Package io.envoyproxy.envoy.extensions.quic.connection_id_generator.quic_lb.v3

Interface ConfigOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
Config, Config.Builder
public interface ConfigOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Summary

    Modifier and Type
    Method
    Description
    SdsSecretConfig
    getEncryptionParameters()
    Configuration to fetch the encryption key and configuration version.
    SdsSecretConfigOrBuilder
    getEncryptionParametersOrBuilder()
    Configuration to fetch the encryption key and configuration version.
    int
    getExpectedServerIdLength()
    Optional validation of the expected server ID length.
    int
    getNonceLengthBytes()
    The nonce length must be at least 4 bytes.
    DataSource
    getServerId()
    Must be at least 1 octet.
    boolean
    getServerIdBase64Encoded()
    If true, indicates that the :ref:`server_id <envoy_v3_api_field_extensions.quic.connection_id_generator.quic_lb.v3.Config.server_id>` is base64 encoded.
    DataSourceOrBuilder
    getServerIdOrBuilder()
    Must be at least 1 octet.
    boolean
    getUnencryptedMode()
    Use the unencrypted mode.
    boolean
    hasEncryptionParameters()
    Configuration to fetch the encryption key and configuration version.
    boolean
    hasServerId()
    Must be at least 1 octet.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Method Details

    • hasServerId

      boolean hasServerId()
       Must be at least 1 octet.
 The length of server_id and nonce_length_bytes must be 18 or less.
 See https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers#name-server-id-allocation.
      .envoy.config.core.v3.DataSource server_id = 2 [(.validate.rules) = { ... }
      Returns:
      Whether the serverId field is set.

    • getServerId

      DataSource getServerId()
       Must be at least 1 octet.
 The length of server_id and nonce_length_bytes must be 18 or less.
 See https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers#name-server-id-allocation.
      .envoy.config.core.v3.DataSource server_id = 2 [(.validate.rules) = { ... }
      Returns:
      The serverId.

    • getServerIdOrBuilder

      DataSourceOrBuilder getServerIdOrBuilder()
       Must be at least 1 octet.
 The length of server_id and nonce_length_bytes must be 18 or less.
 See https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers#name-server-id-allocation.
      .envoy.config.core.v3.DataSource server_id = 2 [(.validate.rules) = { ... }

    • getServerIdBase64Encoded

      boolean getServerIdBase64Encoded()
       If true, indicates that the :ref:`server_id
 <envoy_v3_api_field_extensions.quic.connection_id_generator.quic_lb.v3.Config.server_id>` is base64 encoded.

 This can be useful if the ID may contain binary data and must be transmitted as a string, for example in
 an environment variable.
      bool server_id_base64_encoded = 6;
      Returns:
      The serverIdBase64Encoded.

    • getExpectedServerIdLength

      int getExpectedServerIdLength()
       Optional validation of the expected server ID length. If this is non-zero and the value in ``server_id``
 does not have a matching length, a configuration error is generated. This can be useful for validating
 that the server ID is valid.
      uint32 expected_server_id_length = 3 [(.validate.rules) = { ... }
      Returns:
      The expectedServerIdLength.

    • getNonceLengthBytes

      int getNonceLengthBytes()
       The nonce length must be at least 4 bytes.
 The length of server_id and nonce_length_bytes must be 18 bytes or less.
      uint32 nonce_length_bytes = 4 [(.validate.rules) = { ... }
      Returns:
      The nonceLengthBytes.

    • hasEncryptionParameters

      boolean hasEncryptionParameters()
       Configuration to fetch the encryption key and configuration version.

 The SDS service is for a :ref:`GenericSecret <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.GenericSecret>`.
 The data should populate :ref:`secrets <envoy_v3_api_field_extensions.transport_sockets.tls.v3.GenericSecret.secrets>`:

 "encryption_key" must contain the 16 byte encryption key.

 "configuration_version" must contain a 1 byte unsigned integer of value less than 7.
 See https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers#name-config-rotation.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig encryption_parameters = 5 [(.validate.rules) = { ... }
      Returns:
      Whether the encryptionParameters field is set.

    • getEncryptionParameters

      SdsSecretConfig getEncryptionParameters()
       Configuration to fetch the encryption key and configuration version.

 The SDS service is for a :ref:`GenericSecret <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.GenericSecret>`.
 The data should populate :ref:`secrets <envoy_v3_api_field_extensions.transport_sockets.tls.v3.GenericSecret.secrets>`:

 "encryption_key" must contain the 16 byte encryption key.

 "configuration_version" must contain a 1 byte unsigned integer of value less than 7.
 See https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers#name-config-rotation.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig encryption_parameters = 5 [(.validate.rules) = { ... }
      Returns:
      The encryptionParameters.

    • getEncryptionParametersOrBuilder

      SdsSecretConfigOrBuilder getEncryptionParametersOrBuilder()
       Configuration to fetch the encryption key and configuration version.

 The SDS service is for a :ref:`GenericSecret <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.GenericSecret>`.
 The data should populate :ref:`secrets <envoy_v3_api_field_extensions.transport_sockets.tls.v3.GenericSecret.secrets>`:

 "encryption_key" must contain the 16 byte encryption key.

 "configuration_version" must contain a 1 byte unsigned integer of value less than 7.
 See https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers#name-config-rotation.
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig encryption_parameters = 5 [(.validate.rules) = { ... }

    • getUnencryptedMode

      boolean getUnencryptedMode()
       Use the unencrypted mode. This is useful for testing or a simplified implementation of the
 downstream load balancer, but allows for linking different CIDs for the same connection, and
 leaks information about the valid server IDs in use. This mode does not comply with the RFC.

 Note that in this mode, :ref:`encryption_parameters
 <envoy_v3_api_field_extensions.quic.connection_id_generator.quic_lb.v3.Config.encryption_parameters>`
 is still required because it contains ``configuration_version``, which is still
 needed. ``encryption_key`` can be set to ``inline_string: '0000000000000000'``.
      bool unencrypted_mode = 1;
      Returns:
      The unencryptedMode.