Package io.envoyproxy.envoy.config.filter.http.ext_authz.v2

Class ExtAuthz

java.lang.Object
com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessage
com.google.protobuf.GeneratedMessageV3
io.envoyproxy.envoy.config.filter.http.ext_authz.v2.ExtAuthz
All Implemented Interfaces:
com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, ExtAuthzOrBuilder, Serializable
public final class ExtAuthz extends com.google.protobuf.GeneratedMessageV3 implements ExtAuthzOrBuilder
 [#next-free-field: 12]
Protobuf type envoy.config.filter.http.ext_authz.v2.ExtAuthz
See Also:

  • Field Details

    • GRPC_SERVICE_FIELD_NUMBER

      public static final int GRPC_SERVICE_FIELD_NUMBER
      See Also:

    • HTTP_SERVICE_FIELD_NUMBER

      public static final int HTTP_SERVICE_FIELD_NUMBER
      See Also:

    • FAILURE_MODE_ALLOW_FIELD_NUMBER

      public static final int FAILURE_MODE_ALLOW_FIELD_NUMBER
      See Also:

    • USE_ALPHA_FIELD_NUMBER

      public static final int USE_ALPHA_FIELD_NUMBER
      See Also:

    • WITH_REQUEST_BODY_FIELD_NUMBER

      public static final int WITH_REQUEST_BODY_FIELD_NUMBER
      See Also:

    • CLEAR_ROUTE_CACHE_FIELD_NUMBER

      public static final int CLEAR_ROUTE_CACHE_FIELD_NUMBER
      See Also:

    • STATUS_ON_ERROR_FIELD_NUMBER

      public static final int STATUS_ON_ERROR_FIELD_NUMBER
      See Also:

    • METADATA_CONTEXT_NAMESPACES_FIELD_NUMBER

      public static final int METADATA_CONTEXT_NAMESPACES_FIELD_NUMBER
      See Also:

    • FILTER_ENABLED_FIELD_NUMBER

      public static final int FILTER_ENABLED_FIELD_NUMBER
      See Also:

    • DENY_AT_DISABLE_FIELD_NUMBER

      public static final int DENY_AT_DISABLE_FIELD_NUMBER
      See Also:

    • INCLUDE_PEER_CERTIFICATE_FIELD_NUMBER

      public static final int INCLUDE_PEER_CERTIFICATE_FIELD_NUMBER
      See Also:

  • Method Details

    • newInstance

      protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
      Overrides:
      newInstance in class com.google.protobuf.GeneratedMessageV3

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

    • getServicesCase

      public ExtAuthz.ServicesCase getServicesCase()
      Specified by:
      getServicesCase in interface ExtAuthzOrBuilder

    • hasGrpcService

      public boolean hasGrpcService()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;
      Specified by:
      hasGrpcService in interface ExtAuthzOrBuilder
      Returns:
      Whether the grpcService field is set.

    • getGrpcService

      public GrpcService getGrpcService()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;
      Specified by:
      getGrpcService in interface ExtAuthzOrBuilder
      Returns:
      The grpcService.

    • getGrpcServiceOrBuilder

      public GrpcServiceOrBuilder getGrpcServiceOrBuilder()
       gRPC service configuration (default timeout: 200ms).
      .envoy.api.v2.core.GrpcService grpc_service = 1;
      Specified by:
      getGrpcServiceOrBuilder in interface ExtAuthzOrBuilder

    • hasHttpService

      public boolean hasHttpService()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
      Specified by:
      hasHttpService in interface ExtAuthzOrBuilder
      Returns:
      Whether the httpService field is set.

    • getHttpService

      public HttpService getHttpService()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
      Specified by:
      getHttpService in interface ExtAuthzOrBuilder
      Returns:
      The httpService.

    • getHttpServiceOrBuilder

      public HttpServiceOrBuilder getHttpServiceOrBuilder()
       HTTP service configuration (default timeout: 200ms).
      .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
      Specified by:
      getHttpServiceOrBuilder in interface ExtAuthzOrBuilder

    • getFailureModeAllow

      public boolean getFailureModeAllow()
        Changes filter's behaviour on errors:

  1. When set to true, the filter will *accept* client request even if the communication with
  the authorization service has failed, or if the authorization service has returned a HTTP 5xx
  error.

  2. When set to false, ext-authz will *reject* client requests and return a *Forbidden*
  response if the communication with the authorization service has failed, or if the
  authorization service has returned a HTTP 5xx error.

 Note that errors can be *always* tracked in the :ref:`stats
 <config_http_filters_ext_authz_stats>`.
      bool failure_mode_allow = 2;
      Specified by:
      getFailureModeAllow in interface ExtAuthzOrBuilder
      Returns:
      The failureModeAllow.

    • getUseAlpha

      @Deprecated public boolean getUseAlpha()
      Deprecated.
      envoy.config.filter.http.ext_authz.v2.ExtAuthz.use_alpha is deprecated. See envoy/config/filter/http/ext_authz/v2/ext_authz.proto;l=53
       [#not-implemented-hide: Support for this field has been removed.]
      bool use_alpha = 4 [deprecated = true, (.envoy.annotations.disallowed_by_default) = true];
      Specified by:
      getUseAlpha in interface ExtAuthzOrBuilder
      Returns:
      The useAlpha.

    • hasWithRequestBody

      public boolean hasWithRequestBody()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
      Specified by:
      hasWithRequestBody in interface ExtAuthzOrBuilder
      Returns:
      Whether the withRequestBody field is set.

    • getWithRequestBody

      public BufferSettings getWithRequestBody()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
      Specified by:
      getWithRequestBody in interface ExtAuthzOrBuilder
      Returns:
      The withRequestBody.

    • getWithRequestBodyOrBuilder

      public BufferSettingsOrBuilder getWithRequestBodyOrBuilder()
       Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
      .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
      Specified by:
      getWithRequestBodyOrBuilder in interface ExtAuthzOrBuilder

    • getClearRouteCache

      public boolean getClearRouteCache()
       Clears route cache in order to allow the external authorization service to correctly affect
 routing decisions. Filter clears all cached routes when:

 1. The field is set to *true*.

 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.

 3. At least one *authorization response header* is added to the client request, or is used for
 altering another client request header.
      bool clear_route_cache = 6;
      Specified by:
      getClearRouteCache in interface ExtAuthzOrBuilder
      Returns:
      The clearRouteCache.

    • hasStatusOnError

      public boolean hasStatusOnError()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;
      Specified by:
      hasStatusOnError in interface ExtAuthzOrBuilder
      Returns:
      Whether the statusOnError field is set.

    • getStatusOnError

      public HttpStatus getStatusOnError()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;
      Specified by:
      getStatusOnError in interface ExtAuthzOrBuilder
      Returns:
      The statusOnError.

    • getStatusOnErrorOrBuilder

      public HttpStatusOrBuilder getStatusOnErrorOrBuilder()
       Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
      .envoy.type.HttpStatus status_on_error = 7;
      Specified by:
      getStatusOnErrorOrBuilder in interface ExtAuthzOrBuilder

    • getMetadataContextNamespacesList

      public com.google.protobuf.ProtocolStringList getMetadataContextNamespacesList()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespacesList in interface ExtAuthzOrBuilder
      Returns:
      A list containing the metadataContextNamespaces.

    • getMetadataContextNamespacesCount

      public int getMetadataContextNamespacesCount()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespacesCount in interface ExtAuthzOrBuilder
      Returns:
      The count of metadataContextNamespaces.

    • getMetadataContextNamespaces

      public String getMetadataContextNamespaces(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespaces in interface ExtAuthzOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The metadataContextNamespaces at the given index.

    • getMetadataContextNamespacesBytes

      public com.google.protobuf.ByteString getMetadataContextNamespacesBytes(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.

 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
      repeated string metadata_context_namespaces = 8;
      Specified by:
      getMetadataContextNamespacesBytes in interface ExtAuthzOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the metadataContextNamespaces at the given index.

    • hasFilterEnabled

      public boolean hasFilterEnabled()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
      Specified by:
      hasFilterEnabled in interface ExtAuthzOrBuilder
      Returns:
      Whether the filterEnabled field is set.

    • getFilterEnabled

      public RuntimeFractionalPercent getFilterEnabled()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
      Specified by:
      getFilterEnabled in interface ExtAuthzOrBuilder
      Returns:
      The filterEnabled.

    • getFilterEnabledOrBuilder

      public RuntimeFractionalPercentOrBuilder getFilterEnabledOrBuilder()
       Specifies if the filter is enabled.

 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.

 If this field is not specified, the filter will be enabled for all requests.
      .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
      Specified by:
      getFilterEnabledOrBuilder in interface ExtAuthzOrBuilder

    • hasDenyAtDisable

      public boolean hasDenyAtDisable()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
      Specified by:
      hasDenyAtDisable in interface ExtAuthzOrBuilder
      Returns:
      Whether the denyAtDisable field is set.

    • getDenyAtDisable

      public RuntimeFeatureFlag getDenyAtDisable()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
      Specified by:
      getDenyAtDisable in interface ExtAuthzOrBuilder
      Returns:
      The denyAtDisable.

    • getDenyAtDisableOrBuilder

      public RuntimeFeatureFlagOrBuilder getDenyAtDisableOrBuilder()
       Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.

 If this field is not specified, all requests will be allowed when disabled.
      .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
      Specified by:
      getDenyAtDisableOrBuilder in interface ExtAuthzOrBuilder

    • getIncludePeerCertificate

      public boolean getIncludePeerCertificate()
       Specifies if the peer certificate is sent to the external service.

 When this field is true, Envoy will include the peer X.509 certificate, if available, in the
 :ref:`certificate<envoy_api_field_service.auth.v2.AttributeContext.Peer.certificate>`.
      bool include_peer_certificate = 10;
      Specified by:
      getIncludePeerCertificate in interface ExtAuthzOrBuilder
      Returns:
      The includePeerCertificate.

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3

    • writeTo

      public void writeTo(com.google.protobuf.CodedOutputStream output) throws IOException
      Specified by:
      writeTo in interface com.google.protobuf.MessageLite
      Overrides:
      writeTo in class com.google.protobuf.GeneratedMessageV3
      Throws:
      IOException

    • getSerializedSize

      public int getSerializedSize()
      Specified by:
      getSerializedSize in interface com.google.protobuf.MessageLite
      Overrides:
      getSerializedSize in class com.google.protobuf.GeneratedMessageV3

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface com.google.protobuf.Message
      Overrides:
      equals in class com.google.protobuf.AbstractMessage

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface com.google.protobuf.Message
      Overrides:
      hashCode in class com.google.protobuf.AbstractMessage

    • parseFrom

      public static ExtAuthz parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static ExtAuthz parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static ExtAuthz parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static ExtAuthz parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static ExtAuthz parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static ExtAuthz parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static ExtAuthz parseFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static ExtAuthz parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static ExtAuthz parseDelimitedFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static ExtAuthz parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseFrom

      public static ExtAuthz parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static ExtAuthz parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • newBuilderForType

      public ExtAuthz.Builder newBuilderForType()
      Specified by:
      newBuilderForType in interface com.google.protobuf.Message
      Specified by:
      newBuilderForType in interface com.google.protobuf.MessageLite

    • newBuilder

      public static ExtAuthz.Builder newBuilder()

    • newBuilder

      public static ExtAuthz.Builder newBuilder(ExtAuthz prototype)

    • toBuilder

      public ExtAuthz.Builder toBuilder()
      Specified by:
      toBuilder in interface com.google.protobuf.Message
      Specified by:
      toBuilder in interface com.google.protobuf.MessageLite

    • newBuilderForType

      protected ExtAuthz.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
      Specified by:
      newBuilderForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstance

      public static ExtAuthz getDefaultInstance()

    • parser

      public static com.google.protobuf.Parser<ExtAuthz> parser()

    • getParserForType

      public com.google.protobuf.Parser<ExtAuthz> getParserForType()
      Specified by:
      getParserForType in interface com.google.protobuf.Message
      Specified by:
      getParserForType in interface com.google.protobuf.MessageLite
      Overrides:
      getParserForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstanceForType

      public ExtAuthz getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder