v2alpha

package
v0.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2018 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidLengthExtAuthz = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowExtAuthz   = fmt.Errorf("proto: integer overflow")
)

Functions

This section is empty.

Types

type CheckSettings added in v0.6.3 

type CheckSettings struct {
	// Context extensions to set on the CheckRequest's
	// :ref:`AttributeContext.context_extensions<envoy_api_field_service.auth.v2alpha.AttributeContext.context_extensions>`
	//
	// Merge semantics for this field are such that keys from more specific configs override.
	//
	// .. note::
	//
	//   These settings are only applied to a filter configured with a
	//   :ref:`grpc_service<envoy_api_field_config.filter.http.ext_authz.v2alpha.ExtAuthz.grpc_service>`.
	ContextExtensions    map[string]string `` /* 193-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

Extra settings for the check request. You can use this to provide extra context for the ext-authz server on specific virtual hosts \ routes. For example, adding a context extension on the virtual host level can give the ext-authz server information on what virtual host is used without needing to parse the host header. If CheckSettings is specified in multiple per-filter-configs, they will be merged in order, and the result will be be used.

func (*CheckSettings) Descriptor added in v0.6.3 

func (*CheckSettings) Descriptor() ([]byte, []int)

func (*CheckSettings) GetContextExtensions added in v0.6.3 

func (m *CheckSettings) GetContextExtensions() map[string]string

func (*CheckSettings) Marshal added in v0.6.3 

func (m *CheckSettings) Marshal() (dAtA []byte, err error)

func (*CheckSettings) MarshalTo added in v0.6.3 

func (m *CheckSettings) MarshalTo(dAtA []byte) (int, error)

func (*CheckSettings) ProtoMessage added in v0.6.3 

func (*CheckSettings) ProtoMessage()

func (*CheckSettings) Reset added in v0.6.3 

func (m *CheckSettings) Reset()

func (*CheckSettings) Size added in v0.6.3 

func (m *CheckSettings) Size() (n int)

func (*CheckSettings) String added in v0.6.3 

func (m *CheckSettings) String() string

func (*CheckSettings) Unmarshal added in v0.6.3 

func (m *CheckSettings) Unmarshal(dAtA []byte) error

func (*CheckSettings) Validate added in v0.6.3 

func (m *CheckSettings) Validate() error

Validate checks the field values on CheckSettings with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*CheckSettings) XXX_DiscardUnknown added in v0.6.3 

func (m *CheckSettings) XXX_DiscardUnknown()

func (*CheckSettings) XXX_Marshal added in v0.6.3 

func (m *CheckSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CheckSettings) XXX_Merge added in v0.6.3 

func (dst *CheckSettings) XXX_Merge(src proto.Message)

func (*CheckSettings) XXX_Size added in v0.6.3 

func (m *CheckSettings) XXX_Size() int

func (*CheckSettings) XXX_Unmarshal added in v0.6.3 

func (m *CheckSettings) XXX_Unmarshal(b []byte) error

type CheckSettingsValidationError added in v0.6.3 

type CheckSettingsValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

CheckSettingsValidationError is the validation error returned by CheckSettings.Validate if the designated constraints aren't met.

func (CheckSettingsValidationError) Error added in v0.6.3 

func (e CheckSettingsValidationError) Error() string

Error satisfies the builtin error interface

type ExtAuthz 

type ExtAuthz struct {
	// Types that are valid to be assigned to Services:
	//	*ExtAuthz_GrpcService
	//	*ExtAuthz_HttpService
	Services isExtAuthz_Services `protobuf_oneof:"services"`
	// The filter's behaviour in case the external authorization service does
	// not respond back. When set to true, Envoy will also allow traffic in cases when
	// an error occurs during the authorization process.
	// Defaults to false.
	FailureModeAllow     bool     `protobuf:"varint,2,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

External Authorization filter calls out to an external service over either:

  1. gRPC Authorization API defined by :ref:`CheckRequest <envoy_api_msg_service.auth.v2alpha.CheckRequest>`.
  2. Raw HTTP Authorization server by passing the request headers to the service.

A failed check will cause this filter to close the HTTP request normally with 403 (Forbidden), unless a different status code has been indicated in the authorization response.

func (*ExtAuthz) Descriptor 

func (*ExtAuthz) Descriptor() ([]byte, []int)

func (*ExtAuthz) GetFailureModeAllow 

func (m *ExtAuthz) GetFailureModeAllow() bool

func (*ExtAuthz) GetGrpcService 

func (m *ExtAuthz) GetGrpcService() *core.GrpcService

func (*ExtAuthz) GetHttpService 

func (m *ExtAuthz) GetHttpService() *HttpService

func (*ExtAuthz) GetServices 

func (m *ExtAuthz) GetServices() isExtAuthz_Services

func (*ExtAuthz) Marshal 

func (m *ExtAuthz) Marshal() (dAtA []byte, err error)

func (*ExtAuthz) MarshalTo 

func (m *ExtAuthz) MarshalTo(dAtA []byte) (int, error)

func (*ExtAuthz) ProtoMessage 

func (*ExtAuthz) ProtoMessage()

func (*ExtAuthz) Reset 

func (m *ExtAuthz) Reset()

func (*ExtAuthz) Size 

func (m *ExtAuthz) Size() (n int)

func (*ExtAuthz) String 

func (m *ExtAuthz) String() string

func (*ExtAuthz) Unmarshal 

func (m *ExtAuthz) Unmarshal(dAtA []byte) error

func (*ExtAuthz) Validate 

func (m *ExtAuthz) Validate() error

Validate checks the field values on ExtAuthz with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*ExtAuthz) XXX_DiscardUnknown 

func (m *ExtAuthz) XXX_DiscardUnknown()

func (*ExtAuthz) XXX_Marshal 

func (m *ExtAuthz) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthz) XXX_Merge 

func (dst *ExtAuthz) XXX_Merge(src proto.Message)

func (*ExtAuthz) XXX_OneofFuncs 

func (*ExtAuthz) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*ExtAuthz) XXX_Size 

func (m *ExtAuthz) XXX_Size() int

func (*ExtAuthz) XXX_Unmarshal 

func (m *ExtAuthz) XXX_Unmarshal(b []byte) error

type ExtAuthzPerRoute added in v0.6.3 

type ExtAuthzPerRoute struct {
	// Types that are valid to be assigned to Override:
	//	*ExtAuthzPerRoute_Disabled
	//	*ExtAuthzPerRoute_CheckSettings
	Override             isExtAuthzPerRoute_Override `protobuf_oneof:"override"`
	XXX_NoUnkeyedLiteral struct{}                    `json:"-"`
	XXX_unrecognized     []byte                      `json:"-"`
	XXX_sizecache        int32                       `json:"-"`
}

Extra settings on a per virtualhost/route/weighter-cluster level.

func (*ExtAuthzPerRoute) Descriptor added in v0.6.3 

func (*ExtAuthzPerRoute) Descriptor() ([]byte, []int)

func (*ExtAuthzPerRoute) GetCheckSettings added in v0.6.3 

func (m *ExtAuthzPerRoute) GetCheckSettings() *CheckSettings

func (*ExtAuthzPerRoute) GetDisabled added in v0.6.3 

func (m *ExtAuthzPerRoute) GetDisabled() bool

func (*ExtAuthzPerRoute) GetOverride added in v0.6.3 

func (m *ExtAuthzPerRoute) GetOverride() isExtAuthzPerRoute_Override

func (*ExtAuthzPerRoute) Marshal added in v0.6.3 

func (m *ExtAuthzPerRoute) Marshal() (dAtA []byte, err error)

func (*ExtAuthzPerRoute) MarshalTo added in v0.6.3 

func (m *ExtAuthzPerRoute) MarshalTo(dAtA []byte) (int, error)

func (*ExtAuthzPerRoute) ProtoMessage added in v0.6.3 

func (*ExtAuthzPerRoute) ProtoMessage()

func (*ExtAuthzPerRoute) Reset added in v0.6.3 

func (m *ExtAuthzPerRoute) Reset()

func (*ExtAuthzPerRoute) Size added in v0.6.3 

func (m *ExtAuthzPerRoute) Size() (n int)

func (*ExtAuthzPerRoute) String added in v0.6.3 

func (m *ExtAuthzPerRoute) String() string

func (*ExtAuthzPerRoute) Unmarshal added in v0.6.3 

func (m *ExtAuthzPerRoute) Unmarshal(dAtA []byte) error

func (*ExtAuthzPerRoute) Validate added in v0.6.3 

func (m *ExtAuthzPerRoute) Validate() error

Validate checks the field values on ExtAuthzPerRoute with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*ExtAuthzPerRoute) XXX_DiscardUnknown added in v0.6.3 

func (m *ExtAuthzPerRoute) XXX_DiscardUnknown()

func (*ExtAuthzPerRoute) XXX_Marshal added in v0.6.3 

func (m *ExtAuthzPerRoute) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtAuthzPerRoute) XXX_Merge added in v0.6.3 

func (dst *ExtAuthzPerRoute) XXX_Merge(src proto.Message)

func (*ExtAuthzPerRoute) XXX_OneofFuncs added in v0.6.3 

func (*ExtAuthzPerRoute) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*ExtAuthzPerRoute) XXX_Size added in v0.6.3 

func (m *ExtAuthzPerRoute) XXX_Size() int

func (*ExtAuthzPerRoute) XXX_Unmarshal added in v0.6.3 

func (m *ExtAuthzPerRoute) XXX_Unmarshal(b []byte) error

type ExtAuthzPerRouteValidationError added in v0.6.3 

type ExtAuthzPerRouteValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

ExtAuthzPerRouteValidationError is the validation error returned by ExtAuthzPerRoute.Validate if the designated constraints aren't met.

func (ExtAuthzPerRouteValidationError) Error added in v0.6.3 

func (e ExtAuthzPerRouteValidationError) Error() string

Error satisfies the builtin error interface

type ExtAuthzPerRoute_CheckSettings added in v0.6.3 

type ExtAuthzPerRoute_CheckSettings struct {
	CheckSettings *CheckSettings `protobuf:"bytes,2,opt,name=check_settings,json=checkSettings,oneof"`
}

func (*ExtAuthzPerRoute_CheckSettings) MarshalTo added in v0.6.3 

func (m *ExtAuthzPerRoute_CheckSettings) MarshalTo(dAtA []byte) (int, error)

func (*ExtAuthzPerRoute_CheckSettings) Size added in v0.6.3 

func (m *ExtAuthzPerRoute_CheckSettings) Size() (n int)

type ExtAuthzPerRoute_Disabled added in v0.6.3 

type ExtAuthzPerRoute_Disabled struct {
	Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3,oneof"`
}

func (*ExtAuthzPerRoute_Disabled) MarshalTo added in v0.6.3 

func (m *ExtAuthzPerRoute_Disabled) MarshalTo(dAtA []byte) (int, error)

func (*ExtAuthzPerRoute_Disabled) Size added in v0.6.3 

func (m *ExtAuthzPerRoute_Disabled) Size() (n int)

type ExtAuthzValidationError 

type ExtAuthzValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

ExtAuthzValidationError is the validation error returned by ExtAuthz.Validate if the designated constraints aren't met.

func (ExtAuthzValidationError) Error 

func (e ExtAuthzValidationError) Error() string

Error satisfies the builtin error interface

type ExtAuthz_GrpcService 

type ExtAuthz_GrpcService struct {
	GrpcService *core.GrpcService `protobuf:"bytes,1,opt,name=grpc_service,json=grpcService,oneof"`
}

func (*ExtAuthz_GrpcService) MarshalTo 

func (m *ExtAuthz_GrpcService) MarshalTo(dAtA []byte) (int, error)

func (*ExtAuthz_GrpcService) Size 

func (m *ExtAuthz_GrpcService) Size() (n int)

type ExtAuthz_HttpService 

type ExtAuthz_HttpService struct {
	HttpService *HttpService `protobuf:"bytes,3,opt,name=http_service,json=httpService,oneof"`
}

func (*ExtAuthz_HttpService) MarshalTo 

func (m *ExtAuthz_HttpService) MarshalTo(dAtA []byte) (int, error)

func (*ExtAuthz_HttpService) Size 

func (m *ExtAuthz_HttpService) Size() (n int)

type HttpService 

type HttpService struct {
	// Sets the HTTP server URI which the authorization requests must be sent to.
	ServerUri *core.HttpUri `protobuf:"bytes,1,opt,name=server_uri,json=serverUri" json:"server_uri,omitempty"`
	// Sets an optional prefix to the value of authorization request header *Path*.
	PathPrefix string `protobuf:"bytes,2,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	// Sets a list of headers that can be sent from the authorization server to the upstream service,
	// or to the downstream client when present in the authorization response. Note that a matched
	// request header will have its value overridden by the ones sent from the authorization server.
	AllowedAuthorizationHeaders []string `` /* 137-byte string literal not displayed */
	// Sets a list of headers that should be sent *from the filter* to the authorization server
	// when they are also present in the client request. Note that *Content-Length*, *Authority*,
	// *Method* and *Path* are always dispatched to the authorization server by default. The message
	// will not contain body data and the *Content-Length* will be set to zero.
	AllowedRequestHeaders []string `protobuf:"bytes,5,rep,name=allowed_request_headers,json=allowedRequestHeaders" json:"allowed_request_headers,omitempty"`
	// Sets a list of headers and their values that will be added to the request to external
	// authorization server. Note that these will override the headers coming from the downstream.
	AuthorizationHeadersToAdd []*core.HeaderValue `` /* 133-byte string literal not displayed */
	XXX_NoUnkeyedLiteral      struct{}            `json:"-"`
	XXX_unrecognized          []byte              `json:"-"`
	XXX_sizecache             int32               `json:"-"`
}

External Authorization filter calls out to an upstream authorization server by passing the raw HTTP request headers to the server. This allows the authorization service to take a decision whether the request is authorized or not.

A successful check allows the authorization service adding or overriding headers from the original request before dispatching it to the upstream. This is done by configuring which headers in the authorization response should be sent to the upstream. See *allowed_authorization_headers* below.

A failed check will cause this filter to close the HTTP request with 403 (Forbidden), unless a different status code has been indicated by the authorization server via response headers.

If an error happens during the checking process, two situations may occur depending on the filter's configuration:

  1. When *failure_mode_allow* is true, traffic will be allowed in the presence of an error. This includes any of the HTTP 5xx errors, or a communication failure between the filter and the authorization server.
  2. When *failure_mode_allow* is false, the filter will *always* return a *Forbidden response* to the client. It will *not allow* traffic to the upstream in the presence of an error. This includes any of the HTTP 5xx errors, or a communication failure between the filter and the authorization server.

Note that filter will produce stats on error. See *Statistics* at :ref:`configuration overview <config_http_filters_ext_authz>`.

func (*HttpService) Descriptor 

func (*HttpService) Descriptor() ([]byte, []int)

func (*HttpService) GetAllowedAuthorizationHeaders 

func (m *HttpService) GetAllowedAuthorizationHeaders() []string

func (*HttpService) GetAllowedRequestHeaders 

func (m *HttpService) GetAllowedRequestHeaders() []string

func (*HttpService) GetAuthorizationHeadersToAdd added in v0.6.0 

func (m *HttpService) GetAuthorizationHeadersToAdd() []*core.HeaderValue

func (*HttpService) GetPathPrefix 

func (m *HttpService) GetPathPrefix() string

func (*HttpService) GetServerUri 

func (m *HttpService) GetServerUri() *core.HttpUri

func (*HttpService) Marshal 

func (m *HttpService) Marshal() (dAtA []byte, err error)

func (*HttpService) MarshalTo 

func (m *HttpService) MarshalTo(dAtA []byte) (int, error)

func (*HttpService) ProtoMessage 

func (*HttpService) ProtoMessage()

func (*HttpService) Reset 

func (m *HttpService) Reset()

func (*HttpService) Size 

func (m *HttpService) Size() (n int)

func (*HttpService) String 

func (m *HttpService) String() string

func (*HttpService) Unmarshal 

func (m *HttpService) Unmarshal(dAtA []byte) error

func (*HttpService) Validate 

func (m *HttpService) Validate() error

Validate checks the field values on HttpService with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*HttpService) XXX_DiscardUnknown 

func (m *HttpService) XXX_DiscardUnknown()

func (*HttpService) XXX_Marshal 

func (m *HttpService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpService) XXX_Merge 

func (dst *HttpService) XXX_Merge(src proto.Message)

func (*HttpService) XXX_Size 

func (m *HttpService) XXX_Size() int

func (*HttpService) XXX_Unmarshal 

func (m *HttpService) XXX_Unmarshal(b []byte) error

type HttpServiceValidationError 

type HttpServiceValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

HttpServiceValidationError is the validation error returned by HttpService.Validate if the designated constraints aren't met.

func (HttpServiceValidationError) Error 

func (e HttpServiceValidationError) Error() string

Error satisfies the builtin error interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.