istio: istio.io/istio/security/proto/envoy/config/filter/http/jwt_auth/v2alpha1 Index | Files

package v2alpha1

import "istio.io/istio/security/proto/envoy/config/filter/http/jwt_auth/v2alpha1"

Index

Package Files

config.pb.go

type DataSource Uses

type DataSource struct {
    // Types that are valid to be assigned to Specifier:
    //	*DataSource_Filename
    //	*DataSource_InlineBytes
    //	*DataSource_InlineString
    Specifier            isDataSource_Specifier `protobuf_oneof:"specifier"`
    XXX_NoUnkeyedLiteral struct{}               `json:"-"`
    XXX_unrecognized     []byte                 `json:"-"`
    XXX_sizecache        int32                  `json:"-"`
}

Copied from @envoy/api/envoy/api/v2/core/base.proto Data source consisting of either a file or an inline value.

func (*DataSource) Descriptor Uses

func (*DataSource) Descriptor() ([]byte, []int)

func (*DataSource) GetFilename Uses

func (m *DataSource) GetFilename() string

func (*DataSource) GetInlineBytes Uses

func (m *DataSource) GetInlineBytes() []byte

func (*DataSource) GetInlineString Uses

func (m *DataSource) GetInlineString() string

func (*DataSource) GetSpecifier Uses

func (m *DataSource) GetSpecifier() isDataSource_Specifier

func (*DataSource) ProtoMessage Uses

func (*DataSource) ProtoMessage()

func (*DataSource) Reset Uses

func (m *DataSource) Reset()

func (*DataSource) String Uses

func (m *DataSource) String() string

func (*DataSource) XXX_DiscardUnknown Uses

func (m *DataSource) XXX_DiscardUnknown()

func (*DataSource) XXX_Marshal Uses

func (m *DataSource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DataSource) XXX_Merge Uses

func (m *DataSource) XXX_Merge(src proto.Message)

func (*DataSource) XXX_OneofWrappers Uses

func (*DataSource) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*DataSource) XXX_Size Uses

func (m *DataSource) XXX_Size() int

func (*DataSource) XXX_Unmarshal Uses

func (m *DataSource) XXX_Unmarshal(b []byte) error

type DataSource_Filename Uses

type DataSource_Filename struct {
    Filename string `protobuf:"bytes,1,opt,name=filename,proto3,oneof"`
}

type DataSource_InlineBytes Uses

type DataSource_InlineBytes struct {
    InlineBytes []byte `protobuf:"bytes,2,opt,name=inline_bytes,json=inlineBytes,proto3,oneof"`
}

type DataSource_InlineString Uses

type DataSource_InlineString struct {
    InlineString string `protobuf:"bytes,3,opt,name=inline_string,json=inlineString,proto3,oneof"`
}

type HttpUri Uses

type HttpUri struct {
    // The HTTP server URI. It should be a full FQDN with protocol, host and path.
    //
    // Example:
    //
    // .. code-block:: yaml
    //
    //    uri: https://www.googleapis.com/oauth2/v1/certs
    //
    Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
    // Specify how `uri` is to be fetched. Today, this requires an explicit
    // cluster, but in the future we may support dynamic cluster creation or
    // inline DNS resolution. See `issue
    // <https://github.com/envoyproxy/envoy/issues/1606>`_.
    //
    // Types that are valid to be assigned to HttpUpstreamType:
    //	*HttpUri_Cluster
    HttpUpstreamType isHttpUri_HttpUpstreamType `protobuf_oneof:"http_upstream_type"`
    // Sets the maximum duration in milliseconds that a response can take to arrive upon request.
    Timeout              *duration.Duration `protobuf:"bytes,3,opt,name=timeout,proto3" json:"timeout,omitempty"`
    XXX_NoUnkeyedLiteral struct{}           `json:"-"`
    XXX_unrecognized     []byte             `json:"-"`
    XXX_sizecache        int32              `json:"-"`
}

Copied from @envoy/api/envoy/api/v2/core/http_uri.proto Envoy external URI descriptor

func (*HttpUri) Descriptor Uses

func (*HttpUri) Descriptor() ([]byte, []int)

func (*HttpUri) GetCluster Uses

func (m *HttpUri) GetCluster() string

func (*HttpUri) GetHttpUpstreamType Uses

func (m *HttpUri) GetHttpUpstreamType() isHttpUri_HttpUpstreamType

func (*HttpUri) GetTimeout Uses

func (m *HttpUri) GetTimeout() *duration.Duration

func (*HttpUri) GetUri Uses

func (m *HttpUri) GetUri() string

func (*HttpUri) ProtoMessage Uses

func (*HttpUri) ProtoMessage()

func (*HttpUri) Reset Uses

func (m *HttpUri) Reset()

func (*HttpUri) String Uses

func (m *HttpUri) String() string

func (*HttpUri) XXX_DiscardUnknown Uses

func (m *HttpUri) XXX_DiscardUnknown()

func (*HttpUri) XXX_Marshal Uses

func (m *HttpUri) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HttpUri) XXX_Merge Uses

func (m *HttpUri) XXX_Merge(src proto.Message)

func (*HttpUri) XXX_OneofWrappers Uses

func (*HttpUri) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*HttpUri) XXX_Size Uses

func (m *HttpUri) XXX_Size() int

func (*HttpUri) XXX_Unmarshal Uses

func (m *HttpUri) XXX_Unmarshal(b []byte) error

type HttpUri_Cluster Uses

type HttpUri_Cluster struct {
    Cluster string `protobuf:"bytes,2,opt,name=cluster,proto3,oneof"`
}

type JwtAuthentication Uses

type JwtAuthentication struct {
    // List of JWT rules to valide.
    Rules []*JwtRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
    // If true, the request is allowed if JWT is missing or JWT verification fails.
    // Default is false, a request without JWT or failed JWT verification is not allowed.
    AllowMissingOrFailed bool     `protobuf:"varint,2,opt,name=allow_missing_or_failed,json=allowMissingOrFailed,proto3" json:"allow_missing_or_failed,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

This is the Envoy HTTP filter config for JWT authentication. [#not-implemented-hide:]

func (*JwtAuthentication) Descriptor Uses

func (*JwtAuthentication) Descriptor() ([]byte, []int)

func (*JwtAuthentication) GetAllowMissingOrFailed Uses

func (m *JwtAuthentication) GetAllowMissingOrFailed() bool

func (*JwtAuthentication) GetRules Uses

func (m *JwtAuthentication) GetRules() []*JwtRule

func (*JwtAuthentication) ProtoMessage Uses

func (*JwtAuthentication) ProtoMessage()

func (*JwtAuthentication) Reset Uses

func (m *JwtAuthentication) Reset()

func (*JwtAuthentication) String Uses

func (m *JwtAuthentication) String() string

func (*JwtAuthentication) XXX_DiscardUnknown Uses

func (m *JwtAuthentication) XXX_DiscardUnknown()

func (*JwtAuthentication) XXX_Marshal Uses

func (m *JwtAuthentication) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtAuthentication) XXX_Merge Uses

func (m *JwtAuthentication) XXX_Merge(src proto.Message)

func (*JwtAuthentication) XXX_Size Uses

func (m *JwtAuthentication) XXX_Size() int

func (*JwtAuthentication) XXX_Unmarshal Uses

func (m *JwtAuthentication) XXX_Unmarshal(b []byte) error

type JwtHeader Uses

type JwtHeader struct {
    // The HTTP header name.
    Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
    // The value prefix. The value format is "value_prefix<token>"
    // For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the
    // end.
    ValuePrefix          string   `protobuf:"bytes,2,opt,name=value_prefix,json=valuePrefix,proto3" json:"value_prefix,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

This message specifies a header location to extract JWT token.

func (*JwtHeader) Descriptor Uses

func (*JwtHeader) Descriptor() ([]byte, []int)

func (*JwtHeader) GetName Uses

func (m *JwtHeader) GetName() string

func (*JwtHeader) GetValuePrefix Uses

func (m *JwtHeader) GetValuePrefix() string

func (*JwtHeader) ProtoMessage Uses

func (*JwtHeader) ProtoMessage()

func (*JwtHeader) Reset Uses

func (m *JwtHeader) Reset()

func (*JwtHeader) String Uses

func (m *JwtHeader) String() string

func (*JwtHeader) XXX_DiscardUnknown Uses

func (m *JwtHeader) XXX_DiscardUnknown()

func (*JwtHeader) XXX_Marshal Uses

func (m *JwtHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtHeader) XXX_Merge Uses

func (m *JwtHeader) XXX_Merge(src proto.Message)

func (*JwtHeader) XXX_Size Uses

func (m *JwtHeader) XXX_Size() int

func (*JwtHeader) XXX_Unmarshal Uses

func (m *JwtHeader) XXX_Unmarshal(b []byte) error

type JwtRule Uses

type JwtRule struct {
    // Identifies the principal that issued the JWT. See `here
    //  <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address.
    //
    // Example: https://securetoken.google.com
    // Example: 1234567-compute@developer.gserviceaccount.com
    //
    Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
    // The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
    // allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
    // will not check audiences in the token.
    //
    // Example:
    //
    // .. code-block:: yaml
    //
    //     audiences:
    //     - bookstore_android.apps.googleusercontent.com
    //       bookstore_web.apps.googleusercontent.com
    //
    Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
    // `JSON Web Key Set <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed. to validate
    // signature of the JWT. This field specifies where to fetch JWKS.
    //
    // Types that are valid to be assigned to JwksSourceSpecifier:
    //	*JwtRule_RemoteJwks
    //	*JwtRule_LocalJwks
    JwksSourceSpecifier isJwtRule_JwksSourceSpecifier `protobuf_oneof:"jwks_source_specifier"`
    // If false, the JWT is removed in the request after a success verification. If true, the JWT is
    // not removed in the request. Default value is false.
    Forward bool `protobuf:"varint,5,opt,name=forward,proto3" json:"forward,omitempty"`
    // Specify the HTTP headers to extract JWT token. For examples, following config:
    //
    // .. code-block:: yaml
    //
    //   from_headers:
    //   - name: x-goog-iap-jwt-assertion
    //
    // can be used to extract token from header::
    //
    //   x-goog-iap-jwt-assertion: <JWT>.
    //
    FromHeaders []*JwtHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders,proto3" json:"from_headers,omitempty"`
    // JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
    //
    // For example, if config is:
    //
    // .. code-block:: yaml
    //
    //   from_params:
    //   - jwt_token
    //
    // The JWT format in query parameter is::
    //
    //    /path?jwt_token=<JWT>
    //
    FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams,proto3" json:"from_params,omitempty"`
    // This field specifies the header name to forward a successfully verified JWT payload to the
    // backend. The forwarded data is::
    //
    //    base64_encoded(jwt_payload_in_JSON)
    //
    // If it is not specified, the payload will not be forwarded.
    // Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
    // same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
    // multiple JWTs from different issuers want to forward their payloads, their
    // `forward_payload_header` should be different.
    ForwardPayloadHeader string   `protobuf:"bytes,8,opt,name=forward_payload_header,json=forwardPayloadHeader,proto3" json:"forward_payload_header,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

This message specifies how a JSON Web Token (JWT) can be verified. See the [JWT format definition](https://tools.ietf.org/html/rfc7519) for details. Please see [OAuth2.0](https://tools.ietf.org/html/rfc6749) and [OIDC1.0](http://openid.net/connect) for the authentication flow.

Example:

“`yaml

issuer: https://example.com
audiences:
- bookstore_android.apps.googleusercontent.com
  bookstore_web.apps.googleusercontent.com
remote_jwks:
- http_uri:
  - uri: https://example.com/.well-known/jwks.json
    cluster: example_jwks_cluster
  cache_duration:
  - seconds: 300

“`

func (*JwtRule) Descriptor Uses

func (*JwtRule) Descriptor() ([]byte, []int)

func (*JwtRule) GetAudiences Uses

func (m *JwtRule) GetAudiences() []string

func (*JwtRule) GetForward Uses

func (m *JwtRule) GetForward() bool

func (*JwtRule) GetForwardPayloadHeader Uses

func (m *JwtRule) GetForwardPayloadHeader() string

func (*JwtRule) GetFromHeaders Uses

func (m *JwtRule) GetFromHeaders() []*JwtHeader

func (*JwtRule) GetFromParams Uses

func (m *JwtRule) GetFromParams() []string

func (*JwtRule) GetIssuer Uses

func (m *JwtRule) GetIssuer() string

func (*JwtRule) GetJwksSourceSpecifier Uses

func (m *JwtRule) GetJwksSourceSpecifier() isJwtRule_JwksSourceSpecifier

func (*JwtRule) GetLocalJwks Uses

func (m *JwtRule) GetLocalJwks() *DataSource

func (*JwtRule) GetRemoteJwks Uses

func (m *JwtRule) GetRemoteJwks() *RemoteJwks

func (*JwtRule) ProtoMessage Uses

func (*JwtRule) ProtoMessage()

func (*JwtRule) Reset Uses

func (m *JwtRule) Reset()

func (*JwtRule) String Uses

func (m *JwtRule) String() string

func (*JwtRule) XXX_DiscardUnknown Uses

func (m *JwtRule) XXX_DiscardUnknown()

func (*JwtRule) XXX_Marshal Uses

func (m *JwtRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JwtRule) XXX_Merge Uses

func (m *JwtRule) XXX_Merge(src proto.Message)

func (*JwtRule) XXX_OneofWrappers Uses

func (*JwtRule) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*JwtRule) XXX_Size Uses

func (m *JwtRule) XXX_Size() int

func (*JwtRule) XXX_Unmarshal Uses

func (m *JwtRule) XXX_Unmarshal(b []byte) error

type JwtRule_LocalJwks Uses

type JwtRule_LocalJwks struct {
    LocalJwks *DataSource `protobuf:"bytes,4,opt,name=local_jwks,json=localJwks,proto3,oneof"`
}

type JwtRule_RemoteJwks Uses

type JwtRule_RemoteJwks struct {
    RemoteJwks *RemoteJwks `protobuf:"bytes,3,opt,name=remote_jwks,json=remoteJwks,proto3,oneof"`
}

type RemoteJwks Uses

type RemoteJwks struct {
    // The HTTP URI to fetch the JWKS. For example:
    //
    // .. code-block:: yaml
    //
    //    http_uri:
    //    - uri: https://www.googleapis.com/oauth2/v1/certs
    //      cluster: jwt.www.googleapis.com|443
    //
    HttpUri *HttpUri `protobuf:"bytes,1,opt,name=http_uri,json=httpUri,proto3" json:"http_uri,omitempty"`
    // Duration after which the cached JWKS should be expired. If not specified, default cache
    // duration is 5 minutes.
    CacheDuration        *duration.Duration `protobuf:"bytes,2,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"`
    XXX_NoUnkeyedLiteral struct{}           `json:"-"`
    XXX_unrecognized     []byte             `json:"-"`
    XXX_sizecache        int32              `json:"-"`
}

This message specifies how to fetch JWKS from remote and how to cache it.

func (*RemoteJwks) Descriptor Uses

func (*RemoteJwks) Descriptor() ([]byte, []int)

func (*RemoteJwks) GetCacheDuration Uses

func (m *RemoteJwks) GetCacheDuration() *duration.Duration

func (*RemoteJwks) GetHttpUri Uses

func (m *RemoteJwks) GetHttpUri() *HttpUri

func (*RemoteJwks) ProtoMessage Uses

func (*RemoteJwks) ProtoMessage()

func (*RemoteJwks) Reset Uses

func (m *RemoteJwks) Reset()

func (*RemoteJwks) String Uses

func (m *RemoteJwks) String() string

func (*RemoteJwks) XXX_DiscardUnknown Uses

func (m *RemoteJwks) XXX_DiscardUnknown()

func (*RemoteJwks) XXX_Marshal Uses

func (m *RemoteJwks) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RemoteJwks) XXX_Merge Uses

func (m *RemoteJwks) XXX_Merge(src proto.Message)

func (*RemoteJwks) XXX_Size Uses

func (m *RemoteJwks) XXX_Size() int

func (*RemoteJwks) XXX_Unmarshal Uses

func (m *RemoteJwks) XXX_Unmarshal(b []byte) error

Package v2alpha1 imports 4 packages (graph) and is imported by 2 packages. Updated 2019-09-21. Refresh now. Tools for package owners.