data-plane-api/envoy/api/v2/auth/auth.proto

syntax = "proto3";

// [#proto-status: draft]

package envoy.api.v2.auth;
option go_package = "auth";

import "envoy/api/v2/auth/cert.proto";

message AuthAction {
  // Should we do white-list or black-list style access control.
  enum ActionType {
    // Request matches all rules are allowed, otherwise denied.
    ALLOW = 0;
    // Request matches all rules or missing required auth fields are denied,
    // otherwise allowed.
    DENY = 1;
  }

  ActionType action_type = 1;

  // Logic AND that requires all rules match.
  message AndRule {
    repeated Rule rules = 1;
  }

  // Logic OR that requires at least one rule matches.
  message OrRule {
    repeated Rule rules = 1;
  }

  // Check peer identity using X.509 certificate.
  message X509Rule {
    // How to validate peer certificates.
    CertificateValidationContext validation_context = 3;
  }

  // Element type of AndRule/OrRule, it chooses among different type of rule.
  message Rule {
    oneof rule_specifier {
      AndRule and_rule = 1;
      OrRule or_rule = 2;
      X509Rule x509_rule = 3;
    }
  }

  // List of rules
  repeated Rule rules = 2;
}
add auth_config to vhost/route (#199) Signed-off-by: James Fang <54740235@qq.com> 7 years ago			`syntax = "proto3";`

docs: some API_OVERVIEW.md cleanup. (#264) Signed-off-by: Harvey Tuch <htuch@google.com> 7 years ago			`// [#proto-status: draft]`

External auth filter2 (#296) Signed-off-by: Mandar U Jog <mjog@google.com> 7 years ago			`package envoy.api.v2.auth;`
Split base API package into sub-packages (#421) Signed-off-by: Kuat Yessenov <kuat@google.com> 7 years ago			`option go_package = "auth";`
add auth_config to vhost/route (#199) Signed-off-by: James Fang <54740235@qq.com> 7 years ago
Split base API package into sub-packages (#421) Signed-off-by: Kuat Yessenov <kuat@google.com> 7 years ago			`import "envoy/api/v2/auth/cert.proto";`
add auth_config to vhost/route (#199) Signed-off-by: James Fang <54740235@qq.com> 7 years ago
			`message AuthAction {`
			`// Should we do white-list or black-list style access control.`
			`enum ActionType {`
			`// Request matches all rules are allowed, otherwise denied.`
			`ALLOW = 0;`
			`// Request matches all rules or missing required auth fields are denied,`
			`// otherwise allowed.`
			`DENY = 1;`
			`}`

			`ActionType action_type = 1;`

			`// Logic AND that requires all rules match.`
			`message AndRule {`
			`repeated Rule rules = 1;`
			`}`

			`// Logic OR that requires at least one rule matches.`
			`message OrRule {`
			`repeated Rule rules = 1;`
			`}`

			`// Check peer identity using X.509 certificate.`
			`message X509Rule {`
			`// How to validate peer certificates.`
			`CertificateValidationContext validation_context = 3;`
			`}`

			`// Element type of AndRule/OrRule, it chooses among different type of rule.`
			`message Rule {`
			`oneof rule_specifier {`
			`AndRule and_rule = 1;`
			`OrRule or_rule = 2;`
			`X509Rule x509_rule = 3;`
			`}`
			`}`

			`// List of rules`
Pluralize repeated field 'rule' (#402) per issue #368 Signed-off-by: mandarjog <mandarjog@gmail.com> 7 years ago			`repeated Rule rules = 2;`
add auth_config to vhost/route (#199) Signed-off-by: James Fang <54740235@qq.com> 7 years ago			`}`