...

Text file src/github.com/emissary-ingress/emissary/v3/api/envoy/service/auth/v2/external_auth.proto

Documentation: github.com/emissary-ingress/emissary/v3/api/envoy/service/auth/v2

     1syntax = "proto3";
     2
     3package envoy.service.auth.v2;
     4
     5import "envoy/api/v2/core/base.proto";
     6import "envoy/service/auth/v2/attribute_context.proto";
     7import "envoy/type/http_status.proto";
     8
     9import "google/rpc/status.proto";
    10
    11import "udpa/annotations/status.proto";
    12import "validate/validate.proto";
    13
    14option java_package = "io.envoyproxy.envoy.service.auth.v2";
    15option java_outer_classname = "ExternalAuthProto";
    16option java_multiple_files = true;
    17option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2;authv2";
    18option java_generic_services = true;
    19option (udpa.annotations.file_status).package_version_status = FROZEN;
    20
    21// [#protodoc-title: Authorization Service ]
    22
    23// The authorization service request messages used by external authorization :ref:`network filter
    24// <config_network_filters_ext_authz>` and :ref:`HTTP filter <config_http_filters_ext_authz>`.
    25
    26// A generic interface for performing authorization check on incoming
    27// requests to a networked service.
    28service Authorization {
    29  // Performs authorization check based on the attributes associated with the
    30  // incoming request, and returns status `OK` or not `OK`.
    31  rpc Check(CheckRequest) returns (CheckResponse) {
    32  }
    33}
    34
    35message CheckRequest {
    36  // The request attributes.
    37  AttributeContext attributes = 1;
    38}
    39
    40// HTTP attributes for a denied response.
    41message DeniedHttpResponse {
    42  // This field allows the authorization service to send a HTTP response status
    43  // code to the downstream client other than 403 (Forbidden).
    44  type.HttpStatus status = 1 [(validate.rules).message = {required: true}];
    45
    46  // This field allows the authorization service to send HTTP response headers
    47  // to the downstream client. Note that the `append` field in `HeaderValueOption` defaults to
    48  // false when used in this message.
    49  repeated api.v2.core.HeaderValueOption headers = 2;
    50
    51  // This field allows the authorization service to send a response body data
    52  // to the downstream client.
    53  string body = 3;
    54}
    55
    56// HTTP attributes for an ok response.
    57message OkHttpResponse {
    58  // HTTP entity headers in addition to the original request headers. This allows the authorization
    59  // service to append, to add or to override headers from the original request before
    60  // dispatching it to the upstream. Note that the `append` field in `HeaderValueOption` defaults to
    61  // false when used in this message. By setting the `append` field to `true`,
    62  // the filter will append the correspondent header value to the matched request header.
    63  // By leaving `append` as false, the filter will either add a new header, or override an existing
    64  // one if there is a match.
    65  repeated api.v2.core.HeaderValueOption headers = 2;
    66}
    67
    68// Intended for gRPC and Network Authorization servers `only`.
    69message CheckResponse {
    70  // Status `OK` allows the request. Any other status indicates the request should be denied.
    71  google.rpc.Status status = 1;
    72
    73  // An message that contains HTTP response attributes. This message is
    74  // used when the authorization service needs to send custom responses to the
    75  // downstream client or, to modify/add request headers being dispatched to the upstream.
    76  oneof http_response {
    77    // Supplies http attributes for a denied response.
    78    DeniedHttpResponse denied_response = 2;
    79
    80    // Supplies http attributes for an ok response.
    81    OkHttpResponse ok_response = 3;
    82  }
    83}

View as plain text