v2alpha1

package
v1.21.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: Apache-2.0 Imports: 5 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_envoy_config_filter_http_jwt_auth_v2alpha1_config_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type DataSource 

type DataSource struct {

	// Types that are assignable to Specifier:
	//
	//	*DataSource_Filename
	//	*DataSource_InlineBytes
	//	*DataSource_InlineString
	Specifier isDataSource_Specifier `protobuf_oneof:"specifier"`
	// contains filtered or unexported fields
}

Copied from @envoy/api/envoy/api/v2/core/base.proto Data source consisting of either a file or an inline value.

func (*DataSource) Descriptor deprecated 

func (*DataSource) Descriptor() ([]byte, []int)

Deprecated: Use DataSource.ProtoReflect.Descriptor instead.

func (*DataSource) GetFilename 

func (x *DataSource) GetFilename() string

func (*DataSource) GetInlineBytes 

func (x *DataSource) GetInlineBytes() []byte

func (*DataSource) GetInlineString 

func (x *DataSource) GetInlineString() string

func (*DataSource) GetSpecifier 

func (m *DataSource) GetSpecifier() isDataSource_Specifier

func (*DataSource) ProtoMessage 

func (*DataSource) ProtoMessage()

func (*DataSource) ProtoReflect 

func (x *DataSource) ProtoReflect() protoreflect.Message

func (*DataSource) Reset 

func (x *DataSource) Reset()

func (*DataSource) String 

func (x *DataSource) String() string

type DataSource_Filename 

type DataSource_Filename struct {
	// Local filesystem data source.
	Filename string `protobuf:"bytes,1,opt,name=filename,proto3,oneof"`
}

type DataSource_InlineBytes 

type DataSource_InlineBytes struct {
	// Bytes inlined in the configuration.
	InlineBytes []byte `protobuf:"bytes,2,opt,name=inline_bytes,json=inlineBytes,proto3,oneof"`
}

type DataSource_InlineString 

type DataSource_InlineString struct {
	// String inlined in the configuration.
	InlineString string `protobuf:"bytes,3,opt,name=inline_string,json=inlineString,proto3,oneof"`
}

type HttpUri 

type HttpUri struct {

	// The HTTP server URI. It should be a full FQDN with protocol, host and path.
	//
	// Example:
	//
	// .. code-block:: yaml
	//
	//	uri: https://www.googleapis.com/oauth2/v1/certs
	Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
	// Specify how `uri` is to be fetched. Today, this requires an explicit
	// cluster, but in the future we may support dynamic cluster creation or
	// inline DNS resolution. See `issue
	// <https://github.com/envoyproxy/envoy/issues/1606>`_.
	//
	// Types that are assignable to HttpUpstreamType:
	//
	//	*HttpUri_Cluster
	HttpUpstreamType isHttpUri_HttpUpstreamType `protobuf_oneof:"http_upstream_type"`
	// Sets the maximum duration in milliseconds that a response can take to arrive upon request.
	Timeout *duration.Duration `protobuf:"bytes,3,opt,name=timeout,proto3" json:"timeout,omitempty"`
	// contains filtered or unexported fields
}

Copied from @envoy/api/envoy/api/v2/core/http_uri.proto Envoy external URI descriptor

func (*HttpUri) Descriptor deprecated 

func (*HttpUri) Descriptor() ([]byte, []int)

Deprecated: Use HttpUri.ProtoReflect.Descriptor instead.

func (*HttpUri) GetCluster 

func (x *HttpUri) GetCluster() string

func (*HttpUri) GetHttpUpstreamType 

func (m *HttpUri) GetHttpUpstreamType() isHttpUri_HttpUpstreamType

func (*HttpUri) GetTimeout 

func (x *HttpUri) GetTimeout() *duration.Duration

func (*HttpUri) GetUri 

func (x *HttpUri) GetUri() string

func (*HttpUri) ProtoMessage 

func (*HttpUri) ProtoMessage()

func (*HttpUri) ProtoReflect 

func (x *HttpUri) ProtoReflect() protoreflect.Message

func (*HttpUri) Reset 

func (x *HttpUri) Reset()

func (*HttpUri) String 

func (x *HttpUri) String() string

type HttpUri_Cluster 

type HttpUri_Cluster struct {
	// A cluster is created in the Envoy "cluster_manager" config
	// section. This field specifies the cluster name.
	//
	// Example:
	//
	// .. code-block:: yaml
	//
	//	cluster: jwks_cluster
	Cluster string `protobuf:"bytes,2,opt,name=cluster,proto3,oneof"`
}

type JwtAuthentication 

type JwtAuthentication struct {

	// List of JWT rules to valide.
	Rules []*JwtRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
	// If true, the request is allowed if JWT is missing or JWT verification fails.
	// Default is false, a request without JWT or failed JWT verification is not allowed.
	AllowMissingOrFailed bool `` /* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

This is the Envoy HTTP filter config for JWT authentication. [#not-implemented-hide:]

func (*JwtAuthentication) Descriptor deprecated 

func (*JwtAuthentication) Descriptor() ([]byte, []int)

Deprecated: Use JwtAuthentication.ProtoReflect.Descriptor instead.

func (*JwtAuthentication) GetAllowMissingOrFailed 

func (x *JwtAuthentication) GetAllowMissingOrFailed() bool

func (*JwtAuthentication) GetRules 

func (x *JwtAuthentication) GetRules() []*JwtRule

func (*JwtAuthentication) ProtoMessage 

func (*JwtAuthentication) ProtoMessage()

func (*JwtAuthentication) ProtoReflect 

func (x *JwtAuthentication) ProtoReflect() protoreflect.Message

func (*JwtAuthentication) Reset 

func (x *JwtAuthentication) Reset()

func (*JwtAuthentication) String 

func (x *JwtAuthentication) String() string

type JwtHeader 

type JwtHeader struct {

	// The HTTP header name.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The value prefix. The value format is "value_prefix<token>"
	// For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the
	// end.
	ValuePrefix string `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"`
	// contains filtered or unexported fields
}

This message specifies a header location to extract JWT token.

func (*JwtHeader) Descriptor deprecated 

func (*JwtHeader) Descriptor() ([]byte, []int)

Deprecated: Use JwtHeader.ProtoReflect.Descriptor instead.

func (*JwtHeader) GetName 

func (x *JwtHeader) GetName() string

func (*JwtHeader) GetValuePrefix 

func (x *JwtHeader) GetValuePrefix() string

func (*JwtHeader) ProtoMessage 

func (*JwtHeader) ProtoMessage()

func (*JwtHeader) ProtoReflect 

func (x *JwtHeader) ProtoReflect() protoreflect.Message

func (*JwtHeader) Reset 

func (x *JwtHeader) Reset()

func (*JwtHeader) String 

func (x *JwtHeader) String() string

type JwtRule 

type JwtRule struct {

	// Identifies the principal that issued the JWT. See `here
	//
	//	<https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address.
	//
	// Example: https://securetoken.google.com
	// Example: 1234567-compute@developer.gserviceaccount.com
	Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
	// allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
	// will not check audiences in the token.
	//
	// Example:
	//
	// .. code-block:: yaml
	//
	//	audiences:
	//	- bookstore_android.apps.googleusercontent.com
	//	  bookstore_web.apps.googleusercontent.com
	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
	// `JSON Web Key Set <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed. to validate
	// signature of the JWT. This field specifies where to fetch JWKS.
	//
	// Types that are assignable to JwksSourceSpecifier:
	//
	//	*JwtRule_RemoteJwks
	//	*JwtRule_LocalJwks
	JwksSourceSpecifier isJwtRule_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"`
	// If false, the JWT is removed in the request after a success verification. If true, the JWT is
	// not removed in the request. Default value is false.
	Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"`
	// Specify the HTTP headers to extract JWT token. For examples, following config:
	//
	// .. code-block:: yaml
	//
	//	from_headers:
	//	- name: x-goog-iap-jwt-assertion
	//
	// can be used to extract token from header::
	//
	//	x-goog-iap-jwt-assertion: <JWT>.
	FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders,proto3" json:"from_headers,omitempty"`
	// JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
	//
	// For example, if config is:
	//
	// .. code-block:: yaml
	//
	//	from_params:
	//	- jwt_token
	//
	// The JWT format in query parameter is::
	//
	//	/path?jwt_token=<JWT>
	FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams,proto3" json:"from_params,omitempty"`
	// This field specifies the header name to forward a successfully verified JWT payload to the
	// backend. The forwarded data is::
	//
	//	base64_encoded(jwt_payload_in_JSON)
	//
	// If it is not specified, the payload will not be forwarded.
	// Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
	// same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
	// multiple JWTs from different issuers want to forward their payloads, their
	// `forward_payload_header` should be different.
	ForwardPayloadHeader string `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"`
	// contains filtered or unexported fields
}

This message specifies how a JSON Web Token (JWT) can be verified. See the [JWT format definition](https://tools.ietf.org/html/rfc7519) for details. Please see [OAuth2.0](https://tools.ietf.org/html/rfc6749) and [OIDC1.0](http://openid.net/connect) for the authentication flow.

Example:

```yaml 

issuer: https://example.com
audiences:
- bookstore_android.apps.googleusercontent.com
  bookstore_web.apps.googleusercontent.com
remote_jwks:
- http_uri:
  - uri: https://example.com/.well-known/jwks.json
    cluster: example_jwks_cluster
  cache_duration:
  - seconds: 300

```

func (*JwtRule) Descriptor deprecated 

func (*JwtRule) Descriptor() ([]byte, []int)

Deprecated: Use JwtRule.ProtoReflect.Descriptor instead.

func (*JwtRule) GetAudiences 

func (x *JwtRule) GetAudiences() []string

func (*JwtRule) GetForward 

func (x *JwtRule) GetForward() bool

func (*JwtRule) GetForwardPayloadHeader 

func (x *JwtRule) GetForwardPayloadHeader() string

func (*JwtRule) GetFromHeaders 

func (x *JwtRule) GetFromHeaders() []*JwtHeader

func (*JwtRule) GetFromParams 

func (x *JwtRule) GetFromParams() []string

func (*JwtRule) GetIssuer 

func (x *JwtRule) GetIssuer() string

func (*JwtRule) GetJwksSourceSpecifier 

func (m *JwtRule) GetJwksSourceSpecifier() isJwtRule_JwksSourceSpecifier

func (*JwtRule) GetLocalJwks 

func (x *JwtRule) GetLocalJwks() *DataSource

func (*JwtRule) GetRemoteJwks 

func (x *JwtRule) GetRemoteJwks() *RemoteJwks

func (*JwtRule) ProtoMessage 

func (*JwtRule) ProtoMessage()

func (*JwtRule) ProtoReflect 

func (x *JwtRule) ProtoReflect() protoreflect.Message

func (*JwtRule) Reset 

func (x *JwtRule) Reset()

func (*JwtRule) String 

func (x *JwtRule) String() string

type JwtRule_LocalJwks 

type JwtRule_LocalJwks struct {
	// JWKS is in local data source. It could be either in a local file or embedded in the
	// inline_string.
	//
	// Example: local file
	//
	// .. code-block:: yaml
	//
	//	local_jwks:
	//	- filename: /etc/envoy/jwks/jwks1.txt
	//
	// Example: inline_string
	//
	// .. code-block:: yaml
	//
	//	local_jwks:
	//	- inline_string: "ACADADADADA"
	LocalJwks *DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,proto3,oneof"`
}

type JwtRule_RemoteJwks 

type JwtRule_RemoteJwks struct {
	// JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
	// URI and how the fetched JWKS should be cached.
	//
	// Example:
	//
	// .. code-block:: yaml
	//
	//	remote_jwks:
	//	- http_uri:
	//	  - uri: https://www.googleapis.com/oauth2/v1/certs
	//	    cluster: jwt.www.googleapis.com|443
	//	  cache_duration:
	//	  - seconds: 300
	RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"`
}

type RemoteJwks 

type RemoteJwks struct {

	// The HTTP URI to fetch the JWKS. For example:
	//
	// .. code-block:: yaml
	//
	//	http_uri:
	//	- uri: https://www.googleapis.com/oauth2/v1/certs
	//	  cluster: jwt.www.googleapis.com|443
	HttpUri *HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri,proto3" json:"http_uri,omitempty"`
	// Duration after which the cached JWKS should be expired. If not specified, default cache
	// duration is 5 minutes.
	CacheDuration *duration.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"`
	// contains filtered or unexported fields
}

This message specifies how to fetch JWKS from remote and how to cache it.

func (*RemoteJwks) Descriptor deprecated 

func (*RemoteJwks) Descriptor() ([]byte, []int)

Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.

func (*RemoteJwks) GetCacheDuration 

func (x *RemoteJwks) GetCacheDuration() *duration.Duration

func (*RemoteJwks) GetHttpUri 

func (x *RemoteJwks) GetHttpUri() *HttpUri

func (*RemoteJwks) ProtoMessage 

func (*RemoteJwks) ProtoMessage()

func (*RemoteJwks) ProtoReflect 

func (x *RemoteJwks) ProtoReflect() protoreflect.Message

func (*RemoteJwks) Reset 

func (x *RemoteJwks) Reset()

func (*RemoteJwks) String 

func (x *RemoteJwks) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.