Package io.envoyproxy.envoy.config.filter.http.ext_authz.v2

Interface ExtAuthzOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    ExtAuthz, ExtAuthz.Builder
    public interface ExtAuthzOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Detail

      • hasGrpcService

        boolean hasGrpcService()
         gRPC service configuration (default timeout: 200ms).
        .envoy.api.v2.core.GrpcService grpc_service = 1;
        Returns:
        Whether the grpcService field is set.

      • getGrpcService

        GrpcService getGrpcService()
         gRPC service configuration (default timeout: 200ms).
        .envoy.api.v2.core.GrpcService grpc_service = 1;
        Returns:
        The grpcService.

      • getGrpcServiceOrBuilder

        GrpcServiceOrBuilder getGrpcServiceOrBuilder()
         gRPC service configuration (default timeout: 200ms).
        .envoy.api.v2.core.GrpcService grpc_service = 1;

      • hasHttpService

        boolean hasHttpService()
         HTTP service configuration (default timeout: 200ms).
        .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
        Returns:
        Whether the httpService field is set.

      • getHttpService

        HttpService getHttpService()
         HTTP service configuration (default timeout: 200ms).
        .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;
        Returns:
        The httpService.

      • getHttpServiceOrBuilder

        HttpServiceOrBuilder getHttpServiceOrBuilder()
         HTTP service configuration (default timeout: 200ms).
        .envoy.config.filter.http.ext_authz.v2.HttpService http_service = 3;

      • getFailureModeAllow

        boolean getFailureModeAllow()
          Changes filter's behaviour on errors:
  1. When set to true, the filter will *accept* client request even if the communication with
  the authorization service has failed, or if the authorization service has returned a HTTP 5xx
  error.
  2. When set to false, ext-authz will *reject* client requests and return a *Forbidden*
  response if the communication with the authorization service has failed, or if the
  authorization service has returned a HTTP 5xx error.
 Note that errors can be *always* tracked in the :ref:`stats
 <config_http_filters_ext_authz_stats>`.
        bool failure_mode_allow = 2;
        Returns:
        The failureModeAllow.

      • getUseAlpha

        @Deprecated
boolean getUseAlpha()
        Deprecated.
        envoy.config.filter.http.ext_authz.v2.ExtAuthz.use_alpha is deprecated. See envoy/config/filter/http/ext_authz/v2/ext_authz.proto;l=53
         [#not-implemented-hide: Support for this field has been removed.]
        bool use_alpha = 4 [deprecated = true, (.envoy.annotations.disallowed_by_default) = true];
        Returns:
        The useAlpha.

      • hasWithRequestBody

        boolean hasWithRequestBody()
         Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
        .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
        Returns:
        Whether the withRequestBody field is set.

      • getWithRequestBody

        BufferSettings getWithRequestBody()
         Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
        .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;
        Returns:
        The withRequestBody.

      • getWithRequestBodyOrBuilder

        BufferSettingsOrBuilder getWithRequestBodyOrBuilder()
         Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
        .envoy.config.filter.http.ext_authz.v2.BufferSettings with_request_body = 5;

      • getClearRouteCache

        boolean getClearRouteCache()
         Clears route cache in order to allow the external authorization service to correctly affect
 routing decisions. Filter clears all cached routes when:
 1. The field is set to *true*.
 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.
 3. At least one *authorization response header* is added to the client request, or is used for
 altering another client request header.
        bool clear_route_cache = 6;
        Returns:
        The clearRouteCache.

      • hasStatusOnError

        boolean hasStatusOnError()
         Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
        .envoy.type.HttpStatus status_on_error = 7;
        Returns:
        Whether the statusOnError field is set.

      • getStatusOnError

        HttpStatus getStatusOnError()
         Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
        .envoy.type.HttpStatus status_on_error = 7;
        Returns:
        The statusOnError.

      • getStatusOnErrorOrBuilder

        HttpStatusOrBuilder getStatusOnErrorOrBuilder()
         Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
        .envoy.type.HttpStatus status_on_error = 7;

      • getMetadataContextNamespacesList

        List<String> getMetadataContextNamespacesList()
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.
 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Returns:
        A list containing the metadataContextNamespaces.

      • getMetadataContextNamespacesCount

        int getMetadataContextNamespacesCount()
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.
 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Returns:
        The count of metadataContextNamespaces.

      • getMetadataContextNamespaces

        String getMetadataContextNamespaces​(int index)
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.
 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Parameters:
        index - The index of the element to return.
        Returns:
        The metadataContextNamespaces at the given index.

      • getMetadataContextNamespacesBytes

        com.google.protobuf.ByteString getMetadataContextNamespacesBytes​(int index)
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service as an opaque *protobuf::Struct*.
 For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
 <envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the metadataContextNamespaces at the given index.

      • hasFilterEnabled

        boolean hasFilterEnabled()
         Specifies if the filter is enabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
        Returns:
        Whether the filterEnabled field is set.

      • getFilterEnabled

        RuntimeFractionalPercent getFilterEnabled()
         Specifies if the filter is enabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;
        Returns:
        The filterEnabled.

      • getFilterEnabledOrBuilder

        RuntimeFractionalPercentOrBuilder getFilterEnabledOrBuilder()
         Specifies if the filter is enabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.api.v2.core.RuntimeFractionalPercent filter_enabled = 9;

      • hasDenyAtDisable

        boolean hasDenyAtDisable()
         Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.
 If this field is not specified, all requests will be allowed when disabled.
        .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
        Returns:
        Whether the denyAtDisable field is set.

      • getDenyAtDisable

        RuntimeFeatureFlag getDenyAtDisable()
         Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.
 If this field is not specified, all requests will be allowed when disabled.
        .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;
        Returns:
        The denyAtDisable.

      • getDenyAtDisableOrBuilder

        RuntimeFeatureFlagOrBuilder getDenyAtDisableOrBuilder()
         Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_api_field_core.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.
 If this field is not specified, all requests will be allowed when disabled.
        .envoy.api.v2.core.RuntimeFeatureFlag deny_at_disable = 11;

      • getIncludePeerCertificate

        boolean getIncludePeerCertificate()
         Specifies if the peer certificate is sent to the external service.
 When this field is true, Envoy will include the peer X.509 certificate, if available, in the
 :ref:`certificate<envoy_api_field_service.auth.v2.AttributeContext.Peer.certificate>`.
        bool include_peer_certificate = 10;
        Returns:
        The includePeerCertificate.