"`
}

func (*JwtRequirement_AllowMissingOrFailed) MarshalTo 

func (m *JwtRequirement_AllowMissingOrFailed) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_AllowMissingOrFailed) Size 

func (m *JwtRequirement_AllowMissingOrFailed) Size() (n int)

type JwtRequirement_ProviderAndAudiences 

type JwtRequirement_ProviderAndAudiences struct {
	ProviderAndAudiences *ProviderWithAudiences `protobuf:"bytes,2,opt,name=provider_and_audiences,json=providerAndAudiences,oneof"`
}

func (*JwtRequirement_ProviderAndAudiences) MarshalTo 

func (m *JwtRequirement_ProviderAndAudiences) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_ProviderAndAudiences) Size 

func (m *JwtRequirement_ProviderAndAudiences) Size() (n int)

type JwtRequirement_ProviderName 

type JwtRequirement_ProviderName struct {
	ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3,oneof"`
}

func (*JwtRequirement_ProviderName) MarshalTo 

func (m *JwtRequirement_ProviderName) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_ProviderName) Size 

func (m *JwtRequirement_ProviderName) Size() (n int)

type JwtRequirement_RequiresAll 

type JwtRequirement_RequiresAll struct {
	RequiresAll *JwtRequirementAndList `protobuf:"bytes,4,opt,name=requires_all,json=requiresAll,oneof"`
}

func (*JwtRequirement_RequiresAll) MarshalTo 

func (m *JwtRequirement_RequiresAll) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_RequiresAll) Size 

func (m *JwtRequirement_RequiresAll) Size() (n int)

type JwtRequirement_RequiresAny 

type JwtRequirement_RequiresAny struct {
	RequiresAny *JwtRequirementOrList `protobuf:"bytes,3,opt,name=requires_any,json=requiresAny,oneof"`
}

func (*JwtRequirement_RequiresAny) MarshalTo 

func (m *JwtRequirement_RequiresAny) MarshalTo(dAtA []byte) (int, error)

func (*JwtRequirement_RequiresAny) Size 

func (m *JwtRequirement_RequiresAny) Size() (n int)

type ProviderWithAudiences 

type ProviderWithAudiences struct {
	// Specify a required provider name.
	ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"`
	// This field overrides the one specified in the JwtProvider.
	Audiences []string `protobuf:"bytes,2,rep,name=audiences" json:"audiences,omitempty"`
}

Specify a required provider with audiences.

func (*ProviderWithAudiences) Descriptor 

func (*ProviderWithAudiences) Descriptor() ([]byte, []int)

func (*ProviderWithAudiences) GetAudiences 

func (m *ProviderWithAudiences) GetAudiences() []string

func (*ProviderWithAudiences) GetProviderName 

func (m *ProviderWithAudiences) GetProviderName() string

func (*ProviderWithAudiences) Marshal 

func (m *ProviderWithAudiences) Marshal() (dAtA []byte, err error)

func (*ProviderWithAudiences) MarshalTo 

func (m *ProviderWithAudiences) MarshalTo(dAtA []byte) (int, error)

func (*ProviderWithAudiences) ProtoMessage 

func (*ProviderWithAudiences) ProtoMessage()

func (*ProviderWithAudiences) Reset 

func (m *ProviderWithAudiences) Reset()

func (*ProviderWithAudiences) Size 

func (m *ProviderWithAudiences) Size() (n int)

func (*ProviderWithAudiences) String 

func (m *ProviderWithAudiences) String() string

func (*ProviderWithAudiences) Unmarshal 

func (m *ProviderWithAudiences) Unmarshal(dAtA []byte) error

func (*ProviderWithAudiences) Validate 

func (m *ProviderWithAudiences) Validate() error

Validate checks the field values on ProviderWithAudiences with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type ProviderWithAudiencesValidationError 

type ProviderWithAudiencesValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

ProviderWithAudiencesValidationError is the validation error returned by ProviderWithAudiences.Validate if the designated constraints aren't met.

func (ProviderWithAudiencesValidationError) Error 

func (e ProviderWithAudiencesValidationError) Error() string

Error satisfies the builtin error interface

type RemoteJwks 

type RemoteJwks struct {
	// The HTTP URI to fetch the JWKS. For example:
	//
	// .. code-block:: yaml
	//
	//    http_uri:
	//      uri: https://www.googleapis.com/oauth2/v1/certs
	//      cluster: jwt.www.googleapis.com|443
	//
	HttpUri *envoy_api_v2_core1.HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri" json:"http_uri,omitempty"`
	// Duration after which the cached JWKS should be expired. If not specified, default cache
	// duration is 5 minutes.
	CacheDuration *google_protobuf3.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration" json:"cache_duration,omitempty"`
}

This message specifies how to fetch JWKS from remote and how to cache it.

func (*RemoteJwks) Descriptor 

func (*RemoteJwks) Descriptor() ([]byte, []int)

func (*RemoteJwks) GetCacheDuration 

func (m *RemoteJwks) GetCacheDuration() *google_protobuf3.Duration

func (*RemoteJwks) GetHttpUri 

func (m *RemoteJwks) GetHttpUri() *envoy_api_v2_core1.HttpUri

func (*RemoteJwks) Marshal 

func (m *RemoteJwks) Marshal() (dAtA []byte, err error)

func (*RemoteJwks) MarshalTo 

func (m *RemoteJwks) MarshalTo(dAtA []byte) (int, error)

func (*RemoteJwks) ProtoMessage 

func (*RemoteJwks) ProtoMessage()

func (*RemoteJwks) Reset 

func (m *RemoteJwks) Reset()

func (*RemoteJwks) Size 

func (m *RemoteJwks) Size() (n int)

func (*RemoteJwks) String 

func (m *RemoteJwks) String() string

func (*RemoteJwks) Unmarshal 

func (m *RemoteJwks) Unmarshal(dAtA []byte) error

func (*RemoteJwks) Validate 

func (m *RemoteJwks) Validate() error

Validate checks the field values on RemoteJwks with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type RemoteJwksValidationError 

type RemoteJwksValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

RemoteJwksValidationError is the validation error returned by RemoteJwks.Validate if the designated constraints aren't met.

func (RemoteJwksValidationError) Error 

func (e RemoteJwksValidationError) Error() string

Error satisfies the builtin error interface

type RequirementRule 

type RequirementRule struct {
	// The route matching parameter. Only when the match is satisfied, the "requires" field will
	// apply.
	//
	// For example: following match will match all requests.
	//
	// .. code-block:: yaml
	//
	//    match:
	//       prefix: "/"
	//
	Match *envoy_api_v2_route.RouteMatch `protobuf:"bytes,1,opt,name=match" json:"match,omitempty"`
	// Specify a Jwt Requirement. Please detail comment in message JwtRequirement.
	Requires *JwtRequirement `protobuf:"bytes,2,opt,name=requires" json:"requires,omitempty"`
}

This message specifies a Jwt requirement for a specific Route condition. Example 1:

.. code-block:: yaml

  • match: prefix: "/healthz"

In above example, "requires" field is empty for /healthz prefix match, it means that requests matching the path prefix don't require JWT authentication.

Example 2:

.. code-block:: yaml

  • match: prefix: "/" requires: { provider_name: "provider-A" }

In above example, all requests matched the path prefix require jwt authentication from "provider-A".

func (*RequirementRule) Descriptor 

func (*RequirementRule) Descriptor() ([]byte, []int)

func (*RequirementRule) GetMatch 

func (m *RequirementRule) GetMatch() *envoy_api_v2_route.RouteMatch

func (*RequirementRule) GetRequires 

func (m *RequirementRule) GetRequires() *JwtRequirement

func (*RequirementRule) Marshal 

func (m *RequirementRule) Marshal() (dAtA []byte, err error)

func (*RequirementRule) MarshalTo 

func (m *RequirementRule) MarshalTo(dAtA []byte) (int, error)

func (*RequirementRule) ProtoMessage 

func (*RequirementRule) ProtoMessage()

func (*RequirementRule) Reset 

func (m *RequirementRule) Reset()

func (*RequirementRule) Size 

func (m *RequirementRule) Size() (n int)

func (*RequirementRule) String 

func (m *RequirementRule) String() string

func (*RequirementRule) Unmarshal 

func (m *RequirementRule) Unmarshal(dAtA []byte) error

func (*RequirementRule) Validate 

func (m *RequirementRule) Validate() error

Validate checks the field values on RequirementRule with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

type RequirementRuleValidationError 

type RequirementRuleValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

RequirementRuleValidationError is the validation error returned by RequirementRule.Validate if the designated constraints aren't met.

func (RequirementRuleValidationError) Error 

func (e RequirementRuleValidationError) Error() string

Error satisfies the builtin error interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.