Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
[READ ONLY MIRROR] Envoy REST/proto API definitions and documentation. (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1556 Commits
2 Branches
0 Tags
17 MiB
Tag: Branch: Tree: 32081a2b36
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '32081a2b36'
${ noResults }
data-plane-api/envoy/service/auth/v4alpha/external_auth.proto

106 lines
4.1 KiB
Raw Normal View History Unescape

ext_authz: Add dynamic metadata field to CheckResponse (#12677) This adds a dynamic_metadata field to CheckResponse message, hence it can be used for any type of HTTP response (OkHttpResponse or DeniedHttpResponse). Risk Level: Low Testing: Updated Docs Changes: Updated Release Notes: Added Fixes #12671 Signed-off-by: Dhi Aurrahman <dio@tetrate.io> Mirrored from https://github.com/envoyproxy/envoy @ cbdd01c22b84ac5333f95f030821dfcf6db49734
4 years ago
syntax = "proto3";
package envoy.service.auth.v4alpha;
import "envoy/config/core/v4alpha/base.proto";
import "envoy/service/auth/v4alpha/attribute_context.proto";
import "envoy/type/v3/http_status.proto";
import "google/protobuf/struct.proto";
import "google/rpc/status.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.service.auth.v4alpha";
option java_outer_classname = "ExternalAuthProto";
option java_multiple_files = true;
option java_generic_services = true;
option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
// [#protodoc-title: Authorization Service ]
// The authorization service request messages used by external authorization :ref:`network filter
// <config_network_filters_ext_authz>` and :ref:`HTTP filter <config_http_filters_ext_authz>`.
// A generic interface for performing authorization check on incoming
// requests to a networked service.
service Authorization {
// Performs authorization check based on the attributes associated with the
// incoming request, and returns status `OK` or not `OK`.
rpc Check(CheckRequest) returns (CheckResponse) {
}
}
message CheckRequest {
option (udpa.annotations.versioning).previous_message_type = "envoy.service.auth.v3.CheckRequest";
// The request attributes.
AttributeContext attributes = 1;
}
// HTTP attributes for a denied response.
message DeniedHttpResponse {
option (udpa.annotations.versioning).previous_message_type =
"envoy.service.auth.v3.DeniedHttpResponse";
// This field allows the authorization service to send a HTTP response status
// code to the downstream client other than 403 (Forbidden).
type.v3.HttpStatus status = 1 [(validate.rules).message = {required: true}];
// This field allows the authorization service to send HTTP response headers
// to the downstream client.
repeated config.core.v4alpha.HeaderValueOption headers = 2;
// This field allows the authorization service to send a response body data
// to the downstream client.
string body = 3;
}
// HTTP attributes for an OK response.
message OkHttpResponse {
option (udpa.annotations.versioning).previous_message_type =
"envoy.service.auth.v3.OkHttpResponse";
reserved 3;
reserved "dynamic_metadata";
// HTTP entity headers in addition to the original request headers. This allows the authorization
// service to append, to add or to override headers from the original request before
// dispatching it to the upstream. By setting `append` field to `true` in the `HeaderValueOption`,
// the filter will append the correspondent header value to the matched request header. Note that
// by Leaving `append` as false, the filter will either add a new header, or override an existing
// one if there is a match.
repeated config.core.v4alpha.HeaderValueOption headers = 2;
}
// Intended for gRPC and Network Authorization servers `only`.
message CheckResponse {
option (udpa.annotations.versioning).previous_message_type =
"envoy.service.auth.v3.CheckResponse";
// Status `OK` allows the request. Any other status indicates the request should be denied.
google.rpc.Status status = 1;
// An message that contains HTTP response attributes. This message is
// used when the authorization service needs to send custom responses to the
// downstream client or, to modify/add request headers being dispatched to the upstream.
oneof http_response {
// Supplies http attributes for a denied response.
DeniedHttpResponse denied_response = 2;
// Supplies http attributes for an ok response.
OkHttpResponse ok_response = 3;
}
// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
// filter. This metadata lives in a namespace specified by the canonical name of extension filter
// that requires it:
//
// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
google.protobuf.Struct dynamic_metadata = 4;
}