istio: istio.io/istio/security/proto/authentication/v1alpha1 Index | Files

package v1alpha1

import "istio.io/istio/security/proto/authentication/v1alpha1"

Index

Package Files

policy.pb.go

Variables

var MutualTls_Mode_name = map[int32]string{
    0:  "STRICT",
    1:  "PERMISSIVE",
}
var MutualTls_Mode_value = map[string]int32{
    "STRICT":     0,
    "PERMISSIVE": 1,
}
var PrincipalBinding_name = map[int32]string{
    0:  "USE_PEER",
    1:  "USE_ORIGIN",
}
var PrincipalBinding_value = map[string]int32{
    "USE_PEER":   0,
    "USE_ORIGIN": 1,
}

type Jwt Uses

type Jwt struct {
    // Identifies the issuer that issued the JWT. See
    // [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1)
    // Usually a URL or an email address.
    //
    // Example: https://securetoken.google.com
    // Example: 1234567-compute@developer.gserviceaccount.com
    Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
    // The list of JWT
    // [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3).
    // that are allowed to access. A JWT containing any of these
    // audiences will be accepted.
    //
    // The service name will be accepted if audiences is empty.
    //
    // Example:
    //
    // ```yaml
    // audiences:
    // - bookstore_android.apps.googleusercontent.com
    //   bookstore_web.apps.googleusercontent.com
    // ```
    Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
    // URL of the provider's public key set to validate signature of the
    // JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
    //
    // Optional if the key set document can either (a) be retrieved from
    // [OpenID
    // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of
    // the issuer or (b) inferred from the email domain of the issuer (e.g. a
    // Google service account).
    //
    // Example: `https://www.googleapis.com/oauth2/v1/certs`
    //
    // Note: Only one of jwks_uri and jwks should be used.
    JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"`
    // JSON Web Key Set of public keys to validate signature of the JWT.
    // See https://auth0.com/docs/jwks.
    //
    // Note: Only one of jwks_uri and jwks should be used.
    Jwks string `protobuf:"bytes,10,opt,name=jwks,proto3" json:"jwks,omitempty"`
    // JWT is sent in a request header. `header` represents the
    // header name.
    //
    // For example, if `header=x-goog-iap-jwt-assertion`, the header
    // format will be x-goog-iap-jwt-assertion: <JWT>.
    JwtHeaders []string `protobuf:"bytes,6,rep,name=jwt_headers,json=jwtHeaders,proto3" json:"jwt_headers,omitempty"`
    // JWT is sent in a query parameter. `query` represents the
    // query parameter name.
    //
    // For example, `query=jwt_token`.
    JwtParams []string `protobuf:"bytes,7,rep,name=jwt_params,json=jwtParams,proto3" json:"jwt_params,omitempty"`
    // List of trigger rules to decide if this JWT should be used to validate the
    // request. The JWT validation happens if any one of the rules matched.
    // If the list is not empty and none of the rules matched, authentication will
    // skip the JWT validation.
    // Leave this empty to always trigger the JWT validation.
    TriggerRules         []*Jwt_TriggerRule `protobuf:"bytes,9,rep,name=trigger_rules,json=triggerRules,proto3" json:"trigger_rules,omitempty"`
    XXX_NoUnkeyedLiteral struct{}           `json:"-"`
    XXX_unrecognized     []byte             `json:"-"`
    XXX_sizecache        int32              `json:"-"`
}

JSON Web Token (JWT) token format for authentication as defined by [RFC 7519](https://tools.ietf.org/html/rfc7519). See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC 1.0](http://openid.net/connect) for how this is used in the whole authentication flow.

For example:

A JWT for any requests:

“`yaml issuer: https://example.com audiences: - bookstore_android.apps.googleusercontent.com

bookstore_web.apps.googleusercontent.com

jwksUri: https://example.com/.well-known/jwks.json “`

A JWT for all requests except request at path `/health_check` and path with prefix `/status/`. This is useful to expose some paths for public access but keep others JWT validated.

“`yaml issuer: https://example.com jwksUri: https://example.com/.well-known/jwks.json triggerRules: - excludedPaths:

- exact: /health_check
- prefix: /status/

“`

A JWT only for requests at path `/admin`. This is useful to only require JWT validation on a specific set of paths but keep others public accessible.

“`yaml issuer: https://example.com jwksUri: https://example.com/.well-known/jwks.json triggerRules: - includedPaths:

- prefix: /admin

“`

A JWT only for requests at path of prefix `/status/` but except the path of `/status/version`. This means for any request path with prefix `/status/` except `/status/version` will require a valid JWT to proceed.

“`yaml issuer: https://example.com jwksUri: https://example.com/.well-known/jwks.json triggerRules: - excludedPaths:

- exact: /status/version
includedPaths:
- prefix: /status/

“`

func (*Jwt) Descriptor Uses

func (*Jwt) Descriptor() ([]byte, []int)

func (*Jwt) GetAudiences Uses

func (m *Jwt) GetAudiences() []string

func (*Jwt) GetIssuer Uses

func (m *Jwt) GetIssuer() string

func (*Jwt) GetJwks Uses

func (m *Jwt) GetJwks() string

func (*Jwt) GetJwksUri Uses

func (m *Jwt) GetJwksUri() string

func (*Jwt) GetJwtHeaders Uses

func (m *Jwt) GetJwtHeaders() []string

func (*Jwt) GetJwtParams Uses

func (m *Jwt) GetJwtParams() []string

func (*Jwt) GetTriggerRules Uses

func (m *Jwt) GetTriggerRules() []*Jwt_TriggerRule

func (*Jwt) ProtoMessage Uses

func (*Jwt) ProtoMessage()

func (*Jwt) Reset Uses

func (m *Jwt) Reset()

func (*Jwt) String Uses

func (m *Jwt) String() string

func (*Jwt) XXX_DiscardUnknown Uses

func (m *Jwt) XXX_DiscardUnknown()

func (*Jwt) XXX_Marshal Uses

func (m *Jwt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Jwt) XXX_Merge Uses

func (m *Jwt) XXX_Merge(src proto.Message)

func (*Jwt) XXX_Size Uses

func (m *Jwt) XXX_Size() int

func (*Jwt) XXX_Unmarshal Uses

func (m *Jwt) XXX_Unmarshal(b []byte) error

type Jwt_TriggerRule Uses

type Jwt_TriggerRule struct {
    // List of paths to be excluded from the request. The rule is satisfied if
    // request path does not match to any of the path in this list.
    ExcludedPaths []*StringMatch `protobuf:"bytes,1,rep,name=excluded_paths,json=excludedPaths,proto3" json:"excluded_paths,omitempty"`
    // List of paths that the request must include. If the list is not empty, the
    // rule is satisfied if request path matches at least one of the path in the list.
    // If the list is empty, the rule is ignored, in other words the rule is always satisfied.
    IncludedPaths        []*StringMatch `protobuf:"bytes,2,rep,name=included_paths,json=includedPaths,proto3" json:"included_paths,omitempty"`
    XXX_NoUnkeyedLiteral struct{}       `json:"-"`
    XXX_unrecognized     []byte         `json:"-"`
    XXX_sizecache        int32          `json:"-"`
}

Trigger rule to match against a request. The trigger rule is satisfied if and only if both rules, excluded_paths and include_paths are satisfied.

func (*Jwt_TriggerRule) Descriptor Uses

func (*Jwt_TriggerRule) Descriptor() ([]byte, []int)

func (*Jwt_TriggerRule) GetExcludedPaths Uses

func (m *Jwt_TriggerRule) GetExcludedPaths() []*StringMatch

func (*Jwt_TriggerRule) GetIncludedPaths Uses

func (m *Jwt_TriggerRule) GetIncludedPaths() []*StringMatch

func (*Jwt_TriggerRule) ProtoMessage Uses

func (*Jwt_TriggerRule) ProtoMessage()

func (*Jwt_TriggerRule) Reset Uses

func (m *Jwt_TriggerRule) Reset()

func (*Jwt_TriggerRule) String Uses

func (m *Jwt_TriggerRule) String() string

func (*Jwt_TriggerRule) XXX_DiscardUnknown Uses

func (m *Jwt_TriggerRule) XXX_DiscardUnknown()

func (*Jwt_TriggerRule) XXX_Marshal Uses

func (m *Jwt_TriggerRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Jwt_TriggerRule) XXX_Merge Uses

func (m *Jwt_TriggerRule) XXX_Merge(src proto.Message)

func (*Jwt_TriggerRule) XXX_Size Uses

func (m *Jwt_TriggerRule) XXX_Size() int

func (*Jwt_TriggerRule) XXX_Unmarshal Uses

func (m *Jwt_TriggerRule) XXX_Unmarshal(b []byte) error

type MutualTls Uses

type MutualTls struct {
    // WILL BE DEPRECATED, if set, will translates to `TLS_PERMISSIVE` mode.
    // Set this flag to true to allow regular TLS (i.e without client x509
    // certificate). If request carries client certificate, identity will be
    // extracted and used (set to peer identity). Otherwise, peer identity will
    // be left unset.
    // When the flag is false (default), request must have client certificate.
    AllowTls bool `protobuf:"varint,1,opt,name=allow_tls,json=allowTls,proto3" json:"allow_tls,omitempty"`
    // Defines the mode of mTLS authentication.
    Mode                 MutualTls_Mode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.authentication.v1alpha1.MutualTls_Mode" json:"mode,omitempty"`
    XXX_NoUnkeyedLiteral struct{}       `json:"-"`
    XXX_unrecognized     []byte         `json:"-"`
    XXX_sizecache        int32          `json:"-"`
}

TLS authentication params.

func (*MutualTls) Descriptor Uses

func (*MutualTls) Descriptor() ([]byte, []int)

func (*MutualTls) GetAllowTls Uses

func (m *MutualTls) GetAllowTls() bool

func (*MutualTls) GetMode Uses

func (m *MutualTls) GetMode() MutualTls_Mode

func (*MutualTls) ProtoMessage Uses

func (*MutualTls) ProtoMessage()

func (*MutualTls) Reset Uses

func (m *MutualTls) Reset()

func (*MutualTls) String Uses

func (m *MutualTls) String() string

func (*MutualTls) XXX_DiscardUnknown Uses

func (m *MutualTls) XXX_DiscardUnknown()

func (*MutualTls) XXX_Marshal Uses

func (m *MutualTls) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MutualTls) XXX_Merge Uses

func (m *MutualTls) XXX_Merge(src proto.Message)

func (*MutualTls) XXX_Size Uses

func (m *MutualTls) XXX_Size() int

func (*MutualTls) XXX_Unmarshal Uses

func (m *MutualTls) XXX_Unmarshal(b []byte) error

type MutualTls_Mode Uses

type MutualTls_Mode int32

Defines the acceptable connection TLS mode.

const (
    // Client cert must be presented, connection is in TLS.
    MutualTls_STRICT MutualTls_Mode = 0
    // Connection can be either plaintext or TLS, and client cert can be omitted.
    MutualTls_PERMISSIVE MutualTls_Mode = 1
)

func (MutualTls_Mode) EnumDescriptor Uses

func (MutualTls_Mode) EnumDescriptor() ([]byte, []int)

func (MutualTls_Mode) String Uses

func (x MutualTls_Mode) String() string

type OriginAuthenticationMethod Uses

type OriginAuthenticationMethod struct {
    // Jwt params for the method.
    Jwt                  *Jwt     `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

OriginAuthenticationMethod defines authentication method/params for origin authentication. Origin could be end-user, device, delegate service etc. Currently, only JWT is supported for origin authentication.

func (*OriginAuthenticationMethod) Descriptor Uses

func (*OriginAuthenticationMethod) Descriptor() ([]byte, []int)

func (*OriginAuthenticationMethod) GetJwt Uses

func (m *OriginAuthenticationMethod) GetJwt() *Jwt

func (*OriginAuthenticationMethod) ProtoMessage Uses

func (*OriginAuthenticationMethod) ProtoMessage()

func (*OriginAuthenticationMethod) Reset Uses

func (m *OriginAuthenticationMethod) Reset()

func (*OriginAuthenticationMethod) String Uses

func (m *OriginAuthenticationMethod) String() string

func (*OriginAuthenticationMethod) XXX_DiscardUnknown Uses

func (m *OriginAuthenticationMethod) XXX_DiscardUnknown()

func (*OriginAuthenticationMethod) XXX_Marshal Uses

func (m *OriginAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*OriginAuthenticationMethod) XXX_Merge Uses

func (m *OriginAuthenticationMethod) XXX_Merge(src proto.Message)

func (*OriginAuthenticationMethod) XXX_Size Uses

func (m *OriginAuthenticationMethod) XXX_Size() int

func (*OriginAuthenticationMethod) XXX_Unmarshal Uses

func (m *OriginAuthenticationMethod) XXX_Unmarshal(b []byte) error

type PeerAuthenticationMethod Uses

type PeerAuthenticationMethod struct {
    // Types that are valid to be assigned to Params:
    //	*PeerAuthenticationMethod_Mtls
    //	*PeerAuthenticationMethod_Jwt
    Params               isPeerAuthenticationMethod_Params `protobuf_oneof:"params"`
    XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
    XXX_unrecognized     []byte                            `json:"-"`
    XXX_sizecache        int32                             `json:"-"`
}

PeerAuthenticationMethod defines one particular type of authentication, e.g mutual TLS, JWT etc, (no authentication is one type by itself) that can be used for peer authentication. The type can be progammatically determine by checking the type of the "params" field.

func (*PeerAuthenticationMethod) Descriptor Uses

func (*PeerAuthenticationMethod) Descriptor() ([]byte, []int)

func (*PeerAuthenticationMethod) GetJwt Uses

func (m *PeerAuthenticationMethod) GetJwt() *Jwt

func (*PeerAuthenticationMethod) GetMtls Uses

func (m *PeerAuthenticationMethod) GetMtls() *MutualTls

func (*PeerAuthenticationMethod) GetParams Uses

func (m *PeerAuthenticationMethod) GetParams() isPeerAuthenticationMethod_Params

func (*PeerAuthenticationMethod) ProtoMessage Uses

func (*PeerAuthenticationMethod) ProtoMessage()

func (*PeerAuthenticationMethod) Reset Uses

func (m *PeerAuthenticationMethod) Reset()

func (*PeerAuthenticationMethod) String Uses

func (m *PeerAuthenticationMethod) String() string

func (*PeerAuthenticationMethod) XXX_DiscardUnknown Uses

func (m *PeerAuthenticationMethod) XXX_DiscardUnknown()

func (*PeerAuthenticationMethod) XXX_Marshal Uses

func (m *PeerAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PeerAuthenticationMethod) XXX_Merge Uses

func (m *PeerAuthenticationMethod) XXX_Merge(src proto.Message)

func (*PeerAuthenticationMethod) XXX_OneofWrappers Uses

func (*PeerAuthenticationMethod) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PeerAuthenticationMethod) XXX_Size Uses

func (m *PeerAuthenticationMethod) XXX_Size() int

func (*PeerAuthenticationMethod) XXX_Unmarshal Uses

func (m *PeerAuthenticationMethod) XXX_Unmarshal(b []byte) error

type PeerAuthenticationMethod_Jwt Uses

type PeerAuthenticationMethod_Jwt struct {
    Jwt *Jwt `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"`
}

type PeerAuthenticationMethod_Mtls Uses

type PeerAuthenticationMethod_Mtls struct {
    Mtls *MutualTls `protobuf:"bytes,1,opt,name=mtls,proto3,oneof"`
}

type Policy Uses

type Policy struct {
    // List rules to select workloads that the policy should be applied on.
    // If empty, policy will be used on all workloads in the same namespace.
    Targets []*TargetSelector `protobuf:"bytes,1,rep,name=targets,proto3" json:"targets,omitempty"`
    // List of authentication methods that can be used for peer authentication.
    // They will be evaluated in order; the first validate one will be used to
    // set peer identity (source.user) and other peer attributes. If none of
    // these methods pass, request will be rejected with authentication failed error (401).
    // Leave the list empty if peer authentication is not required
    Peers []*PeerAuthenticationMethod `protobuf:"bytes,2,rep,name=peers,proto3" json:"peers,omitempty"`
    // Set this flag to true to accept request (for peer authentication perspective),
    // even when none of the peer authentication methods defined above satisfied.
    // Typically, this is used to delay the rejection decision to next layer (e.g
    // authorization).
    // This flag is ignored if no authentication defined for peer (peers field is empty).
    PeerIsOptional bool `protobuf:"varint,3,opt,name=peer_is_optional,json=peerIsOptional,proto3" json:"peer_is_optional,omitempty"`
    // List of authentication methods that can be used for origin authentication.
    // Similar to peers, these will be evaluated in order; the first validate one
    // will be used to set origin identity and attributes (i.e request.auth.user,
    // request.auth.issuer etc). If none of these methods pass, request will be
    // rejected with authentication failed error (401).
    // A method may be skipped, depends on its trigger rule. If all of these methods
    // are skipped, origin authentication will be ignored, as if it is not defined.
    // Leave the list empty if origin authentication is not required.
    Origins []*OriginAuthenticationMethod `protobuf:"bytes,4,rep,name=origins,proto3" json:"origins,omitempty"`
    // Set this flag to true to accept request (for origin authentication perspective),
    // even when none of the origin authentication methods defined above satisfied.
    // Typically, this is used to delay the rejection decision to next layer (e.g
    // authorization).
    // This flag is ignored if no authentication defined for origin (origins field is empty).
    OriginIsOptional bool `protobuf:"varint,5,opt,name=origin_is_optional,json=originIsOptional,proto3" json:"origin_is_optional,omitempty"`
    // Define whether peer or origin identity should be use for principal. Default
    // value is USE_PEER.
    // If peer (or origin) identity is not available, either because of peer/origin
    // authentication is not defined, or failed, principal will be left unset.
    // In other words, binding rule does not affect the decision to accept or
    // reject request.
    PrincipalBinding     PrincipalBinding `protobuf:"varint,6,opt,name=principal_binding,json=principalBinding,proto3,enum=istio.authentication.v1alpha1.PrincipalBinding" json:"principal_binding,omitempty"`
    XXX_NoUnkeyedLiteral struct{}         `json:"-"`
    XXX_unrecognized     []byte           `json:"-"`
    XXX_sizecache        int32            `json:"-"`
}

Policy defines what authentication methods can be accepted on workload(s), and if authenticated, which method/certificate will set the request principal (i.e request.auth.principal attribute).

Authentication policy is composed of 2-part authentication: - peer: verify caller service credentials. This part will set source.user (peer identity). - origin: verify the origin credentials. This part will set request.auth.user (origin identity), as well as other attributes like request.auth.presenter, request.auth.audiences and raw claims. Note that the identity could be end-user, service account, device etc.

Last but not least, the principal binding rule defines which identity (peer or origin) should be used as principal. By default, it uses peer.

Examples:

Policy to enable mTLS for all services in namespace frod. The policy name must be `default`, and it contains no rule for `targets`.

“`yaml apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata:

name: default
namespace: frod

spec:

peers:
- mtls:

“` Policy to disable mTLS for "productpage" service

“`yaml apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata:

name: productpage-mTLS-disable
namespace: frod

spec:

targets:
- name: productpage

“` Policy to require mTLS for peer authentication, and JWT for origin authentication for productpage:9000 except the path '/health_check' . Principal is set from origin identity.

“`yaml apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata:

name: productpage-mTLS-with-JWT
namespace: frod

spec:

targets:
- name: productpage
  ports:
  - number: 9000
peers:
- mtls:
origins:
- jwt:
    issuer: "https://securetoken.google.com"
    audiences:
    - "productpage"
    jwksUri: "https://www.googleapis.com/oauth2/v1/certs"
    jwtHeaders:
    - "x-goog-iap-jwt-assertion"
    triggerRules:
    - excludedPaths:
      - exact: /health_check
principalBinding: USE_ORIGIN

“`

func (*Policy) Descriptor Uses

func (*Policy) Descriptor() ([]byte, []int)

func (*Policy) GetOriginIsOptional Uses

func (m *Policy) GetOriginIsOptional() bool

func (*Policy) GetOrigins Uses

func (m *Policy) GetOrigins() []*OriginAuthenticationMethod

func (*Policy) GetPeerIsOptional Uses

func (m *Policy) GetPeerIsOptional() bool

func (*Policy) GetPeers Uses

func (m *Policy) GetPeers() []*PeerAuthenticationMethod

func (*Policy) GetPrincipalBinding Uses

func (m *Policy) GetPrincipalBinding() PrincipalBinding

func (*Policy) GetTargets Uses

func (m *Policy) GetTargets() []*TargetSelector

func (*Policy) ProtoMessage Uses

func (*Policy) ProtoMessage()

func (*Policy) Reset Uses

func (m *Policy) Reset()

func (*Policy) String Uses

func (m *Policy) String() string

func (*Policy) XXX_DiscardUnknown Uses

func (m *Policy) XXX_DiscardUnknown()

func (*Policy) XXX_Marshal Uses

func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Policy) XXX_Merge Uses

func (m *Policy) XXX_Merge(src proto.Message)

func (*Policy) XXX_Size Uses

func (m *Policy) XXX_Size() int

func (*Policy) XXX_Unmarshal Uses

func (m *Policy) XXX_Unmarshal(b []byte) error

type PortSelector Uses

type PortSelector struct {
    // Types that are valid to be assigned to Port:
    //	*PortSelector_Number
    //	*PortSelector_Name
    Port                 isPortSelector_Port `protobuf_oneof:"port"`
    XXX_NoUnkeyedLiteral struct{}            `json:"-"`
    XXX_unrecognized     []byte              `json:"-"`
    XXX_sizecache        int32               `json:"-"`
}

PortSelector specifies the name or number of a port to be used for matching targets for authentication policy. This is copied from networking API to avoid dependency.

func (*PortSelector) Descriptor Uses

func (*PortSelector) Descriptor() ([]byte, []int)

func (*PortSelector) GetName Uses

func (m *PortSelector) GetName() string

func (*PortSelector) GetNumber Uses

func (m *PortSelector) GetNumber() uint32

func (*PortSelector) GetPort Uses

func (m *PortSelector) GetPort() isPortSelector_Port

func (*PortSelector) ProtoMessage Uses

func (*PortSelector) ProtoMessage()

func (*PortSelector) Reset Uses

func (m *PortSelector) Reset()

func (*PortSelector) String Uses

func (m *PortSelector) String() string

func (*PortSelector) XXX_DiscardUnknown Uses

func (m *PortSelector) XXX_DiscardUnknown()

func (*PortSelector) XXX_Marshal Uses

func (m *PortSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PortSelector) XXX_Merge Uses

func (m *PortSelector) XXX_Merge(src proto.Message)

func (*PortSelector) XXX_OneofWrappers Uses

func (*PortSelector) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*PortSelector) XXX_Size Uses

func (m *PortSelector) XXX_Size() int

func (*PortSelector) XXX_Unmarshal Uses

func (m *PortSelector) XXX_Unmarshal(b []byte) error

type PortSelector_Name Uses

type PortSelector_Name struct {
    Name string `protobuf:"bytes,2,opt,name=name,proto3,oneof"`
}

type PortSelector_Number Uses

type PortSelector_Number struct {
    Number uint32 `protobuf:"varint,1,opt,name=number,proto3,oneof"`
}

type PrincipalBinding Uses

type PrincipalBinding int32

Associates authentication with request principal.

const (
    // Principal will be set to the identity from peer authentication.
    PrincipalBinding_USE_PEER PrincipalBinding = 0
    // Principal will be set to the identity from origin authentication.
    PrincipalBinding_USE_ORIGIN PrincipalBinding = 1
)

func (PrincipalBinding) EnumDescriptor Uses

func (PrincipalBinding) EnumDescriptor() ([]byte, []int)

func (PrincipalBinding) String Uses

func (x PrincipalBinding) String() string

type StringMatch Uses

type StringMatch struct {
    // Types that are valid to be assigned to MatchType:
    //	*StringMatch_Exact
    //	*StringMatch_Prefix
    //	*StringMatch_Suffix
    //	*StringMatch_Regex
    MatchType            isStringMatch_MatchType `protobuf_oneof:"match_type"`
    XXX_NoUnkeyedLiteral struct{}                `json:"-"`
    XXX_unrecognized     []byte                  `json:"-"`
    XXX_sizecache        int32                   `json:"-"`
}

Describes how to match a given string. Match is case-sensitive.

func (*StringMatch) Descriptor Uses

func (*StringMatch) Descriptor() ([]byte, []int)

func (*StringMatch) GetExact Uses

func (m *StringMatch) GetExact() string

func (*StringMatch) GetMatchType Uses

func (m *StringMatch) GetMatchType() isStringMatch_MatchType

func (*StringMatch) GetPrefix Uses

func (m *StringMatch) GetPrefix() string

func (*StringMatch) GetRegex Uses

func (m *StringMatch) GetRegex() string

func (*StringMatch) GetSuffix Uses

func (m *StringMatch) GetSuffix() string

func (*StringMatch) ProtoMessage Uses

func (*StringMatch) ProtoMessage()

func (*StringMatch) Reset Uses

func (m *StringMatch) Reset()

func (*StringMatch) String Uses

func (m *StringMatch) String() string

func (*StringMatch) XXX_DiscardUnknown Uses

func (m *StringMatch) XXX_DiscardUnknown()

func (*StringMatch) XXX_Marshal Uses

func (m *StringMatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StringMatch) XXX_Merge Uses

func (m *StringMatch) XXX_Merge(src proto.Message)

func (*StringMatch) XXX_OneofWrappers Uses

func (*StringMatch) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*StringMatch) XXX_Size Uses

func (m *StringMatch) XXX_Size() int

func (*StringMatch) XXX_Unmarshal Uses

func (m *StringMatch) XXX_Unmarshal(b []byte) error

type StringMatch_Exact Uses

type StringMatch_Exact struct {
    Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
}

type StringMatch_Prefix Uses

type StringMatch_Prefix struct {
    Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
}

type StringMatch_Regex Uses

type StringMatch_Regex struct {
    Regex string `protobuf:"bytes,4,opt,name=regex,proto3,oneof"`
}

type StringMatch_Suffix Uses

type StringMatch_Suffix struct {
    Suffix string `protobuf:"bytes,3,opt,name=suffix,proto3,oneof"`
}

type TargetSelector Uses

type TargetSelector struct {
    // REQUIRED. The name must be a short name from the service registry. The
    // fully qualified domain name will be resolved in a platform specific manner.
    Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
    // $hide_from_docs
    // $not-implemented-hide
    // Select workload by labels.
    // Once implemented, this is the preferred way rather than using the service name.
    Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
    // Specifies the ports. Note that this is the port(s) exposed by the service, not workload instance ports.
    // For example, if a service is defined as below, then `8000` should be used, not `9000`.
    // ```yaml
    // kind: Service
    // metadata:
    //   ...
    // spec:
    //   ports:
    //   - name: http
    //     port: 8000
    //     targetPort: 9000
    //   selector:
    //     app: backend
    // ```
    //Leave empty to match all ports that are exposed.
    Ports                []*PortSelector `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"`
    XXX_NoUnkeyedLiteral struct{}        `json:"-"`
    XXX_unrecognized     []byte          `json:"-"`
    XXX_sizecache        int32           `json:"-"`
}

TargetSelector defines a matching rule to a workload. A workload is selected if it is associated with the service name and service port(s) specified in the selector rule.

func (*TargetSelector) Descriptor Uses

func (*TargetSelector) Descriptor() ([]byte, []int)

func (*TargetSelector) GetLabels Uses

func (m *TargetSelector) GetLabels() map[string]string

func (*TargetSelector) GetName Uses

func (m *TargetSelector) GetName() string

func (*TargetSelector) GetPorts Uses

func (m *TargetSelector) GetPorts() []*PortSelector

func (*TargetSelector) ProtoMessage Uses

func (*TargetSelector) ProtoMessage()

func (*TargetSelector) Reset Uses

func (m *TargetSelector) Reset()

func (*TargetSelector) String Uses

func (m *TargetSelector) String() string

func (*TargetSelector) XXX_DiscardUnknown Uses

func (m *TargetSelector) XXX_DiscardUnknown()

func (*TargetSelector) XXX_Marshal Uses

func (m *TargetSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TargetSelector) XXX_Merge Uses

func (m *TargetSelector) XXX_Merge(src proto.Message)

func (*TargetSelector) XXX_Size Uses

func (m *TargetSelector) XXX_Size() int

func (*TargetSelector) XXX_Unmarshal Uses

func (m *TargetSelector) XXX_Unmarshal(b []byte) error

Package v1alpha1 imports 3 packages (graph) and is imported by 2 packages. Updated 2019-10-22. Refresh now. Tools for package owners.