Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
[READ ONLY MIRROR] Envoy REST/proto API definitions and documentation. (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1200 Commits
2 Branches
0 Tags
17 MiB
Tag: Branch: Tree: 9a0a03eab2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a0a03eab2'
${ noResults }
data-plane-api/envoy/service/auth/v2/external_auth.proto

79 lines
2.9 KiB
Raw Normal View History Unescape

External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
syntax = "proto3";
ext_authz: v2Alpha migration and documentation improvements (#5672) Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ a15dbc921a8e8082277904315f981ffd160f936a
6 years ago
package envoy.service.auth.v2;
api: add java proto options to avoid risk of future breakage (#5764) As discussed with @snowp in [envoyproxy/java-control-plane#87 (comment)](https://github.com/envoyproxy/java-control-plane/issues/87#issuecomment-456537248) and [envoyproxy/java-control-plane#87 (comment)](https://github.com/envoyproxy/java-control-plane/issues/87#issuecomment-457649859), adding these options will avoid the risk of having API breaking changes on the generated java code as the proto files evolve. Risk Level_: Medium Note that e.g. [envoyproxy/java-control-plane](https://github.com/envoyproxy/java-control-plane) will have to do a refactoring when they sync the proto files next time. Signed-off-by: Penn (Dapeng) Zhang <zdapeng@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 4a5f85809cef13be47873483789a5a7bb64ded7c
6 years ago
protoxform: format options generically (#9251) Instead of formatting options heuristically, which will erase new annotations without changing protoxform, use proto descriptor to format options, and enforce its order as well. Risk Level: Low Testing: CI Docs Changes: N/A Release Notes: N/A Signed-off-by: Lizan Zhou <lizan@tetrate.io> Mirrored from https://github.com/envoyproxy/envoy @ dfe687d49574ef7eb1bf84867bf571e805a2bf97
5 years ago
option java_package = "io.envoyproxy.envoy.service.auth.v2";
api: add java proto options to avoid risk of future breakage (#5764) As discussed with @snowp in [envoyproxy/java-control-plane#87 (comment)](https://github.com/envoyproxy/java-control-plane/issues/87#issuecomment-456537248) and [envoyproxy/java-control-plane#87 (comment)](https://github.com/envoyproxy/java-control-plane/issues/87#issuecomment-457649859), adding these options will avoid the risk of having API breaking changes on the generated java code as the proto files evolve. Risk Level_: Medium Note that e.g. [envoyproxy/java-control-plane](https://github.com/envoyproxy/java-control-plane) will have to do a refactoring when they sync the proto files next time. Signed-off-by: Penn (Dapeng) Zhang <zdapeng@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 4a5f85809cef13be47873483789a5a7bb64ded7c
6 years ago
option java_outer_classname = "ExternalAuthProto";
option java_multiple_files = true;
Add java_generic_services option to service proto files (#516) This enables generating generic service stubs for all the data-plane-api proto services when generating Java classes with protoc. This is generally not needed when implementing a gRPC server but in our case we're implementing it behind our legacy protobuf RPC framework which rely on these stubs. As far as I know the only negative with enabling these is generating some potentially unnecessary Java classes. Signed-off-by: Snow Pettersen <snowp@squareup.com>
7 years ago
option java_generic_services = true;
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
import "envoy/api/v2/core/base.proto";
ext_authz: v2Alpha migration and documentation improvements (#5672) Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ a15dbc921a8e8082277904315f981ffd160f936a
6 years ago
import "envoy/service/auth/v2/attribute_context.proto";
api: protoxform tool and API reformat. (#8309) This patch introduces a new tool, protoxform, that will be the basis of the v2 -> v3 migration tooling. It operates as a Python protoc plugin, within the same framework as protodoc, and provides the ability to operate on protoc AST input and generate proto output. As a first step, the tool is applied reflexively on v2, and functions as a formatting tool. In later patches, this will be added to check_format/fix_format scripts and CI. Part of #8082. Risk level: medium (it's possible that some inadvertent wire changes occur, if they do, this patch should be rolled back). Testing: manual inspection of diff, bazel test //test/..., some grep/diff scripts to ensure we haven't lost any comments. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
import "envoy/type/http_status.proto";
Split base API package into sub-packages (#421) Signed-off-by: Kuat Yessenov <kuat@google.com>
7 years ago
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
import "google/rpc/status.proto";
api: protoxform tool and API reformat. (#8309) This patch introduces a new tool, protoxform, that will be the basis of the v2 -> v3 migration tooling. It operates as a Python protoc plugin, within the same framework as protodoc, and provides the ability to operate on protoc AST input and generate proto output. As a first step, the tool is applied reflexively on v2, and functions as a formatting tool. In later patches, this will be added to check_format/fix_format scripts and CI. Part of #8082. Risk level: medium (it's possible that some inadvertent wire changes occur, if they do, this patch should be rolled back). Testing: manual inspection of diff, bazel test //test/..., some grep/diff scripts to ensure we haven't lost any comments. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
authz_filter: configuration to support Ambassador authorization flow (#563) This PR includes the necessary modifications in support of envoyproxy/envoy#2828. Added additional configuration to ext_authz.proto so that the filter is able to call an HTTP/1.1 authorization service. In external_auth.proto, added a nested message to CheckResponse that allows the authorization service to pass additional HTTP response attributes back to the authz filter. Signed-off-by: Gabriel <gsagula@gmail.com>
7 years ago
import "validate/validate.proto";
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
Add documentation for external authorization filter. (#3379) Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io> Mirrored from https://github.com/envoyproxy/envoy @ a2abe7a4fae83cc2ad45700e59f4be52cbd3baac
7 years ago
// [#protodoc-title: Authorization Service ]
// The authorization service request messages used by external authorization :ref:`network filter
// <config_network_filters_ext_authz>` and :ref:`HTTP filter <config_http_filters_ext_authz>`.
Improve documentation to the AttributeContext (#366) Signed-off-by: Hong Zhang <wora2000@gmail.com>
7 years ago
// A generic interface for performing authorization check on incoming
// requests to a networked service.
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
service Authorization {
Improve documentation to the AttributeContext (#366) Signed-off-by: Hong Zhang <wora2000@gmail.com>
7 years ago
// Performs authorization check based on the attributes associated with the
// incoming request, and returns status `OK` or not `OK`.
api: protoxform tool and API reformat. (#8309) This patch introduces a new tool, protoxform, that will be the basis of the v2 -> v3 migration tooling. It operates as a Python protoc plugin, within the same framework as protodoc, and provides the ability to operate on protoc AST input and generate proto output. As a first step, the tool is applied reflexively on v2, and functions as a formatting tool. In later patches, this will be added to check_format/fix_format scripts and CI. Part of #8082. Risk level: medium (it's possible that some inadvertent wire changes occur, if they do, this patch should be rolled back). Testing: manual inspection of diff, bazel test //test/..., some grep/diff scripts to ensure we haven't lost any comments. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
rpc Check(CheckRequest) returns (CheckResponse) {
}
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
}
message CheckRequest {
// The request attributes.
AttributeContext attributes = 1;
}
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
// HTTP attributes for a denied response.
message DeniedHttpResponse {
// This field allows the authorization service to send a HTTP response status
// code to the downstream client other than 403 (Forbidden).
api: protoxform tool and API reformat. (#8309) This patch introduces a new tool, protoxform, that will be the basis of the v2 -> v3 migration tooling. It operates as a Python protoc plugin, within the same framework as protodoc, and provides the ability to operate on protoc AST input and generate proto output. As a first step, the tool is applied reflexively on v2, and functions as a formatting tool. In later patches, this will be added to check_format/fix_format scripts and CI. Part of #8082. Risk level: medium (it's possible that some inadvertent wire changes occur, if they do, this patch should be rolled back). Testing: manual inspection of diff, bazel test //test/..., some grep/diff scripts to ensure we haven't lost any comments. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
type.HttpStatus status = 1 [(validate.rules).message = {required: true}];
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
// This field allows the authorization service to send HTTP response headers
docs: Remove the redundant words 'the the' (#6046) Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com> Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com> Mirrored from https://github.com/envoyproxy/envoy @ 15f1c56397ff404fc98fb3381725bbe48c205234
6 years ago
// to the downstream client.
api: protoxform tool and API reformat. (#8309) This patch introduces a new tool, protoxform, that will be the basis of the v2 -> v3 migration tooling. It operates as a Python protoc plugin, within the same framework as protodoc, and provides the ability to operate on protoc AST input and generate proto output. As a first step, the tool is applied reflexively on v2, and functions as a formatting tool. In later patches, this will be added to check_format/fix_format scripts and CI. Part of #8082. Risk level: medium (it's possible that some inadvertent wire changes occur, if they do, this patch should be rolled back). Testing: manual inspection of diff, bazel test //test/..., some grep/diff scripts to ensure we haven't lost any comments. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
repeated api.v2.core.HeaderValueOption headers = 2;
format: run clang-format on protos again (#3811) I think this broke in a recent refactor. Signed-off-by: Matt Klein <mklein@lyft.com> Mirrored from https://github.com/envoyproxy/envoy @ 866597fcb8cc3cdd53a767d66755506036261f3c
6 years ago
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
// This field allows the authorization service to send a response body data
docs: Remove the redundant words 'the the' (#6046) Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com> Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com> Mirrored from https://github.com/envoyproxy/envoy @ 15f1c56397ff404fc98fb3381725bbe48c205234
6 years ago
// to the downstream client.
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
string body = 3;
}
// HTTP attributes for an ok response.
message OkHttpResponse {
format: run clang-format on protos again (#3811) I think this broke in a recent refactor. Signed-off-by: Matt Klein <mklein@lyft.com> Mirrored from https://github.com/envoyproxy/envoy @ 866597fcb8cc3cdd53a767d66755506036261f3c
6 years ago
// HTTP entity headers in addition to the original request headers. This allows the authorization
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
// service to append, to add or to override headers from the original request before
// dispatching it to the upstream. By setting `append` field to `true` in the `HeaderValueOption`,
format: run clang-format on protos again (#3811) I think this broke in a recent refactor. Signed-off-by: Matt Klein <mklein@lyft.com> Mirrored from https://github.com/envoyproxy/envoy @ 866597fcb8cc3cdd53a767d66755506036261f3c
6 years ago
// the filter will append the correspondent header value to the matched request header. Note that
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
// by Leaving `append` as false, the filter will either add a new header, or override an existing
// one if there is a match.
api: protoxform tool and API reformat. (#8309) This patch introduces a new tool, protoxform, that will be the basis of the v2 -> v3 migration tooling. It operates as a Python protoc plugin, within the same framework as protodoc, and provides the ability to operate on protoc AST input and generate proto output. As a first step, the tool is applied reflexively on v2, and functions as a formatting tool. In later patches, this will be added to check_format/fix_format scripts and CI. Part of #8082. Risk level: medium (it's possible that some inadvertent wire changes occur, if they do, this patch should be rolled back). Testing: manual inspection of diff, bazel test //test/..., some grep/diff scripts to ensure we haven't lost any comments. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 08b123a8321d359ea66cbbc0e2926545798dabd3
5 years ago
repeated api.v2.core.HeaderValueOption headers = 2;
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
}
// Intended for gRPC and Network Authorization servers `only`.
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
message CheckResponse {
docs: Revert api/envoy/service/auth/v2 CheckResponse.status change (#6821) Description: PR #6211 updated the documentation of CheckResponse.status to reflect Envoy's actual behavior at the time. Later, PR #6505 changed that behavior to be in-line with the pre-6211 docs. So, revert that part of PR #6211. Risk Level: Low Testing: None Docs Changes: Inline in API protos Release Notes: none Signed-off-by: Luke Shumaker <lukeshu@datawire.io> Mirrored from https://github.com/envoyproxy/envoy @ 5fef1519f4ce3fa2dd1389bfa390e7294182b1e7
6 years ago
// Status `OK` allows the request. Any other status indicates the request should be denied.
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
google.rpc.Status status = 1;
authz_filter: configuration to support Ambassador authorization flow (#563) This PR includes the necessary modifications in support of envoyproxy/envoy#2828. Added additional configuration to ext_authz.proto so that the filter is able to call an HTTP/1.1 authorization service. In external_auth.proto, added a nested message to CheckResponse that allows the authorization service to pass additional HTTP response attributes back to the authz filter. Signed-off-by: Gabriel <gsagula@gmail.com>
7 years ago
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
// An message that contains HTTP response attributes. This message is
authz_filter: configuration to support Ambassador authorization flow (#563) This PR includes the necessary modifications in support of envoyproxy/envoy#2828. Added additional configuration to ext_authz.proto so that the filter is able to call an HTTP/1.1 authorization service. In external_auth.proto, added a nested message to CheckResponse that allows the authorization service to pass additional HTTP response attributes back to the authz filter. Signed-off-by: Gabriel <gsagula@gmail.com>
7 years ago
// used when the authorization service needs to send custom responses to the
// downstream client or, to modify/add request headers being dispatched to the upstream.
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
oneof http_response {
// Supplies http attributes for a denied response.
DeniedHttpResponse denied_response = 2;
format: run clang-format on protos again (#3811) I think this broke in a recent refactor. Signed-off-by: Matt Klein <mklein@lyft.com> Mirrored from https://github.com/envoyproxy/envoy @ 866597fcb8cc3cdd53a767d66755506036261f3c
6 years ago
authz_filter: extended ext_authz to support v2alpha api (#3162) This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests. *issue: #2828 Risk Level: Medium Testing: Manual, unit testing. Docs Changes: envoyproxy/data-plane-api#563 Signed-off-by: Gabriel <gsagula@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
7 years ago
// Supplies http attributes for an ok response.
OkHttpResponse ok_response = 3;
authz_filter: configuration to support Ambassador authorization flow (#563) This PR includes the necessary modifications in support of envoyproxy/envoy#2828. Added additional configuration to ext_authz.proto so that the filter is able to call an HTTP/1.1 authorization service. In external_auth.proto, added a nested message to CheckResponse that allows the authorization service to pass additional HTTP response attributes back to the authz filter. Signed-off-by: Gabriel <gsagula@gmail.com>
7 years ago
}
External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com>
7 years ago
}