securityv1

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2026 License: MIT Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	SecurityErrorReason_name = map[int32]string{
		0:    "SECURITY_ERROR_REASON_UNSPECIFIED",
		1002: "CREDENTIALS_INVALID",
		1003: "TOKEN_EXPIRED",
		1004: "TOKEN_INVALID",
		1005: "TOKEN_MISSING",
		1006: "CLAIMS_INVALID",
		1007: "BEARER_TOKEN_INVALID",
		1008: "SIGNING_METHOD_UNSUPPORTED",
		1009: "TOKEN_SIGN_FAILED",
		2000: "PERMISSION_DENIED",
	}
	SecurityErrorReason_value = map[string]int32{
		"SECURITY_ERROR_REASON_UNSPECIFIED": 0,
		"CREDENTIALS_INVALID":               1002,
		"TOKEN_EXPIRED":                     1003,
		"TOKEN_INVALID":                     1004,
		"TOKEN_MISSING":                     1005,
		"CLAIMS_INVALID":                    1006,
		"BEARER_TOKEN_INVALID":              1007,
		"SIGNING_METHOD_UNSUPPORTED":        1008,
		"TOKEN_SIGN_FAILED":                 1009,
		"PERMISSION_DENIED":                 2000,
	}
)

Enum value maps for SecurityErrorReason.

View Source 
var File_security_v1_credential_proto protoreflect.FileDescriptor
View Source 
var File_security_v1_error_proto protoreflect.FileDescriptor
View Source 
var File_security_v1_principal_proto protoreflect.FileDescriptor
View Source 
var File_security_v1_security_proto protoreflect.FileDescriptor

Functions

func ErrorBearerTokenInvalid 

func ErrorBearerTokenInvalid(format string, args ...interface{}) *errors.Error

The bearer token is specifically invalid or malformed.

func ErrorClaimsInvalid 

func ErrorClaimsInvalid(format string, args ...interface{}) *errors.Error

The claims within the token are invalid.

func ErrorCredentialsInvalid 

func ErrorCredentialsInvalid(format string, args ...interface{}) *errors.Error

The provided credentials (e.g., username/password) are invalid.

func ErrorPermissionDenied 

func ErrorPermissionDenied(format string, args ...interface{}) *errors.Error

The user is authenticated but does not have permission for the specific resource or action.

func ErrorSecurityErrorReasonUnspecified 

func ErrorSecurityErrorReasonUnspecified(format string, args ...interface{}) *errors.Error

The default, unspecified reason. This is required by proto3 syntax.

func ErrorSigningMethodUnsupported 

func ErrorSigningMethodUnsupported(format string, args ...interface{}) *errors.Error

The signing method used in the token is not supported.

func ErrorTokenExpired 

func ErrorTokenExpired(format string, args ...interface{}) *errors.Error

The authentication token has expired.

func ErrorTokenInvalid 

func ErrorTokenInvalid(format string, args ...interface{}) *errors.Error

The authentication token is malformed or invalid.

func ErrorTokenMissing 

func ErrorTokenMissing(format string, args ...interface{}) *errors.Error

The authentication token is missing from the request.

func ErrorTokenSignFailed 

func ErrorTokenSignFailed(format string, args ...interface{}) *errors.Error

Failed to sign a new token.

func IsBearerTokenInvalid 

func IsBearerTokenInvalid(err error) bool

The bearer token is specifically invalid or malformed.

func IsClaimsInvalid 

func IsClaimsInvalid(err error) bool

The claims within the token are invalid.

func IsCredentialsInvalid 

func IsCredentialsInvalid(err error) bool

The provided credentials (e.g., username/password) are invalid.

func IsPermissionDenied 

func IsPermissionDenied(err error) bool

The user is authenticated but does not have permission for the specific resource or action.

func IsSecurityErrorReasonUnspecified 

func IsSecurityErrorReasonUnspecified(err error) bool

The default, unspecified reason. This is required by proto3 syntax.

func IsSigningMethodUnsupported 

func IsSigningMethodUnsupported(err error) bool

The signing method used in the token is not supported.

func IsTokenExpired 

func IsTokenExpired(err error) bool

The authentication token has expired.

func IsTokenInvalid 

func IsTokenInvalid(err error) bool

The authentication token is malformed or invalid.

func IsTokenMissing 

func IsTokenMissing(err error) bool

The authentication token is missing from the request.

func IsTokenSignFailed 

func IsTokenSignFailed(err error) bool

Failed to sign a new token.

Types

type AuthenticatorConfigs 

type AuthenticatorConfigs struct {
	Default *string             `protobuf:"bytes,1,opt,name=default,proto3,oneof" json:"default,omitempty"`
	Active  *string             `protobuf:"bytes,2,opt,name=active,proto3,oneof" json:"active,omitempty"`
	Configs []*v1.Authenticator `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"` // Changed type to AuthNConfig
	// contains filtered or unexported fields
}

func (*AuthenticatorConfigs) Descriptor deprecated 

func (*AuthenticatorConfigs) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticatorConfigs.ProtoReflect.Descriptor instead.

func (*AuthenticatorConfigs) GetActive 

func (x *AuthenticatorConfigs) GetActive() string

func (*AuthenticatorConfigs) GetConfigs 

func (x *AuthenticatorConfigs) GetConfigs() []*v1.Authenticator

func (*AuthenticatorConfigs) GetDefault 

func (x *AuthenticatorConfigs) GetDefault() string

func (*AuthenticatorConfigs) ProtoMessage 

func (*AuthenticatorConfigs) ProtoMessage()

func (*AuthenticatorConfigs) ProtoReflect 

func (x *AuthenticatorConfigs) ProtoReflect() protoreflect.Message

func (*AuthenticatorConfigs) Reset 

func (x *AuthenticatorConfigs) Reset()

func (*AuthenticatorConfigs) String 

func (x *AuthenticatorConfigs) String() string

func (*AuthenticatorConfigs) Validate 

func (m *AuthenticatorConfigs) Validate() error

Validate checks the field values on AuthenticatorConfigs with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AuthenticatorConfigs) ValidateAll 

func (m *AuthenticatorConfigs) ValidateAll() error

ValidateAll checks the field values on AuthenticatorConfigs with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AuthenticatorConfigsMultiError, or nil if none found.

type AuthenticatorConfigsMultiError 

type AuthenticatorConfigsMultiError []error

AuthenticatorConfigsMultiError is an error wrapping multiple validation errors returned by AuthenticatorConfigs.ValidateAll() if the designated constraints aren't met.

func (AuthenticatorConfigsMultiError) AllErrors 

func (m AuthenticatorConfigsMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AuthenticatorConfigsMultiError) Error 

func (m AuthenticatorConfigsMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type AuthenticatorConfigsValidationError 

type AuthenticatorConfigsValidationError struct {
	// contains filtered or unexported fields
}

AuthenticatorConfigsValidationError is the validation error returned by AuthenticatorConfigs.Validate if the designated constraints aren't met.

func (AuthenticatorConfigsValidationError) Cause 

func (e AuthenticatorConfigsValidationError) Cause() error

Cause function returns cause value.

func (AuthenticatorConfigsValidationError) Error 

func (e AuthenticatorConfigsValidationError) Error() string

Error satisfies the builtin error interface

func (AuthenticatorConfigsValidationError) ErrorName 

func (e AuthenticatorConfigsValidationError) ErrorName() string

ErrorName returns error name.

func (AuthenticatorConfigsValidationError) Field 

func (e AuthenticatorConfigsValidationError) Field() string

Field function returns field value.

func (AuthenticatorConfigsValidationError) Key 

func (e AuthenticatorConfigsValidationError) Key() bool

Key function returns key value.

func (AuthenticatorConfigsValidationError) Reason 

func (e AuthenticatorConfigsValidationError) Reason() string

Reason function returns reason value.

type AuthorizerConfigs 

type AuthorizerConfigs struct {
	Default *string           `protobuf:"bytes,1,opt,name=default,proto3,oneof" json:"default,omitempty"`
	Active  *string           `protobuf:"bytes,2,opt,name=active,proto3,oneof" json:"active,omitempty"`
	Configs []*v11.Authorizer `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthorizerConfigs) Descriptor deprecated 

func (*AuthorizerConfigs) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizerConfigs.ProtoReflect.Descriptor instead.

func (*AuthorizerConfigs) GetActive 

func (x *AuthorizerConfigs) GetActive() string

func (*AuthorizerConfigs) GetConfigs 

func (x *AuthorizerConfigs) GetConfigs() []*v11.Authorizer

func (*AuthorizerConfigs) GetDefault 

func (x *AuthorizerConfigs) GetDefault() string

func (*AuthorizerConfigs) ProtoMessage 

func (*AuthorizerConfigs) ProtoMessage()

func (*AuthorizerConfigs) ProtoReflect 

func (x *AuthorizerConfigs) ProtoReflect() protoreflect.Message

func (*AuthorizerConfigs) Reset 

func (x *AuthorizerConfigs) Reset()

func (*AuthorizerConfigs) String 

func (x *AuthorizerConfigs) String() string

func (*AuthorizerConfigs) Validate 

func (m *AuthorizerConfigs) Validate() error

Validate checks the field values on AuthorizerConfigs with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*AuthorizerConfigs) ValidateAll 

func (m *AuthorizerConfigs) ValidateAll() error

ValidateAll checks the field values on AuthorizerConfigs with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in AuthorizerConfigsMultiError, or nil if none found.

type AuthorizerConfigsMultiError 

type AuthorizerConfigsMultiError []error

AuthorizerConfigsMultiError is an error wrapping multiple validation errors returned by AuthorizerConfigs.ValidateAll() if the designated constraints aren't met.

func (AuthorizerConfigsMultiError) AllErrors 

func (m AuthorizerConfigsMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (AuthorizerConfigsMultiError) Error 

func (m AuthorizerConfigsMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type AuthorizerConfigsValidationError 

type AuthorizerConfigsValidationError struct {
	// contains filtered or unexported fields
}

AuthorizerConfigsValidationError is the validation error returned by AuthorizerConfigs.Validate if the designated constraints aren't met.

func (AuthorizerConfigsValidationError) Cause 

func (e AuthorizerConfigsValidationError) Cause() error

Cause function returns cause value.

func (AuthorizerConfigsValidationError) Error 

func (e AuthorizerConfigsValidationError) Error() string

Error satisfies the builtin error interface

func (AuthorizerConfigsValidationError) ErrorName 

func (e AuthorizerConfigsValidationError) ErrorName() string

ErrorName returns error name.

func (AuthorizerConfigsValidationError) Field 

func (e AuthorizerConfigsValidationError) Field() string

Field function returns field value.

func (AuthorizerConfigsValidationError) Key 

func (e AuthorizerConfigsValidationError) Key() bool

Key function returns key value.

func (AuthorizerConfigsValidationError) Reason 

func (e AuthorizerConfigsValidationError) Reason() string

Reason function returns reason value.

type BearerCredential 

type BearerCredential struct {

	// The token string, without the "Bearer " prefix.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

BearerCredential represents the structured payload for a "Bearer" scheme credential. It is a well-known type intended to be packed into the `google.protobuf.Any` `payload` field of a `CredentialSource` message.

func (*BearerCredential) Descriptor deprecated 

func (*BearerCredential) Descriptor() ([]byte, []int)

Deprecated: Use BearerCredential.ProtoReflect.Descriptor instead.

func (*BearerCredential) GetToken 

func (x *BearerCredential) GetToken() string

func (*BearerCredential) ProtoMessage 

func (*BearerCredential) ProtoMessage()

func (*BearerCredential) ProtoReflect 

func (x *BearerCredential) ProtoReflect() protoreflect.Message

func (*BearerCredential) Reset 

func (x *BearerCredential) Reset()

func (*BearerCredential) String 

func (x *BearerCredential) String() string

func (*BearerCredential) Validate 

func (m *BearerCredential) Validate() error

Validate checks the field values on BearerCredential with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*BearerCredential) ValidateAll 

func (m *BearerCredential) ValidateAll() error

ValidateAll checks the field values on BearerCredential with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in BearerCredentialMultiError, or nil if none found.

type BearerCredentialMultiError 

type BearerCredentialMultiError []error

BearerCredentialMultiError is an error wrapping multiple validation errors returned by BearerCredential.ValidateAll() if the designated constraints aren't met.

func (BearerCredentialMultiError) AllErrors 

func (m BearerCredentialMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (BearerCredentialMultiError) Error 

func (m BearerCredentialMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type BearerCredentialValidationError 

type BearerCredentialValidationError struct {
	// contains filtered or unexported fields
}

BearerCredentialValidationError is the validation error returned by BearerCredential.Validate if the designated constraints aren't met.

func (BearerCredentialValidationError) Cause 

func (e BearerCredentialValidationError) Cause() error

Cause function returns cause value.

func (BearerCredentialValidationError) Error 

func (e BearerCredentialValidationError) Error() string

Error satisfies the builtin error interface

func (BearerCredentialValidationError) ErrorName 

func (e BearerCredentialValidationError) ErrorName() string

ErrorName returns error name.

func (BearerCredentialValidationError) Field 

func (e BearerCredentialValidationError) Field() string

Field function returns field value.

func (BearerCredentialValidationError) Key 

func (e BearerCredentialValidationError) Key() bool

Key function returns key value.

func (BearerCredentialValidationError) Reason 

func (e BearerCredentialValidationError) Reason() string

Reason function returns reason value.

type CredentialResponse 

type CredentialResponse struct {

	// Type indicates the kind of credential being returned, e.g., "jwt", "apikey".
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// Payload contains the structured data of the issued credential.
	Payload *Payload `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
	// Optional metadata to be sent to the client.
	Metadata map[string]*MetaValue `` /* 143-byte string literal not displayed */
	// contains filtered or unexported fields
}

CredentialResponse represents a credential structure intended for transmission to clients (e.g., frontend applications) after a successful authentication or token issuance event.

func (*CredentialResponse) Descriptor deprecated 

func (*CredentialResponse) Descriptor() ([]byte, []int)

Deprecated: Use CredentialResponse.ProtoReflect.Descriptor instead.

func (*CredentialResponse) GetMetadata 

func (x *CredentialResponse) GetMetadata() map[string]*MetaValue

func (*CredentialResponse) GetPayload 

func (x *CredentialResponse) GetPayload() *Payload

func (*CredentialResponse) GetType 

func (x *CredentialResponse) GetType() string

func (*CredentialResponse) ProtoMessage 

func (*CredentialResponse) ProtoMessage()

func (*CredentialResponse) ProtoReflect 

func (x *CredentialResponse) ProtoReflect() protoreflect.Message

func (*CredentialResponse) Reset 

func (x *CredentialResponse) Reset()

func (*CredentialResponse) String 

func (x *CredentialResponse) String() string

func (*CredentialResponse) Validate 

func (m *CredentialResponse) Validate() error

Validate checks the field values on CredentialResponse with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*CredentialResponse) ValidateAll 

func (m *CredentialResponse) ValidateAll() error

ValidateAll checks the field values on CredentialResponse with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in CredentialResponseMultiError, or nil if none found.

type CredentialResponseMultiError 

type CredentialResponseMultiError []error

CredentialResponseMultiError is an error wrapping multiple validation errors returned by CredentialResponse.ValidateAll() if the designated constraints aren't met.

func (CredentialResponseMultiError) AllErrors 

func (m CredentialResponseMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (CredentialResponseMultiError) Error 

func (m CredentialResponseMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type CredentialResponseValidationError 

type CredentialResponseValidationError struct {
	// contains filtered or unexported fields
}

CredentialResponseValidationError is the validation error returned by CredentialResponse.Validate if the designated constraints aren't met.

func (CredentialResponseValidationError) Cause 

func (e CredentialResponseValidationError) Cause() error

Cause function returns cause value.

func (CredentialResponseValidationError) Error 

func (e CredentialResponseValidationError) Error() string

Error satisfies the builtin error interface

func (CredentialResponseValidationError) ErrorName 

func (e CredentialResponseValidationError) ErrorName() string

ErrorName returns error name.

func (CredentialResponseValidationError) Field 

func (e CredentialResponseValidationError) Field() string

Field function returns field value.

func (CredentialResponseValidationError) Key 

func (e CredentialResponseValidationError) Key() bool

Key function returns key value.

func (CredentialResponseValidationError) Reason 

func (e CredentialResponseValidationError) Reason() string

Reason function returns reason value.

type CredentialSource 

type CredentialSource struct {

	// Type indicates the kind of credential, e.g., "bearer", "basic", "apikey".
	// This serves as a hint to the Authenticator on how to interpret the data.
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// Raw contains the original, unmodified credential string extracted from the request
	// (e.g., the full content of the `Authorization` header).
	// This field MUST be treated as the authoritative source of truth by any Authenticator.
	Raw string `protobuf:"bytes,2,opt,name=raw,proto3" json:"raw,omitempty"`
	// Payload serves as an OPTIONAL, pre-parsed cache for the `raw` field to improve
	// ease of use for consumers.
	//
	// Filling Rules:
	// - CredentialExtractor SHOULD identify common credential patterns (e.g., "Bearer <token>")
	//   and pack a corresponding well-known type (e.g., `BearerCredential`) into this field.
	//
	// Usage Rules:
	// - Authenticator SHOULD first attempt to unpack a known type from this field.
	//   If successful, it can use the structured data directly, avoiding reparsing.
	//   If it fails or the field is empty, it MUST fall back to parsing the `raw` field.
	Payload *anypb.Any `protobuf:"bytes,3,opt,name=payload,proto3" json:"payload,omitempty"`
	// Metadata contains additional, non-credential data extracted from the request
	// (e.g., from headers) that may be relevant for authentication/authorization decisions.
	// The CredentialExtractor MUST support configurable mapping from request metadata
	// (e.g., HTTP headers which are map[string][]string) to this field.
	Metadata map[string]*MetaValue `` /* 143-byte string literal not displayed */
	// contains filtered or unexported fields
}

CredentialSource is a generic container for transmitting credential data. It follows a "dumb pipe" philosophy, where it acts as a simple, unopinionated container for the raw credential data extracted from a request. The responsibility of parsing and interpreting the data lies solely with the consumer (the Authenticator).

func (*CredentialSource) Descriptor deprecated 

func (*CredentialSource) Descriptor() ([]byte, []int)

Deprecated: Use CredentialSource.ProtoReflect.Descriptor instead.

func (*CredentialSource) GetMetadata 

func (x *CredentialSource) GetMetadata() map[string]*MetaValue

func (*CredentialSource) GetPayload 

func (x *CredentialSource) GetPayload() *anypb.Any

func (*CredentialSource) GetRaw 

func (x *CredentialSource) GetRaw() string

func (*CredentialSource) GetType 

func (x *CredentialSource) GetType() string

func (*CredentialSource) ProtoMessage 

func (*CredentialSource) ProtoMessage()

func (*CredentialSource) ProtoReflect 

func (x *CredentialSource) ProtoReflect() protoreflect.Message

func (*CredentialSource) Reset 

func (x *CredentialSource) Reset()

func (*CredentialSource) String 

func (x *CredentialSource) String() string

func (*CredentialSource) Validate 

func (m *CredentialSource) Validate() error

Validate checks the field values on CredentialSource with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*CredentialSource) ValidateAll 

func (m *CredentialSource) ValidateAll() error

ValidateAll checks the field values on CredentialSource with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in CredentialSourceMultiError, or nil if none found.

type CredentialSourceMultiError 

type CredentialSourceMultiError []error

CredentialSourceMultiError is an error wrapping multiple validation errors returned by CredentialSource.ValidateAll() if the designated constraints aren't met.

func (CredentialSourceMultiError) AllErrors 

func (m CredentialSourceMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (CredentialSourceMultiError) Error 

func (m CredentialSourceMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type CredentialSourceValidationError 

type CredentialSourceValidationError struct {
	// contains filtered or unexported fields
}

CredentialSourceValidationError is the validation error returned by CredentialSource.Validate if the designated constraints aren't met.

func (CredentialSourceValidationError) Cause 

func (e CredentialSourceValidationError) Cause() error

Cause function returns cause value.

func (CredentialSourceValidationError) Error 

func (e CredentialSourceValidationError) Error() string

Error satisfies the builtin error interface

func (CredentialSourceValidationError) ErrorName 

func (e CredentialSourceValidationError) ErrorName() string

ErrorName returns error name.

func (CredentialSourceValidationError) Field 

func (e CredentialSourceValidationError) Field() string

Field function returns field value.

func (CredentialSourceValidationError) Key 

func (e CredentialSourceValidationError) Key() bool

Key function returns key value.

func (CredentialSourceValidationError) Reason 

func (e CredentialSourceValidationError) Reason() string

Reason function returns reason value.

type MetaValue 

type MetaValue struct {
	Values []string `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
	// contains filtered or unexported fields
}

MetaValue is a wrapper for multi-value metadata entries, designed to losslessly and type-safely represent transport-layer metadata like HTTP headers.

func (*MetaValue) Descriptor deprecated 

func (*MetaValue) Descriptor() ([]byte, []int)

Deprecated: Use MetaValue.ProtoReflect.Descriptor instead.

func (*MetaValue) GetValues 

func (x *MetaValue) GetValues() []string

func (*MetaValue) ProtoMessage 

func (*MetaValue) ProtoMessage()

func (*MetaValue) ProtoReflect 

func (x *MetaValue) ProtoReflect() protoreflect.Message

func (*MetaValue) Reset 

func (x *MetaValue) Reset()

func (*MetaValue) String 

func (x *MetaValue) String() string

func (*MetaValue) Validate 

func (m *MetaValue) Validate() error

Validate checks the field values on MetaValue with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*MetaValue) ValidateAll 

func (m *MetaValue) ValidateAll() error

ValidateAll checks the field values on MetaValue with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in MetaValueMultiError, or nil if none found.

type MetaValueMultiError 

type MetaValueMultiError []error

MetaValueMultiError is an error wrapping multiple validation errors returned by MetaValue.ValidateAll() if the designated constraints aren't met.

func (MetaValueMultiError) AllErrors 

func (m MetaValueMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (MetaValueMultiError) Error 

func (m MetaValueMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type MetaValueValidationError 

type MetaValueValidationError struct {
	// contains filtered or unexported fields
}

MetaValueValidationError is the validation error returned by MetaValue.Validate if the designated constraints aren't met.

func (MetaValueValidationError) Cause 

func (e MetaValueValidationError) Cause() error

Cause function returns cause value.

func (MetaValueValidationError) Error 

func (e MetaValueValidationError) Error() string

Error satisfies the builtin error interface

func (MetaValueValidationError) ErrorName 

func (e MetaValueValidationError) ErrorName() string

ErrorName returns error name.

func (MetaValueValidationError) Field 

func (e MetaValueValidationError) Field() string

Field function returns field value.

func (MetaValueValidationError) Key 

func (e MetaValueValidationError) Key() bool

Key function returns key value.

func (MetaValueValidationError) Reason 

func (e MetaValueValidationError) Reason() string

Reason function returns reason value.

type Payload 

type Payload struct {

	// Basic authentication credential.
	Basic *v1.BasicCredential `protobuf:"bytes,10,opt,name=basic,proto3,oneof" json:"basic,omitempty"`
	// API Key or Preshared Key credential.
	Key *v11.KeyCredential `protobuf:"bytes,11,opt,name=key,proto3,oneof" json:"key,omitempty"`
	// OIDC credential.
	Oidc *v12.OidcCredential `protobuf:"bytes,12,opt,name=oidc,proto3,oneof" json:"oidc,omitempty"`
	// Token-based credential (JWT, OAuth2).
	// IMPORTANT: This structure is designed for OUTPUT (e.g., in CredentialResponse)
	// after a token has been successfully issued.
	Token *TokenCredential `protobuf:"bytes,13,opt,name=token,proto3,oneof" json:"token,omitempty"`
	// Raw serialized data for unsupported credential types.
	RawData *string `protobuf:"bytes,14,opt,name=raw_data,json=rawData,proto3,oneof" json:"raw_data,omitempty"`
	// contains filtered or unexported fields
}

Payload is a union of structured credential types, primarily for use in CredentialResponse.

func (*Payload) Descriptor deprecated 

func (*Payload) Descriptor() ([]byte, []int)

Deprecated: Use Payload.ProtoReflect.Descriptor instead.

func (*Payload) GetBasic 

func (x *Payload) GetBasic() *v1.BasicCredential

func (*Payload) GetKey 

func (x *Payload) GetKey() *v11.KeyCredential

func (*Payload) GetOidc 

func (x *Payload) GetOidc() *v12.OidcCredential

func (*Payload) GetRawData 

func (x *Payload) GetRawData() string

func (*Payload) GetToken 

func (x *Payload) GetToken() *TokenCredential

func (*Payload) ProtoMessage 

func (*Payload) ProtoMessage()

func (*Payload) ProtoReflect 

func (x *Payload) ProtoReflect() protoreflect.Message

func (*Payload) Reset 

func (x *Payload) Reset()

func (*Payload) String 

func (x *Payload) String() string

func (*Payload) Validate 

func (m *Payload) Validate() error

Validate checks the field values on Payload with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Payload) ValidateAll 

func (m *Payload) ValidateAll() error

ValidateAll checks the field values on Payload with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in PayloadMultiError, or nil if none found.

type PayloadMultiError 

type PayloadMultiError []error

PayloadMultiError is an error wrapping multiple validation errors returned by Payload.ValidateAll() if the designated constraints aren't met.

func (PayloadMultiError) AllErrors 

func (m PayloadMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (PayloadMultiError) Error 

func (m PayloadMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type PayloadValidationError 

type PayloadValidationError struct {
	// contains filtered or unexported fields
}

PayloadValidationError is the validation error returned by Payload.Validate if the designated constraints aren't met.

func (PayloadValidationError) Cause 

func (e PayloadValidationError) Cause() error

Cause function returns cause value.

func (PayloadValidationError) Error 

func (e PayloadValidationError) Error() string

Error satisfies the builtin error interface

func (PayloadValidationError) ErrorName 

func (e PayloadValidationError) ErrorName() string

ErrorName returns error name.

func (PayloadValidationError) Field 

func (e PayloadValidationError) Field() string

Field function returns field value.

func (PayloadValidationError) Key 

func (e PayloadValidationError) Key() bool

Key function returns key value.

func (PayloadValidationError) Reason 

func (e PayloadValidationError) Reason() string

Reason function returns reason value.

type Principal 

type Principal struct {

	// The unique identifier for the principal (e.g., user ID, service account name).
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// The domain associated with the principal.
	// This is often used in multi-tenant or multi-project environments.
	Domain string `protobuf:"bytes,2,opt,name=domain,proto3" json:"domain,omitempty"`
	// A list of roles assigned to the principal.
	Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
	// A list of permissions assigned to the principal.
	Permissions []string `protobuf:"bytes,4,rep,name=permissions,proto3" json:"permissions,omitempty"`
	// A map of scopes assigned to the principal.
	Scopes map[string]bool `` /* 140-byte string literal not displayed */
	// A map of standardized, type-safe claims associated with the principal.
	// Using google.protobuf.Value allows for flexible, JSON-like claims,
	// with robust Go helper functions in the structpb package.
	Claims map[string]*structpb.Value `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

Principal represents the authenticated identity of a user or service. It serves as a standardized data transfer object for security context, carrying identity, roles, and various claims across service boundaries.

func (*Principal) Descriptor deprecated 

func (*Principal) Descriptor() ([]byte, []int)

Deprecated: Use Principal.ProtoReflect.Descriptor instead.

func (*Principal) GetClaims 

func (x *Principal) GetClaims() map[string]*structpb.Value

func (*Principal) GetDomain 

func (x *Principal) GetDomain() string

func (*Principal) GetId 

func (x *Principal) GetId() string

func (*Principal) GetPermissions 

func (x *Principal) GetPermissions() []string

func (*Principal) GetRoles 

func (x *Principal) GetRoles() []string

func (*Principal) GetScopes 

func (x *Principal) GetScopes() map[string]bool

func (*Principal) ProtoMessage 

func (*Principal) ProtoMessage()

func (*Principal) ProtoReflect 

func (x *Principal) ProtoReflect() protoreflect.Message

func (*Principal) Reset 

func (x *Principal) Reset()

func (*Principal) String 

func (x *Principal) String() string

func (*Principal) Validate 

func (m *Principal) Validate() error

Validate checks the field values on Principal with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Principal) ValidateAll 

func (m *Principal) ValidateAll() error

ValidateAll checks the field values on Principal with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in PrincipalMultiError, or nil if none found.

type PrincipalMultiError 

type PrincipalMultiError []error

PrincipalMultiError is an error wrapping multiple validation errors returned by Principal.ValidateAll() if the designated constraints aren't met.

func (PrincipalMultiError) AllErrors 

func (m PrincipalMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (PrincipalMultiError) Error 

func (m PrincipalMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type PrincipalValidationError 

type PrincipalValidationError struct {
	// contains filtered or unexported fields
}

PrincipalValidationError is the validation error returned by Principal.Validate if the designated constraints aren't met.

func (PrincipalValidationError) Cause 

func (e PrincipalValidationError) Cause() error

Cause function returns cause value.

func (PrincipalValidationError) Error 

func (e PrincipalValidationError) Error() string

Error satisfies the builtin error interface

func (PrincipalValidationError) ErrorName 

func (e PrincipalValidationError) ErrorName() string

ErrorName returns error name.

func (PrincipalValidationError) Field 

func (e PrincipalValidationError) Field() string

Field function returns field value.

func (PrincipalValidationError) Key 

func (e PrincipalValidationError) Key() bool

Key function returns key value.

func (PrincipalValidationError) Reason 

func (e PrincipalValidationError) Reason() string

Reason function returns reason value.

type Security 

type Security struct {

	// List of authentication configurations.
	Authn *AuthenticatorConfigs `protobuf:"bytes,1,opt,name=authn,proto3" json:"authn,omitempty"`
	// List of authorization configurations.
	Authz *AuthorizerConfigs `protobuf:"bytes,2,opt,name=authz,proto3" json:"authz,omitempty"`
	// List of transport layer security (TLS) configurations.
	TransportSecurity *TransportSecurityConfigs `protobuf:"bytes,3,opt,name=transport_security,proto3" json:"transport_security,omitempty"`
	// contains filtered or unexported fields
}

Security defines the top-level configuration for all security-related components.

func (*Security) Descriptor deprecated 

func (*Security) Descriptor() ([]byte, []int)

Deprecated: Use Security.ProtoReflect.Descriptor instead.

func (*Security) GetAuthn 

func (x *Security) GetAuthn() *AuthenticatorConfigs

func (*Security) GetAuthz 

func (x *Security) GetAuthz() *AuthorizerConfigs

func (*Security) GetTransportSecurity 

func (x *Security) GetTransportSecurity() *TransportSecurityConfigs

func (*Security) ProtoMessage 

func (*Security) ProtoMessage()

func (*Security) ProtoReflect 

func (x *Security) ProtoReflect() protoreflect.Message

func (*Security) Reset 

func (x *Security) Reset()

func (*Security) String 

func (x *Security) String() string

func (*Security) Validate 

func (m *Security) Validate() error

Validate checks the field values on Security with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Security) ValidateAll 

func (m *Security) ValidateAll() error

ValidateAll checks the field values on Security with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in SecurityMultiError, or nil if none found.

type SecurityErrorReason 

type SecurityErrorReason int32

SecurityErrorReason defines the application's specific security error codes. These codes supplement the common error codes and provide more specific details for authentication and authorization failures. The naming convention follows SUBJECT_MODIFIER format. 

const (
	// The default, unspecified reason. This is required by proto3 syntax.
	SecurityErrorReason_SECURITY_ERROR_REASON_UNSPECIFIED SecurityErrorReason = 0
	// The provided credentials (e.g., username/password) are invalid.
	SecurityErrorReason_CREDENTIALS_INVALID SecurityErrorReason = 1002
	// The authentication token has expired.
	SecurityErrorReason_TOKEN_EXPIRED SecurityErrorReason = 1003
	// The authentication token is malformed or invalid.
	SecurityErrorReason_TOKEN_INVALID SecurityErrorReason = 1004
	// The authentication token is missing from the request.
	SecurityErrorReason_TOKEN_MISSING SecurityErrorReason = 1005
	// The claims within the token are invalid.
	SecurityErrorReason_CLAIMS_INVALID SecurityErrorReason = 1006
	// The bearer token is specifically invalid or malformed.
	SecurityErrorReason_BEARER_TOKEN_INVALID SecurityErrorReason = 1007
	// The signing method used in the token is not supported.
	SecurityErrorReason_SIGNING_METHOD_UNSUPPORTED SecurityErrorReason = 1008
	// Failed to sign a new token.
	SecurityErrorReason_TOKEN_SIGN_FAILED SecurityErrorReason = 1009
	// The user is authenticated but does not have permission for the specific resource or action.
	SecurityErrorReason_PERMISSION_DENIED SecurityErrorReason = 2000
)

func (SecurityErrorReason) Descriptor 

func (SecurityErrorReason) Descriptor() protoreflect.EnumDescriptor

func (SecurityErrorReason) Enum 

func (x SecurityErrorReason) Enum() *SecurityErrorReason

func (SecurityErrorReason) EnumDescriptor deprecated 

func (SecurityErrorReason) EnumDescriptor() ([]byte, []int)

Deprecated: Use SecurityErrorReason.Descriptor instead.

func (SecurityErrorReason) Number 

func (x SecurityErrorReason) Number() protoreflect.EnumNumber

func (SecurityErrorReason) String 

func (x SecurityErrorReason) String() string

func (SecurityErrorReason) Type 

func (SecurityErrorReason) Type() protoreflect.EnumType

type SecurityMultiError 

type SecurityMultiError []error

SecurityMultiError is an error wrapping multiple validation errors returned by Security.ValidateAll() if the designated constraints aren't met.

func (SecurityMultiError) AllErrors 

func (m SecurityMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (SecurityMultiError) Error 

func (m SecurityMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type SecurityValidationError 

type SecurityValidationError struct {
	// contains filtered or unexported fields
}

SecurityValidationError is the validation error returned by Security.Validate if the designated constraints aren't met.

func (SecurityValidationError) Cause 

func (e SecurityValidationError) Cause() error

Cause function returns cause value.

func (SecurityValidationError) Error 

func (e SecurityValidationError) Error() string

Error satisfies the builtin error interface

func (SecurityValidationError) ErrorName 

func (e SecurityValidationError) ErrorName() string

ErrorName returns error name.

func (SecurityValidationError) Field 

func (e SecurityValidationError) Field() string

Field function returns field value.

func (SecurityValidationError) Key 

func (e SecurityValidationError) Key() bool

Key function returns key value.

func (SecurityValidationError) Reason 

func (e SecurityValidationError) Reason() string

Reason function returns reason value.

type TokenCredential 

type TokenCredential struct {

	// The access token used for authentication.
	AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	// The refresh token used to obtain a new access token.
	RefreshToken string `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
	// The remaining lifetime of the access token in seconds.
	ExpiresIn int64 `protobuf:"varint,3,opt,name=expires_in,json=expiresIn,proto3" json:"expires_in,omitempty"`
	// The type of the token, typically "Bearer".
	TokenType string `protobuf:"bytes,4,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"`
	// contains filtered or unexported fields
}

TokenCredential holds the credentials for token-based authentication flows like OAuth2 and JWT.

IMPORTANT: This message represents the full set of tokens typically returned from a token issuance endpoint (e.g., /login). It is designed for use in CredentialResponse.

func (*TokenCredential) Descriptor deprecated 

func (*TokenCredential) Descriptor() ([]byte, []int)

Deprecated: Use TokenCredential.ProtoReflect.Descriptor instead.

func (*TokenCredential) GetAccessToken 

func (x *TokenCredential) GetAccessToken() string

func (*TokenCredential) GetExpiresIn 

func (x *TokenCredential) GetExpiresIn() int64

func (*TokenCredential) GetRefreshToken 

func (x *TokenCredential) GetRefreshToken() string

func (*TokenCredential) GetTokenType 

func (x *TokenCredential) GetTokenType() string

func (*TokenCredential) ProtoMessage 

func (*TokenCredential) ProtoMessage()

func (*TokenCredential) ProtoReflect 

func (x *TokenCredential) ProtoReflect() protoreflect.Message

func (*TokenCredential) Reset 

func (x *TokenCredential) Reset()

func (*TokenCredential) String 

func (x *TokenCredential) String() string

func (*TokenCredential) Validate 

func (m *TokenCredential) Validate() error

Validate checks the field values on TokenCredential with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*TokenCredential) ValidateAll 

func (m *TokenCredential) ValidateAll() error

ValidateAll checks the field values on TokenCredential with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in TokenCredentialMultiError, or nil if none found.

type TokenCredentialMultiError 

type TokenCredentialMultiError []error

TokenCredentialMultiError is an error wrapping multiple validation errors returned by TokenCredential.ValidateAll() if the designated constraints aren't met.

func (TokenCredentialMultiError) AllErrors 

func (m TokenCredentialMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (TokenCredentialMultiError) Error 

func (m TokenCredentialMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type TokenCredentialValidationError 

type TokenCredentialValidationError struct {
	// contains filtered or unexported fields
}

TokenCredentialValidationError is the validation error returned by TokenCredential.Validate if the designated constraints aren't met.

func (TokenCredentialValidationError) Cause 

func (e TokenCredentialValidationError) Cause() error

Cause function returns cause value.

func (TokenCredentialValidationError) Error 

func (e TokenCredentialValidationError) Error() string

Error satisfies the builtin error interface

func (TokenCredentialValidationError) ErrorName 

func (e TokenCredentialValidationError) ErrorName() string

ErrorName returns error name.

func (TokenCredentialValidationError) Field 

func (e TokenCredentialValidationError) Field() string

Field function returns field value.

func (TokenCredentialValidationError) Key 

func (e TokenCredentialValidationError) Key() bool

Key function returns key value.

func (TokenCredentialValidationError) Reason 

func (e TokenCredentialValidationError) Reason() string

Reason function returns reason value.

type TransportSecurityConfigs 

type TransportSecurityConfigs struct {
	Default *string          `protobuf:"bytes,1,opt,name=default,proto3,oneof" json:"default,omitempty"`
	Active  *string          `protobuf:"bytes,2,opt,name=active,proto3,oneof" json:"active,omitempty"`
	Configs []*v12.TLSConfig `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"`
	// contains filtered or unexported fields
}

func (*TransportSecurityConfigs) Descriptor deprecated 

func (*TransportSecurityConfigs) Descriptor() ([]byte, []int)

Deprecated: Use TransportSecurityConfigs.ProtoReflect.Descriptor instead.

func (*TransportSecurityConfigs) GetActive 

func (x *TransportSecurityConfigs) GetActive() string

func (*TransportSecurityConfigs) GetConfigs 

func (x *TransportSecurityConfigs) GetConfigs() []*v12.TLSConfig

func (*TransportSecurityConfigs) GetDefault 

func (x *TransportSecurityConfigs) GetDefault() string

func (*TransportSecurityConfigs) ProtoMessage 

func (*TransportSecurityConfigs) ProtoMessage()

func (*TransportSecurityConfigs) ProtoReflect 

func (x *TransportSecurityConfigs) ProtoReflect() protoreflect.Message

func (*TransportSecurityConfigs) Reset 

func (x *TransportSecurityConfigs) Reset()

func (*TransportSecurityConfigs) String 

func (x *TransportSecurityConfigs) String() string

func (*TransportSecurityConfigs) Validate 

func (m *TransportSecurityConfigs) Validate() error

Validate checks the field values on TransportSecurityConfigs with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*TransportSecurityConfigs) ValidateAll 

func (m *TransportSecurityConfigs) ValidateAll() error

ValidateAll checks the field values on TransportSecurityConfigs with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in TransportSecurityConfigsMultiError, or nil if none found.

type TransportSecurityConfigsMultiError 

type TransportSecurityConfigsMultiError []error

TransportSecurityConfigsMultiError is an error wrapping multiple validation errors returned by TransportSecurityConfigs.ValidateAll() if the designated constraints aren't met.

func (TransportSecurityConfigsMultiError) AllErrors 

func (m TransportSecurityConfigsMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (TransportSecurityConfigsMultiError) Error 

func (m TransportSecurityConfigsMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type TransportSecurityConfigsValidationError 

type TransportSecurityConfigsValidationError struct {
	// contains filtered or unexported fields
}

TransportSecurityConfigsValidationError is the validation error returned by TransportSecurityConfigs.Validate if the designated constraints aren't met.

func (TransportSecurityConfigsValidationError) Cause 

func (e TransportSecurityConfigsValidationError) Cause() error

Cause function returns cause value.

func (TransportSecurityConfigsValidationError) Error 

func (e TransportSecurityConfigsValidationError) Error() string

Error satisfies the builtin error interface

func (TransportSecurityConfigsValidationError) ErrorName 

func (e TransportSecurityConfigsValidationError) ErrorName() string

ErrorName returns error name.

func (TransportSecurityConfigsValidationError) Field 

func (e TransportSecurityConfigsValidationError) Field() string

Field function returns field value.

func (TransportSecurityConfigsValidationError) Key 

func (e TransportSecurityConfigsValidationError) Key() bool

Key function returns key value.

func (TransportSecurityConfigsValidationError) Reason 

func (e TransportSecurityConfigsValidationError) Reason() string

Reason function returns reason value.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.