Package io.envoyproxy.envoy.extensions.filters.network.ext_authz.v3

Interface ExtAuthzOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
ExtAuthz, ExtAuthz.Builder
public interface ExtAuthzOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Details

    • getStatPrefix

      String getStatPrefix()
       The prefix to use when emitting statistics.
      string stat_prefix = 1 [(.validate.rules) = { ... }
      Returns:
      The statPrefix.

    • getStatPrefixBytes

      com.google.protobuf.ByteString getStatPrefixBytes()
       The prefix to use when emitting statistics.
      string stat_prefix = 1 [(.validate.rules) = { ... }
      Returns:
      The bytes for statPrefix.

    • hasGrpcService

      boolean hasGrpcService()
       The external authorization gRPC service configuration.
 The default timeout is set to 200ms by this filter.
      .envoy.config.core.v3.GrpcService grpc_service = 2;
      Returns:
      Whether the grpcService field is set.

    • getGrpcService

      GrpcService getGrpcService()
       The external authorization gRPC service configuration.
 The default timeout is set to 200ms by this filter.
      .envoy.config.core.v3.GrpcService grpc_service = 2;
      Returns:
      The grpcService.

    • getGrpcServiceOrBuilder

      GrpcServiceOrBuilder getGrpcServiceOrBuilder()
       The external authorization gRPC service configuration.
 The default timeout is set to 200ms by this filter.
      .envoy.config.core.v3.GrpcService grpc_service = 2;

    • getFailureModeAllow

      boolean getFailureModeAllow()
       The filter's behaviour in case the external authorization service does
 not respond back. When it is set to true, Envoy will also allow traffic in case of
 communication failure between authorization service and the proxy.
 Defaults to false.
      bool failure_mode_allow = 3;
      Returns:
      The failureModeAllow.

    • getIncludePeerCertificate

      boolean getIncludePeerCertificate()
       Specifies if the peer certificate is sent to the external service.

 When this field is true, Envoy will include the peer X.509 certificate, if available, in the
 :ref:`certificate<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.certificate>`.
      bool include_peer_certificate = 4;
      Returns:
      The includePeerCertificate.

    • getTransportApiVersionValue

      int getTransportApiVersionValue()
       API version for ext_authz transport protocol. This describes the ext_authz gRPC endpoint and
 version of Check{Request,Response} used on the wire.
      .envoy.config.core.v3.ApiVersion transport_api_version = 5 [(.validate.rules) = { ... }
      Returns:
      The enum numeric value on the wire for transportApiVersion.

    • getTransportApiVersion

      ApiVersion getTransportApiVersion()
       API version for ext_authz transport protocol. This describes the ext_authz gRPC endpoint and
 version of Check{Request,Response} used on the wire.
      .envoy.config.core.v3.ApiVersion transport_api_version = 5 [(.validate.rules) = { ... }
      Returns:
      The transportApiVersion.

    • hasFilterEnabledMetadata

      boolean hasFilterEnabledMetadata()
       Specifies if the filter is enabled with metadata matcher.
 If this field is not specified, the filter will be enabled for all requests.
      .envoy.type.matcher.v3.MetadataMatcher filter_enabled_metadata = 6;
      Returns:
      Whether the filterEnabledMetadata field is set.

    • getFilterEnabledMetadata

      MetadataMatcher getFilterEnabledMetadata()
       Specifies if the filter is enabled with metadata matcher.
 If this field is not specified, the filter will be enabled for all requests.
      .envoy.type.matcher.v3.MetadataMatcher filter_enabled_metadata = 6;
      Returns:
      The filterEnabledMetadata.

    • getFilterEnabledMetadataOrBuilder

      MetadataMatcherOrBuilder getFilterEnabledMetadataOrBuilder()
       Specifies if the filter is enabled with metadata matcher.
 If this field is not specified, the filter will be enabled for all requests.
      .envoy.type.matcher.v3.MetadataMatcher filter_enabled_metadata = 6;

    • getBootstrapMetadataLabelsKey

      String getBootstrapMetadataLabelsKey()
       Optional labels that will be passed to :ref:`labels<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.labels>` in
 :ref:`destination<envoy_v3_api_field_service.auth.v3.AttributeContext.destination>`.
 The labels will be read from :ref:`metadata<envoy_v3_api_msg_config.core.v3.Node>` with the specified key.
      string bootstrap_metadata_labels_key = 7;
      Returns:
      The bootstrapMetadataLabelsKey.

    • getBootstrapMetadataLabelsKeyBytes

      com.google.protobuf.ByteString getBootstrapMetadataLabelsKeyBytes()
       Optional labels that will be passed to :ref:`labels<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.labels>` in
 :ref:`destination<envoy_v3_api_field_service.auth.v3.AttributeContext.destination>`.
 The labels will be read from :ref:`metadata<envoy_v3_api_msg_config.core.v3.Node>` with the specified key.
      string bootstrap_metadata_labels_key = 7;
      Returns:
      The bytes for bootstrapMetadataLabelsKey.

    • getIncludeTlsSession

      boolean getIncludeTlsSession()
       Specifies if the TLS session level details like SNI are sent to the external service.

 When this field is true, Envoy will include the SNI name used for TLSClientHello, if available, in the
 :ref:`tls_session<envoy_v3_api_field_service.auth.v3.AttributeContext.tls_session>`.
      bool include_tls_session = 8;
      Returns:
      The includeTlsSession.

    • getSendTlsAlertOnDenial

      boolean getSendTlsAlertOnDenial()
       When set to ``true``, the filter will send a TLS ``access_denied(49)`` alert before closing
 the connection when authorization is denied. This provides better visibility to TLS clients
 about the reason for connection closure. This alert is only sent for TLS connections. The
 non-TLS connections will be closed without sending an alert.

 Defaults to ``false``.
      bool send_tls_alert_on_denial = 9;
      Returns:
      The sendTlsAlertOnDenial.

    • getMetadataContextNamespacesList

      List<String> getMetadataContextNamespacesList()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. The :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>`
 is passed as an opaque ``protobuf::Struct``.

 For example, if the ``proxy_protocol`` listener filter is used and populates TLV metadata,
 then the following will pass that metadata to the authorization server for making decisions
 based on proxy protocol information.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.listener.proxy_protocol
      repeated string metadata_context_namespaces = 10;
      Returns:
      A list containing the metadataContextNamespaces.

    • getMetadataContextNamespacesCount

      int getMetadataContextNamespacesCount()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. The :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>`
 is passed as an opaque ``protobuf::Struct``.

 For example, if the ``proxy_protocol`` listener filter is used and populates TLV metadata,
 then the following will pass that metadata to the authorization server for making decisions
 based on proxy protocol information.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.listener.proxy_protocol
      repeated string metadata_context_namespaces = 10;
      Returns:
      The count of metadataContextNamespaces.

    • getMetadataContextNamespaces

      String getMetadataContextNamespaces(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. The :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>`
 is passed as an opaque ``protobuf::Struct``.

 For example, if the ``proxy_protocol`` listener filter is used and populates TLV metadata,
 then the following will pass that metadata to the authorization server for making decisions
 based on proxy protocol information.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.listener.proxy_protocol
      repeated string metadata_context_namespaces = 10;
      Parameters:
      index - The index of the element to return.
      Returns:
      The metadataContextNamespaces at the given index.

    • getMetadataContextNamespacesBytes

      com.google.protobuf.ByteString getMetadataContextNamespacesBytes(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. The :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>`
 is passed as an opaque ``protobuf::Struct``.

 For example, if the ``proxy_protocol`` listener filter is used and populates TLV metadata,
 then the following will pass that metadata to the authorization server for making decisions
 based on proxy protocol information.

 .. code-block:: yaml

    metadata_context_namespaces:
    - envoy.filters.listener.proxy_protocol
      repeated string metadata_context_namespaces = 10;
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the metadataContextNamespaces at the given index.

    • getTypedMetadataContextNamespacesList

      List<String> getTypedMetadataContextNamespacesList()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>`
 is passed as a ``protobuf::Any``.

 This works similarly to ``metadata_context_namespaces`` but allows Envoy and the ext_authz server to share
 the protobuf message definition in order to perform safe parsing.
      repeated string typed_metadata_context_namespaces = 11;
      Returns:
      A list containing the typedMetadataContextNamespaces.

    • getTypedMetadataContextNamespacesCount

      int getTypedMetadataContextNamespacesCount()
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>`
 is passed as a ``protobuf::Any``.

 This works similarly to ``metadata_context_namespaces`` but allows Envoy and the ext_authz server to share
 the protobuf message definition in order to perform safe parsing.
      repeated string typed_metadata_context_namespaces = 11;
      Returns:
      The count of typedMetadataContextNamespaces.

    • getTypedMetadataContextNamespaces

      String getTypedMetadataContextNamespaces(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>`
 is passed as a ``protobuf::Any``.

 This works similarly to ``metadata_context_namespaces`` but allows Envoy and the ext_authz server to share
 the protobuf message definition in order to perform safe parsing.
      repeated string typed_metadata_context_namespaces = 11;
      Parameters:
      index - The index of the element to return.
      Returns:
      The typedMetadataContextNamespaces at the given index.

    • getTypedMetadataContextNamespacesBytes

      com.google.protobuf.ByteString getTypedMetadataContextNamespacesBytes(int index)
       Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>`
 is passed as a ``protobuf::Any``.

 This works similarly to ``metadata_context_namespaces`` but allows Envoy and the ext_authz server to share
 the protobuf message definition in order to perform safe parsing.
      repeated string typed_metadata_context_namespaces = 11;
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the typedMetadataContextNamespaces at the given index.