authv3

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 8, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Authorization_Check_FullMethodName = "/envoy.service.auth.v3.Authorization/Check"
)

Variables

View Source 
var Authorization_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "envoy.service.auth.v3.Authorization",
	HandlerType: (*AuthorizationServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Check",
			Handler:    _Authorization_Check_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "envoy/service/auth/v3/external_auth.proto",
}

Authorization_ServiceDesc is the grpc.ServiceDesc for Authorization service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_envoy_service_auth_v3_attribute_context_proto protoreflect.FileDescriptor
View Source 
var File_envoy_service_auth_v3_external_auth_proto protoreflect.FileDescriptor

Functions

func RegisterAuthorizationServer 

func RegisterAuthorizationServer(s grpc.ServiceRegistrar, srv AuthorizationServer)

Types

type AttributeContext 

type AttributeContext struct {

	// The source of a network activity, such as starting a TCP connection.
	// In a multi hop network activity, the source represents the sender of the
	// last hop.
	Source *AttributeContext_Peer `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
	// The destination of a network activity, such as accepting a TCP connection.
	// In a multi hop network activity, the destination represents the receiver of
	// the last hop.
	Destination *AttributeContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"`
	// Represents a network request, such as an HTTP request.
	Request *AttributeContext_Request `protobuf:"bytes,4,opt,name=request,proto3" json:"request,omitempty"`
	// This is analogous to http_request.headers, however these contents will not be sent to the
	// upstream server. Context_extensions provide an extension mechanism for sending additional
	// information to the auth server without modifying the proto definition. It maps to the
	// internal opaque context in the filter chain.
	ContextExtensions map[string]string `` /* 201-byte string literal not displayed */
	// Dynamic metadata associated with the request.
	MetadataContext *v3.Metadata `protobuf:"bytes,11,opt,name=metadata_context,json=metadataContext,proto3" json:"metadata_context,omitempty"`
	// Metadata associated with the selected route.
	RouteMetadataContext *v3.Metadata `protobuf:"bytes,13,opt,name=route_metadata_context,json=routeMetadataContext,proto3" json:"route_metadata_context,omitempty"`
	// TLS session details of the underlying connection.
	// This is not populated by default and will be populated only if the ext_authz filter has
	// been specifically configured to include this information.
	// For HTTP ext_authz, that requires :ref:`include_tls_session <config_http_filters_ext_authz>`
	// to be set to true.
	// For network ext_authz, that requires :ref:`include_tls_session <config_network_filters_ext_authz>`
	// to be set to true.
	TlsSession *AttributeContext_TLSSession `protobuf:"bytes,12,opt,name=tls_session,json=tlsSession,proto3" json:"tls_session,omitempty"`
	// contains filtered or unexported fields
}

An attribute is a piece of metadata that describes an activity on a network. For example, the size of an HTTP request, or the status code of an HTTP response.

Each attribute has a type and a name, which is logically defined as a proto message field of the “AttributeContext“. The “AttributeContext“ is a collection of individual attributes supported by Envoy authorization system. [#comment: The following items are left out of this proto Request.Auth field for jwt tokens Request.Api for api management Origin peer that originated the request Caching Protocol request_context return values to inject back into the filter chain peer.claims -- from X.509 extensions Configuration - field mask to send - which return values from request_context are copied back - which return values are copied into request_headers] [#next-free-field: 14]

func (*AttributeContext) Descriptor deprecated 

func (*AttributeContext) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead.

func (*AttributeContext) GetContextExtensions 

func (x *AttributeContext) GetContextExtensions() map[string]string

func (*AttributeContext) GetDestination 

func (x *AttributeContext) GetDestination() *AttributeContext_Peer

func (*AttributeContext) GetMetadataContext 

func (x *AttributeContext) GetMetadataContext() *v3.Metadata

func (*AttributeContext) GetRequest 

func (x *AttributeContext) GetRequest() *AttributeContext_Request

func (*AttributeContext) GetRouteMetadataContext 

func (x *AttributeContext) GetRouteMetadataContext() *v3.Metadata

func (*AttributeContext) GetSource 

func (x *AttributeContext) GetSource() *AttributeContext_Peer

func (*AttributeContext) GetTlsSession 

func (x *AttributeContext) GetTlsSession() *AttributeContext_TLSSession

func (*AttributeContext) ProtoMessage 

func (*AttributeContext) ProtoMessage()

func (*AttributeContext) ProtoReflect 

func (x *AttributeContext) ProtoReflect() protoreflect.Message

func (*AttributeContext) Reset 

func (x *AttributeContext) Reset()

func (*AttributeContext) String 

func (x *AttributeContext) String() string

type AttributeContext_HttpRequest 

type AttributeContext_HttpRequest struct {

	// The unique ID for a request, which can be propagated to downstream
	// systems. The ID should have low probability of collision
	// within a single day for a specific service.
	// For HTTP requests, it should be X-Request-ID or equivalent.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// The HTTP request method, such as “GET“, “POST“.
	Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"`
	// The HTTP request headers. If multiple headers share the same key, they
	// must be merged according to the HTTP spec. All header keys must be
	// lower-cased, because HTTP header keys are case-insensitive.
	// Header value is encoded as UTF-8 string. Non-UTF-8 characters will be replaced by "!".
	// This field will not be set if
	// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
	// is set to true.
	Headers map[string]string `` /* 155-byte string literal not displayed */
	// A list of the raw HTTP request headers. This is used instead of
	// :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>` when
	// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
	// is set to true.
	//
	// Note that this is not actually a map type. “header_map“ contains a single repeated field
	// “headers“.
	//
	// Here, only the “key“ and “raw_value“ fields will be populated for each HeaderValue, and
	// that is only when
	// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
	// is set to true.
	//
	// Also, unlike the
	// :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>`
	// field, headers with the same key are not combined into a single comma separated header.
	HeaderMap *v3.HeaderMap `protobuf:"bytes,13,opt,name=header_map,json=headerMap,proto3" json:"header_map,omitempty"`
	// The request target, as it appears in the first line of the HTTP request. This includes
	// the URL path and query-string. No decoding is performed.
	Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
	// The HTTP request “Host“ or “:authority“ header value.
	Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"`
	// The HTTP URL scheme, such as “http“ and “https“.
	Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The HTTP URL query is
	// included in “path“ field.
	Query string `protobuf:"bytes,7,opt,name=query,proto3" json:"query,omitempty"`
	// This field is always empty, and exists for compatibility reasons. The URL fragment is
	// not submitted as part of HTTP requests; it is unknowable.
	Fragment string `protobuf:"bytes,8,opt,name=fragment,proto3" json:"fragment,omitempty"`
	// The HTTP request size in bytes. If unknown, it must be -1.
	Size int64 `protobuf:"varint,9,opt,name=size,proto3" json:"size,omitempty"`
	// The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2".
	//
	// See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all
	// possible values.
	Protocol string `protobuf:"bytes,10,opt,name=protocol,proto3" json:"protocol,omitempty"`
	// The HTTP request body.
	Body string `protobuf:"bytes,11,opt,name=body,proto3" json:"body,omitempty"`
	// The HTTP request body in bytes. This is used instead of
	// :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when
	// :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>`
	// is set to true.
	RawBody []byte `protobuf:"bytes,12,opt,name=raw_body,json=rawBody,proto3" json:"raw_body,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for an HTTP request. HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests. [#next-free-field: 14]

func (*AttributeContext_HttpRequest) Descriptor deprecated 

func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_HttpRequest.ProtoReflect.Descriptor instead.

func (*AttributeContext_HttpRequest) GetBody 

func (x *AttributeContext_HttpRequest) GetBody() string

func (*AttributeContext_HttpRequest) GetFragment 

func (x *AttributeContext_HttpRequest) GetFragment() string

func (*AttributeContext_HttpRequest) GetHeaderMap 

func (x *AttributeContext_HttpRequest) GetHeaderMap() *v3.HeaderMap

func (*AttributeContext_HttpRequest) GetHeaders 

func (x *AttributeContext_HttpRequest) GetHeaders() map[string]string

func (*AttributeContext_HttpRequest) GetHost 

func (x *AttributeContext_HttpRequest) GetHost() string

func (*AttributeContext_HttpRequest) GetId 

func (x *AttributeContext_HttpRequest) GetId() string

func (*AttributeContext_HttpRequest) GetMethod 

func (x *AttributeContext_HttpRequest) GetMethod() string

func (*AttributeContext_HttpRequest) GetPath 

func (x *AttributeContext_HttpRequest) GetPath() string

func (*AttributeContext_HttpRequest) GetProtocol 

func (x *AttributeContext_HttpRequest) GetProtocol() string

func (*AttributeContext_HttpRequest) GetQuery 

func (x *AttributeContext_HttpRequest) GetQuery() string

func (*AttributeContext_HttpRequest) GetRawBody 

func (x *AttributeContext_HttpRequest) GetRawBody() []byte

func (*AttributeContext_HttpRequest) GetScheme 

func (x *AttributeContext_HttpRequest) GetScheme() string

func (*AttributeContext_HttpRequest) GetSize 

func (x *AttributeContext_HttpRequest) GetSize() int64

func (*AttributeContext_HttpRequest) ProtoMessage 

func (*AttributeContext_HttpRequest) ProtoMessage()

func (*AttributeContext_HttpRequest) ProtoReflect 

func (x *AttributeContext_HttpRequest) ProtoReflect() protoreflect.Message

func (*AttributeContext_HttpRequest) Reset 

func (x *AttributeContext_HttpRequest) Reset()

func (*AttributeContext_HttpRequest) String 

func (x *AttributeContext_HttpRequest) String() string

type AttributeContext_Peer 

type AttributeContext_Peer struct {

	// The address of the peer, this is typically the IP address.
	// It can also be UDS path, or others.
	Address *v3.Address `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
	// The canonical service name of the peer.
	// It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster
	// <config_http_conn_man_headers_downstream-service-cluster>`
	// If a more trusted source of the service name is available through mTLS/secure naming, it
	// should be used.
	Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
	// The labels associated with the peer.
	// These could be pod labels for Kubernetes or tags for VMs.
	// The source of the labels could be an X.509 certificate or other configuration.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// The authenticated identity of this peer.
	// For example, the identity associated with the workload such as a service account.
	// If an X.509 certificate is used to assert the identity this field should be sourced from
	// “URI Subject Alternative Names“, “DNS Subject Alternate Names“ or “Subject“ in that order.
	// The primary identity should be the principal. The principal format is issuer specific.
	//
	// Examples:
	//
	// - SPIFFE format is “spiffe://trust-domain/path“.
	// - Google account format is “https://accounts.google.com/{userid}“.
	Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"`
	// The X.509 certificate used to authenticate the identify of this peer.
	// When present, the certificate contents are encoded in URL and PEM format.
	Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in the “service“, “principal“, and “labels“ as appropriate. [#next-free-field: 6]

func (*AttributeContext_Peer) Descriptor deprecated 

func (*AttributeContext_Peer) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_Peer.ProtoReflect.Descriptor instead.

func (*AttributeContext_Peer) GetAddress 

func (x *AttributeContext_Peer) GetAddress() *v3.Address

func (*AttributeContext_Peer) GetCertificate 

func (x *AttributeContext_Peer) GetCertificate() string

func (*AttributeContext_Peer) GetLabels 

func (x *AttributeContext_Peer) GetLabels() map[string]string

func (*AttributeContext_Peer) GetPrincipal 

func (x *AttributeContext_Peer) GetPrincipal() string

func (*AttributeContext_Peer) GetService 

func (x *AttributeContext_Peer) GetService() string

func (*AttributeContext_Peer) ProtoMessage 

func (*AttributeContext_Peer) ProtoMessage()

func (*AttributeContext_Peer) ProtoReflect 

func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message

func (*AttributeContext_Peer) Reset 

func (x *AttributeContext_Peer) Reset()

func (*AttributeContext_Peer) String 

func (x *AttributeContext_Peer) String() string

type AttributeContext_Request 

type AttributeContext_Request struct {

	// The timestamp when the proxy receives the first byte of the request.
	Time *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=time,proto3" json:"time,omitempty"`
	// Represents an HTTP request or an HTTP-like request.
	Http *AttributeContext_HttpRequest `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"`
	// contains filtered or unexported fields
}

Represents a network request, such as an HTTP request.

func (*AttributeContext_Request) Descriptor deprecated 

func (*AttributeContext_Request) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead.

func (*AttributeContext_Request) GetHttp 

func (x *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest

func (*AttributeContext_Request) GetTime 

func (x *AttributeContext_Request) GetTime() *timestamppb.Timestamp

func (*AttributeContext_Request) ProtoMessage 

func (*AttributeContext_Request) ProtoMessage()

func (*AttributeContext_Request) ProtoReflect 

func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message

func (*AttributeContext_Request) Reset 

func (x *AttributeContext_Request) Reset()

func (*AttributeContext_Request) String 

func (x *AttributeContext_Request) String() string

type AttributeContext_TLSSession 

type AttributeContext_TLSSession struct {

	// SNI used for TLS session.
	Sni string `protobuf:"bytes,1,opt,name=sni,proto3" json:"sni,omitempty"`
	// contains filtered or unexported fields
}

This message defines attributes for the underlying TLS session.

func (*AttributeContext_TLSSession) Descriptor deprecated 

func (*AttributeContext_TLSSession) Descriptor() ([]byte, []int)

Deprecated: Use AttributeContext_TLSSession.ProtoReflect.Descriptor instead.

func (*AttributeContext_TLSSession) GetSni 

func (x *AttributeContext_TLSSession) GetSni() string

func (*AttributeContext_TLSSession) ProtoMessage 

func (*AttributeContext_TLSSession) ProtoMessage()

func (*AttributeContext_TLSSession) ProtoReflect 

func (x *AttributeContext_TLSSession) ProtoReflect() protoreflect.Message

func (*AttributeContext_TLSSession) Reset 

func (x *AttributeContext_TLSSession) Reset()

func (*AttributeContext_TLSSession) String 

func (x *AttributeContext_TLSSession) String() string

type AuthorizationClient 

type AuthorizationClient interface {
	// Performs authorization check based on the attributes associated with the
	// incoming request, and returns status `OK` or not `OK`.
	Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error)
}

AuthorizationClient is the client API for Authorization service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

A generic interface for performing authorization check on incoming requests to a networked service.

func NewAuthorizationClient 

func NewAuthorizationClient(cc grpc.ClientConnInterface) AuthorizationClient

type AuthorizationServer 

type AuthorizationServer interface {
	// Performs authorization check based on the attributes associated with the
	// incoming request, and returns status `OK` or not `OK`.
	Check(context.Context, *CheckRequest) (*CheckResponse, error)
	// contains filtered or unexported methods
}

AuthorizationServer is the server API for Authorization service. All implementations must embed UnimplementedAuthorizationServer for forward compatibility.

A generic interface for performing authorization check on incoming requests to a networked service.

type CheckRequest 

type CheckRequest struct {

	// The request attributes.
	Attributes *AttributeContext `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"`
	// contains filtered or unexported fields
}

func (*CheckRequest) Descriptor deprecated 

func (*CheckRequest) Descriptor() ([]byte, []int)

Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead.

func (*CheckRequest) GetAttributes 

func (x *CheckRequest) GetAttributes() *AttributeContext

func (*CheckRequest) ProtoMessage 

func (*CheckRequest) ProtoMessage()

func (*CheckRequest) ProtoReflect 

func (x *CheckRequest) ProtoReflect() protoreflect.Message

func (*CheckRequest) Reset 

func (x *CheckRequest) Reset()

func (*CheckRequest) String 

func (x *CheckRequest) String() string

type CheckResponse 

type CheckResponse struct {

	// Status “OK“ allows the request. Any other status indicates the request should be denied, and
	// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
	// Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *status.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// An message that contains HTTP response attributes. This message is
	// used when the authorization service needs to send custom responses to the
	// downstream client or, to modify/add request headers being dispatched to the upstream.
	//
	// Types that are assignable to HttpResponse:
	//
	//	*CheckResponse_DeniedResponse
	//	*CheckResponse_OkResponse
	HttpResponse isCheckResponse_HttpResponse `protobuf_oneof:"http_response"`
	// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
	// filter. This metadata lives in a namespace specified by the canonical name of extension filter
	// that requires it:
	//
	// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
	// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
	DynamicMetadata *structpb.Struct `protobuf:"bytes,4,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// contains filtered or unexported fields
}

Intended for gRPC and Network Authorization servers “only“.

func (*CheckResponse) Descriptor deprecated 

func (*CheckResponse) Descriptor() ([]byte, []int)

Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead.

func (*CheckResponse) GetDeniedResponse 

func (x *CheckResponse) GetDeniedResponse() *DeniedHttpResponse

func (*CheckResponse) GetDynamicMetadata 

func (x *CheckResponse) GetDynamicMetadata() *structpb.Struct

func (*CheckResponse) GetHttpResponse 

func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse

func (*CheckResponse) GetOkResponse 

func (x *CheckResponse) GetOkResponse() *OkHttpResponse

func (*CheckResponse) GetStatus 

func (x *CheckResponse) GetStatus() *status.Status

func (*CheckResponse) ProtoMessage 

func (*CheckResponse) ProtoMessage()

func (*CheckResponse) ProtoReflect 

func (x *CheckResponse) ProtoReflect() protoreflect.Message

func (*CheckResponse) Reset 

func (x *CheckResponse) Reset()

func (*CheckResponse) String 

func (x *CheckResponse) String() string

type CheckResponse_DeniedResponse 

type CheckResponse_DeniedResponse struct {
	// Supplies http attributes for a denied response.
	DeniedResponse *DeniedHttpResponse `protobuf:"bytes,2,opt,name=denied_response,json=deniedResponse,proto3,oneof"`
}

type CheckResponse_OkResponse 

type CheckResponse_OkResponse struct {
	// Supplies http attributes for an ok response.
	OkResponse *OkHttpResponse `protobuf:"bytes,3,opt,name=ok_response,json=okResponse,proto3,oneof"`
}

type DeniedHttpResponse 

type DeniedHttpResponse struct {

	// This field allows the authorization service to send an HTTP response status code to the
	// downstream client. If not set, Envoy sends “403 Forbidden“ HTTP status code by default.
	Status *v3.HttpStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// This field allows the authorization service to send a response body data
	// to the downstream client.
	Body string `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"`
	// contains filtered or unexported fields
}

HTTP attributes for a denied response.

func (*DeniedHttpResponse) Descriptor deprecated 

func (*DeniedHttpResponse) Descriptor() ([]byte, []int)

Deprecated: Use DeniedHttpResponse.ProtoReflect.Descriptor instead.

func (*DeniedHttpResponse) GetBody 

func (x *DeniedHttpResponse) GetBody() string

func (*DeniedHttpResponse) GetHeaders 

func (x *DeniedHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*DeniedHttpResponse) GetStatus 

func (x *DeniedHttpResponse) GetStatus() *v3.HttpStatus

func (*DeniedHttpResponse) ProtoMessage 

func (*DeniedHttpResponse) ProtoMessage()

func (*DeniedHttpResponse) ProtoReflect 

func (x *DeniedHttpResponse) ProtoReflect() protoreflect.Message

func (*DeniedHttpResponse) Reset 

func (x *DeniedHttpResponse) Reset()

func (*DeniedHttpResponse) String 

func (x *DeniedHttpResponse) String() string

type OkHttpResponse 

type OkHttpResponse struct {

	// HTTP entity headers in addition to the original request headers. This allows the authorization
	// service to append, to add or to override headers from the original request before
	// dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
	// false when used in this message. By setting the “append“ field to “true“,
	// the filter will append the correspondent header value to the matched request header.
	// By leaving “append“ as false, the filter will either add a new header, or override an existing
	// one if there is a match.
	Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"`
	// HTTP entity headers to remove from the original request before dispatching
	// it to the upstream. This allows the authorization service to act on auth
	// related headers (like “Authorization“), process them, and consume them.
	// Under this model, the upstream will either receive the request (if it's
	// authorized) or not receive it (if it's not), but will not see headers
	// containing authorization credentials.
	//
	// Pseudo headers (such as “:authority“, “:method“, “:path“ etc), as well as
	// the header “Host“, may not be removed as that would make the request
	// malformed. If mentioned in “headers_to_remove“ these special headers will
	// be ignored.
	//
	// When using the HTTP service this must instead be set by the HTTP
	// authorization service as a comma separated list like so:
	// “x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header“.
	HeadersToRemove []string `protobuf:"bytes,5,rep,name=headers_to_remove,json=headersToRemove,proto3" json:"headers_to_remove,omitempty"`
	// This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
	// setting this field overrides :ref:`CheckResponse.dynamic_metadata
	// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
	//
	// Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.
	DynamicMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"`
	// This field allows the authorization service to send HTTP response headers
	// to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
	// defaults to false when used in this message.
	ResponseHeadersToAdd []*v31.HeaderValueOption `protobuf:"bytes,6,rep,name=response_headers_to_add,json=responseHeadersToAdd,proto3" json:"response_headers_to_add,omitempty"`
	// This field allows the authorization service to set (and overwrite) query
	// string parameters on the original request before it is sent upstream.
	QueryParametersToSet []*v31.QueryParameter `protobuf:"bytes,7,rep,name=query_parameters_to_set,json=queryParametersToSet,proto3" json:"query_parameters_to_set,omitempty"`
	// This field allows the authorization service to specify which query parameters
	// should be removed from the original request before it is sent upstream. Each
	// element in this list is a case-sensitive query parameter name to be removed.
	QueryParametersToRemove []string `` /* 134-byte string literal not displayed */
	// contains filtered or unexported fields
}

HTTP attributes for an OK response. [#next-free-field: 9]

func (*OkHttpResponse) Descriptor deprecated 

func (*OkHttpResponse) Descriptor() ([]byte, []int)

Deprecated: Use OkHttpResponse.ProtoReflect.Descriptor instead.

func (*OkHttpResponse) GetDynamicMetadata deprecated 

func (x *OkHttpResponse) GetDynamicMetadata() *structpb.Struct

Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto.

func (*OkHttpResponse) GetHeaders 

func (x *OkHttpResponse) GetHeaders() []*v31.HeaderValueOption

func (*OkHttpResponse) GetHeadersToRemove 

func (x *OkHttpResponse) GetHeadersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToRemove 

func (x *OkHttpResponse) GetQueryParametersToRemove() []string

func (*OkHttpResponse) GetQueryParametersToSet 

func (x *OkHttpResponse) GetQueryParametersToSet() []*v31.QueryParameter

func (*OkHttpResponse) GetResponseHeadersToAdd 

func (x *OkHttpResponse) GetResponseHeadersToAdd() []*v31.HeaderValueOption

func (*OkHttpResponse) ProtoMessage 

func (*OkHttpResponse) ProtoMessage()

func (*OkHttpResponse) ProtoReflect 

func (x *OkHttpResponse) ProtoReflect() protoreflect.Message

func (*OkHttpResponse) Reset 

func (x *OkHttpResponse) Reset()

func (*OkHttpResponse) String 

func (x *OkHttpResponse) String() string

type UnimplementedAuthorizationServer 

type UnimplementedAuthorizationServer struct{}

UnimplementedAuthorizationServer must be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedAuthorizationServer) Check 

func (UnimplementedAuthorizationServer) Check(context.Context, *CheckRequest) (*CheckResponse, error)

type UnsafeAuthorizationServer 

type UnsafeAuthorizationServer interface {
	// contains filtered or unexported methods
}

UnsafeAuthorizationServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to AuthorizationServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.