Package io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3

Class ExtAuthz

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, ExtAuthzOrBuilder, Serializable
    public final class ExtAuthz
extends com.google.protobuf.GeneratedMessageV3
implements ExtAuthzOrBuilder
     [#next-free-field: 17]
    Protobuf type envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
    See Also:
    Serialized Form

    • Field Detail

      • GRPC_SERVICE_FIELD_NUMBER

        public static final int GRPC_SERVICE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • HTTP_SERVICE_FIELD_NUMBER

        public static final int HTTP_SERVICE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • TRANSPORT_API_VERSION_FIELD_NUMBER

        public static final int TRANSPORT_API_VERSION_FIELD_NUMBER
        See Also:
        Constant Field Values

      • FAILURE_MODE_ALLOW_FIELD_NUMBER

        public static final int FAILURE_MODE_ALLOW_FIELD_NUMBER
        See Also:
        Constant Field Values

      • WITH_REQUEST_BODY_FIELD_NUMBER

        public static final int WITH_REQUEST_BODY_FIELD_NUMBER
        See Also:
        Constant Field Values

      • CLEAR_ROUTE_CACHE_FIELD_NUMBER

        public static final int CLEAR_ROUTE_CACHE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • STATUS_ON_ERROR_FIELD_NUMBER

        public static final int STATUS_ON_ERROR_FIELD_NUMBER
        See Also:
        Constant Field Values

      • METADATA_CONTEXT_NAMESPACES_FIELD_NUMBER

        public static final int METADATA_CONTEXT_NAMESPACES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • TYPED_METADATA_CONTEXT_NAMESPACES_FIELD_NUMBER

        public static final int TYPED_METADATA_CONTEXT_NAMESPACES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • FILTER_ENABLED_FIELD_NUMBER

        public static final int FILTER_ENABLED_FIELD_NUMBER
        See Also:
        Constant Field Values

      • FILTER_ENABLED_METADATA_FIELD_NUMBER

        public static final int FILTER_ENABLED_METADATA_FIELD_NUMBER
        See Also:
        Constant Field Values

      • DENY_AT_DISABLE_FIELD_NUMBER

        public static final int DENY_AT_DISABLE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • INCLUDE_PEER_CERTIFICATE_FIELD_NUMBER

        public static final int INCLUDE_PEER_CERTIFICATE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • STAT_PREFIX_FIELD_NUMBER

        public static final int STAT_PREFIX_FIELD_NUMBER
        See Also:
        Constant Field Values

      • BOOTSTRAP_METADATA_LABELS_KEY_FIELD_NUMBER

        public static final int BOOTSTRAP_METADATA_LABELS_KEY_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getUnknownFields

        public final com.google.protobuf.UnknownFieldSet getUnknownFields()
        Specified by:
        getUnknownFields in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getUnknownFields in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • hasGrpcService

        public boolean hasGrpcService()
         gRPC service configuration (default timeout: 200ms).
        .envoy.config.core.v3.GrpcService grpc_service = 1;
        Specified by:
        hasGrpcService in interface ExtAuthzOrBuilder
        Returns:
        Whether the grpcService field is set.

      • getGrpcService

        public GrpcService getGrpcService()
         gRPC service configuration (default timeout: 200ms).
        .envoy.config.core.v3.GrpcService grpc_service = 1;
        Specified by:
        getGrpcService in interface ExtAuthzOrBuilder
        Returns:
        The grpcService.

      • hasHttpService

        public boolean hasHttpService()
         HTTP service configuration (default timeout: 200ms).
        .envoy.extensions.filters.http.ext_authz.v3.HttpService http_service = 3;
        Specified by:
        hasHttpService in interface ExtAuthzOrBuilder
        Returns:
        Whether the httpService field is set.

      • getHttpService

        public HttpService getHttpService()
         HTTP service configuration (default timeout: 200ms).
        .envoy.extensions.filters.http.ext_authz.v3.HttpService http_service = 3;
        Specified by:
        getHttpService in interface ExtAuthzOrBuilder
        Returns:
        The httpService.

      • getTransportApiVersionValue

        public int getTransportApiVersionValue()
         API version for ext_authz transport protocol. This describes the ext_authz gRPC endpoint and
 version of messages used on the wire.
        .envoy.config.core.v3.ApiVersion transport_api_version = 12 [(.validate.rules) = { ... }
        Specified by:
        getTransportApiVersionValue in interface ExtAuthzOrBuilder
        Returns:
        The enum numeric value on the wire for transportApiVersion.

      • getTransportApiVersion

        public ApiVersion getTransportApiVersion()
         API version for ext_authz transport protocol. This describes the ext_authz gRPC endpoint and
 version of messages used on the wire.
        .envoy.config.core.v3.ApiVersion transport_api_version = 12 [(.validate.rules) = { ... }
        Specified by:
        getTransportApiVersion in interface ExtAuthzOrBuilder
        Returns:
        The transportApiVersion.

      • getFailureModeAllow

        public boolean getFailureModeAllow()
          Changes filter's behaviour on errors:
  1. When set to true, the filter will ``accept`` client request even if the communication with
  the authorization service has failed, or if the authorization service has returned a HTTP 5xx
  error.
  2. When set to false, ext-authz will ``reject`` client requests and return a ``Forbidden``
  response if the communication with the authorization service has failed, or if the
  authorization service has returned a HTTP 5xx error.
 Note that errors can be ``always`` tracked in the :ref:`stats
 <config_http_filters_ext_authz_stats>`.
        bool failure_mode_allow = 2;
        Specified by:
        getFailureModeAllow in interface ExtAuthzOrBuilder
        Returns:
        The failureModeAllow.

      • hasWithRequestBody

        public boolean hasWithRequestBody()
         Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
        .envoy.extensions.filters.http.ext_authz.v3.BufferSettings with_request_body = 5;
        Specified by:
        hasWithRequestBody in interface ExtAuthzOrBuilder
        Returns:
        Whether the withRequestBody field is set.

      • getWithRequestBody

        public BufferSettings getWithRequestBody()
         Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
        .envoy.extensions.filters.http.ext_authz.v3.BufferSettings with_request_body = 5;
        Specified by:
        getWithRequestBody in interface ExtAuthzOrBuilder
        Returns:
        The withRequestBody.

      • getWithRequestBodyOrBuilder

        public BufferSettingsOrBuilder getWithRequestBodyOrBuilder()
         Enables filter to buffer the client request body and send it within the authorization request.
 A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
 request message indicating if the body data is partial.
        .envoy.extensions.filters.http.ext_authz.v3.BufferSettings with_request_body = 5;
        Specified by:
        getWithRequestBodyOrBuilder in interface ExtAuthzOrBuilder

      • getClearRouteCache

        public boolean getClearRouteCache()
         Clears route cache in order to allow the external authorization service to correctly affect
 routing decisions. Filter clears all cached routes when:
 1. The field is set to ``true``.
 2. The status returned from the authorization service is a HTTP 200 or gRPC 0.
 3. At least one ``authorization response header`` is added to the client request, or is used for
 altering another client request header.
        bool clear_route_cache = 6;
        Specified by:
        getClearRouteCache in interface ExtAuthzOrBuilder
        Returns:
        The clearRouteCache.

      • hasStatusOnError

        public boolean hasStatusOnError()
         Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
        .envoy.type.v3.HttpStatus status_on_error = 7;
        Specified by:
        hasStatusOnError in interface ExtAuthzOrBuilder
        Returns:
        Whether the statusOnError field is set.

      • getStatusOnError

        public HttpStatus getStatusOnError()
         Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
        .envoy.type.v3.HttpStatus status_on_error = 7;
        Specified by:
        getStatusOnError in interface ExtAuthzOrBuilder
        Returns:
        The statusOnError.

      • getStatusOnErrorOrBuilder

        public HttpStatusOrBuilder getStatusOnErrorOrBuilder()
         Sets the HTTP status that is returned to the client when there is a network error between the
 filter and the authorization server. The default status is HTTP 403 Forbidden.
        .envoy.type.v3.HttpStatus status_on_error = 7;
        Specified by:
        getStatusOnErrorOrBuilder in interface ExtAuthzOrBuilder

      • getMetadataContextNamespacesList

        public com.google.protobuf.ProtocolStringList getMetadataContextNamespacesList()
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` is passed as an opaque ``protobuf::Struct``.
 For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata
 <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Specified by:
        getMetadataContextNamespacesList in interface ExtAuthzOrBuilder
        Returns:
        A list containing the metadataContextNamespaces.

      • getMetadataContextNamespacesCount

        public int getMetadataContextNamespacesCount()
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` is passed as an opaque ``protobuf::Struct``.
 For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata
 <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Specified by:
        getMetadataContextNamespacesCount in interface ExtAuthzOrBuilder
        Returns:
        The count of metadataContextNamespaces.

      • getMetadataContextNamespaces

        public String getMetadataContextNamespaces​(int index)
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` is passed as an opaque ``protobuf::Struct``.
 For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata
 <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Specified by:
        getMetadataContextNamespaces in interface ExtAuthzOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The metadataContextNamespaces at the given index.

      • getMetadataContextNamespacesBytes

        public com.google.protobuf.ByteString getMetadataContextNamespacesBytes​(int index)
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` is passed as an opaque ``protobuf::Struct``.
 For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata
 <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set,
 then the following will pass the jwt payload to the authorization server.
 .. code-block:: yaml
    metadata_context_namespaces:
    - envoy.filters.http.jwt_authn
        repeated string metadata_context_namespaces = 8;
        Specified by:
        getMetadataContextNamespacesBytes in interface ExtAuthzOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the metadataContextNamespaces at the given index.

      • getTypedMetadataContextNamespacesList

        public com.google.protobuf.ProtocolStringList getTypedMetadataContextNamespacesList()
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` is passed as an ``protobuf::Any``.
 It works in a way similar to ``metadata_context_namespaces`` but allows envoy and external authz server to share the protobuf message definition
 in order to do a safe parsing.
        repeated string typed_metadata_context_namespaces = 16;
        Specified by:
        getTypedMetadataContextNamespacesList in interface ExtAuthzOrBuilder
        Returns:
        A list containing the typedMetadataContextNamespaces.

      • getTypedMetadataContextNamespacesCount

        public int getTypedMetadataContextNamespacesCount()
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` is passed as an ``protobuf::Any``.
 It works in a way similar to ``metadata_context_namespaces`` but allows envoy and external authz server to share the protobuf message definition
 in order to do a safe parsing.
        repeated string typed_metadata_context_namespaces = 16;
        Specified by:
        getTypedMetadataContextNamespacesCount in interface ExtAuthzOrBuilder
        Returns:
        The count of typedMetadataContextNamespaces.

      • getTypedMetadataContextNamespaces

        public String getTypedMetadataContextNamespaces​(int index)
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` is passed as an ``protobuf::Any``.
 It works in a way similar to ``metadata_context_namespaces`` but allows envoy and external authz server to share the protobuf message definition
 in order to do a safe parsing.
        repeated string typed_metadata_context_namespaces = 16;
        Specified by:
        getTypedMetadataContextNamespaces in interface ExtAuthzOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The typedMetadataContextNamespaces at the given index.

      • getTypedMetadataContextNamespacesBytes

        public com.google.protobuf.ByteString getTypedMetadataContextNamespacesBytes​(int index)
         Specifies a list of metadata namespaces whose values, if present, will be passed to the
 ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` is passed as an ``protobuf::Any``.
 It works in a way similar to ``metadata_context_namespaces`` but allows envoy and external authz server to share the protobuf message definition
 in order to do a safe parsing.
        repeated string typed_metadata_context_namespaces = 16;
        Specified by:
        getTypedMetadataContextNamespacesBytes in interface ExtAuthzOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the typedMetadataContextNamespaces at the given index.

      • hasFilterEnabled

        public boolean hasFilterEnabled()
         Specifies if the filter is enabled.
 If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.config.core.v3.RuntimeFractionalPercent filter_enabled = 9;
        Specified by:
        hasFilterEnabled in interface ExtAuthzOrBuilder
        Returns:
        Whether the filterEnabled field is set.

      • getFilterEnabled

        public RuntimeFractionalPercent getFilterEnabled()
         Specifies if the filter is enabled.
 If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.config.core.v3.RuntimeFractionalPercent filter_enabled = 9;
        Specified by:
        getFilterEnabled in interface ExtAuthzOrBuilder
        Returns:
        The filterEnabled.

      • getFilterEnabledOrBuilder

        public RuntimeFractionalPercentOrBuilder getFilterEnabledOrBuilder()
         Specifies if the filter is enabled.
 If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
 Envoy will lookup the runtime key to get the percentage of requests to filter.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.config.core.v3.RuntimeFractionalPercent filter_enabled = 9;
        Specified by:
        getFilterEnabledOrBuilder in interface ExtAuthzOrBuilder

      • hasFilterEnabledMetadata

        public boolean hasFilterEnabledMetadata()
         Specifies if the filter is enabled with metadata matcher.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.type.matcher.v3.MetadataMatcher filter_enabled_metadata = 14;
        Specified by:
        hasFilterEnabledMetadata in interface ExtAuthzOrBuilder
        Returns:
        Whether the filterEnabledMetadata field is set.

      • getFilterEnabledMetadata

        public MetadataMatcher getFilterEnabledMetadata()
         Specifies if the filter is enabled with metadata matcher.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.type.matcher.v3.MetadataMatcher filter_enabled_metadata = 14;
        Specified by:
        getFilterEnabledMetadata in interface ExtAuthzOrBuilder
        Returns:
        The filterEnabledMetadata.

      • getFilterEnabledMetadataOrBuilder

        public MetadataMatcherOrBuilder getFilterEnabledMetadataOrBuilder()
         Specifies if the filter is enabled with metadata matcher.
 If this field is not specified, the filter will be enabled for all requests.
        .envoy.type.matcher.v3.MetadataMatcher filter_enabled_metadata = 14;
        Specified by:
        getFilterEnabledMetadataOrBuilder in interface ExtAuthzOrBuilder

      • hasDenyAtDisable

        public boolean hasDenyAtDisable()
         Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.
 If this field is not specified, all requests will be allowed when disabled.
        .envoy.config.core.v3.RuntimeFeatureFlag deny_at_disable = 11;
        Specified by:
        hasDenyAtDisable in interface ExtAuthzOrBuilder
        Returns:
        Whether the denyAtDisable field is set.

      • getDenyAtDisable

        public RuntimeFeatureFlag getDenyAtDisable()
         Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.
 If this field is not specified, all requests will be allowed when disabled.
        .envoy.config.core.v3.RuntimeFeatureFlag deny_at_disable = 11;
        Specified by:
        getDenyAtDisable in interface ExtAuthzOrBuilder
        Returns:
        The denyAtDisable.

      • getDenyAtDisableOrBuilder

        public RuntimeFeatureFlagOrBuilder getDenyAtDisableOrBuilder()
         Specifies whether to deny the requests, when the filter is disabled.
 If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFeatureFlag.runtime_key>` is specified,
 Envoy will lookup the runtime key to determine whether to deny request for
 filter protected path at filter disabling. If filter is disabled in
 typed_per_filter_config for the path, requests will not be denied.
 If this field is not specified, all requests will be allowed when disabled.
        .envoy.config.core.v3.RuntimeFeatureFlag deny_at_disable = 11;
        Specified by:
        getDenyAtDisableOrBuilder in interface ExtAuthzOrBuilder

      • getIncludePeerCertificate

        public boolean getIncludePeerCertificate()
         Specifies if the peer certificate is sent to the external service.
 When this field is true, Envoy will include the peer X.509 certificate, if available, in the
 :ref:`certificate<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.certificate>`.
        bool include_peer_certificate = 10;
        Specified by:
        getIncludePeerCertificate in interface ExtAuthzOrBuilder
        Returns:
        The includePeerCertificate.

      • getStatPrefix

        public String getStatPrefix()
         Optional additional prefix to use when emitting statistics. This allows to distinguish
 emitted statistics between configured ``ext_authz`` filters in an HTTP filter chain. For example:
 .. code-block:: yaml
   http_filters:
     - name: envoy.filters.http.ext_authz
       typed_config:
         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
         stat_prefix: waf # This emits ext_authz.waf.ok, ext_authz.waf.denied, etc.
     - name: envoy.filters.http.ext_authz
       typed_config:
         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
         stat_prefix: blocker # This emits ext_authz.blocker.ok, ext_authz.blocker.denied, etc.
        string stat_prefix = 13;
        Specified by:
        getStatPrefix in interface ExtAuthzOrBuilder
        Returns:
        The statPrefix.

      • getStatPrefixBytes

        public com.google.protobuf.ByteString getStatPrefixBytes()
         Optional additional prefix to use when emitting statistics. This allows to distinguish
 emitted statistics between configured ``ext_authz`` filters in an HTTP filter chain. For example:
 .. code-block:: yaml
   http_filters:
     - name: envoy.filters.http.ext_authz
       typed_config:
         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
         stat_prefix: waf # This emits ext_authz.waf.ok, ext_authz.waf.denied, etc.
     - name: envoy.filters.http.ext_authz
       typed_config:
         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
         stat_prefix: blocker # This emits ext_authz.blocker.ok, ext_authz.blocker.denied, etc.
        string stat_prefix = 13;
        Specified by:
        getStatPrefixBytes in interface ExtAuthzOrBuilder
        Returns:
        The bytes for statPrefix.

      • getBootstrapMetadataLabelsKey

        public String getBootstrapMetadataLabelsKey()
         Optional labels that will be passed to :ref:`labels<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.labels>` in
 :ref:`destination<envoy_v3_api_field_service.auth.v3.AttributeContext.destination>`.
 The labels will be read from :ref:`metadata<envoy_v3_api_msg_config.core.v3.Node>` with the specified key.
        string bootstrap_metadata_labels_key = 15;
        Specified by:
        getBootstrapMetadataLabelsKey in interface ExtAuthzOrBuilder
        Returns:
        The bootstrapMetadataLabelsKey.

      • getBootstrapMetadataLabelsKeyBytes

        public com.google.protobuf.ByteString getBootstrapMetadataLabelsKeyBytes()
         Optional labels that will be passed to :ref:`labels<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.labels>` in
 :ref:`destination<envoy_v3_api_field_service.auth.v3.AttributeContext.destination>`.
 The labels will be read from :ref:`metadata<envoy_v3_api_msg_config.core.v3.Node>` with the specified key.
        string bootstrap_metadata_labels_key = 15;
        Specified by:
        getBootstrapMetadataLabelsKeyBytes in interface ExtAuthzOrBuilder
        Returns:
        The bytes for bootstrapMetadataLabelsKey.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static ExtAuthz parseFrom​(ByteBuffer data)
                          throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ExtAuthz parseFrom​(ByteBuffer data,
                                 com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                          throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ExtAuthz parseFrom​(com.google.protobuf.ByteString data)
                          throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ExtAuthz parseFrom​(com.google.protobuf.ByteString data,
                                 com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                          throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ExtAuthz parseFrom​(byte[] data)
                          throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ExtAuthz parseFrom​(byte[] data,
                                 com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                          throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ExtAuthz parseFrom​(com.google.protobuf.CodedInputStream input,
                                 com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                          throws IOException
        Throws:
        IOException

      • newBuilderForType

        public ExtAuthz.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public ExtAuthz.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected ExtAuthz.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstance

        public static ExtAuthz getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<ExtAuthz> parser()

      • getParserForType

        public com.google.protobuf.Parser<ExtAuthz> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public ExtAuthz getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder