Package io.envoyproxy.envoy.config.filter.http.ext_authz.v2

Class ExtAuthz.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderT>
com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>
io.envoyproxy.envoy.config.filter.http.ext_authz.v2.ExtAuthz.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, ExtAuthzOrBuilder, Cloneable
Enclosing class:
ExtAuthz
public static final class ExtAuthz.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder> implements ExtAuthzOrBuilder
 [#next-free-field: 12]
Protobuf type envoy.config.filter.http.ext_authz.v2.ExtAuthz

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • clear

      public ExtAuthz.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • getDefaultInstanceForType

      public ExtAuthz getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public ExtAuthz build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public ExtAuthz buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public ExtAuthz.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • setField

      public ExtAuthz.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • clearField

      public ExtAuthz.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • clearOneof

      public ExtAuthz.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • setRepeatedField

      public ExtAuthz.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • addRepeatedField

      public ExtAuthz.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • mergeFrom

      public ExtAuthz.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<ExtAuthz.Builder>

    • mergeFrom

      public ExtAuthz.Builder mergeFrom(ExtAuthz other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • mergeFrom

      public ExtAuthz.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<ExtAuthz.Builder>
      Throws:
      IOException

    • getServicesCase

      public ExtAuthz.ServicesCase getServicesCase()
      Specified by:
      getServicesCase in interface ExtAuthzOrBuilder

    • clearServices

      public ExtAuthz.Builder clearServices()

    • hasGrpcService

      public boolean hasGrpcService()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;
      Specified by:
      hasGrpcService in interface ExtAuthzOrBuilder
      Returns:
      Whether the grpcService field is set.

    • getGrpcService

      public GrpcService getGrpcService()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;
      Specified by:
      getGrpcService in interface ExtAuthzOrBuilder
      Returns:
      The grpcService.

    • setGrpcService

      public ExtAuthz.Builder setGrpcService(GrpcService value)
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;

    • setGrpcService

      public ExtAuthz.Builder setGrpcService(GrpcService.Builder builderForValue)
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;

    • mergeGrpcService

      public ExtAuthz.Builder mergeGrpcService(GrpcService value)
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;

    • clearGrpcService

      public ExtAuthz.Builder clearGrpcService()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;

    • getGrpcServiceBuilder

      public GrpcService.Builder getGrpcServiceBuilder()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;

    • getGrpcServiceOrBuilder

      public GrpcServiceOrBuilder getGrpcServiceOrBuilder()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;
      Specified by:
      getGrpcServiceOrBuilder in interface ExtAuthzOrBuilder

    • hasHttpService

      public boolean hasHttpService()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
      Specified by:
      hasHttpService in interface ExtAuthzOrBuilder
      Returns:
      Whether the httpService field is set.

    • getHttpService

      public HttpService getHttpService()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
      Specified by:
      getHttpService in interface ExtAuthzOrBuilder
      Returns:
      The httpService.

    • setHttpService

      public ExtAuthz.Builder setHttpService(HttpService value)
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;

    • setHttpService

      public ExtAuthz.Builder setHttpService(HttpService.Builder builderForValue)
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;

    • mergeHttpService

      public ExtAuthz.Builder mergeHttpService(HttpService value)
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;

    • clearHttpService

      public ExtAuthz.Builder clearHttpService()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;

    • getHttpServiceBuilder

      public HttpService.Builder getHttpServiceBuilder()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;

    • getHttpServiceOrBuilder

      public HttpServiceOrBuilder getHttpServiceOrBuilder()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
      Specified by:
      getHttpServiceOrBuilder in interface ExtAuthzOrBuilder

    • getFailureModeAllow

      public boolean getFailureModeAllow()
        Changes filter's behaviour on errors:

  1. When set to true, the filter will *accept* client request even if the communication with
  the authorization service has failed, or if the authorization service has returned a HTTP 5xx
  error.

  2. When set to false, ext-authz will *reject* client requests and return a *Forbidden*
  response if the communication with the authorization service has failed, or if the
  authorization service has returned a HTTP 5xx error.

 Note that errors can be *always* tracked in the :ref:`stats
 <config_http_filters_ext_authz_stats>`.
      bool failure_mode_allow = 2;
      Specified by:
      getFailureModeAllow in interface ExtAuthzOrBuilder
      Returns:
      The failureModeAllow.

    • setFailureModeAllow

      public ExtAuthz.Builder setFailureModeAllow(boolean value)
        Changes filter's behaviour on errors:

  1. When set to true, the filter will *accept* client request even if the communication with
  the authorization service has failed, or if the authorization service has returned a HTTP 5xx
  error.

  2. When set to false, ext-authz will *reject* client requests and return a *Forbidden*
  response if the communication with the authorization service has failed, or if the
  authorization service has returned a HTTP 5xx error.

 Note that errors can be *always* tracked in the :ref:`stats
 <config_http_filters_ext_authz_stats>`.
      bool failure_mode_allow = 2;
      Parameters:
      value - The failureModeAllow to set.
      Returns:
      This builder for chaining.

    • clearFailureModeAllow

      public ExtAuthz.Builder clearFailureModeAllow()
        Changes filter's behaviour on errors:

  1. When set to true, the filter will *accept* client request even if the communication with
  the authorization service has failed, or if the authorization service has returned a HTTP 5xx
  error.

  2. When set to false, ext-authz will *reject* client requests and return a *Forbidden*
  response if the communication with the authorization service has failed, or if the
  authorization service has returned a HTTP 5xx error.

 Note that errors can be *always* tracked in the :ref:`stats
 <config_http_filters_ext_authz_stats>`.
      bool failure_mode_allow = 2;
      Returns:
      This builder for chaining.

    • getUseAlpha

      @Deprecated public boolean getUseAlpha()
      Deprecated.
      envoy.config.filter.http.ext_authz.v2.ExtAuthz.use_alpha is deprecated. See envoy/config/filter/http/ext_authz/v2/ext_authz.proto;l=53
       [#not-implemented-hide: Support for this field has been removed.]
      bool use_alpha = 4 [deprecated = true, (.envoy.annotations.disallowed_by_default) = true];
      Specified by:
      getUseAlpha in interface ExtAuthzOrBuilder
      Returns:
      The useAlpha.

    • setUseAlpha

      @Deprecated public ExtAuthz.Builder setUseAlpha(boolean value)
      Deprecated.
      envoy.config.filter.http.ext_authz.v2.ExtAuthz.use_alpha is deprecated. See envoy/config/filter/http/ext_authz/v2/ext_authz.proto;l=53
       [#not-implemented-hide: Support for this field has been removed.]
      bool use_alpha = 4 [deprecated = true, (.envoy.annotations.disallowed_by_default) = true];
      Parameters:
      value - The useAlpha to set.
      Returns:
      This builder for chaining.

    • clearUseAlpha

      @Deprecated public ExtAuthz.Builder clearUseAlpha()
      Deprecated.
      envoy.config.filter.http.ext_authz.v2.ExtAuthz.use_alpha is deprecated. See envoy/config/filter/http/ext_authz/v2/ext_authz.proto;l=53
       [#not-implemented-hide: Support for this field has been removed.]
      bool use_alpha = 4 [deprecated = true, (.envoy.annotations.disallowed_by_default) = true];
      Returns:
      This builder for chaining.

    • hasWithRequestBody

      public boolean hasWithRequestBody()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
      Specified by:
      hasWithRequestBody in interface ExtAuthzOrBuilder
      Returns:
      Whether the withRequestBody field is set.

    • getWithRequestBody

      public BufferSettings getWithRequestBody()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
      Specified by:
      getWithRequestBody in interface ExtAuthzOrBuilder
      Returns:
      The withRequestBody.

    • setWithRequestBody

      public ExtAuthz.Builder setWithRequestBody(BufferSettings value)
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;

    • setWithRequestBody

      public ExtAuthz.Builder setWithRequestBody(BufferSettings.Builder builderForValue)
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;

    • mergeWithRequestBody

      public ExtAuthz.Builder mergeWithRequestBody(BufferSettings value)
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;

    • clearWithRequestBody

      public ExtAuthz.Builder clearWithRequestBody()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;

    • getWithRequestBodyBuilder

      public BufferSettings.Builder getWithRequestBodyBuilder()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;

    • getWithRequestBodyOrBuilder

      public BufferSettingsOrBuilder getWithRequestBodyOrBuilder()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
      Specified by:
      getWithRequestBodyOrBuilder in interface ExtAuthzOrBuilder

    • getClearRouteCache

      public boolean getClearRouteCache()
       Clears route cache in order to allow the external authorization service to correctly affect
 routing decisions. Filter clears all cached routes when:

 1. The field is set to *true*.

 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.

 3. At least one *authorization response header* is added to the client request, or is used for
 altering another client request header.
      bool clear_route_cache = 6;
      Specified by:
      getClearRouteCache in interface ExtAuthzOrBuilder
      Returns:
      The clearRouteCache.

    • setClearRouteCache

      public ExtAuthz.Builder setClearRouteCache(boolean value)
       Clears route cache in order to allow the external authorization service to correctly affect
 routing decisions. Filter clears all cached routes when:

 1. The field is set to *true*.

 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.

 3. At least one *authorization response header* is added to the client request, or is used for
 altering another client request header.
      bool clear_route_cache = 6;
      Parameters:
      value - The clearRouteCache to set.
      Returns:
      This builder for chaining.

    • clearClearRouteCache

      public ExtAuthz.Builder clearClearRouteCache()
       Clears route cache in order to allow the external authorization service to correctly affect
 routing decisions. Filter clears all cached routes when:

 1. The field is set to *true*.

 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.

 3. At least one *authorization response header* is added to the client request, or is used for
 altering another client request header.
      bool clear_route_cache = 6;
      Returns:
      This builder for chaining.

    • hasStatusOnError

      public boolean hasStatusOnError()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;
      Specified by:
      hasStatusOnError in interface ExtAuthzOrBuilder
      Returns:
      Whether the statusOnError field is set.

    • getStatusOnError

      public HttpStatus getStatusOnError()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;
      Specified by:
      getStatusOnError in interface ExtAuthzOrBuilder
      Returns:
      The statusOnError.

    • setStatusOnError

      public ExtAuthz.Builder setStatusOnError(HttpStatus value)
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;

    • setStatusOnError

      public ExtAuthz.Builder setStatusOnError(HttpStatus.Builder builderForValue)
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;

    • mergeStatusOnError

      public ExtAuthz.Builder mergeStatusOnError(HttpStatus value)
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;

    • clearStatusOnError

      public ExtAuthz.Builder clearStatusOnError()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;

    • getStatusOnErrorBuilder

      public HttpStatus.Builder getStatusOnErrorBuilder()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;

    • getStatusOnErrorOrBuilder

      public HttpStatusOrBuilder getStatusOnErrorOrBuilder()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;
      Specified by:
      getStatusOnErrorOrBuilder in interface ExtAuthzOrBuilder

    • getMetadataContextNamespacesList

      public com.google.protobuf.ProtocolStringList getMetadataContextNamespacesList()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespacesList in interface ExtAuthzOrBuilder
      Returns:
      A list containing the metadataContextNamespaces.

    • getMetadataContextNamespacesCount

      public int getMetadataContextNamespacesCount()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespacesCount in interface ExtAuthzOrBuilder
      Returns:
      The count of metadataContextNamespaces.

    • getMetadataContextNamespaces

      public String getMetadataContextNamespaces(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespaces in interface ExtAuthzOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The metadataContextNamespaces at the given index.

    • getMetadataContextNamespacesBytes

      public com.google.protobuf.ByteString getMetadataContextNamespacesBytes(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespacesBytes in interface ExtAuthzOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the metadataContextNamespaces at the given index.

    • setMetadataContextNamespaces

      public ExtAuthz.Builder setMetadataContextNamespaces(int index, String value)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Parameters:
      index - The index to set the value at.
      value - The metadataContextNamespaces to set.
      Returns:
      This builder for chaining.

    • addMetadataContextNamespaces

      public ExtAuthz.Builder addMetadataContextNamespaces(String value)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Parameters:
      value - The metadataContextNamespaces to add.
      Returns:
      This builder for chaining.

    • addAllMetadataContextNamespaces

      public ExtAuthz.Builder addAllMetadataContextNamespaces(Iterable<String> values)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Parameters:
      values - The metadataContextNamespaces to add.
      Returns:
      This builder for chaining.

    • clearMetadataContextNamespaces

      public ExtAuthz.Builder clearMetadataContextNamespaces()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Returns:
      This builder for chaining.

    • addMetadataContextNamespacesBytes

      public ExtAuthz.Builder addMetadataContextNamespacesBytes(com.google.protobuf.ByteString value)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Parameters:
      value - The bytes of the metadataContextNamespaces to add.
      Returns:
      This builder for chaining.

    • hasFilterEnabled

      public boolean hasFilterEnabled()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
      Specified by:
      hasFilterEnabled in interface ExtAuthzOrBuilder
      Returns:
      Whether the filterEnabled field is set.

    • getFilterEnabled

      public RuntimeFractionalPercent getFilterEnabled()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
      Specified by:
      getFilterEnabled in interface ExtAuthzOrBuilder
      Returns:
      The filterEnabled.

    • setFilterEnabled

      public ExtAuthz.Builder setFilterEnabled(RuntimeFractionalPercent value)
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;

    • setFilterEnabled

      public ExtAuthz.Builder setFilterEnabled(RuntimeFractionalPercent.Builder builderForValue)
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;

    • mergeFilterEnabled

      public ExtAuthz.Builder mergeFilterEnabled(RuntimeFractionalPercent value)
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;

    • clearFilterEnabled

      public ExtAuthz.Builder clearFilterEnabled()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;

    • getFilterEnabledBuilder

      public RuntimeFractionalPercent.Builder getFilterEnabledBuilder()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;

    • getFilterEnabledOrBuilder

      public RuntimeFractionalPercentOrBuilder getFilterEnabledOrBuilder()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
      Specified by:
      getFilterEnabledOrBuilder in interface ExtAuthzOrBuilder

    • hasDenyAtDisable

      public boolean hasDenyAtDisable()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
      Specified by:
      hasDenyAtDisable in interface ExtAuthzOrBuilder
      Returns:
      Whether the denyAtDisable field is set.

    • getDenyAtDisable

      public RuntimeFeatureFlag getDenyAtDisable()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
      Specified by:
      getDenyAtDisable in interface ExtAuthzOrBuilder
      Returns:
      The denyAtDisable.

    • setDenyAtDisable

      public ExtAuthz.Builder setDenyAtDisable(RuntimeFeatureFlag value)
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;

    • setDenyAtDisable

      public ExtAuthz.Builder setDenyAtDisable(RuntimeFeatureFlag.Builder builderForValue)
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;

    • mergeDenyAtDisable

      public ExtAuthz.Builder mergeDenyAtDisable(RuntimeFeatureFlag value)
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;

    • clearDenyAtDisable

      public ExtAuthz.Builder clearDenyAtDisable()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;

    • getDenyAtDisableBuilder

      public RuntimeFeatureFlag.Builder getDenyAtDisableBuilder()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;

    • getDenyAtDisableOrBuilder

      public RuntimeFeatureFlagOrBuilder getDenyAtDisableOrBuilder()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
      Specified by:
      getDenyAtDisableOrBuilder in interface ExtAuthzOrBuilder

    • getIncludePeerCertificate

      public boolean getIncludePeerCertificate()
       Specifies if the peer certificate is sent to the external service.

 When this field is true, Envoy will include the peer X.509 certificate, if available, in the
 :ref:`certificate<envoy_api_field_service.auth.v2.AttributeContext.Peer.certificate>`.
      bool include_peer_certificate = 10;
      Specified by:
      getIncludePeerCertificate in interface ExtAuthzOrBuilder
      Returns:
      The includePeerCertificate.

    • setIncludePeerCertificate

      public ExtAuthz.Builder setIncludePeerCertificate(boolean value)
       Specifies if the peer certificate is sent to the external service.

 When this field is true, Envoy will include the peer X.509 certificate, if available, in the
 :ref:`certificate<envoy_api_field_service.auth.v2.AttributeContext.Peer.certificate>`.
      bool include_peer_certificate = 10;
      Parameters:
      value - The includePeerCertificate to set.
      Returns:
      This builder for chaining.

    • clearIncludePeerCertificate

      public ExtAuthz.Builder clearIncludePeerCertificate()
       Specifies if the peer certificate is sent to the external service.

 When this field is true, Envoy will include the peer X.509 certificate, if available, in the
 :ref:`certificate<envoy_api_field_service.auth.v2.AttributeContext.Peer.certificate>`.
      bool include_peer_certificate = 10;
      Returns:
      This builder for chaining.

    • setUnknownFields

      public final ExtAuthz.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>

    • mergeUnknownFields

      public final ExtAuthz.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<ExtAuthz.Builder>