Package io.envoyproxy.envoy.extensions.filters.http.aws_request_signing.v3

Interface AwsRequestSigningOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
AwsRequestSigning, AwsRequestSigning.Builder
public interface AwsRequestSigningOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Details

    • getServiceName

      String getServiceName()
       The `service namespace
 <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces>`_
 of the HTTP endpoint.

 Example: s3
      string service_name = 1 [(.validate.rules) = { ... }
      Returns:
      The serviceName.

    • getServiceNameBytes

      com.google.protobuf.ByteString getServiceNameBytes()
       The `service namespace
 <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces>`_
 of the HTTP endpoint.

 Example: s3
      string service_name = 1 [(.validate.rules) = { ... }
      Returns:
      The bytes for serviceName.

    • getRegion

      String getRegion()
       Optional region string. If region is not provided, the region will be retrieved from the environment
 or AWS configuration files. See :ref:`config_http_filters_aws_request_signing_region` for more details.

 When signing_algorithm is set to ``AWS_SIGV4`` the region is a standard AWS `region <https://docs.aws.amazon.com/general/latest/gr/rande.html>`_ string for the service
 hosting the HTTP endpoint.

 Example: ``us-west-2``

 When signing_algorithm is set to ``AWS_SIGV4A`` the region is used as a region set.

 A region set is a comma separated list of AWS regions, such as ``us-east-1,us-east-2`` or wildcard ``*``
 or even region strings containing wildcards such as ``us-east-*``

 Example: ``'*'``

 By configuring a region set, a SigV4A signed request can be sent to multiple regions, rather than being
 valid for only a single region destination.
      string region = 2;
      Returns:
      The region.

    • getRegionBytes

      com.google.protobuf.ByteString getRegionBytes()
       Optional region string. If region is not provided, the region will be retrieved from the environment
 or AWS configuration files. See :ref:`config_http_filters_aws_request_signing_region` for more details.

 When signing_algorithm is set to ``AWS_SIGV4`` the region is a standard AWS `region <https://docs.aws.amazon.com/general/latest/gr/rande.html>`_ string for the service
 hosting the HTTP endpoint.

 Example: ``us-west-2``

 When signing_algorithm is set to ``AWS_SIGV4A`` the region is used as a region set.

 A region set is a comma separated list of AWS regions, such as ``us-east-1,us-east-2`` or wildcard ``*``
 or even region strings containing wildcards such as ``us-east-*``

 Example: ``'*'``

 By configuring a region set, a SigV4A signed request can be sent to multiple regions, rather than being
 valid for only a single region destination.
      string region = 2;
      Returns:
      The bytes for region.

    • getHostRewrite

      String getHostRewrite()
       Indicates that before signing headers, the host header will be swapped with
 this value. If not set or empty, the original host header value
 will be used and no rewrite will happen.

 .. note::
     This rewrite affects both signing and host header forwarding. However, this
     option shouldn't be used with
     :ref:`HCM host rewrite <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>` given that the
     value set here would be used for signing whereas the value set in the HCM would be used
     for host header forwarding which is not the desired outcome.
      string host_rewrite = 3;
      Returns:
      The hostRewrite.

    • getHostRewriteBytes

      com.google.protobuf.ByteString getHostRewriteBytes()
       Indicates that before signing headers, the host header will be swapped with
 this value. If not set or empty, the original host header value
 will be used and no rewrite will happen.

 .. note::
     This rewrite affects both signing and host header forwarding. However, this
     option shouldn't be used with
     :ref:`HCM host rewrite <envoy_v3_api_field_config.route.v3.RouteAction.host_rewrite_literal>` given that the
     value set here would be used for signing whereas the value set in the HCM would be used
     for host header forwarding which is not the desired outcome.
      string host_rewrite = 3;
      Returns:
      The bytes for hostRewrite.

    • getUseUnsignedPayload

      boolean getUseUnsignedPayload()
       Instead of buffering the request to calculate the payload hash, use the literal string ``UNSIGNED-PAYLOAD``
 to calculate the payload hash. Not all services support this option. See the `S3
 <https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html>`_ policy for details.
      bool use_unsigned_payload = 4;
      Returns:
      The useUnsignedPayload.

    • getMatchExcludedHeadersList

      List<StringMatcher> getMatchExcludedHeadersList()
       A list of request header string matchers that will be excluded from signing. The excluded header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).

 Example:

 .. code-block:: yaml

  match_excluded_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will not be signed.
      repeated .envoy.type.matcher.v3.StringMatcher match_excluded_headers = 5;

    • getMatchExcludedHeaders

      StringMatcher getMatchExcludedHeaders(int index)
       A list of request header string matchers that will be excluded from signing. The excluded header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).

 Example:

 .. code-block:: yaml

  match_excluded_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will not be signed.
      repeated .envoy.type.matcher.v3.StringMatcher match_excluded_headers = 5;

    • getMatchExcludedHeadersCount

      int getMatchExcludedHeadersCount()
       A list of request header string matchers that will be excluded from signing. The excluded header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).

 Example:

 .. code-block:: yaml

  match_excluded_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will not be signed.
      repeated .envoy.type.matcher.v3.StringMatcher match_excluded_headers = 5;

    • getMatchExcludedHeadersOrBuilderList

      List<? extends StringMatcherOrBuilder> getMatchExcludedHeadersOrBuilderList()
       A list of request header string matchers that will be excluded from signing. The excluded header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).

 Example:

 .. code-block:: yaml

  match_excluded_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will not be signed.
      repeated .envoy.type.matcher.v3.StringMatcher match_excluded_headers = 5;

    • getMatchExcludedHeadersOrBuilder

      StringMatcherOrBuilder getMatchExcludedHeadersOrBuilder(int index)
       A list of request header string matchers that will be excluded from signing. The excluded header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).

 Example:

 .. code-block:: yaml

  match_excluded_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will not be signed.
      repeated .envoy.type.matcher.v3.StringMatcher match_excluded_headers = 5;

    • getSigningAlgorithmValue

      int getSigningAlgorithmValue()
       Optional Signing algorithm specifier, either ``AWS_SIGV4`` or ``AWS_SIGV4A``, defaulting to ``AWS_SIGV4``.
      .envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning.SigningAlgorithm signing_algorithm = 6;
      Returns:
      The enum numeric value on the wire for signingAlgorithm.

    • getSigningAlgorithm

      AwsRequestSigning.SigningAlgorithm getSigningAlgorithm()
       Optional Signing algorithm specifier, either ``AWS_SIGV4`` or ``AWS_SIGV4A``, defaulting to ``AWS_SIGV4``.
      .envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning.SigningAlgorithm signing_algorithm = 6;
      Returns:
      The signingAlgorithm.

    • hasQueryString

      boolean hasQueryString()
       If set, use the query string to store output of SigV4 or SigV4A calculation, rather than HTTP headers. The ``Authorization`` header will not be modified if ``query_string``
 is configured.

 Example:
 query_string: {}
      .envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning.QueryString query_string = 7;
      Returns:
      Whether the queryString field is set.

    • getQueryString

      AwsRequestSigning.QueryString getQueryString()
       If set, use the query string to store output of SigV4 or SigV4A calculation, rather than HTTP headers. The ``Authorization`` header will not be modified if ``query_string``
 is configured.

 Example:
 query_string: {}
      .envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning.QueryString query_string = 7;
      Returns:
      The queryString.

    • getQueryStringOrBuilder

      AwsRequestSigning.QueryStringOrBuilder getQueryStringOrBuilder()
       If set, use the query string to store output of SigV4 or SigV4A calculation, rather than HTTP headers. The ``Authorization`` header will not be modified if ``query_string``
 is configured.

 Example:
 query_string: {}
      .envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning.QueryString query_string = 7;

    • hasCredentialProvider

      boolean hasCredentialProvider()
       The credential provider for signing the request. This is optional and if not set,
 it will be retrieved using the procedure described in :ref:`config_http_filters_aws_request_signing`.
      .envoy.extensions.common.aws.v3.AwsCredentialProvider credential_provider = 8;
      Returns:
      Whether the credentialProvider field is set.

    • getCredentialProvider

      AwsCredentialProvider getCredentialProvider()
       The credential provider for signing the request. This is optional and if not set,
 it will be retrieved using the procedure described in :ref:`config_http_filters_aws_request_signing`.
      .envoy.extensions.common.aws.v3.AwsCredentialProvider credential_provider = 8;
      Returns:
      The credentialProvider.

    • getCredentialProviderOrBuilder

      AwsCredentialProviderOrBuilder getCredentialProviderOrBuilder()
       The credential provider for signing the request. This is optional and if not set,
 it will be retrieved using the procedure described in :ref:`config_http_filters_aws_request_signing`.
      .envoy.extensions.common.aws.v3.AwsCredentialProvider credential_provider = 8;

    • getMatchIncludedHeadersList

      List<StringMatcher> getMatchIncludedHeadersList()
       A list of request header string matchers that will be included during signing. The included header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).
 match_included_headers takes precedence over match_excluded_headers - if match_included_headers is set, only those headers will be signed and match_excluded_headers will be ignored.
 Required headers for signing such as ``host`` will always be signed regardless of this setting. The required headers are determined via ``CanonicalHeaders`` section in the AWS documentation `here <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request>`_.

 Example:

 .. code-block:: yaml

  match_included_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will be signed and all other headers will be excluded from signing except required headers.
      repeated .envoy.type.matcher.v3.StringMatcher match_included_headers = 9;

    • getMatchIncludedHeaders

      StringMatcher getMatchIncludedHeaders(int index)
       A list of request header string matchers that will be included during signing. The included header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).
 match_included_headers takes precedence over match_excluded_headers - if match_included_headers is set, only those headers will be signed and match_excluded_headers will be ignored.
 Required headers for signing such as ``host`` will always be signed regardless of this setting. The required headers are determined via ``CanonicalHeaders`` section in the AWS documentation `here <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request>`_.

 Example:

 .. code-block:: yaml

  match_included_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will be signed and all other headers will be excluded from signing except required headers.
      repeated .envoy.type.matcher.v3.StringMatcher match_included_headers = 9;

    • getMatchIncludedHeadersCount

      int getMatchIncludedHeadersCount()
       A list of request header string matchers that will be included during signing. The included header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).
 match_included_headers takes precedence over match_excluded_headers - if match_included_headers is set, only those headers will be signed and match_excluded_headers will be ignored.
 Required headers for signing such as ``host`` will always be signed regardless of this setting. The required headers are determined via ``CanonicalHeaders`` section in the AWS documentation `here <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request>`_.

 Example:

 .. code-block:: yaml

  match_included_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will be signed and all other headers will be excluded from signing except required headers.
      repeated .envoy.type.matcher.v3.StringMatcher match_included_headers = 9;

    • getMatchIncludedHeadersOrBuilderList

      List<? extends StringMatcherOrBuilder> getMatchIncludedHeadersOrBuilderList()
       A list of request header string matchers that will be included during signing. The included header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).
 match_included_headers takes precedence over match_excluded_headers - if match_included_headers is set, only those headers will be signed and match_excluded_headers will be ignored.
 Required headers for signing such as ``host`` will always be signed regardless of this setting. The required headers are determined via ``CanonicalHeaders`` section in the AWS documentation `here <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request>`_.

 Example:

 .. code-block:: yaml

  match_included_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will be signed and all other headers will be excluded from signing except required headers.
      repeated .envoy.type.matcher.v3.StringMatcher match_included_headers = 9;

    • getMatchIncludedHeadersOrBuilder

      StringMatcherOrBuilder getMatchIncludedHeadersOrBuilder(int index)
       A list of request header string matchers that will be included during signing. The included header can be matched by
 any patterns defined in the StringMatcher proto (e.g. exact string, prefix, regex, etc).
 match_included_headers takes precedence over match_excluded_headers - if match_included_headers is set, only those headers will be signed and match_excluded_headers will be ignored.
 Required headers for signing such as ``host`` will always be signed regardless of this setting. The required headers are determined via ``CanonicalHeaders`` section in the AWS documentation `here <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request>`_.

 Example:

 .. code-block:: yaml

  match_included_headers:
  - prefix: x-envoy
  - exact: foo
  - exact: bar

 When applied, all headers that start with ``x-envoy`` and headers ``foo`` and ``bar`` will be signed and all other headers will be excluded from signing except required headers.
      repeated .envoy.type.matcher.v3.StringMatcher match_included_headers = 9;