diff --git a/Gopkg.lock b/Gopkg.lock index 244b86ce5e3..e5391d61a82 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -1358,7 +1358,7 @@ version = "0.1.0" [[projects]] - digest = "1:ceb8c371a564c9e0eff7551ccc513a1357b446c4121b2d98f721d17a2287ddcc" + digest = "1:c9d1d80ec1de75ea64ac931d4964372d3f3899c62b6bfc2bab401d6d930c9d9f" name = "github.com/solo-io/go-utils" packages = [ "changelogutils", @@ -1392,12 +1392,14 @@ "testutils/helper", "testutils/kube", "versionutils", + "versionutils/dep", + "versionutils/git", "versionutils/kubeapi", "vfsutils", ] pruneopts = "UT" - revision = "8197f6d61c3c2ccf4ce2786b3da566f8d5bf2613" - version = "v0.10.4" + revision = "5dc802895644ff6f736b11a64e54a06f3ba1dd5e" + version = "v0.10.8" [[projects]] digest = "1:6bf9bdcdfd28c7a913d5bcbef6717e53fc6f650560f0b4ffe663816b3e2245ec" @@ -2767,6 +2769,8 @@ "github.com/solo-io/go-utils/testutils/exec", "github.com/solo-io/go-utils/testutils/helper", "github.com/solo-io/go-utils/versionutils", + "github.com/solo-io/go-utils/versionutils/dep", + "github.com/solo-io/go-utils/versionutils/git", "github.com/solo-io/solo-kit/api/external/kubernetes/namespace", "github.com/solo-io/solo-kit/pkg/api/external/kubernetes/namespace", "github.com/solo-io/solo-kit/pkg/api/external/kubernetes/service", @@ -2778,7 +2782,6 @@ "github.com/solo-io/solo-kit/pkg/api/v1/clients/kube/cache", "github.com/solo-io/solo-kit/pkg/api/v1/clients/kube/controller", "github.com/solo-io/solo-kit/pkg/api/v1/clients/kube/crd", - "github.com/solo-io/solo-kit/pkg/api/v1/clients/kube/crd/solo.io/v1", "github.com/solo-io/solo-kit/pkg/api/v1/clients/kubesecret", "github.com/solo-io/solo-kit/pkg/api/v1/clients/memory", "github.com/solo-io/solo-kit/pkg/api/v1/clients/vault", diff --git a/Gopkg.toml b/Gopkg.toml index bc9a2aa7562..5e996145239 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -32,7 +32,7 @@ [[override]] name = "github.com/solo-io/go-utils" - version = "0.10.4" + version = "0.10.8" [[constraint]] name = "github.com/hashicorp/consul" diff --git a/changelog/v0.18.45/fix-helm-test.yaml b/changelog/v0.19.0/fix-helm-test.yaml similarity index 100% rename from changelog/v0.18.45/fix-helm-test.yaml rename to changelog/v0.19.0/fix-helm-test.yaml diff --git a/changelog/v0.18.45/glooctl-check-during-regression-tests.yaml b/changelog/v0.19.0/glooctl-check-during-regression-tests.yaml similarity index 100% rename from changelog/v0.18.45/glooctl-check-during-regression-tests.yaml rename to changelog/v0.19.0/glooctl-check-during-regression-tests.yaml diff --git a/changelog/v0.18.45/grpc_on_settings_change.yaml b/changelog/v0.19.0/grpc_on_settings_change.yaml similarity index 100% rename from changelog/v0.18.45/grpc_on_settings_change.yaml rename to changelog/v0.19.0/grpc_on_settings_change.yaml diff --git a/changelog/v0.18.45/healthcheck.yaml b/changelog/v0.19.0/healthcheck.yaml similarity index 100% rename from changelog/v0.18.45/healthcheck.yaml rename to changelog/v0.19.0/healthcheck.yaml diff --git a/changelog/v0.18.45/internal-validation-gateway.yaml b/changelog/v0.19.0/internal-validation-gateway.yaml similarity index 100% rename from changelog/v0.18.45/internal-validation-gateway.yaml rename to changelog/v0.19.0/internal-validation-gateway.yaml diff --git a/changelog/v0.18.45/minikube-cluster-name.yaml b/changelog/v0.19.0/minikube-cluster-name.yaml similarity index 100% rename from changelog/v0.18.45/minikube-cluster-name.yaml rename to changelog/v0.19.0/minikube-cluster-name.yaml diff --git a/changelog/v0.19.0/route-level-auth.yaml b/changelog/v0.19.0/route-level-auth.yaml new file mode 100644 index 00000000000..f4abd0a4492 --- /dev/null +++ b/changelog/v0.19.0/route-level-auth.yaml @@ -0,0 +1,17 @@ +changelog: +- type: BREAKING_CHANGE + description: > + Update the external auth APIs to support configuring authentication/authorization on **routes and weighted + destinations**, in addition to virtual hosts. The auth configuration that currently is defined directly on the + virtual service/proxy resources (under virtualHostPlugins) will become a top-level solo-kit resource (in the + context of Kubernetes this means **a new CRD**). Resources that need to use a particular auth configuration can + now just reference the correspondent new `AuthConfig` resource. The advantages of this change are twofold: besides + reducing the duplication of configuration, it guarantees the stability of secured upstreams between auth + configuration updates. + issueLink: https://github.com/solo-io/gloo/issues/1201 + resolvesIssue: false +- type: DEPENDENCY_BUMP + dependencyOwner: solo-io + dependencyRepo: go-utils + dependencyTag: v0.10.8 + description: Update go-utils to version 0.10.8. \ No newline at end of file diff --git a/changelog/v0.18.45/util-for-filter.yaml b/changelog/v0.19.0/util-for-filter.yaml similarity index 100% rename from changelog/v0.18.45/util-for-filter.yaml rename to changelog/v0.19.0/util-for-filter.yaml diff --git a/changelog/v0.18.45/wait_eds.yaml b/changelog/v0.19.0/wait_eds.yaml similarity index 100% rename from changelog/v0.18.45/wait_eds.yaml rename to changelog/v0.19.0/wait_eds.yaml diff --git a/docs/api/envoy.glooe.solo.io.project.sk.md b/docs/api/envoy.glooe.solo.io.project.sk.md index 0b454e827e6..3d628ea6dd7 100644 --- a/docs/api/envoy.glooe.solo.io.project.sk.md +++ b/docs/api/envoy.glooe.solo.io.project.sk.md @@ -16,6 +16,7 @@ API Version: `envoy.glooe.solo.io.v1` ### API Resources: - [Artifact](../github.com/solo-io/gloo/projects/gloo/api/v1/artifact.proto.sk#artifact) +- [AuthConfig](../github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk#authconfig) - [Endpoint](../github.com/solo-io/gloo/projects/gloo/api/v1/endpoint.proto.sk#endpoint) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto.sk#gateway) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v2/gateway.proto.sk#gateway) diff --git a/docs/api/gateway.solo.io.project.sk.md b/docs/api/gateway.solo.io.project.sk.md index 5a6dc1dffe7..c602696be29 100644 --- a/docs/api/gateway.solo.io.project.sk.md +++ b/docs/api/gateway.solo.io.project.sk.md @@ -16,6 +16,7 @@ API Version: `gateway.solo.io.v1` ### API Resources: - [Artifact](../github.com/solo-io/gloo/projects/gloo/api/v1/artifact.proto.sk#artifact) +- [AuthConfig](../github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk#authconfig) - [Endpoint](../github.com/solo-io/gloo/projects/gloo/api/v1/endpoint.proto.sk#endpoint) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto.sk#gateway) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v2/gateway.proto.sk#gateway) diff --git a/docs/api/gateway.solo.io.v_2.project.sk.md b/docs/api/gateway.solo.io.v_2.project.sk.md index 71b1563d358..01737600f2b 100644 --- a/docs/api/gateway.solo.io.v_2.project.sk.md +++ b/docs/api/gateway.solo.io.v_2.project.sk.md @@ -16,6 +16,7 @@ API Version: `gateway.solo.io.v2.v2` ### API Resources: - [Artifact](../github.com/solo-io/gloo/projects/gloo/api/v1/artifact.proto.sk#artifact) +- [AuthConfig](../github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk#authconfig) - [Endpoint](../github.com/solo-io/gloo/projects/gloo/api/v1/endpoint.proto.sk#endpoint) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto.sk#gateway) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v2/gateway.proto.sk#gateway) diff --git a/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto.sk.md b/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk.md similarity index 55% rename from docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto.sk.md rename to docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk.md index 2c869c9bba4..26711fc7cc1 100644 --- a/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto.sk.md +++ b/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk.md @@ -7,10 +7,16 @@ weight: 5 -### Package: `extauth.plugins.gloo.solo.io` +### Package: `enterprise.gloo.solo.io` #### Types: +- [AuthConfig](#authconfig) **Top-Level Resource** +- [Config](#config) +- [ExtAuthExtension](#extauthextension) +- [VhostExtension](#vhostextension) +- [AuthConfig](#authconfig) **Top-Level Resource** +- [RouteExtension](#routeextension) - [Settings](#settings) - [HttpService](#httpservice) - [Request](#request) @@ -29,20 +35,165 @@ weight: 5 - [OpaAuth](#opaauth) - [Ldap](#ldap) - [ConnectionPool](#connectionpool) -- [AuthConfig](#authconfig) -- [VhostExtension](#vhostextension) -- [RouteExtension](#routeextension) - [ExtAuthConfig](#extauthconfig) - [OAuthConfig](#oauthconfig) - [ApiKeyAuthConfig](#apikeyauthconfig) - [OpaAuthConfig](#opaauthconfig) -- [AuthConfig](#authconfig) +- [Config](#config) -##### Source File: [github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto](https://github.com/solo-io/gloo/blob/master/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto) +##### Source File: [github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto](https://github.com/solo-io/gloo/blob/master/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto) + + + + + +--- +### AuthConfig + + +This is the user-facing auth configuration. When processed by Gloo, certain configuration types (i.a. oauth, opa) +will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the final config +format that will be included in the extauth snapshot. + +```yaml +"status": .core.solo.io.Status +"metadata": .core.solo.io.Metadata +"configs": []enterprise.gloo.solo.io.AuthConfig.Config + +``` + +| Field | Type | Description | Default | +| ----- | ---- | ----------- |----------- | +| `status` | [.core.solo.io.Status](../../../../../../../../../../solo-kit/api/v1/status.proto.sk#status) | Status indicates the validation status of this resource. Status is read-only by clients, and set by gloo during validation. | | +| `metadata` | [.core.solo.io.Metadata](../../../../../../../../../../solo-kit/api/v1/metadata.proto.sk#metadata) | Metadata contains the object metadata for this resource. | | +| `configs` | [[]enterprise.gloo.solo.io.AuthConfig.Config](../extauth.proto.sk#config) | | | + + + + +--- +### Config + + + +```yaml +"basicAuth": .enterprise.gloo.solo.io.BasicAuth +"oauth": .enterprise.gloo.solo.io.OAuth +"customAuth": .enterprise.gloo.solo.io.CustomAuth +"apiKeyAuth": .enterprise.gloo.solo.io.ApiKeyAuth +"pluginAuth": .enterprise.gloo.solo.io.AuthPlugin +"opaAuth": .enterprise.gloo.solo.io.OpaAuth +"ldap": .enterprise.gloo.solo.io.Ldap + +``` + +| Field | Type | Description | Default | +| ----- | ---- | ----------- |----------- | +| `basicAuth` | [.enterprise.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Only one of `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `oauth` | [.enterprise.gloo.solo.io.OAuth](../extauth.proto.sk#oauth) | Only one of `oauth`, `basicAuth`, `customAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `customAuth` | [.enterprise.gloo.solo.io.CustomAuth](../extauth.proto.sk#customauth) | Only one of `customAuth`, `basicAuth`, `oauth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `apiKeyAuth` | [.enterprise.gloo.solo.io.ApiKeyAuth](../extauth.proto.sk#apikeyauth) | Only one of `apiKeyAuth`, `basicAuth`, `oauth`, `customAuth`, `pluginAuth`, or `ldap` can be set. | | +| `pluginAuth` | [.enterprise.gloo.solo.io.AuthPlugin](../extauth.proto.sk#authplugin) | Only one of `pluginAuth`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `ldap` can be set. | | +| `opaAuth` | [.enterprise.gloo.solo.io.OpaAuth](../extauth.proto.sk#opaauth) | Only one of `opaAuth`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `ldap` can be set. | | +| `ldap` | [.enterprise.gloo.solo.io.Ldap](../extauth.proto.sk#ldap) | Only one of `ldap`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `opaAuth` can be set. | | + + + + +--- +### ExtAuthExtension + + +Auth configurations defined on virtual hosts and routes will be unmarshalled to this message. + +```yaml +"disable": bool +"configRef": .core.solo.io.ResourceRef + +``` + +| Field | Type | Description | Default | +| ----- | ---- | ----------- |----------- | +| `disable` | `bool` | Set to true to disable auth on the virtual host/route. Only one of `disable` or `configRef` can be set. | | +| `configRef` | [.core.solo.io.ResourceRef](../../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | A reference to an AuthConfig. Only one of `configRef` or `disable` can be set. | | + + + + +--- +### VhostExtension + + +Deprecated: use ExtAuthExtension + +```yaml +"basicAuth": .enterprise.gloo.solo.io.BasicAuth +"oauth": .enterprise.gloo.solo.io.OAuth +"customAuth": .enterprise.gloo.solo.io.CustomAuth +"apiKeyAuth": .enterprise.gloo.solo.io.ApiKeyAuth +"pluginAuth": .enterprise.gloo.solo.io.PluginAuth +"configs": []enterprise.gloo.solo.io.VhostExtension.AuthConfig +``` + +| Field | Type | Description | Default | +| ----- | ---- | ----------- |----------- | +| `basicAuth` | [.enterprise.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Deprecated: use `configs` field instead. Only one of `basicAuth`, `oauth`, `customAuth`, or `pluginAuth` can be set. | | +| `oauth` | [.enterprise.gloo.solo.io.OAuth](../extauth.proto.sk#oauth) | Deprecated: use `configs` field instead. Only one of `oauth`, `basicAuth`, `customAuth`, or `pluginAuth` can be set. | | +| `customAuth` | [.enterprise.gloo.solo.io.CustomAuth](../extauth.proto.sk#customauth) | Deprecated: use `configs` field instead. Only one of `customAuth`, `basicAuth`, `oauth`, or `pluginAuth` can be set. | | +| `apiKeyAuth` | [.enterprise.gloo.solo.io.ApiKeyAuth](../extauth.proto.sk#apikeyauth) | Deprecated: use `configs` field instead. Only one of `apiKeyAuth`, `basicAuth`, `oauth`, or `pluginAuth` can be set. | | +| `pluginAuth` | [.enterprise.gloo.solo.io.PluginAuth](../extauth.proto.sk#pluginauth) | Deprecated: use `configs` field instead. Only one of `pluginAuth`, `basicAuth`, `oauth`, or `apiKeyAuth` can be set. | | +| `configs` | [[]enterprise.gloo.solo.io.VhostExtension.AuthConfig](../extauth.proto.sk#authconfig) | A chain of AuthN\AuthZ configurations which will be executed in the order they are specified. The first plugin to deny a request will cause a 403 response to be returned; any subsequent plugin in the chain will not be executed. The headers on the OkHttpResponse returned from a plugin in the chain will be added to the request that will be sent to the next one(s) according to the rules described here: https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto#service-auth-v2-okhttpresponse. | | + + + + +--- +### AuthConfig + + + +```yaml +"basicAuth": .enterprise.gloo.solo.io.BasicAuth +"oauth": .enterprise.gloo.solo.io.OAuth +"customAuth": .enterprise.gloo.solo.io.CustomAuth +"apiKeyAuth": .enterprise.gloo.solo.io.ApiKeyAuth +"pluginAuth": .enterprise.gloo.solo.io.AuthPlugin +"opaAuth": .enterprise.gloo.solo.io.OpaAuth +"ldap": .enterprise.gloo.solo.io.Ldap + +``` + +| Field | Type | Description | Default | +| ----- | ---- | ----------- |----------- | +| `basicAuth` | [.enterprise.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Only one of `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `oauth` | [.enterprise.gloo.solo.io.OAuth](../extauth.proto.sk#oauth) | Only one of `oauth`, `basicAuth`, `customAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `customAuth` | [.enterprise.gloo.solo.io.CustomAuth](../extauth.proto.sk#customauth) | Only one of `customAuth`, `basicAuth`, `oauth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `apiKeyAuth` | [.enterprise.gloo.solo.io.ApiKeyAuth](../extauth.proto.sk#apikeyauth) | Only one of `apiKeyAuth`, `basicAuth`, `oauth`, `customAuth`, `pluginAuth`, or `ldap` can be set. | | +| `pluginAuth` | [.enterprise.gloo.solo.io.AuthPlugin](../extauth.proto.sk#authplugin) | Only one of `pluginAuth`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `ldap` can be set. | | +| `opaAuth` | [.enterprise.gloo.solo.io.OpaAuth](../extauth.proto.sk#opaauth) | Only one of `opaAuth`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `ldap` can be set. | | +| `ldap` | [.enterprise.gloo.solo.io.Ldap](../extauth.proto.sk#ldap) | Only one of `ldap`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `opaAuth` can be set. | | + + + + +--- +### RouteExtension + + +Deprecated: use ExtAuthExtension + +```yaml +"disable": bool + +``` + +| Field | Type | Description | Default | +| ----- | ---- | ----------- |----------- | +| `disable` | `bool` | | | @@ -54,11 +205,11 @@ weight: 5 ```yaml "extauthzServerRef": .core.solo.io.ResourceRef -"httpService": .extauth.plugins.gloo.solo.io.HttpService +"httpService": .enterprise.gloo.solo.io.HttpService "userIdHeader": string "requestTimeout": .google.protobuf.Duration "failureModeAllow": bool -"requestBody": .extauth.plugins.gloo.solo.io.BufferSettings +"requestBody": .enterprise.gloo.solo.io.BufferSettings "clearRouteCache": bool "statusOnError": int @@ -66,12 +217,12 @@ weight: 5 | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | -| `extauthzServerRef` | [.core.solo.io.ResourceRef](../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | The upstream to ask about auth decisions. | | -| `httpService` | [.extauth.plugins.gloo.solo.io.HttpService](../extauth.proto.sk#httpservice) | If this is set, communication to the upstream will be with HTTP and not GRPC. | | +| `extauthzServerRef` | [.core.solo.io.ResourceRef](../../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | The upstream to ask about auth decisions. | | +| `httpService` | [.enterprise.gloo.solo.io.HttpService](../extauth.proto.sk#httpservice) | If this is set, communication to the upstream will be with HTTP and not GRPC. | | | `userIdHeader` | `string` | If the auth server trusted id of the user, it will be set in this header. Specifically this means that this header will be sanitized form the incoming request. | | | `requestTimeout` | [.google.protobuf.Duration](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/duration) | Timeout for the ext auth service to respond. defaults to 200ms. | | | `failureModeAllow` | `bool` | In case of a failure or timeout querying the auth server, normally a request is denied. if this is set to true, the request will be allowed. | | -| `requestBody` | [.extauth.plugins.gloo.solo.io.BufferSettings](../extauth.proto.sk#buffersettings) | Set this if you also want to send the body of the request, and not just the headers. | | +| `requestBody` | [.enterprise.gloo.solo.io.BufferSettings](../extauth.proto.sk#buffersettings) | Set this if you also want to send the body of the request, and not just the headers. | | | `clearRouteCache` | `bool` | Clears route cache in order to allow the external authorization service to correctly affect routing decisions. Filter clears all cached routes when: 1. The field is set to *true*. 2. The status returned from the authorization service is a HTTP 200 or gRPC 0. 3. At least one *authorization response header* is added to the client request, or is used for altering another client request header. | | | `statusOnError` | `int` | Sets the HTTP status that is returned to the client when there is a network error between the filter and the authorization server. The default status is HTTP 403 Forbidden. If set, this must be one of the following: - 100 - 200 201 202 203 204 205 206 207 208 226 - 300 301 302 303 304 305 307 308 - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431 - 500 501 502 503 504 505 506 507 508 510 511. | | @@ -85,16 +236,16 @@ weight: 5 ```yaml "pathPrefix": string -"request": .extauth.plugins.gloo.solo.io.HttpService.Request -"response": .extauth.plugins.gloo.solo.io.HttpService.Response +"request": .enterprise.gloo.solo.io.HttpService.Request +"response": .enterprise.gloo.solo.io.HttpService.Response ``` | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | | `pathPrefix` | `string` | Sets a prefix to the value of authorization request header *Path*. | | -| `request` | [.extauth.plugins.gloo.solo.io.HttpService.Request](../extauth.proto.sk#request) | | | -| `response` | [.extauth.plugins.gloo.solo.io.HttpService.Response](../extauth.proto.sk#response) | | | +| `request` | [.enterprise.gloo.solo.io.HttpService.Request](../extauth.proto.sk#request) | | | +| `response` | [.enterprise.gloo.solo.io.HttpService.Response](../extauth.proto.sk#response) | | | @@ -182,13 +333,13 @@ Configures auth via dynamically loaded Go plugins. Deprecated ```yaml -"plugins": []extauth.plugins.gloo.solo.io.AuthPlugin +"plugins": []enterprise.gloo.solo.io.AuthPlugin ``` | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | -| `plugins` | [[]extauth.plugins.gloo.solo.io.AuthPlugin](../extauth.proto.sk#authplugin) | Deprecated. | | +| `plugins` | [[]enterprise.gloo.solo.io.AuthPlugin](../extauth.proto.sk#authplugin) | Deprecated. | | @@ -223,14 +374,14 @@ Deprecated ```yaml "realm": string -"apr": .extauth.plugins.gloo.solo.io.BasicAuth.Apr +"apr": .enterprise.gloo.solo.io.BasicAuth.Apr ``` | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | | `realm` | `string` | | | -| `apr` | [.extauth.plugins.gloo.solo.io.BasicAuth.Apr](../extauth.proto.sk#apr) | | | +| `apr` | [.enterprise.gloo.solo.io.BasicAuth.Apr](../extauth.proto.sk#apr) | | | @@ -241,13 +392,13 @@ Deprecated ```yaml -"users": map +"users": map ``` | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | -| `users` | `map` | | | +| `users` | `map` | | | @@ -289,7 +440,7 @@ Deprecated | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | | `clientId` | `string` | your client id as registered with the issuer. | | -| `clientSecretRef` | [.core.solo.io.ResourceRef](../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | your client secret as registered with the issuer. | | +| `clientSecretRef` | [.core.solo.io.ResourceRef](../../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | your client secret as registered with the issuer. | | | `issuerUrl` | `string` | The url of the issuer. We will look for OIDC information in issuerUrl+ ".well-known/openid-configuration". | | | `appUrl` | `string` | we to redirect after successful auth, if we can't determine the original url this should be your publicly available app url. | | | `callbackPath` | `string` | a callback path relative to app url that will be used for OIDC callbacks. needs to not be used by the application. | | @@ -329,7 +480,7 @@ Deprecated | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | | `labelSelector` | `map` | identify all valid apikey secrets using the provided label selector. apikey secrets must be in gloo's watch namespaces for gloo to locate them. | | -| `apiKeySecretRefs` | [[]core.solo.io.ResourceRef](../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | a way to reference apikey secrets individually (good for testing); prefer apikey groups via label selector. | | +| `apiKeySecretRefs` | [[]core.solo.io.ResourceRef](../../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | a way to reference apikey secrets individually (good for testing); prefer apikey groups via label selector. | | @@ -368,7 +519,7 @@ Deprecated | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | -| `modules` | [[]core.solo.io.ResourceRef](../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | An optional resource reference to config maps containing modules to assist in the resolution of `query`. | | +| `modules` | [[]core.solo.io.ResourceRef](../../../../../../../../../../solo-kit/api/v1/ref.proto.sk#resourceref) | An optional resource reference to config maps containing modules to assist in the resolution of `query`. | | | `query` | `string` | The query that determines the auth decision. The result of this query must be either a boolean or an array with boolean as the first element. A boolean `true` value means that the request will be authorized. Any other value, or error, means that the request will be denied. | | @@ -389,7 +540,7 @@ Authenticates and authorizes requests by querying an LDAP server. Gloo makes the "userDnTemplate": string "membershipAttributeName": string "allowedGroups": []string -"pool": .extauth.plugins.gloo.solo.io.Ldap.ConnectionPool +"pool": .enterprise.gloo.solo.io.Ldap.ConnectionPool ``` @@ -399,7 +550,7 @@ Authenticates and authorizes requests by querying an LDAP server. Gloo makes the | `userDnTemplate` | `string` | Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder. When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope). E.g. "uid=%s,ou=people,dc=solo,dc=io". | | | `membershipAttributeName` | `string` | Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided. | | | `allowedGroups` | `[]string` | In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must contain at least of one of the group DNs specified via this option. E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" }. | | -| `pool` | [.extauth.plugins.gloo.solo.io.Ldap.ConnectionPool](../extauth.proto.sk#connectionpool) | Use this property to tune the pool of connections to the LDAP server that Gloo maintains. | | +| `pool` | [.enterprise.gloo.solo.io.Ldap.ConnectionPool](../extauth.proto.sk#connectionpool) | Use this property to tune the pool of connections to the LDAP server that Gloo maintains. | | @@ -425,82 +576,6 @@ is requested (meaning that all the polled connections are in use), the connectio ---- -### AuthConfig - - -This message represents the user-facing auth configuration. When processed by Gloo, certain configuration types -(i.a. oauth, opa) will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the -final config format that will be included in the extauth snapshot. - -```yaml -"basicAuth": .extauth.plugins.gloo.solo.io.BasicAuth -"oauth": .extauth.plugins.gloo.solo.io.OAuth -"customAuth": .extauth.plugins.gloo.solo.io.CustomAuth -"apiKeyAuth": .extauth.plugins.gloo.solo.io.ApiKeyAuth -"pluginAuth": .extauth.plugins.gloo.solo.io.AuthPlugin -"opaAuth": .extauth.plugins.gloo.solo.io.OpaAuth -"ldap": .extauth.plugins.gloo.solo.io.Ldap - -``` - -| Field | Type | Description | Default | -| ----- | ---- | ----------- |----------- | -| `basicAuth` | [.extauth.plugins.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Only one of `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | -| `oauth` | [.extauth.plugins.gloo.solo.io.OAuth](../extauth.proto.sk#oauth) | Only one of `oauth`, `basicAuth`, `customAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | -| `customAuth` | [.extauth.plugins.gloo.solo.io.CustomAuth](../extauth.proto.sk#customauth) | Only one of `customAuth`, `basicAuth`, `oauth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | -| `apiKeyAuth` | [.extauth.plugins.gloo.solo.io.ApiKeyAuth](../extauth.proto.sk#apikeyauth) | Only one of `apiKeyAuth`, `basicAuth`, `oauth`, `customAuth`, `pluginAuth`, or `ldap` can be set. | | -| `pluginAuth` | [.extauth.plugins.gloo.solo.io.AuthPlugin](../extauth.proto.sk#authplugin) | Only one of `pluginAuth`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `ldap` can be set. | | -| `opaAuth` | [.extauth.plugins.gloo.solo.io.OpaAuth](../extauth.proto.sk#opaauth) | Only one of `opaAuth`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `ldap` can be set. | | -| `ldap` | [.extauth.plugins.gloo.solo.io.Ldap](../extauth.proto.sk#ldap) | Only one of `ldap`, `basicAuth`, `oauth`, `customAuth`, `apiKeyAuth`, or `opaAuth` can be set. | | - - - - ---- -### VhostExtension - - - -```yaml -"basicAuth": .extauth.plugins.gloo.solo.io.BasicAuth -"oauth": .extauth.plugins.gloo.solo.io.OAuth -"customAuth": .extauth.plugins.gloo.solo.io.CustomAuth -"apiKeyAuth": .extauth.plugins.gloo.solo.io.ApiKeyAuth -"pluginAuth": .extauth.plugins.gloo.solo.io.PluginAuth -"configs": []extauth.plugins.gloo.solo.io.AuthConfig - -``` - -| Field | Type | Description | Default | -| ----- | ---- | ----------- |----------- | -| `basicAuth` | [.extauth.plugins.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Deprecated: use `configs` field instead. Only one of `basicAuth`, `oauth`, `customAuth`, or `pluginAuth` can be set. | | -| `oauth` | [.extauth.plugins.gloo.solo.io.OAuth](../extauth.proto.sk#oauth) | Deprecated: use `configs` field instead. Only one of `oauth`, `basicAuth`, `customAuth`, or `pluginAuth` can be set. | | -| `customAuth` | [.extauth.plugins.gloo.solo.io.CustomAuth](../extauth.proto.sk#customauth) | Deprecated: use `configs` field instead. Only one of `customAuth`, `basicAuth`, `oauth`, or `pluginAuth` can be set. | | -| `apiKeyAuth` | [.extauth.plugins.gloo.solo.io.ApiKeyAuth](../extauth.proto.sk#apikeyauth) | Deprecated: use `configs` field instead. Only one of `apiKeyAuth`, `basicAuth`, `oauth`, or `pluginAuth` can be set. | | -| `pluginAuth` | [.extauth.plugins.gloo.solo.io.PluginAuth](../extauth.proto.sk#pluginauth) | Deprecated: use `configs` field instead. Only one of `pluginAuth`, `basicAuth`, `oauth`, or `apiKeyAuth` can be set. | | -| `configs` | [[]extauth.plugins.gloo.solo.io.AuthConfig](../extauth.proto.sk#authconfig) | A chain of AuthN\AuthZ configurations which will be executed in the order they are specified. The first plugin to deny a request will cause a 403 response to be returned; any subsequent plugin in the chain will not be executed. The headers on the OkHttpResponse returned from a plugin in the chain will be added to the request that will be sent to the next one(s) according to the rules described here: https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto#service-auth-v2-okhttpresponse. | | - - - - ---- -### RouteExtension - - - -```yaml -"disable": bool - -``` - -| Field | Type | Description | Default | -| ----- | ---- | ----------- |----------- | -| `disable` | `bool` | | | - - - - --- ### ExtAuthConfig @@ -508,23 +583,25 @@ final config format that will be included in the extauth snapshot. ```yaml +"authConfigRefName": string "vhost": string -"oauth": .extauth.plugins.gloo.solo.io.ExtAuthConfig.OAuthConfig -"basicAuth": .extauth.plugins.gloo.solo.io.BasicAuth -"apiKeyAuth": .extauth.plugins.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig -"pluginAuth": .extauth.plugins.gloo.solo.io.PluginAuth -"configs": []extauth.plugins.gloo.solo.io.ExtAuthConfig.AuthConfig +"oauth": .enterprise.gloo.solo.io.ExtAuthConfig.OAuthConfig +"basicAuth": .enterprise.gloo.solo.io.BasicAuth +"apiKeyAuth": .enterprise.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig +"pluginAuth": .enterprise.gloo.solo.io.PluginAuth +"configs": []enterprise.gloo.solo.io.ExtAuthConfig.Config ``` | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | -| `vhost` | `string` | | | -| `oauth` | [.extauth.plugins.gloo.solo.io.ExtAuthConfig.OAuthConfig](../extauth.proto.sk#oauthconfig) | Only one of `oauth`, `basicAuth`, or `pluginAuth` can be set. | | -| `basicAuth` | [.extauth.plugins.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Only one of `basicAuth`, `oauth`, or `pluginAuth` can be set. | | -| `apiKeyAuth` | [.extauth.plugins.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig](../extauth.proto.sk#apikeyauthconfig) | Only one of `apiKeyAuth`, `oauth`, or `pluginAuth` can be set. | | -| `pluginAuth` | [.extauth.plugins.gloo.solo.io.PluginAuth](../extauth.proto.sk#pluginauth) | Only one of `pluginAuth`, `oauth`, or `apiKeyAuth` can be set. | | -| `configs` | [[]extauth.plugins.gloo.solo.io.ExtAuthConfig.AuthConfig](../extauth.proto.sk#authconfig) | | | +| `authConfigRefName` | `string` | | | +| `vhost` | `string` | Deprecated: use auth_config_ref_name instead. | | +| `oauth` | [.enterprise.gloo.solo.io.ExtAuthConfig.OAuthConfig](../extauth.proto.sk#oauthconfig) | Only one of `oauth`, `basicAuth`, or `pluginAuth` can be set. | | +| `basicAuth` | [.enterprise.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Only one of `basicAuth`, `oauth`, or `pluginAuth` can be set. | | +| `apiKeyAuth` | [.enterprise.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig](../extauth.proto.sk#apikeyauthconfig) | Only one of `apiKeyAuth`, `oauth`, or `pluginAuth` can be set. | | +| `pluginAuth` | [.enterprise.gloo.solo.io.PluginAuth](../extauth.proto.sk#pluginauth) | Only one of `pluginAuth`, `oauth`, or `apiKeyAuth` can be set. | | +| `configs` | [[]enterprise.gloo.solo.io.ExtAuthConfig.Config](../extauth.proto.sk#config) | | | @@ -593,28 +670,28 @@ final config format that will be included in the extauth snapshot. --- -### AuthConfig +### Config ```yaml -"oauth": .extauth.plugins.gloo.solo.io.ExtAuthConfig.OAuthConfig -"basicAuth": .extauth.plugins.gloo.solo.io.BasicAuth -"apiKeyAuth": .extauth.plugins.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig -"pluginAuth": .extauth.plugins.gloo.solo.io.AuthPlugin -"opaAuth": .extauth.plugins.gloo.solo.io.ExtAuthConfig.OpaAuthConfig -"ldap": .extauth.plugins.gloo.solo.io.Ldap +"oauth": .enterprise.gloo.solo.io.ExtAuthConfig.OAuthConfig +"basicAuth": .enterprise.gloo.solo.io.BasicAuth +"apiKeyAuth": .enterprise.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig +"pluginAuth": .enterprise.gloo.solo.io.AuthPlugin +"opaAuth": .enterprise.gloo.solo.io.ExtAuthConfig.OpaAuthConfig +"ldap": .enterprise.gloo.solo.io.Ldap ``` | Field | Type | Description | Default | | ----- | ---- | ----------- |----------- | -| `oauth` | [.extauth.plugins.gloo.solo.io.ExtAuthConfig.OAuthConfig](../extauth.proto.sk#oauthconfig) | Only one of `oauth`, `basicAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | -| `basicAuth` | [.extauth.plugins.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Only one of `basicAuth`, `oauth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | -| `apiKeyAuth` | [.extauth.plugins.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig](../extauth.proto.sk#apikeyauthconfig) | Only one of `apiKeyAuth`, `oauth`, `basicAuth`, `pluginAuth`, or `ldap` can be set. | | -| `pluginAuth` | [.extauth.plugins.gloo.solo.io.AuthPlugin](../extauth.proto.sk#authplugin) | Only one of `pluginAuth`, `oauth`, `basicAuth`, `apiKeyAuth`, or `ldap` can be set. | | -| `opaAuth` | [.extauth.plugins.gloo.solo.io.ExtAuthConfig.OpaAuthConfig](../extauth.proto.sk#opaauthconfig) | Only one of `opaAuth`, `oauth`, `basicAuth`, `apiKeyAuth`, or `ldap` can be set. | | -| `ldap` | [.extauth.plugins.gloo.solo.io.Ldap](../extauth.proto.sk#ldap) | Only one of `ldap`, `oauth`, `basicAuth`, `apiKeyAuth`, or `opaAuth` can be set. | | +| `oauth` | [.enterprise.gloo.solo.io.ExtAuthConfig.OAuthConfig](../extauth.proto.sk#oauthconfig) | Only one of `oauth`, `basicAuth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `basicAuth` | [.enterprise.gloo.solo.io.BasicAuth](../extauth.proto.sk#basicauth) | Only one of `basicAuth`, `oauth`, `apiKeyAuth`, `pluginAuth`, or `ldap` can be set. | | +| `apiKeyAuth` | [.enterprise.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig](../extauth.proto.sk#apikeyauthconfig) | Only one of `apiKeyAuth`, `oauth`, `basicAuth`, `pluginAuth`, or `ldap` can be set. | | +| `pluginAuth` | [.enterprise.gloo.solo.io.AuthPlugin](../extauth.proto.sk#authplugin) | Only one of `pluginAuth`, `oauth`, `basicAuth`, `apiKeyAuth`, or `ldap` can be set. | | +| `opaAuth` | [.enterprise.gloo.solo.io.ExtAuthConfig.OpaAuthConfig](../extauth.proto.sk#opaauthconfig) | Only one of `opaAuth`, `oauth`, `basicAuth`, `apiKeyAuth`, or `ldap` can be set. | | +| `ldap` | [.enterprise.gloo.solo.io.Ldap](../extauth.proto.sk#ldap) | Only one of `ldap`, `oauth`, `basicAuth`, `apiKeyAuth`, or `opaAuth` can be set. | | diff --git a/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/plugins.proto.sk.md b/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/plugins.proto.sk.md index f499d1480e4..c36567f89dc 100644 --- a/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/plugins.proto.sk.md +++ b/docs/api/github.com/solo-io/gloo/projects/gloo/api/v1/plugins.proto.sk.md @@ -210,6 +210,7 @@ is selected for routing. ```yaml "headerManipulation": .headers.plugins.gloo.solo.io.HeaderManipulation "transformations": .envoy.api.v2.filter.http.RouteTransformations +"extensions": .gloo.solo.io.Extensions ``` @@ -217,6 +218,7 @@ is selected for routing. | ----- | ---- | ----------- |----------- | | `headerManipulation` | [.headers.plugins.gloo.solo.io.HeaderManipulation](../plugins/headers/headers.proto.sk#headermanipulation) | Append/Remove headers on Requests or Responses to/from this Weighted Destination. | | | `transformations` | [.envoy.api.v2.filter.http.RouteTransformations](../plugins/transformation/transformation.proto.sk#routetransformations) | Transformations to apply. | | +| `extensions` | [.gloo.solo.io.Extensions](../extensions.proto.sk#extensions) | Deprecated: Opaque config for Gloo plugins. | | diff --git a/docs/api/gloo.solo.io.project.sk.md b/docs/api/gloo.solo.io.project.sk.md index 4b8eeade0c6..f68249d09da 100644 --- a/docs/api/gloo.solo.io.project.sk.md +++ b/docs/api/gloo.solo.io.project.sk.md @@ -18,6 +18,7 @@ Gloo is a high-performance, plugin-extendable, platform-agnostic API Gateway bui ### API Resources: - [Artifact](../github.com/solo-io/gloo/projects/gloo/api/v1/artifact.proto.sk#artifact) +- [AuthConfig](../github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk#authconfig) - [Endpoint](../github.com/solo-io/gloo/projects/gloo/api/v1/endpoint.proto.sk#endpoint) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto.sk#gateway) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v2/gateway.proto.sk#gateway) diff --git a/docs/api/glooe.solo.io.project.sk.md b/docs/api/glooe.solo.io.project.sk.md index a35388ad7c7..a48433f7a28 100644 --- a/docs/api/glooe.solo.io.project.sk.md +++ b/docs/api/glooe.solo.io.project.sk.md @@ -18,6 +18,7 @@ Gloo is a high-performance, plugin-extendable, platform-agnostic API Gateway bui ### API Resources: - [Artifact](../github.com/solo-io/gloo/projects/gloo/api/v1/artifact.proto.sk#artifact) +- [AuthConfig](../github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto.sk#authconfig) - [Endpoint](../github.com/solo-io/gloo/projects/gloo/api/v1/endpoint.proto.sk#endpoint) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto.sk#gateway) - [Gateway](../github.com/solo-io/gloo/projects/gateway/api/v2/gateway.proto.sk#gateway) diff --git a/generate.go b/generate.go index ade9171e9d7..f6077961776 100644 --- a/generate.go +++ b/generate.go @@ -12,12 +12,12 @@ import ( func main() { err := version.CheckVersions() if err != nil { - log.Fatalf("generate failed!: %v", err) + log.Fatalf("generate failed!: %s", err.Error()) } log.Printf("starting generate") generateOptions := cmd.GenerateOptions{ - SkipGenMocks: true, + SkipGenMocks: true, CustomCompileProtos: []string{ "projects/gloo/api/grpc", }, diff --git a/install/helm/gloo/templates/100-gloo-crds.yaml b/install/helm/gloo/templates/100-gloo-crds.yaml index 459d8148ba7..88b552ce8b0 100644 --- a/install/helm/gloo/templates/100-gloo-crds.yaml +++ b/install/helm/gloo/templates/100-gloo-crds.yaml @@ -154,4 +154,26 @@ spec: served: true storage: true --- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: authconfigs.enterprise.gloo.solo.io + annotations: + "helm.sh/hook": crd-install +spec: + group: enterprise.gloo.solo.io + names: + kind: AuthConfig + listKind: AuthConfigList + plural: authconfigs + shortNames: + - ac + singular: authconfig + scope: Namespaced + version: v1 + versions: + - name: v1 + served: true + storage: true +--- {{- end}} \ No newline at end of file diff --git a/install/helm/gloo/templates/20-namespace-clusterrole-gateway.yaml b/install/helm/gloo/templates/20-namespace-clusterrole-gateway.yaml index 791252f8cbc..4c52956973a 100644 --- a/install/helm/gloo/templates/20-namespace-clusterrole-gateway.yaml +++ b/install/helm/gloo/templates/20-namespace-clusterrole-gateway.yaml @@ -70,8 +70,8 @@ metadata: "helm.sh/hook": "pre-install" "helm.sh/hook-weight": "10" rules: -- apiGroups: ["gloo.solo.io"] - resources: ["upstreams","upstreamgroups", "proxies"] +- apiGroups: ["gloo.solo.io", "enterprise.gloo.solo.io"] + resources: ["upstreams","upstreamgroups", "proxies", "authconfigs"] # update is needed for status updates verbs: ["get", "list", "watch", "update"] --- diff --git a/install/helm/gloo/templates/21-namespace-clusterrole-ingress.yaml b/install/helm/gloo/templates/21-namespace-clusterrole-ingress.yaml index cb87638dcf4..c4192d847c4 100644 --- a/install/helm/gloo/templates/21-namespace-clusterrole-ingress.yaml +++ b/install/helm/gloo/templates/21-namespace-clusterrole-ingress.yaml @@ -21,8 +21,8 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "create"] -- apiGroups: ["gloo.solo.io"] - resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices", "routetables"] +- apiGroups: ["gloo.solo.io", "enterprise.gloo.solo.io"] + resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices", "routetables", "authconfigs"] verbs: ["*"] - apiGroups: ["extensions", ""] resources: ["ingresses"] diff --git a/install/helm/gloo/templates/22-namespace-clusterrole-knative.yaml b/install/helm/gloo/templates/22-namespace-clusterrole-knative.yaml index d114ef4ab19..4274addefa6 100644 --- a/install/helm/gloo/templates/22-namespace-clusterrole-knative.yaml +++ b/install/helm/gloo/templates/22-namespace-clusterrole-knative.yaml @@ -21,8 +21,8 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "create"] -- apiGroups: ["gloo.solo.io"] - resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices", "routetables"] +- apiGroups: ["gloo.solo.io", "enterprise.gloo.solo.io"] + resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices", "routetables", "authconfigs"] verbs: ["*"] - apiGroups: ["networking.internal.knative.dev"] resources: ["clusteringresses"] diff --git a/install/test/rbac_test.go b/install/test/rbac_test.go index b3863e4307e..60431dd009f 100644 --- a/install/test/rbac_test.go +++ b/install/test/rbac_test.go @@ -168,8 +168,8 @@ var _ = Describe("RBAC Test", func() { Annotations: map[string]string{"helm.sh/hook": "pre-install", "helm.sh/hook-weight": "10"}, Rules: []rbacv1.PolicyRule{ { - APIGroups: []string{"gloo.solo.io"}, - Resources: []string{"upstreams", "upstreamgroups", "proxies"}, + APIGroups: []string{"gloo.solo.io", "enterprise.gloo.solo.io"}, + Resources: []string{"upstreams", "upstreamgroups", "proxies", "authconfigs"}, Verbs: []string{"get", "list", "watch", "update"}, }, }, diff --git a/install/test/util.go b/install/test/util.go index ab9ab64a85f..23b9943373e 100644 --- a/install/test/util.go +++ b/install/test/util.go @@ -47,8 +47,8 @@ func GetServiceAccountPermissions(namespace string) *manifesttestutils.ServiceAc permissions.AddExpectedPermission( "gloo-system.gloo", namespace, - []string{"gloo.solo.io"}, - []string{"upstreams", "upstreamgroups", "proxies"}, + []string{"gloo.solo.io", "enterprise.gloo.solo.io"}, + []string{"upstreams", "upstreamgroups", "proxies", "authconfigs"}, []string{"get", "list", "watch", "update"}) permissions.AddExpectedPermission( "gloo-system.gloo", diff --git a/pin_repos.go b/pin_repos.go index 8847005af14..4041abbd343 100644 --- a/pin_repos.go +++ b/pin_repos.go @@ -1,18 +1,26 @@ package main import ( + "github.com/solo-io/gloo/pkg/version" "github.com/solo-io/go-utils/log" - version "github.com/solo-io/go-utils/versionutils" + "github.com/solo-io/go-utils/versionutils" + "github.com/solo-io/go-utils/versionutils/dep" + "github.com/solo-io/go-utils/versionutils/git" ) func main() { - tomlTree, err := version.ParseToml() + tomlTree, err := versionutils.ParseFullToml() fatalCheck(err, "parsing error") - soloKitVersion, err := version.GetVersion(version.SoloKitPkg, tomlTree) + soloKitVersion, err := versionutils.GetDependencyVersionInfo(version.SoloKitPkg, tomlTree) fatalCheck(err, "getting solo-kit version") - fatalCheck(version.PinGitVersion("../solo-kit", soloKitVersion), "consider git fetching in solo-kit repo") + targetVersion := soloKitVersion.Version + if soloKitVersion.Type == dep.Version { + // If the toml version attribute is "version", we are looking for a tag + targetVersion = git.AppendTagPrefix(targetVersion) + } + fatalCheck(git.PinDependencyVersion("../solo-kit", targetVersion), "consider git fetching in solo-kit repo") } func fatalCheck(err error, msg string) { diff --git a/pkg/version/check.go b/pkg/version/check.go index 2d9099b98ed..82055e55a1d 100644 --- a/pkg/version/check.go +++ b/pkg/version/check.go @@ -4,29 +4,60 @@ import ( "github.com/pkg/errors" "github.com/solo-io/go-utils/log" "github.com/solo-io/go-utils/versionutils" + "github.com/solo-io/go-utils/versionutils/dep" + gitutils "github.com/solo-io/go-utils/versionutils/git" ) +const SoloKitPkg = "github.com/solo-io/solo-kit" + +var attributeTypes = map[dep.VersionType]string{ + dep.Version: "version", + dep.Branch: "branch", + dep.Revision: "revision", +} + func CheckVersions() error { - log.Printf("Checking expected solo kit and gloo versions...") - tomlTree, err := versionutils.ParseToml() + tomlTree, err := versionutils.ParseFullToml() if err != nil { return err } - expectedSoloKitVersion, err := versionutils.GetVersion(versionutils.SoloKitPkg, tomlTree) + log.Printf("Checking expected solo kit version...") + expectedVersion, err := versionutils.GetDependencyVersionInfo(SoloKitPkg, tomlTree) if err != nil { return err } + log.Printf("Expecting solo-kit with %s [%s]", attributeTypes[expectedVersion.Type], expectedVersion.Version) log.Printf("Checking repo versions...") - actualSoloKitVersion, err := versionutils.GetGitVersion("../solo-kit") + actualVersion, err := gitutils.GetGitRefInfo("../solo-kit") if err != nil { return err } - expectedTaggedSoloKitVersion := versionutils.GetTag(expectedSoloKitVersion) - if expectedTaggedSoloKitVersion != actualSoloKitVersion { - return errors.Errorf("Expected solo kit version %s, found solo kit version %s in repo. Run 'make pin-repos' or fix manually.", expectedTaggedSoloKitVersion, actualSoloKitVersion) + log.Printf("Found solo-kit ref. Tag [%s], Branch [%s], Commit [%s]", + actualVersion.Tag, actualVersion.Branch, actualVersion.Hash) + + switch expectedVersion.Type { + case dep.Version: + expectedTaggedVersion := gitutils.AppendTagPrefix(expectedVersion.Version) + if actualVersion.Tag != expectedTaggedVersion { + return errors.Errorf("Expected solo kit tag [%s], found solo kit tag [%s] in repo. "+ + "Run 'make pin-repos' or fix manually.", expectedTaggedVersion, actualVersion.Tag) + } + case dep.Branch: + if actualVersion.Branch != expectedVersion.Version { + return errors.Errorf("Expected solo kit branch [%s], found solo kit branch [%s] in repo. "+ + "Run 'make pin-repos' or fix manually.", expectedVersion.Version, actualVersion.Branch) + } + case dep.Revision: + if actualVersion.Hash != expectedVersion.Version { + return errors.Errorf("Expected solo kit revision [%s], found solo kit commit [%s] in repo. "+ + "Run 'make pin-repos' or fix manually.", expectedVersion.Version, actualVersion.Hash) + } + default: + return errors.Errorf("Unexpected dep version attribute type: [%d]", expectedVersion.Type) } + log.Printf("Versions are pinned correctly.") return nil } diff --git a/projects/gloo/api/v1/enterprise/plugins/extauth/solo-kit.json b/projects/gloo/api/v1/enterprise/plugins/extauth/solo-kit.json deleted file mode 100644 index 198b5b4a0ab..00000000000 --- a/projects/gloo/api/v1/enterprise/plugins/extauth/solo-kit.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "extauth.plugins.gloo.solo.io", - "version": "extauth" -} \ No newline at end of file diff --git a/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto b/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto similarity index 75% rename from projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto rename to projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto index 0571f7de267..cb8043c6bf0 100644 --- a/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto +++ b/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto @@ -1,19 +1,104 @@ syntax = "proto3"; -package extauth.plugins.gloo.solo.io; +package enterprise.gloo.solo.io; -option go_package = "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth"; +option go_package = "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1"; import "github.com/solo-io/solo-kit/api/v1/ref.proto"; import "gogoproto/gogo.proto"; option (gogoproto.equal_all) = true; +import "github.com/solo-io/solo-kit/api/v1/metadata.proto"; +import "github.com/solo-io/solo-kit/api/v1/status.proto"; +import "github.com/solo-io/solo-kit/api/v1/solo-kit.proto"; import "envoy/api/v2/discovery.proto"; import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; + +// This is the user-facing auth configuration. When processed by Gloo, certain configuration types (i.a. oauth, opa) +// will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the final config +// format that will be included in the extauth snapshot. +message AuthConfig { + + option (core.solo.io.resource).short_name = "ac"; + option (core.solo.io.resource).plural_name = "auth_configs"; + + // Status indicates the validation status of this resource. + // Status is read-only by clients, and set by gloo during validation + core.solo.io.Status status = 1 [(gogoproto.nullable) = false, (gogoproto.moretags) = "testdiff:\"ignore\""]; + + // Metadata contains the object metadata for this resource + core.solo.io.Metadata metadata = 2 [(gogoproto.nullable) = false]; + + message Config { + oneof auth_config { + BasicAuth basic_auth = 1; + OAuth oauth = 2; + CustomAuth custom_auth = 3; + ApiKeyAuth api_key_auth = 4; + AuthPlugin plugin_auth = 5; + OpaAuth opa_auth = 6; + Ldap ldap = 7; + } + } + + repeated Config configs = 3; +} + +// Auth configurations defined on virtual hosts and routes will be unmarshalled to this message. +message ExtAuthExtension { + oneof spec { + // Set to true to disable auth on the virtual host/route. + bool disable = 1; + // A reference to an AuthConfig. + core.solo.io.ResourceRef config_ref = 2; + } +} + +// Deprecated: use ExtAuthExtension +message VhostExtension { + // Deprecated: use `configs` field instead. + oneof auth_config { + // Deprecated: use `configs` field instead. + BasicAuth basic_auth = 1; + // Deprecated: use `configs` field instead. + OAuth oauth = 2; + // Deprecated: use `configs` field instead. + CustomAuth custom_auth = 3; + // Deprecated: use `configs` field instead. + ApiKeyAuth api_key_auth = 4; + // Deprecated: use `configs` field instead. + PluginAuth plugin_auth = 5; + } + + message AuthConfig { + oneof auth_config { + BasicAuth basic_auth = 1; + OAuth oauth = 2; + CustomAuth custom_auth = 3; + ApiKeyAuth api_key_auth = 4; + AuthPlugin plugin_auth = 5; + OpaAuth opa_auth = 6; + Ldap ldap = 7; + } + } + + // A chain of AuthN\AuthZ configurations which will be executed in the order they are specified. The first plugin to deny a request will + // cause a 403 response to be returned; any subsequent plugin in the chain will not be executed. + // The headers on the OkHttpResponse returned from a plugin in the chain will be added to the request that will be sent + // to the next one(s) according to the rules described here: + // https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto#service-auth-v2-okhttpresponse + repeated AuthConfig configs = 6; +} + +// Deprecated: use ExtAuthExtension +message RouteExtension { + bool disable = 1; +} + message Settings { // The upstream to ask about auth decisions core.solo.io.ResourceRef extauthz_server_ref = 1; @@ -62,25 +147,25 @@ message HttpService { string path_prefix = 1; message Request { - // These headers will be copied from the incoming request to the request going - // to the auth server. Note that in addition to the user's supplied matchers: - // - // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list. - // - // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have - // a message body. + // These headers will be copied from the incoming request to the request going + // to the auth server. Note that in addition to the user's supplied matchers: + // + // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list. + // + // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have + // a message body. repeated string allowed_headers = 1; // These headers that will be included to the request to authorization service. Note that // client request of the same key will be overridden. - map headers_to_add = 2; + map headers_to_add = 2; } Request request = 2; message Response { - // When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream. - // Note that coexistent headers will be overridden. - repeated string allowed_upstream_headers = 1; + // When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream. + // Note that coexistent headers will be overridden. + repeated string allowed_upstream_headers = 1; // When this. is set, authorization response headers that will be added to the client's response when auth request is denied. // Note that when this list is *not* set, all the authorization response headers, except *Authority @@ -119,15 +204,15 @@ message PluginAuth { } message AuthPlugin { - // Name of the plugin - string name = 1; - // Name of the compiled plugin file. If not specified, GlooE will look for an ".so" file with same name as the plugin. - string plugin_file_name = 2; - // Name of the exported symbol that implements the plugin interface in the plugin. - // If not specified, defaults to the name of the plugin - string exported_symbol_name = 3; - - google.protobuf.Struct config = 4; + // Name of the plugin + string name = 1; + // Name of the compiled plugin file. If not specified, GlooE will look for an ".so" file with same name as the plugin. + string plugin_file_name = 2; + // Name of the exported symbol that implements the plugin interface in the plugin. + // If not specified, defaults to the name of the plugin + string exported_symbol_name = 3; + + google.protobuf.Struct config = 4; } message BasicAuth { @@ -139,7 +224,7 @@ message BasicAuth { string hashed_password = 2; } map users = 2; - } + } Apr apr = 2; } @@ -166,7 +251,9 @@ message OAuth { repeated string scopes = 6; } -message OauthSecret { string client_secret = 1; } +message OauthSecret { + string client_secret = 1; +} message ApiKeyAuth { // identify all valid apikey secrets using the provided label selector. @@ -234,45 +321,6 @@ message Ldap { ConnectionPool pool = 5; } -// This message represents the user-facing auth configuration. When processed by Gloo, certain configuration types -// (i.a. oauth, opa) will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the -// final config format that will be included in the extauth snapshot. -message AuthConfig { - oneof auth_config { - BasicAuth basic_auth = 1; - OAuth oauth = 2; - CustomAuth custom_auth = 3; - ApiKeyAuth api_key_auth = 4; - AuthPlugin plugin_auth = 5; - OpaAuth opa_auth = 6; - Ldap ldap = 7; - } -} - -message VhostExtension { - oneof auth_config { - // Deprecated: use `configs` field instead. - BasicAuth basic_auth = 1; - // Deprecated: use `configs` field instead. - OAuth oauth = 2; - // Deprecated: use `configs` field instead. - CustomAuth custom_auth = 3; - // Deprecated: use `configs` field instead. - ApiKeyAuth api_key_auth = 4; - // Deprecated: use `configs` field instead. - PluginAuth plugin_auth = 5; - } - - // A chain of AuthN\AuthZ configurations which will be executed in the order they are specified. The first plugin to deny a request will - // cause a 403 response to be returned; any subsequent plugin in the chain will not be executed. - // The headers on the OkHttpResponse returned from a plugin in the chain will be added to the request that will be sent - // to the next one(s) according to the rules described here: - // https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto#service-auth-v2-okhttpresponse - repeated AuthConfig configs = 6; -} - -message RouteExtension { bool disable = 1; } - /* @solo-kit:xds-service=ExtAuthDiscoveryService @solo-kit:resource.no_references @@ -280,7 +328,13 @@ message RouteExtension { bool disable = 1; } message ExtAuthConfig { // @solo-kit:resource.name - string vhost = 1; + // This is the identifier of the AuthConfig resource that this configuration is associated with. + // Any request to the external auth server includes an identifier that is matched against this field to determine + // which AuthConfig should be applied to it. + string auth_config_ref_name = 1; + + // Deprecated: use auth_config_ref_name instead + string vhost = 2; message OAuthConfig { // your client id as registered with the issuer @@ -329,7 +383,7 @@ message ExtAuthConfig { PluginAuth plugin_auth = 6; } - message AuthConfig { + message Config { oneof auth_config { OAuthConfig oauth = 3; BasicAuth basic_auth = 4; @@ -340,21 +394,20 @@ message ExtAuthConfig { } } - repeated AuthConfig configs = 8; + repeated Config configs = 8; } /* @solo-kit:resource.xds-enabled */ service ExtAuthDiscoveryService { - rpc StreamExtAuthConfig(stream envoy.api.v2.DiscoveryRequest) - returns (stream envoy.api.v2.DiscoveryResponse) {} + rpc StreamExtAuthConfig (stream envoy.api.v2.DiscoveryRequest) returns (stream envoy.api.v2.DiscoveryResponse) { + } - rpc DeltaExtAuthConfig(stream envoy.api.v2.DeltaDiscoveryRequest) - returns (stream envoy.api.v2.DeltaDiscoveryResponse) {} + rpc DeltaExtAuthConfig (stream envoy.api.v2.DeltaDiscoveryRequest) returns (stream envoy.api.v2.DeltaDiscoveryResponse) { + } - rpc FetchExtAuthConfig(envoy.api.v2.DiscoveryRequest) - returns (envoy.api.v2.DiscoveryResponse) { + rpc FetchExtAuthConfig (envoy.api.v2.DiscoveryRequest) returns (envoy.api.v2.DiscoveryResponse) { option (google.api.http) = { post : "/v2/discovery:extauthconfig" body : "*" diff --git a/projects/gloo/api/v1/enterprise/plugins/extauth/v1/solo-kit.json b/projects/gloo/api/v1/enterprise/plugins/extauth/v1/solo-kit.json new file mode 100644 index 00000000000..44ccb80a3f6 --- /dev/null +++ b/projects/gloo/api/v1/enterprise/plugins/extauth/v1/solo-kit.json @@ -0,0 +1,4 @@ +{ + "name": "enterprise.gloo.solo.io", + "version": "v1" +} \ No newline at end of file diff --git a/projects/gloo/api/v1/plugins.proto b/projects/gloo/api/v1/plugins.proto index de62f23ba84..54f49cdd80e 100644 --- a/projects/gloo/api/v1/plugins.proto +++ b/projects/gloo/api/v1/plugins.proto @@ -39,7 +39,7 @@ import "github.com/solo-io/gloo/projects/gloo/api/v1/plugins/headers/headers.pro import "github.com/solo-io/gloo/projects/gloo/api/v1/plugins/healthcheck/healthcheck.proto"; import "github.com/solo-io/gloo/projects/gloo/api/v1/plugins/hostrewrite/hostrewrite.proto"; -import "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto"; +import "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto"; import "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/jwt/jwt.proto"; import "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/ratelimit/ratelimit.proto"; import "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/rbac/rbac.proto"; @@ -161,6 +161,8 @@ message WeightedDestinationPlugins { headers.plugins.gloo.solo.io.HeaderManipulation header_manipulation = 1; // Transformations to apply envoy.api.v2.filter.http.RouteTransformations transformations = 2; + // Deprecated: Opaque config for Gloo plugins + Extensions extensions = 3 [deprecated=true]; } // Each upstream in Gloo has a type. Supported types include `static`, `kubernetes`, `aws`, `consul`, and more. diff --git a/projects/gloo/api/v1/solo-kit.json b/projects/gloo/api/v1/solo-kit.json index b48946bffd5..af637370eef 100644 --- a/projects/gloo/api/v1/solo-kit.json +++ b/projects/gloo/api/v1/solo-kit.json @@ -38,6 +38,10 @@ { "name": "Upstream", "package": "gloo.solo.io" + }, + { + "name": "AuthConfig", + "package": "enterprise.gloo.solo.io" } ], "eds.gloo.solo.io": [ diff --git a/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey.go b/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey.go index cd6e7a9d6b7..7bc526bd944 100644 --- a/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey.go +++ b/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey.go @@ -13,7 +13,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/printers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/surveyutils" gloov1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauth "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" "github.com/solo-io/solo-kit/pkg/api/v1/clients" "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" "github.com/solo-io/solo-kit/pkg/errors" diff --git a/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey_test.go b/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey_test.go index 1676f65d6d8..a9e0fce1891 100644 --- a/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey_test.go +++ b/projects/gloo/cli/pkg/cmd/create/secret/extauth_apikey_test.go @@ -13,7 +13,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/cmd/create/secret" "github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/testutils" - extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" pluginutils "github.com/solo-io/gloo/projects/gloo/pkg/plugins/utils" "github.com/solo-io/solo-kit/pkg/api/v1/clients" ) diff --git a/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth.go b/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth.go index eb5af97b483..f2d0a7eb054 100644 --- a/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth.go +++ b/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth.go @@ -12,7 +12,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/printers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/surveyutils" - "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauth "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" "github.com/solo-io/solo-kit/pkg/api/v1/clients" "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" "github.com/solo-io/solo-kit/pkg/errors" diff --git a/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth_test.go b/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth_test.go index 0e30bb347a3..28e660c0c5f 100644 --- a/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth_test.go +++ b/projects/gloo/cli/pkg/cmd/create/secret/extauth_oauth_test.go @@ -12,7 +12,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/testutils" - extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" pluginutils "github.com/solo-io/gloo/projects/gloo/pkg/plugins/utils" "github.com/solo-io/solo-kit/pkg/api/v1/clients" ) diff --git a/projects/gloo/cli/pkg/cmd/create/virtualservice.go b/projects/gloo/cli/pkg/cmd/create/virtualservice.go index 98c8374db45..b1c76ef92f2 100644 --- a/projects/gloo/cli/pkg/cmd/create/virtualservice.go +++ b/projects/gloo/cli/pkg/cmd/create/virtualservice.go @@ -17,7 +17,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/printers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/surveyutils" gloov1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauth "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/ratelimit" "github.com/solo-io/go-utils/cliutils" "github.com/solo-io/solo-kit/pkg/api/v1/clients" @@ -177,8 +177,8 @@ func authFromOpts(vs *v1.VirtualService, input options.InputVirtualService) erro return errors.Errorf("invalid client secret ref specified: %v.%v", oidc.ClientSecretRef.Namespace, oidc.ClientSecretRef.Name) } vhostAuth = &extauth.VhostExtension{ - Configs: []*extauth.AuthConfig{{ - AuthConfig: &extauth.AuthConfig_Oauth{ + Configs: []*extauth.VhostExtension_AuthConfig{{ + AuthConfig: &extauth.VhostExtension_AuthConfig_Oauth{ Oauth: &extauth.OAuth{ AppUrl: oidc.AppUrl, CallbackPath: oidc.CallbackPath, @@ -214,8 +214,8 @@ func authFromOpts(vs *v1.VirtualService, input options.InputVirtualService) erro } vhostAuth = &extauth.VhostExtension{ - Configs: []*extauth.AuthConfig{{ - AuthConfig: &extauth.AuthConfig_ApiKeyAuth{ + Configs: []*extauth.VhostExtension_AuthConfig{{ + AuthConfig: &extauth.VhostExtension_AuthConfig_ApiKeyAuth{ ApiKeyAuth: &extauth.ApiKeyAuth{ LabelSelector: labelSelector, ApiKeySecretRefs: secretRefs, @@ -225,17 +225,17 @@ func authFromOpts(vs *v1.VirtualService, input options.InputVirtualService) erro } } - opauth := input.OpaAuth - if opauth.Enable { + opaAuth := input.OpaAuth + if opaAuth.Enable { var modules []*core.ResourceRef - query := opauth.Query + query := opaAuth.Query if len(query) == 0 { return EmptyQueryError } - for _, moduleRef := range opauth.Modules { + for _, moduleRef := range opaAuth.Modules { splits := strings.Split(moduleRef, ".") if len(splits) != 2 { @@ -249,8 +249,8 @@ func authFromOpts(vs *v1.VirtualService, input options.InputVirtualService) erro if vhostAuth == nil { vhostAuth = &extauth.VhostExtension{} } - cfg := &extauth.AuthConfig{ - AuthConfig: &extauth.AuthConfig_OpaAuth{ + cfg := &extauth.VhostExtension_AuthConfig{ + AuthConfig: &extauth.VhostExtension_AuthConfig_OpaAuth{ OpaAuth: &extauth.OpaAuth{ Modules: modules, Query: query, diff --git a/projects/gloo/cli/pkg/cmd/create/virtualservice_glooe_test.go b/projects/gloo/cli/pkg/cmd/create/virtualservice_glooe_test.go index db01c19ebc0..535f81a8326 100644 --- a/projects/gloo/cli/pkg/cmd/create/virtualservice_glooe_test.go +++ b/projects/gloo/cli/pkg/cmd/create/virtualservice_glooe_test.go @@ -14,7 +14,7 @@ import ( "github.com/solo-io/gloo/pkg/cliutil/testutil" "github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/testutils" - extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" pluginutils "github.com/solo-io/gloo/projects/gloo/pkg/plugins/utils" "github.com/solo-io/solo-kit/pkg/api/v1/clients" "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" diff --git a/projects/gloo/cli/pkg/cmd/edit/route/extauth.go b/projects/gloo/cli/pkg/cmd/edit/route/extauth.go index 949e12a3b49..9123d081636 100644 --- a/projects/gloo/cli/pkg/cmd/edit/route/extauth.go +++ b/projects/gloo/cli/pkg/cmd/edit/route/extauth.go @@ -8,7 +8,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/constants" "github.com/solo-io/gloo/projects/gloo/cli/pkg/flagutils" gloov1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" "github.com/solo-io/gloo/projects/gloo/pkg/plugins/utils" "github.com/solo-io/go-utils/cliutils" "github.com/solo-io/go-utils/protoutils" diff --git a/projects/gloo/cli/pkg/cmd/edit/route/extauth_test.go b/projects/gloo/cli/pkg/cmd/edit/route/extauth_test.go index 0ca6b8725ad..1516a4acffd 100644 --- a/projects/gloo/cli/pkg/cmd/edit/route/extauth_test.go +++ b/projects/gloo/cli/pkg/cmd/edit/route/extauth_test.go @@ -11,7 +11,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/testutils" v1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" "github.com/solo-io/gloo/projects/gloo/pkg/plugins/utils" "github.com/solo-io/solo-kit/pkg/api/v1/clients" "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" diff --git a/projects/gloo/cli/pkg/cmd/edit/settings/extauth.go b/projects/gloo/cli/pkg/cmd/edit/settings/extauth.go index abfb0a57fe4..e3379e99018 100644 --- a/projects/gloo/cli/pkg/cmd/edit/settings/extauth.go +++ b/projects/gloo/cli/pkg/cmd/edit/settings/extauth.go @@ -9,7 +9,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers" surveyutilsExt "github.com/solo-io/gloo/projects/gloo/cli/pkg/surveyutils" gloov1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" "github.com/solo-io/gloo/projects/gloo/pkg/plugins/utils" "github.com/solo-io/go-utils/cliutils" "github.com/solo-io/go-utils/protoutils" diff --git a/projects/gloo/cli/pkg/cmd/edit/settings/extauth_test.go b/projects/gloo/cli/pkg/cmd/edit/settings/extauth_test.go index 2aff49fa4f4..44cd4745422 100644 --- a/projects/gloo/cli/pkg/cmd/edit/settings/extauth_test.go +++ b/projects/gloo/cli/pkg/cmd/edit/settings/extauth_test.go @@ -10,7 +10,7 @@ import ( "github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers" "github.com/solo-io/gloo/projects/gloo/cli/pkg/testutils" gloov1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauthpb "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" static_plugin_gloo "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/plugins/static" "github.com/solo-io/gloo/projects/gloo/pkg/plugins/utils" "github.com/solo-io/solo-kit/pkg/api/v1/clients" diff --git a/projects/gloo/cli/pkg/cmd/install/uninstall_test.go b/projects/gloo/cli/pkg/cmd/install/uninstall_test.go index 149a9c883f0..43b233091b3 100644 --- a/projects/gloo/cli/pkg/cmd/install/uninstall_test.go +++ b/projects/gloo/cli/pkg/cmd/install/uninstall_test.go @@ -37,7 +37,7 @@ func (k *MockKubectl) Kubectl(stdin io.Reader, args ...string) error { var _ = Describe("Uninstall", func() { const ( - deleteCrds = "delete crd gateways.gateway.solo.io.v2 proxies.gloo.solo.io settings.gloo.solo.io upstreams.gloo.solo.io upstreamgroups.gloo.solo.io virtualservices.gateway.solo.io routetables.gateway.solo.io" + deleteCrds = `delete crd gateways.gateway.solo.io.v2 proxies.gloo.solo.io settings.gloo.solo.io upstreams.gloo.solo.io upstreamgroups.gloo.solo.io virtualservices.gateway.solo.io routetables.gateway.solo.io authconfigs.enterprise.gloo.solo.io` ) var flagSet *pflag.FlagSet diff --git a/projects/gloo/cli/pkg/cmd/install/util.go b/projects/gloo/cli/pkg/cmd/install/util.go index 9de33cad175..f5a8e7e26c4 100644 --- a/projects/gloo/cli/pkg/cmd/install/util.go +++ b/projects/gloo/cli/pkg/cmd/install/util.go @@ -59,6 +59,7 @@ func init() { "upstreamgroups.gloo.solo.io", "virtualservices.gateway.solo.io", "routetables.gateway.solo.io", + "authconfigs.enterprise.gloo.solo.io", } KnativeCrdNames = []string{ diff --git a/projects/gloo/cli/pkg/cmd/options/options.go b/projects/gloo/cli/pkg/cmd/options/options.go index ae12d86633c..0c584083fbc 100644 --- a/projects/gloo/cli/pkg/cmd/options/options.go +++ b/projects/gloo/cli/pkg/cmd/options/options.go @@ -4,7 +4,7 @@ import ( "context" "sort" - "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + extauth "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/ratelimit" "github.com/hashicorp/consul/api" diff --git a/projects/gloo/pkg/api/v1/api_snapshot.sk.go b/projects/gloo/pkg/api/v1/api_snapshot.sk.go index f608dac676a..dd1b84f39ff 100644 --- a/projects/gloo/pkg/api/v1/api_snapshot.sk.go +++ b/projects/gloo/pkg/api/v1/api_snapshot.sk.go @@ -5,6 +5,8 @@ package v1 import ( "fmt" + enterprise_gloo_solo_io "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" + "github.com/solo-io/go-utils/hashutils" "go.uber.org/zap" ) @@ -16,6 +18,7 @@ type ApiSnapshot struct { UpstreamGroups UpstreamGroupList Secrets SecretList Upstreams UpstreamList + AuthConfigs enterprise_gloo_solo_io.AuthConfigList } func (s ApiSnapshot) Clone() ApiSnapshot { @@ -26,6 +29,7 @@ func (s ApiSnapshot) Clone() ApiSnapshot { UpstreamGroups: s.UpstreamGroups.Clone(), Secrets: s.Secrets.Clone(), Upstreams: s.Upstreams.Clone(), + AuthConfigs: s.AuthConfigs.Clone(), } } @@ -37,6 +41,7 @@ func (s ApiSnapshot) Hash() uint64 { s.hashUpstreamGroups(), s.hashSecrets(), s.hashUpstreams(), + s.hashAuthConfigs(), ) } @@ -64,6 +69,10 @@ func (s ApiSnapshot) hashUpstreams() uint64 { return hashutils.HashAll(s.Upstreams.AsInterfaces()...) } +func (s ApiSnapshot) hashAuthConfigs() uint64 { + return hashutils.HashAll(s.AuthConfigs.AsInterfaces()...) +} + func (s ApiSnapshot) HashFields() []zap.Field { var fields []zap.Field fields = append(fields, zap.Uint64("artifacts", s.hashArtifacts())) @@ -72,6 +81,7 @@ func (s ApiSnapshot) HashFields() []zap.Field { fields = append(fields, zap.Uint64("upstreamGroups", s.hashUpstreamGroups())) fields = append(fields, zap.Uint64("secrets", s.hashSecrets())) fields = append(fields, zap.Uint64("upstreams", s.hashUpstreams())) + fields = append(fields, zap.Uint64("authConfigs", s.hashAuthConfigs())) return append(fields, zap.Uint64("snapshotHash", s.Hash())) } @@ -84,6 +94,7 @@ type ApiSnapshotStringer struct { UpstreamGroups []string Secrets []string Upstreams []string + AuthConfigs []string } func (ss ApiSnapshotStringer) String() string { @@ -119,6 +130,11 @@ func (ss ApiSnapshotStringer) String() string { s += fmt.Sprintf(" %v\n", name) } + s += fmt.Sprintf(" AuthConfigs %v\n", len(ss.AuthConfigs)) + for _, name := range ss.AuthConfigs { + s += fmt.Sprintf(" %v\n", name) + } + return s } @@ -131,5 +147,6 @@ func (s ApiSnapshot) Stringer() ApiSnapshotStringer { UpstreamGroups: s.UpstreamGroups.NamespacesDotNames(), Secrets: s.Secrets.NamespacesDotNames(), Upstreams: s.Upstreams.NamespacesDotNames(), + AuthConfigs: s.AuthConfigs.NamespacesDotNames(), } } diff --git a/projects/gloo/pkg/api/v1/api_snapshot_emitter.sk.go b/projects/gloo/pkg/api/v1/api_snapshot_emitter.sk.go index ea9658a2552..b0ed106972f 100644 --- a/projects/gloo/pkg/api/v1/api_snapshot_emitter.sk.go +++ b/projects/gloo/pkg/api/v1/api_snapshot_emitter.sk.go @@ -6,6 +6,8 @@ import ( "sync" "time" + enterprise_gloo_solo_io "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" + "go.opencensus.io/stats" "go.opencensus.io/stats/view" "go.opencensus.io/tag" @@ -84,13 +86,14 @@ type ApiEmitter interface { UpstreamGroup() UpstreamGroupClient Secret() SecretClient Upstream() UpstreamClient + AuthConfig() enterprise_gloo_solo_io.AuthConfigClient } -func NewApiEmitter(artifactClient ArtifactClient, endpointClient EndpointClient, proxyClient ProxyClient, upstreamGroupClient UpstreamGroupClient, secretClient SecretClient, upstreamClient UpstreamClient) ApiEmitter { - return NewApiEmitterWithEmit(artifactClient, endpointClient, proxyClient, upstreamGroupClient, secretClient, upstreamClient, make(chan struct{})) +func NewApiEmitter(artifactClient ArtifactClient, endpointClient EndpointClient, proxyClient ProxyClient, upstreamGroupClient UpstreamGroupClient, secretClient SecretClient, upstreamClient UpstreamClient, authConfigClient enterprise_gloo_solo_io.AuthConfigClient) ApiEmitter { + return NewApiEmitterWithEmit(artifactClient, endpointClient, proxyClient, upstreamGroupClient, secretClient, upstreamClient, authConfigClient, make(chan struct{})) } -func NewApiEmitterWithEmit(artifactClient ArtifactClient, endpointClient EndpointClient, proxyClient ProxyClient, upstreamGroupClient UpstreamGroupClient, secretClient SecretClient, upstreamClient UpstreamClient, emit <-chan struct{}) ApiEmitter { +func NewApiEmitterWithEmit(artifactClient ArtifactClient, endpointClient EndpointClient, proxyClient ProxyClient, upstreamGroupClient UpstreamGroupClient, secretClient SecretClient, upstreamClient UpstreamClient, authConfigClient enterprise_gloo_solo_io.AuthConfigClient, emit <-chan struct{}) ApiEmitter { return &apiEmitter{ artifact: artifactClient, endpoint: endpointClient, @@ -98,6 +101,7 @@ func NewApiEmitterWithEmit(artifactClient ArtifactClient, endpointClient Endpoin upstreamGroup: upstreamGroupClient, secret: secretClient, upstream: upstreamClient, + authConfig: authConfigClient, forceEmit: emit, } } @@ -110,6 +114,7 @@ type apiEmitter struct { upstreamGroup UpstreamGroupClient secret SecretClient upstream UpstreamClient + authConfig enterprise_gloo_solo_io.AuthConfigClient } func (c *apiEmitter) Register() error { @@ -131,6 +136,9 @@ func (c *apiEmitter) Register() error { if err := c.upstream.Register(); err != nil { return err } + if err := c.authConfig.Register(); err != nil { + return err + } return nil } @@ -158,6 +166,10 @@ func (c *apiEmitter) Upstream() UpstreamClient { return c.upstream } +func (c *apiEmitter) AuthConfig() enterprise_gloo_solo_io.AuthConfigClient { + return c.authConfig +} + func (c *apiEmitter) Snapshots(watchNamespaces []string, opts clients.WatchOpts) (<-chan *ApiSnapshot, <-chan error, error) { if len(watchNamespaces) == 0 { @@ -222,6 +234,14 @@ func (c *apiEmitter) Snapshots(watchNamespaces []string, opts clients.WatchOpts) upstreamChan := make(chan upstreamListWithNamespace) var initialUpstreamList UpstreamList + /* Create channel for AuthConfig */ + type authConfigListWithNamespace struct { + list enterprise_gloo_solo_io.AuthConfigList + namespace string + } + authConfigChan := make(chan authConfigListWithNamespace) + + var initialAuthConfigList enterprise_gloo_solo_io.AuthConfigList currentSnapshot := ApiSnapshot{} @@ -334,6 +354,24 @@ func (c *apiEmitter) Snapshots(watchNamespaces []string, opts clients.WatchOpts) defer done.Done() errutils.AggregateErrs(ctx, errs, upstreamErrs, namespace+"-upstreams") }(namespace) + /* Setup namespaced watch for AuthConfig */ + { + authConfigs, err := c.authConfig.List(namespace, clients.ListOpts{Ctx: opts.Ctx, Selector: opts.Selector}) + if err != nil { + return nil, nil, errors.Wrapf(err, "initial AuthConfig list") + } + initialAuthConfigList = append(initialAuthConfigList, authConfigs...) + } + authConfigNamespacesChan, authConfigErrs, err := c.authConfig.Watch(namespace, opts) + if err != nil { + return nil, nil, errors.Wrapf(err, "starting AuthConfig watch") + } + + done.Add(1) + go func(namespace string) { + defer done.Done() + errutils.AggregateErrs(ctx, errs, authConfigErrs, namespace+"-authConfigs") + }(namespace) /* Watch for changes and update snapshot */ go func(namespace string) { @@ -377,6 +415,12 @@ func (c *apiEmitter) Snapshots(watchNamespaces []string, opts clients.WatchOpts) return case upstreamChan <- upstreamListWithNamespace{list: upstreamList, namespace: namespace}: } + case authConfigList := <-authConfigNamespacesChan: + select { + case <-ctx.Done(): + return + case authConfigChan <- authConfigListWithNamespace{list: authConfigList, namespace: namespace}: + } } } }(namespace) @@ -393,6 +437,8 @@ func (c *apiEmitter) Snapshots(watchNamespaces []string, opts clients.WatchOpts) currentSnapshot.Secrets = initialSecretList.Sort() /* Initialize snapshot for Upstreams */ currentSnapshot.Upstreams = initialUpstreamList.Sort() + /* Initialize snapshot for AuthConfigs */ + currentSnapshot.AuthConfigs = initialAuthConfigList.Sort() snapshots := make(chan *ApiSnapshot) go func() { @@ -423,6 +469,7 @@ func (c *apiEmitter) Snapshots(watchNamespaces []string, opts clients.WatchOpts) upstreamGroupsByNamespace := make(map[string]UpstreamGroupList) secretsByNamespace := make(map[string]SecretList) upstreamsByNamespace := make(map[string]UpstreamList) + authConfigsByNamespace := make(map[string]enterprise_gloo_solo_io.AuthConfigList) for { record := func() { stats.Record(ctx, mApiSnapshotIn.M(1)) } @@ -552,6 +599,25 @@ func (c *apiEmitter) Snapshots(watchNamespaces []string, opts clients.WatchOpts) upstreamList = append(upstreamList, upstreams...) } currentSnapshot.Upstreams = upstreamList.Sort() + case authConfigNamespacedList := <-authConfigChan: + record() + + namespace := authConfigNamespacedList.namespace + + skstats.IncrementResourceCount( + ctx, + namespace, + "auth_config", + mApiResourcesIn, + ) + + // merge lists by namespace + authConfigsByNamespace[namespace] = authConfigNamespacedList.list + var authConfigList enterprise_gloo_solo_io.AuthConfigList + for _, authConfigs := range authConfigsByNamespace { + authConfigList = append(authConfigList, authConfigs...) + } + currentSnapshot.AuthConfigs = authConfigList.Sort() } } }() diff --git a/projects/gloo/pkg/api/v1/api_snapshot_simple_emitter.sk.go b/projects/gloo/pkg/api/v1/api_snapshot_simple_emitter.sk.go index 61eaf04cb80..7453c0f2115 100644 --- a/projects/gloo/pkg/api/v1/api_snapshot_simple_emitter.sk.go +++ b/projects/gloo/pkg/api/v1/api_snapshot_simple_emitter.sk.go @@ -7,6 +7,8 @@ import ( "fmt" "time" + enterprise_gloo_solo_io "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" + "go.opencensus.io/stats" "github.com/solo-io/go-utils/errutils" @@ -95,6 +97,8 @@ func (c *apiSimpleEmitter) Snapshots(ctx context.Context) (<-chan *ApiSnapshot, currentSnapshot.Secrets = append(currentSnapshot.Secrets, typed) case *Upstream: currentSnapshot.Upstreams = append(currentSnapshot.Upstreams, typed) + case *enterprise_gloo_solo_io.AuthConfig: + currentSnapshot.AuthConfigs = append(currentSnapshot.AuthConfigs, typed) default: select { case errs <- fmt.Errorf("ApiSnapshotEmitter "+ diff --git a/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config.sk.go b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config.sk.go new file mode 100644 index 00000000000..8b601c33a86 --- /dev/null +++ b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config.sk.go @@ -0,0 +1,165 @@ +// Code generated by solo-kit. DO NOT EDIT. + +package v1 + +import ( + "log" + "sort" + + "github.com/solo-io/go-utils/hashutils" + "github.com/solo-io/solo-kit/pkg/api/v1/clients/kube/crd" + "github.com/solo-io/solo-kit/pkg/api/v1/resources" + "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" + "github.com/solo-io/solo-kit/pkg/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +func NewAuthConfig(namespace, name string) *AuthConfig { + authconfig := &AuthConfig{} + authconfig.SetMetadata(core.Metadata{ + Name: name, + Namespace: namespace, + }) + return authconfig +} + +func (r *AuthConfig) SetMetadata(meta core.Metadata) { + r.Metadata = meta +} + +func (r *AuthConfig) SetStatus(status core.Status) { + r.Status = status +} + +func (r *AuthConfig) Hash() uint64 { + metaCopy := r.GetMetadata() + metaCopy.ResourceVersion = "" + metaCopy.Generation = 0 + // investigate zeroing out owner refs as well + return hashutils.HashAll( + metaCopy, + r.Configs, + ) +} + +func (r *AuthConfig) GroupVersionKind() schema.GroupVersionKind { + return AuthConfigGVK +} + +type AuthConfigList []*AuthConfig + +// namespace is optional, if left empty, names can collide if the list contains more than one with the same name +func (list AuthConfigList) Find(namespace, name string) (*AuthConfig, error) { + for _, authConfig := range list { + if authConfig.GetMetadata().Name == name { + if namespace == "" || authConfig.GetMetadata().Namespace == namespace { + return authConfig, nil + } + } + } + return nil, errors.Errorf("list did not find authConfig %v.%v", namespace, name) +} + +func (list AuthConfigList) AsResources() resources.ResourceList { + var ress resources.ResourceList + for _, authConfig := range list { + ress = append(ress, authConfig) + } + return ress +} + +func (list AuthConfigList) AsInputResources() resources.InputResourceList { + var ress resources.InputResourceList + for _, authConfig := range list { + ress = append(ress, authConfig) + } + return ress +} + +func (list AuthConfigList) Names() []string { + var names []string + for _, authConfig := range list { + names = append(names, authConfig.GetMetadata().Name) + } + return names +} + +func (list AuthConfigList) NamespacesDotNames() []string { + var names []string + for _, authConfig := range list { + names = append(names, authConfig.GetMetadata().Namespace+"."+authConfig.GetMetadata().Name) + } + return names +} + +func (list AuthConfigList) Sort() AuthConfigList { + sort.SliceStable(list, func(i, j int) bool { + return list[i].GetMetadata().Less(list[j].GetMetadata()) + }) + return list +} + +func (list AuthConfigList) Clone() AuthConfigList { + var authConfigList AuthConfigList + for _, authConfig := range list { + authConfigList = append(authConfigList, resources.Clone(authConfig).(*AuthConfig)) + } + return authConfigList +} + +func (list AuthConfigList) Each(f func(element *AuthConfig)) { + for _, authConfig := range list { + f(authConfig) + } +} + +func (list AuthConfigList) EachResource(f func(element resources.Resource)) { + for _, authConfig := range list { + f(authConfig) + } +} + +func (list AuthConfigList) AsInterfaces() []interface{} { + var asInterfaces []interface{} + list.Each(func(element *AuthConfig) { + asInterfaces = append(asInterfaces, element) + }) + return asInterfaces +} + +// Kubernetes Adapter for AuthConfig + +func (o *AuthConfig) GetObjectKind() schema.ObjectKind { + t := AuthConfigCrd.TypeMeta() + return &t +} + +func (o *AuthConfig) DeepCopyObject() runtime.Object { + return resources.Clone(o).(*AuthConfig) +} + +var ( + AuthConfigCrd = crd.NewCrd( + "authconfigs", + AuthConfigGVK.Group, + AuthConfigGVK.Version, + AuthConfigGVK.Kind, + "ac", + false, + &AuthConfig{}) +) + +func init() { + if err := crd.AddCrd(AuthConfigCrd); err != nil { + log.Fatalf("could not add crd to global registry") + } +} + +var ( + AuthConfigGVK = schema.GroupVersionKind{ + Version: "v1", + Group: "enterprise.gloo.solo.io", + Kind: "AuthConfig", + } +) diff --git a/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config_client.sk.go b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config_client.sk.go new file mode 100644 index 00000000000..bb1c6d32a6e --- /dev/null +++ b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config_client.sk.go @@ -0,0 +1,123 @@ +// Code generated by solo-kit. DO NOT EDIT. + +package v1 + +import ( + "github.com/solo-io/solo-kit/pkg/api/v1/clients" + "github.com/solo-io/solo-kit/pkg/api/v1/clients/factory" + "github.com/solo-io/solo-kit/pkg/api/v1/resources" + "github.com/solo-io/solo-kit/pkg/errors" +) + +type AuthConfigWatcher interface { + // watch namespace-scoped AuthConfigs + Watch(namespace string, opts clients.WatchOpts) (<-chan AuthConfigList, <-chan error, error) +} + +type AuthConfigClient interface { + BaseClient() clients.ResourceClient + Register() error + Read(namespace, name string, opts clients.ReadOpts) (*AuthConfig, error) + Write(resource *AuthConfig, opts clients.WriteOpts) (*AuthConfig, error) + Delete(namespace, name string, opts clients.DeleteOpts) error + List(namespace string, opts clients.ListOpts) (AuthConfigList, error) + AuthConfigWatcher +} + +type authConfigClient struct { + rc clients.ResourceClient +} + +func NewAuthConfigClient(rcFactory factory.ResourceClientFactory) (AuthConfigClient, error) { + return NewAuthConfigClientWithToken(rcFactory, "") +} + +func NewAuthConfigClientWithToken(rcFactory factory.ResourceClientFactory, token string) (AuthConfigClient, error) { + rc, err := rcFactory.NewResourceClient(factory.NewResourceClientParams{ + ResourceType: &AuthConfig{}, + Token: token, + }) + if err != nil { + return nil, errors.Wrapf(err, "creating base AuthConfig resource client") + } + return NewAuthConfigClientWithBase(rc), nil +} + +func NewAuthConfigClientWithBase(rc clients.ResourceClient) AuthConfigClient { + return &authConfigClient{ + rc: rc, + } +} + +func (client *authConfigClient) BaseClient() clients.ResourceClient { + return client.rc +} + +func (client *authConfigClient) Register() error { + return client.rc.Register() +} + +func (client *authConfigClient) Read(namespace, name string, opts clients.ReadOpts) (*AuthConfig, error) { + opts = opts.WithDefaults() + + resource, err := client.rc.Read(namespace, name, opts) + if err != nil { + return nil, err + } + return resource.(*AuthConfig), nil +} + +func (client *authConfigClient) Write(authConfig *AuthConfig, opts clients.WriteOpts) (*AuthConfig, error) { + opts = opts.WithDefaults() + resource, err := client.rc.Write(authConfig, opts) + if err != nil { + return nil, err + } + return resource.(*AuthConfig), nil +} + +func (client *authConfigClient) Delete(namespace, name string, opts clients.DeleteOpts) error { + opts = opts.WithDefaults() + + return client.rc.Delete(namespace, name, opts) +} + +func (client *authConfigClient) List(namespace string, opts clients.ListOpts) (AuthConfigList, error) { + opts = opts.WithDefaults() + + resourceList, err := client.rc.List(namespace, opts) + if err != nil { + return nil, err + } + return convertToAuthConfig(resourceList), nil +} + +func (client *authConfigClient) Watch(namespace string, opts clients.WatchOpts) (<-chan AuthConfigList, <-chan error, error) { + opts = opts.WithDefaults() + + resourcesChan, errs, initErr := client.rc.Watch(namespace, opts) + if initErr != nil { + return nil, nil, initErr + } + authConfigsChan := make(chan AuthConfigList) + go func() { + for { + select { + case resourceList := <-resourcesChan: + authConfigsChan <- convertToAuthConfig(resourceList) + case <-opts.Ctx.Done(): + close(authConfigsChan) + return + } + } + }() + return authConfigsChan, errs, nil +} + +func convertToAuthConfig(resources resources.ResourceList) AuthConfigList { + var authConfigList AuthConfigList + for _, resource := range resources { + authConfigList = append(authConfigList, resource.(*AuthConfig)) + } + return authConfigList +} diff --git a/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config_reconciler.sk.go b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config_reconciler.sk.go new file mode 100644 index 00000000000..31fa17c88b7 --- /dev/null +++ b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/auth_config_reconciler.sk.go @@ -0,0 +1,47 @@ +// Code generated by solo-kit. DO NOT EDIT. + +package v1 + +import ( + "github.com/solo-io/go-utils/contextutils" + "github.com/solo-io/solo-kit/pkg/api/v1/clients" + "github.com/solo-io/solo-kit/pkg/api/v1/reconcile" + "github.com/solo-io/solo-kit/pkg/api/v1/resources" +) + +// Option to copy anything from the original to the desired before writing. Return value of false means don't update +type TransitionAuthConfigFunc func(original, desired *AuthConfig) (bool, error) + +type AuthConfigReconciler interface { + Reconcile(namespace string, desiredResources AuthConfigList, transition TransitionAuthConfigFunc, opts clients.ListOpts) error +} + +func authConfigsToResources(list AuthConfigList) resources.ResourceList { + var resourceList resources.ResourceList + for _, authConfig := range list { + resourceList = append(resourceList, authConfig) + } + return resourceList +} + +func NewAuthConfigReconciler(client AuthConfigClient) AuthConfigReconciler { + return &authConfigReconciler{ + base: reconcile.NewReconciler(client.BaseClient()), + } +} + +type authConfigReconciler struct { + base reconcile.Reconciler +} + +func (r *authConfigReconciler) Reconcile(namespace string, desiredResources AuthConfigList, transition TransitionAuthConfigFunc, opts clients.ListOpts) error { + opts = opts.WithDefaults() + opts.Ctx = contextutils.WithLogger(opts.Ctx, "authConfig_reconciler") + var transitionResources reconcile.TransitionResourcesFunc + if transition != nil { + transitionResources = func(original, desired resources.Resource) (bool, error) { + return transition(original.(*AuthConfig), desired.(*AuthConfig)) + } + } + return r.base.Reconcile(namespace, authConfigsToResources(desiredResources), transitionResources, opts) +} diff --git a/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/ext_auth_discovery_service_xds.sk.sk.go b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/ext_auth_discovery_service_xds.sk.sk.go similarity index 95% rename from projects/gloo/pkg/api/v1/enterprise/plugins/extauth/ext_auth_discovery_service_xds.sk.sk.go rename to projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/ext_auth_discovery_service_xds.sk.sk.go index d31bb8e75f1..a65b6dd9599 100644 --- a/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/ext_auth_discovery_service_xds.sk.sk.go +++ b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/ext_auth_discovery_service_xds.sk.sk.go @@ -1,6 +1,6 @@ // Code generated by solo-kit. DO NOT EDIT. -package extauth +package v1 import ( "context" @@ -19,7 +19,7 @@ import ( // Type Definitions: -const ExtAuthConfigType = cache.TypePrefix + "/extauth.plugins.gloo.solo.io.ExtAuthConfig" +const ExtAuthConfigType = cache.TypePrefix + "/enterprise.gloo.solo.io.ExtAuthConfig" /* Defined a resource - to be used by snapshot */ type ExtAuthConfigXdsResourceWrapper struct { @@ -37,7 +37,7 @@ func NewExtAuthConfigXdsResourceWrapper(resourceProto *ExtAuthConfig) *ExtAuthCo } func (e *ExtAuthConfigXdsResourceWrapper) Self() cache.XdsResourceReference { - return cache.XdsResourceReference{Name: e.Resource.Vhost, Type: ExtAuthConfigType} + return cache.XdsResourceReference{Name: e.Resource.AuthConfigRefName, Type: ExtAuthConfigType} } func (e *ExtAuthConfigXdsResourceWrapper) ResourceProto() cache.ResourceProto { diff --git a/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/extauth.pb.go b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/extauth.pb.go similarity index 67% rename from projects/gloo/pkg/api/v1/enterprise/plugins/extauth/extauth.pb.go rename to projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/extauth.pb.go index 3dcda4a322e..e9ab848ef91 100644 --- a/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/extauth.pb.go +++ b/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1/extauth.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto +// source: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto -package extauth +package v1 import ( bytes "bytes" @@ -33,1341 +33,1624 @@ var _ = time.Kitchen // proto package needs to be updated. const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package -type Settings struct { - // The upstream to ask about auth decisions - ExtauthzServerRef *core.ResourceRef `protobuf:"bytes,1,opt,name=extauthz_server_ref,json=extauthzServerRef,proto3" json:"extauthz_server_ref,omitempty"` - // If this is set, communication to the upstream will be with HTTP and not GRPC. - HttpService *HttpService `protobuf:"bytes,2,opt,name=http_service,json=httpService,proto3" json:"http_service,omitempty"` - // If the auth server trusted id of the user, it will be set in this header. - // Specifically this means that this header will be sanitized form the incoming request. - UserIdHeader string `protobuf:"bytes,3,opt,name=user_id_header,json=userIdHeader,proto3" json:"user_id_header,omitempty"` - // Timeout for the ext auth service to respond. defaults to 200ms - RequestTimeout *time.Duration `protobuf:"bytes,4,opt,name=request_timeout,json=requestTimeout,proto3,stdduration" json:"request_timeout,omitempty"` - // In case of a failure or timeout querying the auth server, normally a request is denied. - // if this is set to true, the request will be allowed. - FailureModeAllow bool `protobuf:"varint,5,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"` - // Set this if you also want to send the body of the request, and not just the headers. - RequestBody *BufferSettings `protobuf:"bytes,6,opt,name=request_body,json=requestBody,proto3" json:"request_body,omitempty"` - // Clears route cache in order to allow the external authorization service to correctly affect - // routing decisions. Filter clears all cached routes when: - // - // 1. The field is set to *true*. - // - // 2. The status returned from the authorization service is a HTTP 200 or gRPC 0. - // - // 3. At least one *authorization response header* is added to the client request, or is used for - // altering another client request header. - // - ClearRouteCache bool `protobuf:"varint,7,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"` - // Sets the HTTP status that is returned to the client when there is a network error between the - // filter and the authorization server. The default status is HTTP 403 Forbidden. - // If set, this must be one of the following: - // - 100 - // - 200 201 202 203 204 205 206 207 208 226 - // - 300 301 302 303 304 305 307 308 - // - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431 - // - 500 501 502 503 504 505 506 507 508 510 511 - StatusOnError uint32 `protobuf:"varint,8,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +// This is the user-facing auth configuration. When processed by Gloo, certain configuration types (i.a. oauth, opa) +// will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the final config +// format that will be included in the extauth snapshot. +type AuthConfig struct { + // Status indicates the validation status of this resource. + // Status is read-only by clients, and set by gloo during validation + Status core.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status" testdiff:"ignore"` + // Metadata contains the object metadata for this resource + Metadata core.Metadata `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata"` + Configs []*AuthConfig_Config `protobuf:"bytes,3,rep,name=configs,proto3" json:"configs,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *Settings) Reset() { *m = Settings{} } -func (m *Settings) String() string { return proto.CompactTextString(m) } -func (*Settings) ProtoMessage() {} -func (*Settings) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{0} +func (m *AuthConfig) Reset() { *m = AuthConfig{} } +func (m *AuthConfig) String() string { return proto.CompactTextString(m) } +func (*AuthConfig) ProtoMessage() {} +func (*AuthConfig) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{0} } -func (m *Settings) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Settings.Unmarshal(m, b) +func (m *AuthConfig) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_AuthConfig.Unmarshal(m, b) } -func (m *Settings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Settings.Marshal(b, m, deterministic) +func (m *AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_AuthConfig.Marshal(b, m, deterministic) } -func (m *Settings) XXX_Merge(src proto.Message) { - xxx_messageInfo_Settings.Merge(m, src) +func (m *AuthConfig) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthConfig.Merge(m, src) } -func (m *Settings) XXX_Size() int { - return xxx_messageInfo_Settings.Size(m) +func (m *AuthConfig) XXX_Size() int { + return xxx_messageInfo_AuthConfig.Size(m) } -func (m *Settings) XXX_DiscardUnknown() { - xxx_messageInfo_Settings.DiscardUnknown(m) +func (m *AuthConfig) XXX_DiscardUnknown() { + xxx_messageInfo_AuthConfig.DiscardUnknown(m) } -var xxx_messageInfo_Settings proto.InternalMessageInfo - -func (m *Settings) GetExtauthzServerRef() *core.ResourceRef { - if m != nil { - return m.ExtauthzServerRef - } - return nil -} +var xxx_messageInfo_AuthConfig proto.InternalMessageInfo -func (m *Settings) GetHttpService() *HttpService { +func (m *AuthConfig) GetStatus() core.Status { if m != nil { - return m.HttpService + return m.Status } - return nil + return core.Status{} } -func (m *Settings) GetUserIdHeader() string { +func (m *AuthConfig) GetMetadata() core.Metadata { if m != nil { - return m.UserIdHeader + return m.Metadata } - return "" + return core.Metadata{} } -func (m *Settings) GetRequestTimeout() *time.Duration { +func (m *AuthConfig) GetConfigs() []*AuthConfig_Config { if m != nil { - return m.RequestTimeout + return m.Configs } return nil } -func (m *Settings) GetFailureModeAllow() bool { - if m != nil { - return m.FailureModeAllow - } - return false +type AuthConfig_Config struct { + // Types that are valid to be assigned to AuthConfig: + // *AuthConfig_Config_BasicAuth + // *AuthConfig_Config_Oauth + // *AuthConfig_Config_CustomAuth + // *AuthConfig_Config_ApiKeyAuth + // *AuthConfig_Config_PluginAuth + // *AuthConfig_Config_OpaAuth + // *AuthConfig_Config_Ldap + AuthConfig isAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *Settings) GetRequestBody() *BufferSettings { - if m != nil { - return m.RequestBody - } - return nil +func (m *AuthConfig_Config) Reset() { *m = AuthConfig_Config{} } +func (m *AuthConfig_Config) String() string { return proto.CompactTextString(m) } +func (*AuthConfig_Config) ProtoMessage() {} +func (*AuthConfig_Config) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{0, 0} } - -func (m *Settings) GetClearRouteCache() bool { - if m != nil { - return m.ClearRouteCache - } - return false +func (m *AuthConfig_Config) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_AuthConfig_Config.Unmarshal(m, b) } - -func (m *Settings) GetStatusOnError() uint32 { - if m != nil { - return m.StatusOnError - } - return 0 +func (m *AuthConfig_Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_AuthConfig_Config.Marshal(b, m, deterministic) +} +func (m *AuthConfig_Config) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthConfig_Config.Merge(m, src) +} +func (m *AuthConfig_Config) XXX_Size() int { + return xxx_messageInfo_AuthConfig_Config.Size(m) +} +func (m *AuthConfig_Config) XXX_DiscardUnknown() { + xxx_messageInfo_AuthConfig_Config.DiscardUnknown(m) } -type HttpService struct { - // Sets a prefix to the value of authorization request header *Path*. - PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` - Request *HttpService_Request `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` - Response *HttpService_Response `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +var xxx_messageInfo_AuthConfig_Config proto.InternalMessageInfo + +type isAuthConfig_Config_AuthConfig interface { + isAuthConfig_Config_AuthConfig() + Equal(interface{}) bool } -func (m *HttpService) Reset() { *m = HttpService{} } -func (m *HttpService) String() string { return proto.CompactTextString(m) } -func (*HttpService) ProtoMessage() {} -func (*HttpService) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{1} +type AuthConfig_Config_BasicAuth struct { + BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"` } -func (m *HttpService) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_HttpService.Unmarshal(m, b) +type AuthConfig_Config_Oauth struct { + Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"` } -func (m *HttpService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_HttpService.Marshal(b, m, deterministic) +type AuthConfig_Config_CustomAuth struct { + CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"` } -func (m *HttpService) XXX_Merge(src proto.Message) { - xxx_messageInfo_HttpService.Merge(m, src) +type AuthConfig_Config_ApiKeyAuth struct { + ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"` } -func (m *HttpService) XXX_Size() int { - return xxx_messageInfo_HttpService.Size(m) +type AuthConfig_Config_PluginAuth struct { + PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"` } -func (m *HttpService) XXX_DiscardUnknown() { - xxx_messageInfo_HttpService.DiscardUnknown(m) +type AuthConfig_Config_OpaAuth struct { + OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"` +} +type AuthConfig_Config_Ldap struct { + Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"` } -var xxx_messageInfo_HttpService proto.InternalMessageInfo +func (*AuthConfig_Config_BasicAuth) isAuthConfig_Config_AuthConfig() {} +func (*AuthConfig_Config_Oauth) isAuthConfig_Config_AuthConfig() {} +func (*AuthConfig_Config_CustomAuth) isAuthConfig_Config_AuthConfig() {} +func (*AuthConfig_Config_ApiKeyAuth) isAuthConfig_Config_AuthConfig() {} +func (*AuthConfig_Config_PluginAuth) isAuthConfig_Config_AuthConfig() {} +func (*AuthConfig_Config_OpaAuth) isAuthConfig_Config_AuthConfig() {} +func (*AuthConfig_Config_Ldap) isAuthConfig_Config_AuthConfig() {} -func (m *HttpService) GetPathPrefix() string { +func (m *AuthConfig_Config) GetAuthConfig() isAuthConfig_Config_AuthConfig { if m != nil { - return m.PathPrefix + return m.AuthConfig } - return "" + return nil } -func (m *HttpService) GetRequest() *HttpService_Request { - if m != nil { - return m.Request +func (m *AuthConfig_Config) GetBasicAuth() *BasicAuth { + if x, ok := m.GetAuthConfig().(*AuthConfig_Config_BasicAuth); ok { + return x.BasicAuth } return nil } -func (m *HttpService) GetResponse() *HttpService_Response { - if m != nil { - return m.Response +func (m *AuthConfig_Config) GetOauth() *OAuth { + if x, ok := m.GetAuthConfig().(*AuthConfig_Config_Oauth); ok { + return x.Oauth } return nil } -type HttpService_Request struct { - // These headers will be copied from the incoming request to the request going - // to the auth server. Note that in addition to the user's supplied matchers: - // - // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list. - // - // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have - // a message body. - AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"` - // These headers that will be included to the request to authorization service. Note that - // client request of the same key will be overridden. - HeadersToAdd map[string]string `protobuf:"bytes,2,rep,name=headers_to_add,json=headersToAdd,proto3" json:"headers_to_add,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +func (m *AuthConfig_Config) GetCustomAuth() *CustomAuth { + if x, ok := m.GetAuthConfig().(*AuthConfig_Config_CustomAuth); ok { + return x.CustomAuth + } + return nil } -func (m *HttpService_Request) Reset() { *m = HttpService_Request{} } -func (m *HttpService_Request) String() string { return proto.CompactTextString(m) } -func (*HttpService_Request) ProtoMessage() {} -func (*HttpService_Request) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{1, 0} -} -func (m *HttpService_Request) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_HttpService_Request.Unmarshal(m, b) -} -func (m *HttpService_Request) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_HttpService_Request.Marshal(b, m, deterministic) -} -func (m *HttpService_Request) XXX_Merge(src proto.Message) { - xxx_messageInfo_HttpService_Request.Merge(m, src) -} -func (m *HttpService_Request) XXX_Size() int { - return xxx_messageInfo_HttpService_Request.Size(m) -} -func (m *HttpService_Request) XXX_DiscardUnknown() { - xxx_messageInfo_HttpService_Request.DiscardUnknown(m) +func (m *AuthConfig_Config) GetApiKeyAuth() *ApiKeyAuth { + if x, ok := m.GetAuthConfig().(*AuthConfig_Config_ApiKeyAuth); ok { + return x.ApiKeyAuth + } + return nil } -var xxx_messageInfo_HttpService_Request proto.InternalMessageInfo +func (m *AuthConfig_Config) GetPluginAuth() *AuthPlugin { + if x, ok := m.GetAuthConfig().(*AuthConfig_Config_PluginAuth); ok { + return x.PluginAuth + } + return nil +} -func (m *HttpService_Request) GetAllowedHeaders() []string { - if m != nil { - return m.AllowedHeaders +func (m *AuthConfig_Config) GetOpaAuth() *OpaAuth { + if x, ok := m.GetAuthConfig().(*AuthConfig_Config_OpaAuth); ok { + return x.OpaAuth } return nil } -func (m *HttpService_Request) GetHeadersToAdd() map[string]string { - if m != nil { - return m.HeadersToAdd +func (m *AuthConfig_Config) GetLdap() *Ldap { + if x, ok := m.GetAuthConfig().(*AuthConfig_Config_Ldap); ok { + return x.Ldap } return nil } -type HttpService_Response struct { - // When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream. - // Note that coexistent headers will be overridden. - AllowedUpstreamHeaders []string `protobuf:"bytes,1,rep,name=allowed_upstream_headers,json=allowedUpstreamHeaders,proto3" json:"allowed_upstream_headers,omitempty"` - // When this. is set, authorization response headers that will be added to the client's response when auth request is denied. - // Note that when this list is *not* set, all the authorization response headers, except *Authority - // (Host)* will be in the response to the client. When a header is included in this list, *Path*, - // *Status*, *Content-Length*, *WWW-Authenticate* and *Location* are automatically added. - AllowedClientHeaders []string `protobuf:"bytes,2,rep,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +// XXX_OneofWrappers is for the internal use of the proto package. +func (*AuthConfig_Config) XXX_OneofWrappers() []interface{} { + return []interface{}{ + (*AuthConfig_Config_BasicAuth)(nil), + (*AuthConfig_Config_Oauth)(nil), + (*AuthConfig_Config_CustomAuth)(nil), + (*AuthConfig_Config_ApiKeyAuth)(nil), + (*AuthConfig_Config_PluginAuth)(nil), + (*AuthConfig_Config_OpaAuth)(nil), + (*AuthConfig_Config_Ldap)(nil), + } +} + +// Auth configurations defined on virtual hosts and routes will be unmarshalled to this message. +type ExtAuthExtension struct { + // Types that are valid to be assigned to Spec: + // *ExtAuthExtension_Disable + // *ExtAuthExtension_ConfigRef + Spec isExtAuthExtension_Spec `protobuf_oneof:"spec"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *HttpService_Response) Reset() { *m = HttpService_Response{} } -func (m *HttpService_Response) String() string { return proto.CompactTextString(m) } -func (*HttpService_Response) ProtoMessage() {} -func (*HttpService_Response) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{1, 1} +func (m *ExtAuthExtension) Reset() { *m = ExtAuthExtension{} } +func (m *ExtAuthExtension) String() string { return proto.CompactTextString(m) } +func (*ExtAuthExtension) ProtoMessage() {} +func (*ExtAuthExtension) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{1} } -func (m *HttpService_Response) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_HttpService_Response.Unmarshal(m, b) +func (m *ExtAuthExtension) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ExtAuthExtension.Unmarshal(m, b) } -func (m *HttpService_Response) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_HttpService_Response.Marshal(b, m, deterministic) +func (m *ExtAuthExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ExtAuthExtension.Marshal(b, m, deterministic) } -func (m *HttpService_Response) XXX_Merge(src proto.Message) { - xxx_messageInfo_HttpService_Response.Merge(m, src) +func (m *ExtAuthExtension) XXX_Merge(src proto.Message) { + xxx_messageInfo_ExtAuthExtension.Merge(m, src) } -func (m *HttpService_Response) XXX_Size() int { - return xxx_messageInfo_HttpService_Response.Size(m) +func (m *ExtAuthExtension) XXX_Size() int { + return xxx_messageInfo_ExtAuthExtension.Size(m) } -func (m *HttpService_Response) XXX_DiscardUnknown() { - xxx_messageInfo_HttpService_Response.DiscardUnknown(m) +func (m *ExtAuthExtension) XXX_DiscardUnknown() { + xxx_messageInfo_ExtAuthExtension.DiscardUnknown(m) } -var xxx_messageInfo_HttpService_Response proto.InternalMessageInfo +var xxx_messageInfo_ExtAuthExtension proto.InternalMessageInfo -func (m *HttpService_Response) GetAllowedUpstreamHeaders() []string { +type isExtAuthExtension_Spec interface { + isExtAuthExtension_Spec() + Equal(interface{}) bool +} + +type ExtAuthExtension_Disable struct { + Disable bool `protobuf:"varint,1,opt,name=disable,proto3,oneof" json:"disable,omitempty"` +} +type ExtAuthExtension_ConfigRef struct { + ConfigRef *core.ResourceRef `protobuf:"bytes,2,opt,name=config_ref,json=configRef,proto3,oneof" json:"config_ref,omitempty"` +} + +func (*ExtAuthExtension_Disable) isExtAuthExtension_Spec() {} +func (*ExtAuthExtension_ConfigRef) isExtAuthExtension_Spec() {} + +func (m *ExtAuthExtension) GetSpec() isExtAuthExtension_Spec { if m != nil { - return m.AllowedUpstreamHeaders + return m.Spec } return nil } -func (m *HttpService_Response) GetAllowedClientHeaders() []string { - if m != nil { - return m.AllowedClientHeaders +func (m *ExtAuthExtension) GetDisable() bool { + if x, ok := m.GetSpec().(*ExtAuthExtension_Disable); ok { + return x.Disable + } + return false +} + +func (m *ExtAuthExtension) GetConfigRef() *core.ResourceRef { + if x, ok := m.GetSpec().(*ExtAuthExtension_ConfigRef); ok { + return x.ConfigRef } return nil } -// Configuration for buffering the request data. -type BufferSettings struct { - // Sets the maximum size of a message body that the filter will hold in memory. Envoy will return - // *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number - // set in this field. Note that this setting will have precedence over failure_mode_allow. - // Defaults to 4KB. - MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"` - // When this field is true, Envoy will buffer the message until *max_request_bytes* is reached. - // The authorization request will be dispatched and no 413 HTTP error will be returned by the - // filter. - AllowPartialMessage bool `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +// XXX_OneofWrappers is for the internal use of the proto package. +func (*ExtAuthExtension) XXX_OneofWrappers() []interface{} { + return []interface{}{ + (*ExtAuthExtension_Disable)(nil), + (*ExtAuthExtension_ConfigRef)(nil), + } } -func (m *BufferSettings) Reset() { *m = BufferSettings{} } -func (m *BufferSettings) String() string { return proto.CompactTextString(m) } -func (*BufferSettings) ProtoMessage() {} -func (*BufferSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{2} +// Deprecated: use ExtAuthExtension +type VhostExtension struct { + // Deprecated: use `configs` field instead. + // + // Types that are valid to be assigned to AuthConfig: + // *VhostExtension_BasicAuth + // *VhostExtension_Oauth + // *VhostExtension_CustomAuth + // *VhostExtension_ApiKeyAuth + // *VhostExtension_PluginAuth + AuthConfig isVhostExtension_AuthConfig `protobuf_oneof:"auth_config"` + // A chain of AuthN\AuthZ configurations which will be executed in the order they are specified. The first plugin to deny a request will + // cause a 403 response to be returned; any subsequent plugin in the chain will not be executed. + // The headers on the OkHttpResponse returned from a plugin in the chain will be added to the request that will be sent + // to the next one(s) according to the rules described here: + // https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto#service-auth-v2-okhttpresponse + Configs []*VhostExtension_AuthConfig `protobuf:"bytes,6,rep,name=configs,proto3" json:"configs,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *BufferSettings) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_BufferSettings.Unmarshal(m, b) + +func (m *VhostExtension) Reset() { *m = VhostExtension{} } +func (m *VhostExtension) String() string { return proto.CompactTextString(m) } +func (*VhostExtension) ProtoMessage() {} +func (*VhostExtension) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{2} } -func (m *BufferSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_BufferSettings.Marshal(b, m, deterministic) +func (m *VhostExtension) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_VhostExtension.Unmarshal(m, b) } -func (m *BufferSettings) XXX_Merge(src proto.Message) { - xxx_messageInfo_BufferSettings.Merge(m, src) +func (m *VhostExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_VhostExtension.Marshal(b, m, deterministic) } -func (m *BufferSettings) XXX_Size() int { - return xxx_messageInfo_BufferSettings.Size(m) +func (m *VhostExtension) XXX_Merge(src proto.Message) { + xxx_messageInfo_VhostExtension.Merge(m, src) } -func (m *BufferSettings) XXX_DiscardUnknown() { - xxx_messageInfo_BufferSettings.DiscardUnknown(m) +func (m *VhostExtension) XXX_Size() int { + return xxx_messageInfo_VhostExtension.Size(m) +} +func (m *VhostExtension) XXX_DiscardUnknown() { + xxx_messageInfo_VhostExtension.DiscardUnknown(m) } -var xxx_messageInfo_BufferSettings proto.InternalMessageInfo +var xxx_messageInfo_VhostExtension proto.InternalMessageInfo -func (m *BufferSettings) GetMaxRequestBytes() uint32 { +type isVhostExtension_AuthConfig interface { + isVhostExtension_AuthConfig() + Equal(interface{}) bool +} + +type VhostExtension_BasicAuth struct { + BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"` +} +type VhostExtension_Oauth struct { + Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"` +} +type VhostExtension_CustomAuth struct { + CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"` +} +type VhostExtension_ApiKeyAuth struct { + ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"` +} +type VhostExtension_PluginAuth struct { + PluginAuth *PluginAuth `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"` +} + +func (*VhostExtension_BasicAuth) isVhostExtension_AuthConfig() {} +func (*VhostExtension_Oauth) isVhostExtension_AuthConfig() {} +func (*VhostExtension_CustomAuth) isVhostExtension_AuthConfig() {} +func (*VhostExtension_ApiKeyAuth) isVhostExtension_AuthConfig() {} +func (*VhostExtension_PluginAuth) isVhostExtension_AuthConfig() {} + +func (m *VhostExtension) GetAuthConfig() isVhostExtension_AuthConfig { if m != nil { - return m.MaxRequestBytes + return m.AuthConfig } - return 0 + return nil } -func (m *BufferSettings) GetAllowPartialMessage() bool { +func (m *VhostExtension) GetBasicAuth() *BasicAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_BasicAuth); ok { + return x.BasicAuth + } + return nil +} + +func (m *VhostExtension) GetOauth() *OAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_Oauth); ok { + return x.Oauth + } + return nil +} + +func (m *VhostExtension) GetCustomAuth() *CustomAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_CustomAuth); ok { + return x.CustomAuth + } + return nil +} + +func (m *VhostExtension) GetApiKeyAuth() *ApiKeyAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_ApiKeyAuth); ok { + return x.ApiKeyAuth + } + return nil +} + +func (m *VhostExtension) GetPluginAuth() *PluginAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_PluginAuth); ok { + return x.PluginAuth + } + return nil +} + +func (m *VhostExtension) GetConfigs() []*VhostExtension_AuthConfig { if m != nil { - return m.AllowPartialMessage + return m.Configs } - return false + return nil } -// Gloo is not expected to configure the ext auth server in this case. -// This is used with custom auth servers. -type CustomAuth struct { +// XXX_OneofWrappers is for the internal use of the proto package. +func (*VhostExtension) XXX_OneofWrappers() []interface{} { + return []interface{}{ + (*VhostExtension_BasicAuth)(nil), + (*VhostExtension_Oauth)(nil), + (*VhostExtension_CustomAuth)(nil), + (*VhostExtension_ApiKeyAuth)(nil), + (*VhostExtension_PluginAuth)(nil), + } +} + +type VhostExtension_AuthConfig struct { + // Types that are valid to be assigned to AuthConfig: + // *VhostExtension_AuthConfig_BasicAuth + // *VhostExtension_AuthConfig_Oauth + // *VhostExtension_AuthConfig_CustomAuth + // *VhostExtension_AuthConfig_ApiKeyAuth + // *VhostExtension_AuthConfig_PluginAuth + // *VhostExtension_AuthConfig_OpaAuth + // *VhostExtension_AuthConfig_Ldap + AuthConfig isVhostExtension_AuthConfig_AuthConfig `protobuf_oneof:"auth_config"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *VhostExtension_AuthConfig) Reset() { *m = VhostExtension_AuthConfig{} } +func (m *VhostExtension_AuthConfig) String() string { return proto.CompactTextString(m) } +func (*VhostExtension_AuthConfig) ProtoMessage() {} +func (*VhostExtension_AuthConfig) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{2, 0} +} +func (m *VhostExtension_AuthConfig) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_VhostExtension_AuthConfig.Unmarshal(m, b) +} +func (m *VhostExtension_AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_VhostExtension_AuthConfig.Marshal(b, m, deterministic) +} +func (m *VhostExtension_AuthConfig) XXX_Merge(src proto.Message) { + xxx_messageInfo_VhostExtension_AuthConfig.Merge(m, src) +} +func (m *VhostExtension_AuthConfig) XXX_Size() int { + return xxx_messageInfo_VhostExtension_AuthConfig.Size(m) +} +func (m *VhostExtension_AuthConfig) XXX_DiscardUnknown() { + xxx_messageInfo_VhostExtension_AuthConfig.DiscardUnknown(m) +} + +var xxx_messageInfo_VhostExtension_AuthConfig proto.InternalMessageInfo + +type isVhostExtension_AuthConfig_AuthConfig interface { + isVhostExtension_AuthConfig_AuthConfig() + Equal(interface{}) bool +} + +type VhostExtension_AuthConfig_BasicAuth struct { + BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"` +} +type VhostExtension_AuthConfig_Oauth struct { + Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"` +} +type VhostExtension_AuthConfig_CustomAuth struct { + CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"` +} +type VhostExtension_AuthConfig_ApiKeyAuth struct { + ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"` +} +type VhostExtension_AuthConfig_PluginAuth struct { + PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"` +} +type VhostExtension_AuthConfig_OpaAuth struct { + OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"` +} +type VhostExtension_AuthConfig_Ldap struct { + Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"` +} + +func (*VhostExtension_AuthConfig_BasicAuth) isVhostExtension_AuthConfig_AuthConfig() {} +func (*VhostExtension_AuthConfig_Oauth) isVhostExtension_AuthConfig_AuthConfig() {} +func (*VhostExtension_AuthConfig_CustomAuth) isVhostExtension_AuthConfig_AuthConfig() {} +func (*VhostExtension_AuthConfig_ApiKeyAuth) isVhostExtension_AuthConfig_AuthConfig() {} +func (*VhostExtension_AuthConfig_PluginAuth) isVhostExtension_AuthConfig_AuthConfig() {} +func (*VhostExtension_AuthConfig_OpaAuth) isVhostExtension_AuthConfig_AuthConfig() {} +func (*VhostExtension_AuthConfig_Ldap) isVhostExtension_AuthConfig_AuthConfig() {} + +func (m *VhostExtension_AuthConfig) GetAuthConfig() isVhostExtension_AuthConfig_AuthConfig { + if m != nil { + return m.AuthConfig + } + return nil +} + +func (m *VhostExtension_AuthConfig) GetBasicAuth() *BasicAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_AuthConfig_BasicAuth); ok { + return x.BasicAuth + } + return nil +} + +func (m *VhostExtension_AuthConfig) GetOauth() *OAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_AuthConfig_Oauth); ok { + return x.Oauth + } + return nil +} + +func (m *VhostExtension_AuthConfig) GetCustomAuth() *CustomAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_AuthConfig_CustomAuth); ok { + return x.CustomAuth + } + return nil +} + +func (m *VhostExtension_AuthConfig) GetApiKeyAuth() *ApiKeyAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_AuthConfig_ApiKeyAuth); ok { + return x.ApiKeyAuth + } + return nil +} + +func (m *VhostExtension_AuthConfig) GetPluginAuth() *AuthPlugin { + if x, ok := m.GetAuthConfig().(*VhostExtension_AuthConfig_PluginAuth); ok { + return x.PluginAuth + } + return nil +} + +func (m *VhostExtension_AuthConfig) GetOpaAuth() *OpaAuth { + if x, ok := m.GetAuthConfig().(*VhostExtension_AuthConfig_OpaAuth); ok { + return x.OpaAuth + } + return nil +} + +func (m *VhostExtension_AuthConfig) GetLdap() *Ldap { + if x, ok := m.GetAuthConfig().(*VhostExtension_AuthConfig_Ldap); ok { + return x.Ldap + } + return nil +} + +// XXX_OneofWrappers is for the internal use of the proto package. +func (*VhostExtension_AuthConfig) XXX_OneofWrappers() []interface{} { + return []interface{}{ + (*VhostExtension_AuthConfig_BasicAuth)(nil), + (*VhostExtension_AuthConfig_Oauth)(nil), + (*VhostExtension_AuthConfig_CustomAuth)(nil), + (*VhostExtension_AuthConfig_ApiKeyAuth)(nil), + (*VhostExtension_AuthConfig_PluginAuth)(nil), + (*VhostExtension_AuthConfig_OpaAuth)(nil), + (*VhostExtension_AuthConfig_Ldap)(nil), + } +} + +// Deprecated: use ExtAuthExtension +type RouteExtension struct { + Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` } -func (m *CustomAuth) Reset() { *m = CustomAuth{} } -func (m *CustomAuth) String() string { return proto.CompactTextString(m) } -func (*CustomAuth) ProtoMessage() {} -func (*CustomAuth) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{3} +func (m *RouteExtension) Reset() { *m = RouteExtension{} } +func (m *RouteExtension) String() string { return proto.CompactTextString(m) } +func (*RouteExtension) ProtoMessage() {} +func (*RouteExtension) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{3} } -func (m *CustomAuth) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CustomAuth.Unmarshal(m, b) +func (m *RouteExtension) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_RouteExtension.Unmarshal(m, b) } -func (m *CustomAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CustomAuth.Marshal(b, m, deterministic) +func (m *RouteExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_RouteExtension.Marshal(b, m, deterministic) } -func (m *CustomAuth) XXX_Merge(src proto.Message) { - xxx_messageInfo_CustomAuth.Merge(m, src) +func (m *RouteExtension) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteExtension.Merge(m, src) } -func (m *CustomAuth) XXX_Size() int { - return xxx_messageInfo_CustomAuth.Size(m) +func (m *RouteExtension) XXX_Size() int { + return xxx_messageInfo_RouteExtension.Size(m) } -func (m *CustomAuth) XXX_DiscardUnknown() { - xxx_messageInfo_CustomAuth.DiscardUnknown(m) +func (m *RouteExtension) XXX_DiscardUnknown() { + xxx_messageInfo_RouteExtension.DiscardUnknown(m) } -var xxx_messageInfo_CustomAuth proto.InternalMessageInfo +var xxx_messageInfo_RouteExtension proto.InternalMessageInfo -// Configures auth via dynamically loaded Go plugins. -// Deprecated -type PluginAuth struct { - // Deprecated - Plugins []*AuthPlugin `protobuf:"bytes,1,rep,name=plugins,proto3" json:"plugins,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +func (m *RouteExtension) GetDisable() bool { + if m != nil { + return m.Disable + } + return false +} + +type Settings struct { + // The upstream to ask about auth decisions + ExtauthzServerRef *core.ResourceRef `protobuf:"bytes,1,opt,name=extauthz_server_ref,json=extauthzServerRef,proto3" json:"extauthz_server_ref,omitempty"` + // If this is set, communication to the upstream will be with HTTP and not GRPC. + HttpService *HttpService `protobuf:"bytes,2,opt,name=http_service,json=httpService,proto3" json:"http_service,omitempty"` + // If the auth server trusted id of the user, it will be set in this header. + // Specifically this means that this header will be sanitized form the incoming request. + UserIdHeader string `protobuf:"bytes,3,opt,name=user_id_header,json=userIdHeader,proto3" json:"user_id_header,omitempty"` + // Timeout for the ext auth service to respond. defaults to 200ms + RequestTimeout *time.Duration `protobuf:"bytes,4,opt,name=request_timeout,json=requestTimeout,proto3,stdduration" json:"request_timeout,omitempty"` + // In case of a failure or timeout querying the auth server, normally a request is denied. + // if this is set to true, the request will be allowed. + FailureModeAllow bool `protobuf:"varint,5,opt,name=failure_mode_allow,json=failureModeAllow,proto3" json:"failure_mode_allow,omitempty"` + // Set this if you also want to send the body of the request, and not just the headers. + RequestBody *BufferSettings `protobuf:"bytes,6,opt,name=request_body,json=requestBody,proto3" json:"request_body,omitempty"` + // Clears route cache in order to allow the external authorization service to correctly affect + // routing decisions. Filter clears all cached routes when: + // + // 1. The field is set to *true*. + // + // 2. The status returned from the authorization service is a HTTP 200 or gRPC 0. + // + // 3. At least one *authorization response header* is added to the client request, or is used for + // altering another client request header. + // + ClearRouteCache bool `protobuf:"varint,7,opt,name=clear_route_cache,json=clearRouteCache,proto3" json:"clear_route_cache,omitempty"` + // Sets the HTTP status that is returned to the client when there is a network error between the + // filter and the authorization server. The default status is HTTP 403 Forbidden. + // If set, this must be one of the following: + // - 100 + // - 200 201 202 203 204 205 206 207 208 226 + // - 300 301 302 303 304 305 307 308 + // - 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 421 422 423 424 426 428 429 431 + // - 500 501 502 503 504 505 506 507 508 510 511 + StatusOnError uint32 `protobuf:"varint,8,opt,name=status_on_error,json=statusOnError,proto3" json:"status_on_error,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *Settings) Reset() { *m = Settings{} } +func (m *Settings) String() string { return proto.CompactTextString(m) } +func (*Settings) ProtoMessage() {} +func (*Settings) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{4} +} +func (m *Settings) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_Settings.Unmarshal(m, b) +} +func (m *Settings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_Settings.Marshal(b, m, deterministic) +} +func (m *Settings) XXX_Merge(src proto.Message) { + xxx_messageInfo_Settings.Merge(m, src) +} +func (m *Settings) XXX_Size() int { + return xxx_messageInfo_Settings.Size(m) +} +func (m *Settings) XXX_DiscardUnknown() { + xxx_messageInfo_Settings.DiscardUnknown(m) } -func (m *PluginAuth) Reset() { *m = PluginAuth{} } -func (m *PluginAuth) String() string { return proto.CompactTextString(m) } -func (*PluginAuth) ProtoMessage() {} -func (*PluginAuth) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{4} +var xxx_messageInfo_Settings proto.InternalMessageInfo + +func (m *Settings) GetExtauthzServerRef() *core.ResourceRef { + if m != nil { + return m.ExtauthzServerRef + } + return nil } -func (m *PluginAuth) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_PluginAuth.Unmarshal(m, b) + +func (m *Settings) GetHttpService() *HttpService { + if m != nil { + return m.HttpService + } + return nil } -func (m *PluginAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_PluginAuth.Marshal(b, m, deterministic) + +func (m *Settings) GetUserIdHeader() string { + if m != nil { + return m.UserIdHeader + } + return "" } -func (m *PluginAuth) XXX_Merge(src proto.Message) { - xxx_messageInfo_PluginAuth.Merge(m, src) + +func (m *Settings) GetRequestTimeout() *time.Duration { + if m != nil { + return m.RequestTimeout + } + return nil } -func (m *PluginAuth) XXX_Size() int { - return xxx_messageInfo_PluginAuth.Size(m) + +func (m *Settings) GetFailureModeAllow() bool { + if m != nil { + return m.FailureModeAllow + } + return false } -func (m *PluginAuth) XXX_DiscardUnknown() { - xxx_messageInfo_PluginAuth.DiscardUnknown(m) + +func (m *Settings) GetRequestBody() *BufferSettings { + if m != nil { + return m.RequestBody + } + return nil } -var xxx_messageInfo_PluginAuth proto.InternalMessageInfo +func (m *Settings) GetClearRouteCache() bool { + if m != nil { + return m.ClearRouteCache + } + return false +} -func (m *PluginAuth) GetPlugins() []*AuthPlugin { +func (m *Settings) GetStatusOnError() uint32 { if m != nil { - return m.Plugins + return m.StatusOnError } - return nil + return 0 } -type AuthPlugin struct { - // Name of the plugin - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Name of the compiled plugin file. If not specified, GlooE will look for an ".so" file with same name as the plugin. - PluginFileName string `protobuf:"bytes,2,opt,name=plugin_file_name,json=pluginFileName,proto3" json:"plugin_file_name,omitempty"` - // Name of the exported symbol that implements the plugin interface in the plugin. - // If not specified, defaults to the name of the plugin - ExportedSymbolName string `protobuf:"bytes,3,opt,name=exported_symbol_name,json=exportedSymbolName,proto3" json:"exported_symbol_name,omitempty"` - Config *types.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type HttpService struct { + // Sets a prefix to the value of authorization request header *Path*. + PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` + Request *HttpService_Request `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` + Response *HttpService_Response `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *AuthPlugin) Reset() { *m = AuthPlugin{} } -func (m *AuthPlugin) String() string { return proto.CompactTextString(m) } -func (*AuthPlugin) ProtoMessage() {} -func (*AuthPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{5} +func (m *HttpService) Reset() { *m = HttpService{} } +func (m *HttpService) String() string { return proto.CompactTextString(m) } +func (*HttpService) ProtoMessage() {} +func (*HttpService) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{5} } -func (m *AuthPlugin) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_AuthPlugin.Unmarshal(m, b) +func (m *HttpService) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_HttpService.Unmarshal(m, b) } -func (m *AuthPlugin) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_AuthPlugin.Marshal(b, m, deterministic) +func (m *HttpService) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_HttpService.Marshal(b, m, deterministic) } -func (m *AuthPlugin) XXX_Merge(src proto.Message) { - xxx_messageInfo_AuthPlugin.Merge(m, src) +func (m *HttpService) XXX_Merge(src proto.Message) { + xxx_messageInfo_HttpService.Merge(m, src) } -func (m *AuthPlugin) XXX_Size() int { - return xxx_messageInfo_AuthPlugin.Size(m) +func (m *HttpService) XXX_Size() int { + return xxx_messageInfo_HttpService.Size(m) } -func (m *AuthPlugin) XXX_DiscardUnknown() { - xxx_messageInfo_AuthPlugin.DiscardUnknown(m) +func (m *HttpService) XXX_DiscardUnknown() { + xxx_messageInfo_HttpService.DiscardUnknown(m) } -var xxx_messageInfo_AuthPlugin proto.InternalMessageInfo - -func (m *AuthPlugin) GetName() string { - if m != nil { - return m.Name - } - return "" -} +var xxx_messageInfo_HttpService proto.InternalMessageInfo -func (m *AuthPlugin) GetPluginFileName() string { +func (m *HttpService) GetPathPrefix() string { if m != nil { - return m.PluginFileName + return m.PathPrefix } return "" } -func (m *AuthPlugin) GetExportedSymbolName() string { +func (m *HttpService) GetRequest() *HttpService_Request { if m != nil { - return m.ExportedSymbolName + return m.Request } - return "" + return nil } -func (m *AuthPlugin) GetConfig() *types.Struct { +func (m *HttpService) GetResponse() *HttpService_Response { if m != nil { - return m.Config + return m.Response } return nil } -type BasicAuth struct { - Realm string `protobuf:"bytes,1,opt,name=realm,proto3" json:"realm,omitempty"` - Apr *BasicAuth_Apr `protobuf:"bytes,2,opt,name=apr,proto3" json:"apr,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type HttpService_Request struct { + // These headers will be copied from the incoming request to the request going + // to the auth server. Note that in addition to the user's supplied matchers: + // + // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list. + // + // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have + // a message body. + AllowedHeaders []string `protobuf:"bytes,1,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"` + // These headers that will be included to the request to authorization service. Note that + // client request of the same key will be overridden. + HeadersToAdd map[string]string `protobuf:"bytes,2,rep,name=headers_to_add,json=headersToAdd,proto3" json:"headers_to_add,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *BasicAuth) Reset() { *m = BasicAuth{} } -func (m *BasicAuth) String() string { return proto.CompactTextString(m) } -func (*BasicAuth) ProtoMessage() {} -func (*BasicAuth) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{6} +func (m *HttpService_Request) Reset() { *m = HttpService_Request{} } +func (m *HttpService_Request) String() string { return proto.CompactTextString(m) } +func (*HttpService_Request) ProtoMessage() {} +func (*HttpService_Request) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{5, 0} } -func (m *BasicAuth) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_BasicAuth.Unmarshal(m, b) +func (m *HttpService_Request) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_HttpService_Request.Unmarshal(m, b) } -func (m *BasicAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_BasicAuth.Marshal(b, m, deterministic) +func (m *HttpService_Request) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_HttpService_Request.Marshal(b, m, deterministic) } -func (m *BasicAuth) XXX_Merge(src proto.Message) { - xxx_messageInfo_BasicAuth.Merge(m, src) +func (m *HttpService_Request) XXX_Merge(src proto.Message) { + xxx_messageInfo_HttpService_Request.Merge(m, src) } -func (m *BasicAuth) XXX_Size() int { - return xxx_messageInfo_BasicAuth.Size(m) +func (m *HttpService_Request) XXX_Size() int { + return xxx_messageInfo_HttpService_Request.Size(m) } -func (m *BasicAuth) XXX_DiscardUnknown() { - xxx_messageInfo_BasicAuth.DiscardUnknown(m) +func (m *HttpService_Request) XXX_DiscardUnknown() { + xxx_messageInfo_HttpService_Request.DiscardUnknown(m) } -var xxx_messageInfo_BasicAuth proto.InternalMessageInfo +var xxx_messageInfo_HttpService_Request proto.InternalMessageInfo -func (m *BasicAuth) GetRealm() string { +func (m *HttpService_Request) GetAllowedHeaders() []string { if m != nil { - return m.Realm + return m.AllowedHeaders } - return "" + return nil } -func (m *BasicAuth) GetApr() *BasicAuth_Apr { +func (m *HttpService_Request) GetHeadersToAdd() map[string]string { if m != nil { - return m.Apr + return m.HeadersToAdd } return nil } -type BasicAuth_Apr struct { - Users map[string]*BasicAuth_Apr_SaltedHashedPassword `protobuf:"bytes,2,rep,name=users,proto3" json:"users,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type HttpService_Response struct { + // When this is set, authorization response headers that have a will be added to the original client request and sent to the upstream. + // Note that coexistent headers will be overridden. + AllowedUpstreamHeaders []string `protobuf:"bytes,1,rep,name=allowed_upstream_headers,json=allowedUpstreamHeaders,proto3" json:"allowed_upstream_headers,omitempty"` + // When this. is set, authorization response headers that will be added to the client's response when auth request is denied. + // Note that when this list is *not* set, all the authorization response headers, except *Authority + // (Host)* will be in the response to the client. When a header is included in this list, *Path*, + // *Status*, *Content-Length*, *WWW-Authenticate* and *Location* are automatically added. + AllowedClientHeaders []string `protobuf:"bytes,2,rep,name=allowed_client_headers,json=allowedClientHeaders,proto3" json:"allowed_client_headers,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *BasicAuth_Apr) Reset() { *m = BasicAuth_Apr{} } -func (m *BasicAuth_Apr) String() string { return proto.CompactTextString(m) } -func (*BasicAuth_Apr) ProtoMessage() {} -func (*BasicAuth_Apr) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{6, 0} +func (m *HttpService_Response) Reset() { *m = HttpService_Response{} } +func (m *HttpService_Response) String() string { return proto.CompactTextString(m) } +func (*HttpService_Response) ProtoMessage() {} +func (*HttpService_Response) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{5, 1} } -func (m *BasicAuth_Apr) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_BasicAuth_Apr.Unmarshal(m, b) +func (m *HttpService_Response) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_HttpService_Response.Unmarshal(m, b) } -func (m *BasicAuth_Apr) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_BasicAuth_Apr.Marshal(b, m, deterministic) +func (m *HttpService_Response) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_HttpService_Response.Marshal(b, m, deterministic) } -func (m *BasicAuth_Apr) XXX_Merge(src proto.Message) { - xxx_messageInfo_BasicAuth_Apr.Merge(m, src) +func (m *HttpService_Response) XXX_Merge(src proto.Message) { + xxx_messageInfo_HttpService_Response.Merge(m, src) } -func (m *BasicAuth_Apr) XXX_Size() int { - return xxx_messageInfo_BasicAuth_Apr.Size(m) +func (m *HttpService_Response) XXX_Size() int { + return xxx_messageInfo_HttpService_Response.Size(m) } -func (m *BasicAuth_Apr) XXX_DiscardUnknown() { - xxx_messageInfo_BasicAuth_Apr.DiscardUnknown(m) +func (m *HttpService_Response) XXX_DiscardUnknown() { + xxx_messageInfo_HttpService_Response.DiscardUnknown(m) } -var xxx_messageInfo_BasicAuth_Apr proto.InternalMessageInfo +var xxx_messageInfo_HttpService_Response proto.InternalMessageInfo -func (m *BasicAuth_Apr) GetUsers() map[string]*BasicAuth_Apr_SaltedHashedPassword { +func (m *HttpService_Response) GetAllowedUpstreamHeaders() []string { if m != nil { - return m.Users + return m.AllowedUpstreamHeaders + } + return nil +} + +func (m *HttpService_Response) GetAllowedClientHeaders() []string { + if m != nil { + return m.AllowedClientHeaders } return nil } -type BasicAuth_Apr_SaltedHashedPassword struct { - Salt string `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"` - HashedPassword string `protobuf:"bytes,2,opt,name=hashed_password,json=hashedPassword,proto3" json:"hashed_password,omitempty"` +// Configuration for buffering the request data. +type BufferSettings struct { + // Sets the maximum size of a message body that the filter will hold in memory. Envoy will return + // *HTTP 413* and will *not* initiate the authorization process when buffer reaches the number + // set in this field. Note that this setting will have precedence over failure_mode_allow. + // Defaults to 4KB. + MaxRequestBytes uint32 `protobuf:"varint,1,opt,name=max_request_bytes,json=maxRequestBytes,proto3" json:"max_request_bytes,omitempty"` + // When this field is true, Envoy will buffer the message until *max_request_bytes* is reached. + // The authorization request will be dispatched and no 413 HTTP error will be returned by the + // filter. + AllowPartialMessage bool `protobuf:"varint,2,opt,name=allow_partial_message,json=allowPartialMessage,proto3" json:"allow_partial_message,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` } -func (m *BasicAuth_Apr_SaltedHashedPassword) Reset() { *m = BasicAuth_Apr_SaltedHashedPassword{} } -func (m *BasicAuth_Apr_SaltedHashedPassword) String() string { return proto.CompactTextString(m) } -func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage() {} -func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{6, 0, 0} +func (m *BufferSettings) Reset() { *m = BufferSettings{} } +func (m *BufferSettings) String() string { return proto.CompactTextString(m) } +func (*BufferSettings) ProtoMessage() {} +func (*BufferSettings) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{6} } -func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Unmarshal(m, b) +func (m *BufferSettings) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_BufferSettings.Unmarshal(m, b) } -func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Marshal(b, m, deterministic) +func (m *BufferSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_BufferSettings.Marshal(b, m, deterministic) } -func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Merge(src proto.Message) { - xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Merge(m, src) +func (m *BufferSettings) XXX_Merge(src proto.Message) { + xxx_messageInfo_BufferSettings.Merge(m, src) } -func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Size() int { - return xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Size(m) +func (m *BufferSettings) XXX_Size() int { + return xxx_messageInfo_BufferSettings.Size(m) } -func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_DiscardUnknown() { - xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.DiscardUnknown(m) +func (m *BufferSettings) XXX_DiscardUnknown() { + xxx_messageInfo_BufferSettings.DiscardUnknown(m) } -var xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword proto.InternalMessageInfo +var xxx_messageInfo_BufferSettings proto.InternalMessageInfo -func (m *BasicAuth_Apr_SaltedHashedPassword) GetSalt() string { +func (m *BufferSettings) GetMaxRequestBytes() uint32 { if m != nil { - return m.Salt + return m.MaxRequestBytes } - return "" + return 0 } -func (m *BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword() string { +func (m *BufferSettings) GetAllowPartialMessage() bool { if m != nil { - return m.HashedPassword + return m.AllowPartialMessage } - return "" + return false } -type OAuth struct { - // your client id as registered with the issuer - ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` - // your client secret as registered with the issuer - ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"` - // The url of the issuer. We will look for OIDC information in issuerUrl+ - // ".well-known/openid-configuration" - IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"` - // we to redirect after successful auth, if we can't determine the original - // url this should be your publicly available app url. - AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` - // a callback path relative to app url that will be used for OIDC callbacks. - // needs to not be used by the application - CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` - // Scopes to request in addition to openid scope. - Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"` +// Gloo is not expected to configure the ext auth server in this case. +// This is used with custom auth servers. +type CustomAuth struct { XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` } -func (m *OAuth) Reset() { *m = OAuth{} } -func (m *OAuth) String() string { return proto.CompactTextString(m) } -func (*OAuth) ProtoMessage() {} -func (*OAuth) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{7} +func (m *CustomAuth) Reset() { *m = CustomAuth{} } +func (m *CustomAuth) String() string { return proto.CompactTextString(m) } +func (*CustomAuth) ProtoMessage() {} +func (*CustomAuth) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{7} } -func (m *OAuth) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_OAuth.Unmarshal(m, b) +func (m *CustomAuth) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_CustomAuth.Unmarshal(m, b) } -func (m *OAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_OAuth.Marshal(b, m, deterministic) +func (m *CustomAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_CustomAuth.Marshal(b, m, deterministic) } -func (m *OAuth) XXX_Merge(src proto.Message) { - xxx_messageInfo_OAuth.Merge(m, src) +func (m *CustomAuth) XXX_Merge(src proto.Message) { + xxx_messageInfo_CustomAuth.Merge(m, src) } -func (m *OAuth) XXX_Size() int { - return xxx_messageInfo_OAuth.Size(m) +func (m *CustomAuth) XXX_Size() int { + return xxx_messageInfo_CustomAuth.Size(m) } -func (m *OAuth) XXX_DiscardUnknown() { - xxx_messageInfo_OAuth.DiscardUnknown(m) +func (m *CustomAuth) XXX_DiscardUnknown() { + xxx_messageInfo_CustomAuth.DiscardUnknown(m) } -var xxx_messageInfo_OAuth proto.InternalMessageInfo +var xxx_messageInfo_CustomAuth proto.InternalMessageInfo -func (m *OAuth) GetClientId() string { - if m != nil { - return m.ClientId - } - return "" +// Configures auth via dynamically loaded Go plugins. +// Deprecated +type PluginAuth struct { + // Deprecated + Plugins []*AuthPlugin `protobuf:"bytes,1,rep,name=plugins,proto3" json:"plugins,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *OAuth) GetClientSecretRef() *core.ResourceRef { - if m != nil { - return m.ClientSecretRef - } - return nil +func (m *PluginAuth) Reset() { *m = PluginAuth{} } +func (m *PluginAuth) String() string { return proto.CompactTextString(m) } +func (*PluginAuth) ProtoMessage() {} +func (*PluginAuth) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{8} } - -func (m *OAuth) GetIssuerUrl() string { - if m != nil { - return m.IssuerUrl - } - return "" +func (m *PluginAuth) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_PluginAuth.Unmarshal(m, b) } - -func (m *OAuth) GetAppUrl() string { - if m != nil { - return m.AppUrl - } - return "" +func (m *PluginAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_PluginAuth.Marshal(b, m, deterministic) } - -func (m *OAuth) GetCallbackPath() string { - if m != nil { - return m.CallbackPath - } - return "" +func (m *PluginAuth) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginAuth.Merge(m, src) +} +func (m *PluginAuth) XXX_Size() int { + return xxx_messageInfo_PluginAuth.Size(m) +} +func (m *PluginAuth) XXX_DiscardUnknown() { + xxx_messageInfo_PluginAuth.DiscardUnknown(m) } -func (m *OAuth) GetScopes() []string { +var xxx_messageInfo_PluginAuth proto.InternalMessageInfo + +func (m *PluginAuth) GetPlugins() []*AuthPlugin { if m != nil { - return m.Scopes + return m.Plugins } return nil } -type OauthSecret struct { - ClientSecret string `protobuf:"bytes,1,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type AuthPlugin struct { + // Name of the plugin + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Name of the compiled plugin file. If not specified, GlooE will look for an ".so" file with same name as the plugin. + PluginFileName string `protobuf:"bytes,2,opt,name=plugin_file_name,json=pluginFileName,proto3" json:"plugin_file_name,omitempty"` + // Name of the exported symbol that implements the plugin interface in the plugin. + // If not specified, defaults to the name of the plugin + ExportedSymbolName string `protobuf:"bytes,3,opt,name=exported_symbol_name,json=exportedSymbolName,proto3" json:"exported_symbol_name,omitempty"` + Config *types.Struct `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *OauthSecret) Reset() { *m = OauthSecret{} } -func (m *OauthSecret) String() string { return proto.CompactTextString(m) } -func (*OauthSecret) ProtoMessage() {} -func (*OauthSecret) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{8} +func (m *AuthPlugin) Reset() { *m = AuthPlugin{} } +func (m *AuthPlugin) String() string { return proto.CompactTextString(m) } +func (*AuthPlugin) ProtoMessage() {} +func (*AuthPlugin) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{9} } -func (m *OauthSecret) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_OauthSecret.Unmarshal(m, b) +func (m *AuthPlugin) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_AuthPlugin.Unmarshal(m, b) } -func (m *OauthSecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_OauthSecret.Marshal(b, m, deterministic) +func (m *AuthPlugin) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_AuthPlugin.Marshal(b, m, deterministic) } -func (m *OauthSecret) XXX_Merge(src proto.Message) { - xxx_messageInfo_OauthSecret.Merge(m, src) +func (m *AuthPlugin) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthPlugin.Merge(m, src) } -func (m *OauthSecret) XXX_Size() int { - return xxx_messageInfo_OauthSecret.Size(m) +func (m *AuthPlugin) XXX_Size() int { + return xxx_messageInfo_AuthPlugin.Size(m) } -func (m *OauthSecret) XXX_DiscardUnknown() { - xxx_messageInfo_OauthSecret.DiscardUnknown(m) +func (m *AuthPlugin) XXX_DiscardUnknown() { + xxx_messageInfo_AuthPlugin.DiscardUnknown(m) } -var xxx_messageInfo_OauthSecret proto.InternalMessageInfo +var xxx_messageInfo_AuthPlugin proto.InternalMessageInfo -func (m *OauthSecret) GetClientSecret() string { +func (m *AuthPlugin) GetName() string { if m != nil { - return m.ClientSecret + return m.Name } return "" } -type ApiKeyAuth struct { - // identify all valid apikey secrets using the provided label selector. - // apikey secrets must be in gloo's watch namespaces for gloo to locate them - LabelSelector map[string]string `protobuf:"bytes,1,rep,name=label_selector,json=labelSelector,proto3" json:"label_selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // a way to reference apikey secrets individually (good for testing); prefer apikey groups via label selector - ApiKeySecretRefs []*core.ResourceRef `protobuf:"bytes,2,rep,name=api_key_secret_refs,json=apiKeySecretRefs,proto3" json:"api_key_secret_refs,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ApiKeyAuth) Reset() { *m = ApiKeyAuth{} } -func (m *ApiKeyAuth) String() string { return proto.CompactTextString(m) } -func (*ApiKeyAuth) ProtoMessage() {} -func (*ApiKeyAuth) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{9} -} -func (m *ApiKeyAuth) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ApiKeyAuth.Unmarshal(m, b) -} -func (m *ApiKeyAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ApiKeyAuth.Marshal(b, m, deterministic) -} -func (m *ApiKeyAuth) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApiKeyAuth.Merge(m, src) -} -func (m *ApiKeyAuth) XXX_Size() int { - return xxx_messageInfo_ApiKeyAuth.Size(m) -} -func (m *ApiKeyAuth) XXX_DiscardUnknown() { - xxx_messageInfo_ApiKeyAuth.DiscardUnknown(m) +func (m *AuthPlugin) GetPluginFileName() string { + if m != nil { + return m.PluginFileName + } + return "" } -var xxx_messageInfo_ApiKeyAuth proto.InternalMessageInfo - -func (m *ApiKeyAuth) GetLabelSelector() map[string]string { +func (m *AuthPlugin) GetExportedSymbolName() string { if m != nil { - return m.LabelSelector + return m.ExportedSymbolName } - return nil + return "" } -func (m *ApiKeyAuth) GetApiKeySecretRefs() []*core.ResourceRef { +func (m *AuthPlugin) GetConfig() *types.Struct { if m != nil { - return m.ApiKeySecretRefs + return m.Config } return nil } -type ApiKeySecret struct { - // if true, generate an apikey - GenerateApiKey bool `protobuf:"varint,1,opt,name=generate_api_key,json=generateApiKey,proto3" json:"generate_api_key,omitempty"` - // if present, use the provided apikey - ApiKey string `protobuf:"bytes,2,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"` - // a list of labels (key=value) for the apikey secret. - // virtual services may look for these labels using a provided label selector - Labels []string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type BasicAuth struct { + Realm string `protobuf:"bytes,1,opt,name=realm,proto3" json:"realm,omitempty"` + Apr *BasicAuth_Apr `protobuf:"bytes,2,opt,name=apr,proto3" json:"apr,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *ApiKeySecret) Reset() { *m = ApiKeySecret{} } -func (m *ApiKeySecret) String() string { return proto.CompactTextString(m) } -func (*ApiKeySecret) ProtoMessage() {} -func (*ApiKeySecret) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{10} +func (m *BasicAuth) Reset() { *m = BasicAuth{} } +func (m *BasicAuth) String() string { return proto.CompactTextString(m) } +func (*BasicAuth) ProtoMessage() {} +func (*BasicAuth) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{10} } -func (m *ApiKeySecret) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ApiKeySecret.Unmarshal(m, b) +func (m *BasicAuth) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_BasicAuth.Unmarshal(m, b) } -func (m *ApiKeySecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ApiKeySecret.Marshal(b, m, deterministic) +func (m *BasicAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_BasicAuth.Marshal(b, m, deterministic) } -func (m *ApiKeySecret) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApiKeySecret.Merge(m, src) +func (m *BasicAuth) XXX_Merge(src proto.Message) { + xxx_messageInfo_BasicAuth.Merge(m, src) } -func (m *ApiKeySecret) XXX_Size() int { - return xxx_messageInfo_ApiKeySecret.Size(m) +func (m *BasicAuth) XXX_Size() int { + return xxx_messageInfo_BasicAuth.Size(m) } -func (m *ApiKeySecret) XXX_DiscardUnknown() { - xxx_messageInfo_ApiKeySecret.DiscardUnknown(m) +func (m *BasicAuth) XXX_DiscardUnknown() { + xxx_messageInfo_BasicAuth.DiscardUnknown(m) } -var xxx_messageInfo_ApiKeySecret proto.InternalMessageInfo - -func (m *ApiKeySecret) GetGenerateApiKey() bool { - if m != nil { - return m.GenerateApiKey - } - return false -} +var xxx_messageInfo_BasicAuth proto.InternalMessageInfo -func (m *ApiKeySecret) GetApiKey() string { +func (m *BasicAuth) GetRealm() string { if m != nil { - return m.ApiKey + return m.Realm } return "" } -func (m *ApiKeySecret) GetLabels() []string { +func (m *BasicAuth) GetApr() *BasicAuth_Apr { if m != nil { - return m.Labels + return m.Apr } return nil } -type OpaAuth struct { - // An optional resource reference to config maps containing modules to assist in the resolution of `query`. - Modules []*core.ResourceRef `protobuf:"bytes,1,rep,name=modules,proto3" json:"modules,omitempty"` - // The query that determines the auth decision. The result of this query must be either a boolean - // or an array with boolean as the first element. A boolean `true` value means that the request - // will be authorized. Any other value, or error, means that the request will be denied. - Query string `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type BasicAuth_Apr struct { + Users map[string]*BasicAuth_Apr_SaltedHashedPassword `protobuf:"bytes,2,rep,name=users,proto3" json:"users,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *OpaAuth) Reset() { *m = OpaAuth{} } -func (m *OpaAuth) String() string { return proto.CompactTextString(m) } -func (*OpaAuth) ProtoMessage() {} -func (*OpaAuth) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{11} +func (m *BasicAuth_Apr) Reset() { *m = BasicAuth_Apr{} } +func (m *BasicAuth_Apr) String() string { return proto.CompactTextString(m) } +func (*BasicAuth_Apr) ProtoMessage() {} +func (*BasicAuth_Apr) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{10, 0} } -func (m *OpaAuth) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_OpaAuth.Unmarshal(m, b) +func (m *BasicAuth_Apr) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_BasicAuth_Apr.Unmarshal(m, b) } -func (m *OpaAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_OpaAuth.Marshal(b, m, deterministic) +func (m *BasicAuth_Apr) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_BasicAuth_Apr.Marshal(b, m, deterministic) } -func (m *OpaAuth) XXX_Merge(src proto.Message) { - xxx_messageInfo_OpaAuth.Merge(m, src) +func (m *BasicAuth_Apr) XXX_Merge(src proto.Message) { + xxx_messageInfo_BasicAuth_Apr.Merge(m, src) } -func (m *OpaAuth) XXX_Size() int { - return xxx_messageInfo_OpaAuth.Size(m) +func (m *BasicAuth_Apr) XXX_Size() int { + return xxx_messageInfo_BasicAuth_Apr.Size(m) } -func (m *OpaAuth) XXX_DiscardUnknown() { - xxx_messageInfo_OpaAuth.DiscardUnknown(m) +func (m *BasicAuth_Apr) XXX_DiscardUnknown() { + xxx_messageInfo_BasicAuth_Apr.DiscardUnknown(m) } -var xxx_messageInfo_OpaAuth proto.InternalMessageInfo +var xxx_messageInfo_BasicAuth_Apr proto.InternalMessageInfo -func (m *OpaAuth) GetModules() []*core.ResourceRef { +func (m *BasicAuth_Apr) GetUsers() map[string]*BasicAuth_Apr_SaltedHashedPassword { if m != nil { - return m.Modules + return m.Users } return nil } -func (m *OpaAuth) GetQuery() string { - if m != nil { - return m.Query - } - return "" -} - -// Authenticates and authorizes requests by querying an LDAP server. Gloo makes the following assumptions: -// * Requests provide credentials via the basic HTTP authentication header. Gloo will BIND to the LDAP server using the -// credentials extracted from the header. -// * Your LDAP server is configured so that each entry you want to authorize has an attribute that indicates its group -// memberships. A common way of achieving this is by using the [*memberof* overlay](http://www.openldap.org/software/man.cgi?query=slapo-memberof). -type Ldap struct { - // Address of the LDAP server to query. Should be in the form:
:. - Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` - // Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder. - // When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the - // placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope). - // E.g. "uid=%s,ou=people,dc=solo,dc=io" - UserDnTemplate string `protobuf:"bytes,2,opt,name=userDnTemplate,proto3" json:"userDnTemplate,omitempty"` - // Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look - // for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided. - MembershipAttributeName string `protobuf:"bytes,3,opt,name=membershipAttributeName,proto3" json:"membershipAttributeName,omitempty"` - // In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must - // contain at least of one of the group DNs specified via this option. - // E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" } - AllowedGroups []string `protobuf:"bytes,4,rep,name=allowedGroups,proto3" json:"allowedGroups,omitempty"` - // Use this property to tune the pool of connections to the LDAP server that Gloo maintains. - Pool *Ldap_ConnectionPool `protobuf:"bytes,5,opt,name=pool,proto3" json:"pool,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type BasicAuth_Apr_SaltedHashedPassword struct { + Salt string `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"` + HashedPassword string `protobuf:"bytes,2,opt,name=hashed_password,json=hashedPassword,proto3" json:"hashed_password,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *Ldap) Reset() { *m = Ldap{} } -func (m *Ldap) String() string { return proto.CompactTextString(m) } -func (*Ldap) ProtoMessage() {} -func (*Ldap) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{12} +func (m *BasicAuth_Apr_SaltedHashedPassword) Reset() { *m = BasicAuth_Apr_SaltedHashedPassword{} } +func (m *BasicAuth_Apr_SaltedHashedPassword) String() string { return proto.CompactTextString(m) } +func (*BasicAuth_Apr_SaltedHashedPassword) ProtoMessage() {} +func (*BasicAuth_Apr_SaltedHashedPassword) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{10, 0, 0} } -func (m *Ldap) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Ldap.Unmarshal(m, b) +func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Unmarshal(m, b) } -func (m *Ldap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Ldap.Marshal(b, m, deterministic) +func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Marshal(b, m, deterministic) } -func (m *Ldap) XXX_Merge(src proto.Message) { - xxx_messageInfo_Ldap.Merge(m, src) +func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Merge(src proto.Message) { + xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Merge(m, src) } -func (m *Ldap) XXX_Size() int { - return xxx_messageInfo_Ldap.Size(m) +func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_Size() int { + return xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.Size(m) } -func (m *Ldap) XXX_DiscardUnknown() { - xxx_messageInfo_Ldap.DiscardUnknown(m) +func (m *BasicAuth_Apr_SaltedHashedPassword) XXX_DiscardUnknown() { + xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword.DiscardUnknown(m) } -var xxx_messageInfo_Ldap proto.InternalMessageInfo +var xxx_messageInfo_BasicAuth_Apr_SaltedHashedPassword proto.InternalMessageInfo -func (m *Ldap) GetAddress() string { +func (m *BasicAuth_Apr_SaltedHashedPassword) GetSalt() string { if m != nil { - return m.Address + return m.Salt } return "" } -func (m *Ldap) GetUserDnTemplate() string { +func (m *BasicAuth_Apr_SaltedHashedPassword) GetHashedPassword() string { if m != nil { - return m.UserDnTemplate + return m.HashedPassword } return "" } -func (m *Ldap) GetMembershipAttributeName() string { - if m != nil { - return m.MembershipAttributeName - } - return "" +type OAuth struct { + // your client id as registered with the issuer + ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` + // your client secret as registered with the issuer + ClientSecretRef *core.ResourceRef `protobuf:"bytes,2,opt,name=client_secret_ref,json=clientSecretRef,proto3" json:"client_secret_ref,omitempty"` + // The url of the issuer. We will look for OIDC information in issuerUrl+ + // ".well-known/openid-configuration" + IssuerUrl string `protobuf:"bytes,3,opt,name=issuer_url,json=issuerUrl,proto3" json:"issuer_url,omitempty"` + // we to redirect after successful auth, if we can't determine the original + // url this should be your publicly available app url. + AppUrl string `protobuf:"bytes,4,opt,name=app_url,json=appUrl,proto3" json:"app_url,omitempty"` + // a callback path relative to app url that will be used for OIDC callbacks. + // needs to not be used by the application + CallbackPath string `protobuf:"bytes,5,opt,name=callback_path,json=callbackPath,proto3" json:"callback_path,omitempty"` + // Scopes to request in addition to openid scope. + Scopes []string `protobuf:"bytes,6,rep,name=scopes,proto3" json:"scopes,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *Ldap) GetAllowedGroups() []string { - if m != nil { - return m.AllowedGroups - } - return nil +func (m *OAuth) Reset() { *m = OAuth{} } +func (m *OAuth) String() string { return proto.CompactTextString(m) } +func (*OAuth) ProtoMessage() {} +func (*OAuth) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{11} } - -func (m *Ldap) GetPool() *Ldap_ConnectionPool { - if m != nil { - return m.Pool - } - return nil +func (m *OAuth) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_OAuth.Unmarshal(m, b) } - -// Configuration properties for pooling connections to the LDAP server. If the pool is exhausted when a connection -// is requested (meaning that all the polled connections are in use), the connection will be created on the fly. -type Ldap_ConnectionPool struct { - // Maximum number connections that are pooled at any give time. The default value is 5. - MaxSize *types.UInt32Value `protobuf:"bytes,1,opt,name=maxSize,proto3" json:"maxSize,omitempty"` - // Number of connections that the pool will be pre-populated with upon initialization. The default value is 2. - InitialSize *types.UInt32Value `protobuf:"bytes,2,opt,name=initialSize,proto3" json:"initialSize,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +func (m *OAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_OAuth.Marshal(b, m, deterministic) } - -func (m *Ldap_ConnectionPool) Reset() { *m = Ldap_ConnectionPool{} } -func (m *Ldap_ConnectionPool) String() string { return proto.CompactTextString(m) } -func (*Ldap_ConnectionPool) ProtoMessage() {} -func (*Ldap_ConnectionPool) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{12, 0} +func (m *OAuth) XXX_Merge(src proto.Message) { + xxx_messageInfo_OAuth.Merge(m, src) } -func (m *Ldap_ConnectionPool) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Ldap_ConnectionPool.Unmarshal(m, b) +func (m *OAuth) XXX_Size() int { + return xxx_messageInfo_OAuth.Size(m) } -func (m *Ldap_ConnectionPool) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Ldap_ConnectionPool.Marshal(b, m, deterministic) +func (m *OAuth) XXX_DiscardUnknown() { + xxx_messageInfo_OAuth.DiscardUnknown(m) } -func (m *Ldap_ConnectionPool) XXX_Merge(src proto.Message) { - xxx_messageInfo_Ldap_ConnectionPool.Merge(m, src) + +var xxx_messageInfo_OAuth proto.InternalMessageInfo + +func (m *OAuth) GetClientId() string { + if m != nil { + return m.ClientId + } + return "" } -func (m *Ldap_ConnectionPool) XXX_Size() int { - return xxx_messageInfo_Ldap_ConnectionPool.Size(m) + +func (m *OAuth) GetClientSecretRef() *core.ResourceRef { + if m != nil { + return m.ClientSecretRef + } + return nil } -func (m *Ldap_ConnectionPool) XXX_DiscardUnknown() { - xxx_messageInfo_Ldap_ConnectionPool.DiscardUnknown(m) + +func (m *OAuth) GetIssuerUrl() string { + if m != nil { + return m.IssuerUrl + } + return "" } -var xxx_messageInfo_Ldap_ConnectionPool proto.InternalMessageInfo +func (m *OAuth) GetAppUrl() string { + if m != nil { + return m.AppUrl + } + return "" +} -func (m *Ldap_ConnectionPool) GetMaxSize() *types.UInt32Value { +func (m *OAuth) GetCallbackPath() string { if m != nil { - return m.MaxSize + return m.CallbackPath } - return nil + return "" } -func (m *Ldap_ConnectionPool) GetInitialSize() *types.UInt32Value { +func (m *OAuth) GetScopes() []string { if m != nil { - return m.InitialSize + return m.Scopes } return nil } -// This message represents the user-facing auth configuration. When processed by Gloo, certain configuration types -// (i.a. oauth, opa) will be translated, e.g. to resolve resource references. See the `ExtAuthConfig.AuthConfig` for the -// final config format that will be included in the extauth snapshot. -type AuthConfig struct { - // Types that are valid to be assigned to AuthConfig: - // *AuthConfig_BasicAuth - // *AuthConfig_Oauth - // *AuthConfig_CustomAuth - // *AuthConfig_ApiKeyAuth - // *AuthConfig_PluginAuth - // *AuthConfig_OpaAuth - // *AuthConfig_Ldap - AuthConfig isAuthConfig_AuthConfig `protobuf_oneof:"auth_config"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +type OauthSecret struct { + ClientSecret string `protobuf:"bytes,1,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *AuthConfig) Reset() { *m = AuthConfig{} } -func (m *AuthConfig) String() string { return proto.CompactTextString(m) } -func (*AuthConfig) ProtoMessage() {} -func (*AuthConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{13} +func (m *OauthSecret) Reset() { *m = OauthSecret{} } +func (m *OauthSecret) String() string { return proto.CompactTextString(m) } +func (*OauthSecret) ProtoMessage() {} +func (*OauthSecret) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{12} } -func (m *AuthConfig) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_AuthConfig.Unmarshal(m, b) +func (m *OauthSecret) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_OauthSecret.Unmarshal(m, b) } -func (m *AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_AuthConfig.Marshal(b, m, deterministic) +func (m *OauthSecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_OauthSecret.Marshal(b, m, deterministic) } -func (m *AuthConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_AuthConfig.Merge(m, src) +func (m *OauthSecret) XXX_Merge(src proto.Message) { + xxx_messageInfo_OauthSecret.Merge(m, src) } -func (m *AuthConfig) XXX_Size() int { - return xxx_messageInfo_AuthConfig.Size(m) +func (m *OauthSecret) XXX_Size() int { + return xxx_messageInfo_OauthSecret.Size(m) } -func (m *AuthConfig) XXX_DiscardUnknown() { - xxx_messageInfo_AuthConfig.DiscardUnknown(m) +func (m *OauthSecret) XXX_DiscardUnknown() { + xxx_messageInfo_OauthSecret.DiscardUnknown(m) } -var xxx_messageInfo_AuthConfig proto.InternalMessageInfo +var xxx_messageInfo_OauthSecret proto.InternalMessageInfo -type isAuthConfig_AuthConfig interface { - isAuthConfig_AuthConfig() - Equal(interface{}) bool +func (m *OauthSecret) GetClientSecret() string { + if m != nil { + return m.ClientSecret + } + return "" } -type AuthConfig_BasicAuth struct { - BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"` +type ApiKeyAuth struct { + // identify all valid apikey secrets using the provided label selector. + // apikey secrets must be in gloo's watch namespaces for gloo to locate them + LabelSelector map[string]string `protobuf:"bytes,1,rep,name=label_selector,json=labelSelector,proto3" json:"label_selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // a way to reference apikey secrets individually (good for testing); prefer apikey groups via label selector + ApiKeySecretRefs []*core.ResourceRef `protobuf:"bytes,2,rep,name=api_key_secret_refs,json=apiKeySecretRefs,proto3" json:"api_key_secret_refs,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -type AuthConfig_Oauth struct { - Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"` + +func (m *ApiKeyAuth) Reset() { *m = ApiKeyAuth{} } +func (m *ApiKeyAuth) String() string { return proto.CompactTextString(m) } +func (*ApiKeyAuth) ProtoMessage() {} +func (*ApiKeyAuth) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{13} } -type AuthConfig_CustomAuth struct { - CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"` +func (m *ApiKeyAuth) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ApiKeyAuth.Unmarshal(m, b) } -type AuthConfig_ApiKeyAuth struct { - ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"` +func (m *ApiKeyAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ApiKeyAuth.Marshal(b, m, deterministic) } -type AuthConfig_PluginAuth struct { - PluginAuth *AuthPlugin `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"` +func (m *ApiKeyAuth) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApiKeyAuth.Merge(m, src) } -type AuthConfig_OpaAuth struct { - OpaAuth *OpaAuth `protobuf:"bytes,6,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"` +func (m *ApiKeyAuth) XXX_Size() int { + return xxx_messageInfo_ApiKeyAuth.Size(m) } -type AuthConfig_Ldap struct { - Ldap *Ldap `protobuf:"bytes,7,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"` +func (m *ApiKeyAuth) XXX_DiscardUnknown() { + xxx_messageInfo_ApiKeyAuth.DiscardUnknown(m) } -func (*AuthConfig_BasicAuth) isAuthConfig_AuthConfig() {} -func (*AuthConfig_Oauth) isAuthConfig_AuthConfig() {} -func (*AuthConfig_CustomAuth) isAuthConfig_AuthConfig() {} -func (*AuthConfig_ApiKeyAuth) isAuthConfig_AuthConfig() {} -func (*AuthConfig_PluginAuth) isAuthConfig_AuthConfig() {} -func (*AuthConfig_OpaAuth) isAuthConfig_AuthConfig() {} -func (*AuthConfig_Ldap) isAuthConfig_AuthConfig() {} +var xxx_messageInfo_ApiKeyAuth proto.InternalMessageInfo -func (m *AuthConfig) GetAuthConfig() isAuthConfig_AuthConfig { +func (m *ApiKeyAuth) GetLabelSelector() map[string]string { if m != nil { - return m.AuthConfig + return m.LabelSelector } return nil } -func (m *AuthConfig) GetBasicAuth() *BasicAuth { - if x, ok := m.GetAuthConfig().(*AuthConfig_BasicAuth); ok { - return x.BasicAuth +func (m *ApiKeyAuth) GetApiKeySecretRefs() []*core.ResourceRef { + if m != nil { + return m.ApiKeySecretRefs } return nil } -func (m *AuthConfig) GetOauth() *OAuth { - if x, ok := m.GetAuthConfig().(*AuthConfig_Oauth); ok { - return x.Oauth - } - return nil +type ApiKeySecret struct { + // if true, generate an apikey + GenerateApiKey bool `protobuf:"varint,1,opt,name=generate_api_key,json=generateApiKey,proto3" json:"generate_api_key,omitempty"` + // if present, use the provided apikey + ApiKey string `protobuf:"bytes,2,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"` + // a list of labels (key=value) for the apikey secret. + // virtual services may look for these labels using a provided label selector + Labels []string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *AuthConfig) GetCustomAuth() *CustomAuth { - if x, ok := m.GetAuthConfig().(*AuthConfig_CustomAuth); ok { - return x.CustomAuth - } - return nil +func (m *ApiKeySecret) Reset() { *m = ApiKeySecret{} } +func (m *ApiKeySecret) String() string { return proto.CompactTextString(m) } +func (*ApiKeySecret) ProtoMessage() {} +func (*ApiKeySecret) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{14} } - -func (m *AuthConfig) GetApiKeyAuth() *ApiKeyAuth { - if x, ok := m.GetAuthConfig().(*AuthConfig_ApiKeyAuth); ok { - return x.ApiKeyAuth - } - return nil +func (m *ApiKeySecret) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ApiKeySecret.Unmarshal(m, b) } - -func (m *AuthConfig) GetPluginAuth() *AuthPlugin { - if x, ok := m.GetAuthConfig().(*AuthConfig_PluginAuth); ok { - return x.PluginAuth - } - return nil +func (m *ApiKeySecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ApiKeySecret.Marshal(b, m, deterministic) } - -func (m *AuthConfig) GetOpaAuth() *OpaAuth { - if x, ok := m.GetAuthConfig().(*AuthConfig_OpaAuth); ok { - return x.OpaAuth - } - return nil +func (m *ApiKeySecret) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApiKeySecret.Merge(m, src) +} +func (m *ApiKeySecret) XXX_Size() int { + return xxx_messageInfo_ApiKeySecret.Size(m) +} +func (m *ApiKeySecret) XXX_DiscardUnknown() { + xxx_messageInfo_ApiKeySecret.DiscardUnknown(m) } -func (m *AuthConfig) GetLdap() *Ldap { - if x, ok := m.GetAuthConfig().(*AuthConfig_Ldap); ok { - return x.Ldap +var xxx_messageInfo_ApiKeySecret proto.InternalMessageInfo + +func (m *ApiKeySecret) GetGenerateApiKey() bool { + if m != nil { + return m.GenerateApiKey } - return nil + return false } -// XXX_OneofWrappers is for the internal use of the proto package. -func (*AuthConfig) XXX_OneofWrappers() []interface{} { - return []interface{}{ - (*AuthConfig_BasicAuth)(nil), - (*AuthConfig_Oauth)(nil), - (*AuthConfig_CustomAuth)(nil), - (*AuthConfig_ApiKeyAuth)(nil), - (*AuthConfig_PluginAuth)(nil), - (*AuthConfig_OpaAuth)(nil), - (*AuthConfig_Ldap)(nil), +func (m *ApiKeySecret) GetApiKey() string { + if m != nil { + return m.ApiKey } + return "" } -type VhostExtension struct { - // Types that are valid to be assigned to AuthConfig: - // *VhostExtension_BasicAuth - // *VhostExtension_Oauth - // *VhostExtension_CustomAuth - // *VhostExtension_ApiKeyAuth - // *VhostExtension_PluginAuth - AuthConfig isVhostExtension_AuthConfig `protobuf_oneof:"auth_config"` - // A chain of AuthN\AuthZ configurations which will be executed in the order they are specified. The first plugin to deny a request will - // cause a 403 response to be returned; any subsequent plugin in the chain will not be executed. - // The headers on the OkHttpResponse returned from a plugin in the chain will be added to the request that will be sent - // to the next one(s) according to the rules described here: - // https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto#service-auth-v2-okhttpresponse - Configs []*AuthConfig `protobuf:"bytes,6,rep,name=configs,proto3" json:"configs,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +func (m *ApiKeySecret) GetLabels() []string { + if m != nil { + return m.Labels + } + return nil } -func (m *VhostExtension) Reset() { *m = VhostExtension{} } -func (m *VhostExtension) String() string { return proto.CompactTextString(m) } -func (*VhostExtension) ProtoMessage() {} -func (*VhostExtension) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{14} -} -func (m *VhostExtension) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_VhostExtension.Unmarshal(m, b) -} -func (m *VhostExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_VhostExtension.Marshal(b, m, deterministic) -} -func (m *VhostExtension) XXX_Merge(src proto.Message) { - xxx_messageInfo_VhostExtension.Merge(m, src) -} -func (m *VhostExtension) XXX_Size() int { - return xxx_messageInfo_VhostExtension.Size(m) -} -func (m *VhostExtension) XXX_DiscardUnknown() { - xxx_messageInfo_VhostExtension.DiscardUnknown(m) +type OpaAuth struct { + // An optional resource reference to config maps containing modules to assist in the resolution of `query`. + Modules []*core.ResourceRef `protobuf:"bytes,1,rep,name=modules,proto3" json:"modules,omitempty"` + // The query that determines the auth decision. The result of this query must be either a boolean + // or an array with boolean as the first element. A boolean `true` value means that the request + // will be authorized. Any other value, or error, means that the request will be denied. + Query string `protobuf:"bytes,2,opt,name=query,proto3" json:"query,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -var xxx_messageInfo_VhostExtension proto.InternalMessageInfo - -type isVhostExtension_AuthConfig interface { - isVhostExtension_AuthConfig() - Equal(interface{}) bool +func (m *OpaAuth) Reset() { *m = OpaAuth{} } +func (m *OpaAuth) String() string { return proto.CompactTextString(m) } +func (*OpaAuth) ProtoMessage() {} +func (*OpaAuth) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{15} } - -type VhostExtension_BasicAuth struct { - BasicAuth *BasicAuth `protobuf:"bytes,1,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"` +func (m *OpaAuth) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_OpaAuth.Unmarshal(m, b) } -type VhostExtension_Oauth struct { - Oauth *OAuth `protobuf:"bytes,2,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"` +func (m *OpaAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_OpaAuth.Marshal(b, m, deterministic) } -type VhostExtension_CustomAuth struct { - CustomAuth *CustomAuth `protobuf:"bytes,3,opt,name=custom_auth,json=customAuth,proto3,oneof" json:"custom_auth,omitempty"` +func (m *OpaAuth) XXX_Merge(src proto.Message) { + xxx_messageInfo_OpaAuth.Merge(m, src) } -type VhostExtension_ApiKeyAuth struct { - ApiKeyAuth *ApiKeyAuth `protobuf:"bytes,4,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"` +func (m *OpaAuth) XXX_Size() int { + return xxx_messageInfo_OpaAuth.Size(m) } -type VhostExtension_PluginAuth struct { - PluginAuth *PluginAuth `protobuf:"bytes,5,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"` +func (m *OpaAuth) XXX_DiscardUnknown() { + xxx_messageInfo_OpaAuth.DiscardUnknown(m) } -func (*VhostExtension_BasicAuth) isVhostExtension_AuthConfig() {} -func (*VhostExtension_Oauth) isVhostExtension_AuthConfig() {} -func (*VhostExtension_CustomAuth) isVhostExtension_AuthConfig() {} -func (*VhostExtension_ApiKeyAuth) isVhostExtension_AuthConfig() {} -func (*VhostExtension_PluginAuth) isVhostExtension_AuthConfig() {} +var xxx_messageInfo_OpaAuth proto.InternalMessageInfo -func (m *VhostExtension) GetAuthConfig() isVhostExtension_AuthConfig { +func (m *OpaAuth) GetModules() []*core.ResourceRef { if m != nil { - return m.AuthConfig + return m.Modules } return nil } -func (m *VhostExtension) GetBasicAuth() *BasicAuth { - if x, ok := m.GetAuthConfig().(*VhostExtension_BasicAuth); ok { - return x.BasicAuth +func (m *OpaAuth) GetQuery() string { + if m != nil { + return m.Query } - return nil + return "" } -func (m *VhostExtension) GetOauth() *OAuth { - if x, ok := m.GetAuthConfig().(*VhostExtension_Oauth); ok { - return x.Oauth - } - return nil +// Authenticates and authorizes requests by querying an LDAP server. Gloo makes the following assumptions: +// * Requests provide credentials via the basic HTTP authentication header. Gloo will BIND to the LDAP server using the +// credentials extracted from the header. +// * Your LDAP server is configured so that each entry you want to authorize has an attribute that indicates its group +// memberships. A common way of achieving this is by using the [*memberof* overlay](http://www.openldap.org/software/man.cgi?query=slapo-memberof). +type Ldap struct { + // Address of the LDAP server to query. Should be in the form:
:. + Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` + // Template to build user entry distinguished names (DN). This must contains a single occurrence of the "%s" placeholder. + // When processing a request, Gloo will substitute the name of the user (extracted from the auth header) for the + // placeholder and issue a search request with the resulting DN as baseDN (and 'base' search scope). + // E.g. "uid=%s,ou=people,dc=solo,dc=io" + UserDnTemplate string `protobuf:"bytes,2,opt,name=userDnTemplate,proto3" json:"userDnTemplate,omitempty"` + // Case-insensitive name of the attribute that contains the names of the groups an entry is member of. Gloo will look + // for attributes with the given name to determine which groups the user entry belongs to. Defaults to 'memberOf' if not provided. + MembershipAttributeName string `protobuf:"bytes,3,opt,name=membershipAttributeName,proto3" json:"membershipAttributeName,omitempty"` + // In order for the request to be authenticated, the membership attribute (e.g. *memberOf*) on the user entry must + // contain at least of one of the group DNs specified via this option. + // E.g. []string{ "cn=managers,ou=groups,dc=solo,dc=io", "cn=developers,ou=groups,dc=solo,dc=io" } + AllowedGroups []string `protobuf:"bytes,4,rep,name=allowedGroups,proto3" json:"allowedGroups,omitempty"` + // Use this property to tune the pool of connections to the LDAP server that Gloo maintains. + Pool *Ldap_ConnectionPool `protobuf:"bytes,5,opt,name=pool,proto3" json:"pool,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *VhostExtension) GetCustomAuth() *CustomAuth { - if x, ok := m.GetAuthConfig().(*VhostExtension_CustomAuth); ok { - return x.CustomAuth +func (m *Ldap) Reset() { *m = Ldap{} } +func (m *Ldap) String() string { return proto.CompactTextString(m) } +func (*Ldap) ProtoMessage() {} +func (*Ldap) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{16} +} +func (m *Ldap) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_Ldap.Unmarshal(m, b) +} +func (m *Ldap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_Ldap.Marshal(b, m, deterministic) +} +func (m *Ldap) XXX_Merge(src proto.Message) { + xxx_messageInfo_Ldap.Merge(m, src) +} +func (m *Ldap) XXX_Size() int { + return xxx_messageInfo_Ldap.Size(m) +} +func (m *Ldap) XXX_DiscardUnknown() { + xxx_messageInfo_Ldap.DiscardUnknown(m) +} + +var xxx_messageInfo_Ldap proto.InternalMessageInfo + +func (m *Ldap) GetAddress() string { + if m != nil { + return m.Address } - return nil + return "" } -func (m *VhostExtension) GetApiKeyAuth() *ApiKeyAuth { - if x, ok := m.GetAuthConfig().(*VhostExtension_ApiKeyAuth); ok { - return x.ApiKeyAuth +func (m *Ldap) GetUserDnTemplate() string { + if m != nil { + return m.UserDnTemplate } - return nil + return "" } -func (m *VhostExtension) GetPluginAuth() *PluginAuth { - if x, ok := m.GetAuthConfig().(*VhostExtension_PluginAuth); ok { - return x.PluginAuth +func (m *Ldap) GetMembershipAttributeName() string { + if m != nil { + return m.MembershipAttributeName } - return nil + return "" } -func (m *VhostExtension) GetConfigs() []*AuthConfig { +func (m *Ldap) GetAllowedGroups() []string { if m != nil { - return m.Configs + return m.AllowedGroups } return nil } -// XXX_OneofWrappers is for the internal use of the proto package. -func (*VhostExtension) XXX_OneofWrappers() []interface{} { - return []interface{}{ - (*VhostExtension_BasicAuth)(nil), - (*VhostExtension_Oauth)(nil), - (*VhostExtension_CustomAuth)(nil), - (*VhostExtension_ApiKeyAuth)(nil), - (*VhostExtension_PluginAuth)(nil), +func (m *Ldap) GetPool() *Ldap_ConnectionPool { + if m != nil { + return m.Pool } + return nil } -type RouteExtension struct { - Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` +// Configuration properties for pooling connections to the LDAP server. If the pool is exhausted when a connection +// is requested (meaning that all the polled connections are in use), the connection will be created on the fly. +type Ldap_ConnectionPool struct { + // Maximum number connections that are pooled at any give time. The default value is 5. + MaxSize *types.UInt32Value `protobuf:"bytes,1,opt,name=maxSize,proto3" json:"maxSize,omitempty"` + // Number of connections that the pool will be pre-populated with upon initialization. The default value is 2. + InitialSize *types.UInt32Value `protobuf:"bytes,2,opt,name=initialSize,proto3" json:"initialSize,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *RouteExtension) Reset() { *m = RouteExtension{} } -func (m *RouteExtension) String() string { return proto.CompactTextString(m) } -func (*RouteExtension) ProtoMessage() {} -func (*RouteExtension) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{15} +func (m *Ldap_ConnectionPool) Reset() { *m = Ldap_ConnectionPool{} } +func (m *Ldap_ConnectionPool) String() string { return proto.CompactTextString(m) } +func (*Ldap_ConnectionPool) ProtoMessage() {} +func (*Ldap_ConnectionPool) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{16, 0} } -func (m *RouteExtension) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_RouteExtension.Unmarshal(m, b) +func (m *Ldap_ConnectionPool) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_Ldap_ConnectionPool.Unmarshal(m, b) } -func (m *RouteExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_RouteExtension.Marshal(b, m, deterministic) +func (m *Ldap_ConnectionPool) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_Ldap_ConnectionPool.Marshal(b, m, deterministic) } -func (m *RouteExtension) XXX_Merge(src proto.Message) { - xxx_messageInfo_RouteExtension.Merge(m, src) +func (m *Ldap_ConnectionPool) XXX_Merge(src proto.Message) { + xxx_messageInfo_Ldap_ConnectionPool.Merge(m, src) } -func (m *RouteExtension) XXX_Size() int { - return xxx_messageInfo_RouteExtension.Size(m) +func (m *Ldap_ConnectionPool) XXX_Size() int { + return xxx_messageInfo_Ldap_ConnectionPool.Size(m) } -func (m *RouteExtension) XXX_DiscardUnknown() { - xxx_messageInfo_RouteExtension.DiscardUnknown(m) +func (m *Ldap_ConnectionPool) XXX_DiscardUnknown() { + xxx_messageInfo_Ldap_ConnectionPool.DiscardUnknown(m) } -var xxx_messageInfo_RouteExtension proto.InternalMessageInfo +var xxx_messageInfo_Ldap_ConnectionPool proto.InternalMessageInfo -func (m *RouteExtension) GetDisable() bool { +func (m *Ldap_ConnectionPool) GetMaxSize() *types.UInt32Value { if m != nil { - return m.Disable + return m.MaxSize } - return false + return nil +} + +func (m *Ldap_ConnectionPool) GetInitialSize() *types.UInt32Value { + if m != nil { + return m.InitialSize + } + return nil } // @@ -1375,7 +1658,12 @@ func (m *RouteExtension) GetDisable() bool { //@solo-kit:resource.no_references type ExtAuthConfig struct { // @solo-kit:resource.name - Vhost string `protobuf:"bytes,1,opt,name=vhost,proto3" json:"vhost,omitempty"` + // This is the identifier of the AuthConfig resource that this configuration is associated with. + // Any request to the external auth server includes an identifier that is matched against this field to determine + // which AuthConfig should be applied to it. + AuthConfigRefName string `protobuf:"bytes,1,opt,name=auth_config_ref_name,json=authConfigRefName,proto3" json:"auth_config_ref_name,omitempty"` + // Deprecated: use auth_config_ref_name instead + Vhost string `protobuf:"bytes,2,opt,name=vhost,proto3" json:"vhost,omitempty"` // Deprecated // // Types that are valid to be assigned to AuthConfig: @@ -1383,18 +1671,18 @@ type ExtAuthConfig struct { // *ExtAuthConfig_BasicAuth // *ExtAuthConfig_ApiKeyAuth // *ExtAuthConfig_PluginAuth - AuthConfig isExtAuthConfig_AuthConfig `protobuf_oneof:"auth_config"` - Configs []*ExtAuthConfig_AuthConfig `protobuf:"bytes,8,rep,name=configs,proto3" json:"configs,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + AuthConfig isExtAuthConfig_AuthConfig `protobuf_oneof:"auth_config"` + Configs []*ExtAuthConfig_Config `protobuf:"bytes,8,rep,name=configs,proto3" json:"configs,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ExtAuthConfig) Reset() { *m = ExtAuthConfig{} } func (m *ExtAuthConfig) String() string { return proto.CompactTextString(m) } func (*ExtAuthConfig) ProtoMessage() {} func (*ExtAuthConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{16} + return fileDescriptor_fd292ca1013ff82a, []int{17} } func (m *ExtAuthConfig) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ExtAuthConfig.Unmarshal(m, b) @@ -1444,6 +1732,13 @@ func (m *ExtAuthConfig) GetAuthConfig() isExtAuthConfig_AuthConfig { return nil } +func (m *ExtAuthConfig) GetAuthConfigRefName() string { + if m != nil { + return m.AuthConfigRefName + } + return "" +} + func (m *ExtAuthConfig) GetVhost() string { if m != nil { return m.Vhost @@ -1479,7 +1774,7 @@ func (m *ExtAuthConfig) GetPluginAuth() *PluginAuth { return nil } -func (m *ExtAuthConfig) GetConfigs() []*ExtAuthConfig_AuthConfig { +func (m *ExtAuthConfig) GetConfigs() []*ExtAuthConfig_Config { if m != nil { return m.Configs } @@ -1521,7 +1816,7 @@ func (m *ExtAuthConfig_OAuthConfig) Reset() { *m = ExtAuthConfig_OAuthCo func (m *ExtAuthConfig_OAuthConfig) String() string { return proto.CompactTextString(m) } func (*ExtAuthConfig_OAuthConfig) ProtoMessage() {} func (*ExtAuthConfig_OAuthConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{16, 0} + return fileDescriptor_fd292ca1013ff82a, []int{17, 0} } func (m *ExtAuthConfig_OAuthConfig) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ExtAuthConfig_OAuthConfig.Unmarshal(m, b) @@ -1595,7 +1890,7 @@ func (m *ExtAuthConfig_ApiKeyAuthConfig) Reset() { *m = ExtAuthConfig_Ap func (m *ExtAuthConfig_ApiKeyAuthConfig) String() string { return proto.CompactTextString(m) } func (*ExtAuthConfig_ApiKeyAuthConfig) ProtoMessage() {} func (*ExtAuthConfig_ApiKeyAuthConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{16, 1} + return fileDescriptor_fd292ca1013ff82a, []int{17, 1} } func (m *ExtAuthConfig_ApiKeyAuthConfig) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ExtAuthConfig_ApiKeyAuthConfig.Unmarshal(m, b) @@ -1638,7 +1933,7 @@ func (m *ExtAuthConfig_OpaAuthConfig) Reset() { *m = ExtAuthConfig_OpaAu func (m *ExtAuthConfig_OpaAuthConfig) String() string { return proto.CompactTextString(m) } func (*ExtAuthConfig_OpaAuthConfig) ProtoMessage() {} func (*ExtAuthConfig_OpaAuthConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{16, 2} + return fileDescriptor_fd292ca1013ff82a, []int{17, 2} } func (m *ExtAuthConfig_OpaAuthConfig) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ExtAuthConfig_OpaAuthConfig.Unmarshal(m, b) @@ -1672,311 +1967,468 @@ func (m *ExtAuthConfig_OpaAuthConfig) GetQuery() string { return "" } -type ExtAuthConfig_AuthConfig struct { +type ExtAuthConfig_Config struct { // Types that are valid to be assigned to AuthConfig: - // *ExtAuthConfig_AuthConfig_Oauth - // *ExtAuthConfig_AuthConfig_BasicAuth - // *ExtAuthConfig_AuthConfig_ApiKeyAuth - // *ExtAuthConfig_AuthConfig_PluginAuth - // *ExtAuthConfig_AuthConfig_OpaAuth - // *ExtAuthConfig_AuthConfig_Ldap - AuthConfig isExtAuthConfig_AuthConfig_AuthConfig `protobuf_oneof:"auth_config"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // *ExtAuthConfig_Config_Oauth + // *ExtAuthConfig_Config_BasicAuth + // *ExtAuthConfig_Config_ApiKeyAuth + // *ExtAuthConfig_Config_PluginAuth + // *ExtAuthConfig_Config_OpaAuth + // *ExtAuthConfig_Config_Ldap + AuthConfig isExtAuthConfig_Config_AuthConfig `protobuf_oneof:"auth_config"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } -func (m *ExtAuthConfig_AuthConfig) Reset() { *m = ExtAuthConfig_AuthConfig{} } -func (m *ExtAuthConfig_AuthConfig) String() string { return proto.CompactTextString(m) } -func (*ExtAuthConfig_AuthConfig) ProtoMessage() {} -func (*ExtAuthConfig_AuthConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_6eb2ccbcf0f13656, []int{16, 3} +func (m *ExtAuthConfig_Config) Reset() { *m = ExtAuthConfig_Config{} } +func (m *ExtAuthConfig_Config) String() string { return proto.CompactTextString(m) } +func (*ExtAuthConfig_Config) ProtoMessage() {} +func (*ExtAuthConfig_Config) Descriptor() ([]byte, []int) { + return fileDescriptor_fd292ca1013ff82a, []int{17, 3} } -func (m *ExtAuthConfig_AuthConfig) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ExtAuthConfig_AuthConfig.Unmarshal(m, b) +func (m *ExtAuthConfig_Config) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ExtAuthConfig_Config.Unmarshal(m, b) } -func (m *ExtAuthConfig_AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ExtAuthConfig_AuthConfig.Marshal(b, m, deterministic) +func (m *ExtAuthConfig_Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ExtAuthConfig_Config.Marshal(b, m, deterministic) } -func (m *ExtAuthConfig_AuthConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_ExtAuthConfig_AuthConfig.Merge(m, src) +func (m *ExtAuthConfig_Config) XXX_Merge(src proto.Message) { + xxx_messageInfo_ExtAuthConfig_Config.Merge(m, src) } -func (m *ExtAuthConfig_AuthConfig) XXX_Size() int { - return xxx_messageInfo_ExtAuthConfig_AuthConfig.Size(m) +func (m *ExtAuthConfig_Config) XXX_Size() int { + return xxx_messageInfo_ExtAuthConfig_Config.Size(m) } -func (m *ExtAuthConfig_AuthConfig) XXX_DiscardUnknown() { - xxx_messageInfo_ExtAuthConfig_AuthConfig.DiscardUnknown(m) +func (m *ExtAuthConfig_Config) XXX_DiscardUnknown() { + xxx_messageInfo_ExtAuthConfig_Config.DiscardUnknown(m) } -var xxx_messageInfo_ExtAuthConfig_AuthConfig proto.InternalMessageInfo +var xxx_messageInfo_ExtAuthConfig_Config proto.InternalMessageInfo -type isExtAuthConfig_AuthConfig_AuthConfig interface { - isExtAuthConfig_AuthConfig_AuthConfig() +type isExtAuthConfig_Config_AuthConfig interface { + isExtAuthConfig_Config_AuthConfig() Equal(interface{}) bool } -type ExtAuthConfig_AuthConfig_Oauth struct { +type ExtAuthConfig_Config_Oauth struct { Oauth *ExtAuthConfig_OAuthConfig `protobuf:"bytes,3,opt,name=oauth,proto3,oneof" json:"oauth,omitempty"` } -type ExtAuthConfig_AuthConfig_BasicAuth struct { +type ExtAuthConfig_Config_BasicAuth struct { BasicAuth *BasicAuth `protobuf:"bytes,4,opt,name=basic_auth,json=basicAuth,proto3,oneof" json:"basic_auth,omitempty"` } -type ExtAuthConfig_AuthConfig_ApiKeyAuth struct { +type ExtAuthConfig_Config_ApiKeyAuth struct { ApiKeyAuth *ExtAuthConfig_ApiKeyAuthConfig `protobuf:"bytes,5,opt,name=api_key_auth,json=apiKeyAuth,proto3,oneof" json:"api_key_auth,omitempty"` } -type ExtAuthConfig_AuthConfig_PluginAuth struct { +type ExtAuthConfig_Config_PluginAuth struct { PluginAuth *AuthPlugin `protobuf:"bytes,6,opt,name=plugin_auth,json=pluginAuth,proto3,oneof" json:"plugin_auth,omitempty"` } -type ExtAuthConfig_AuthConfig_OpaAuth struct { +type ExtAuthConfig_Config_OpaAuth struct { OpaAuth *ExtAuthConfig_OpaAuthConfig `protobuf:"bytes,7,opt,name=opa_auth,json=opaAuth,proto3,oneof" json:"opa_auth,omitempty"` } -type ExtAuthConfig_AuthConfig_Ldap struct { +type ExtAuthConfig_Config_Ldap struct { Ldap *Ldap `protobuf:"bytes,8,opt,name=ldap,proto3,oneof" json:"ldap,omitempty"` } -func (*ExtAuthConfig_AuthConfig_Oauth) isExtAuthConfig_AuthConfig_AuthConfig() {} -func (*ExtAuthConfig_AuthConfig_BasicAuth) isExtAuthConfig_AuthConfig_AuthConfig() {} -func (*ExtAuthConfig_AuthConfig_ApiKeyAuth) isExtAuthConfig_AuthConfig_AuthConfig() {} -func (*ExtAuthConfig_AuthConfig_PluginAuth) isExtAuthConfig_AuthConfig_AuthConfig() {} -func (*ExtAuthConfig_AuthConfig_OpaAuth) isExtAuthConfig_AuthConfig_AuthConfig() {} -func (*ExtAuthConfig_AuthConfig_Ldap) isExtAuthConfig_AuthConfig_AuthConfig() {} +func (*ExtAuthConfig_Config_Oauth) isExtAuthConfig_Config_AuthConfig() {} +func (*ExtAuthConfig_Config_BasicAuth) isExtAuthConfig_Config_AuthConfig() {} +func (*ExtAuthConfig_Config_ApiKeyAuth) isExtAuthConfig_Config_AuthConfig() {} +func (*ExtAuthConfig_Config_PluginAuth) isExtAuthConfig_Config_AuthConfig() {} +func (*ExtAuthConfig_Config_OpaAuth) isExtAuthConfig_Config_AuthConfig() {} +func (*ExtAuthConfig_Config_Ldap) isExtAuthConfig_Config_AuthConfig() {} -func (m *ExtAuthConfig_AuthConfig) GetAuthConfig() isExtAuthConfig_AuthConfig_AuthConfig { +func (m *ExtAuthConfig_Config) GetAuthConfig() isExtAuthConfig_Config_AuthConfig { if m != nil { return m.AuthConfig } return nil } -func (m *ExtAuthConfig_AuthConfig) GetOauth() *ExtAuthConfig_OAuthConfig { - if x, ok := m.GetAuthConfig().(*ExtAuthConfig_AuthConfig_Oauth); ok { +func (m *ExtAuthConfig_Config) GetOauth() *ExtAuthConfig_OAuthConfig { + if x, ok := m.GetAuthConfig().(*ExtAuthConfig_Config_Oauth); ok { return x.Oauth } return nil } -func (m *ExtAuthConfig_AuthConfig) GetBasicAuth() *BasicAuth { - if x, ok := m.GetAuthConfig().(*ExtAuthConfig_AuthConfig_BasicAuth); ok { +func (m *ExtAuthConfig_Config) GetBasicAuth() *BasicAuth { + if x, ok := m.GetAuthConfig().(*ExtAuthConfig_Config_BasicAuth); ok { return x.BasicAuth } - return nil + return nil +} + +func (m *ExtAuthConfig_Config) GetApiKeyAuth() *ExtAuthConfig_ApiKeyAuthConfig { + if x, ok := m.GetAuthConfig().(*ExtAuthConfig_Config_ApiKeyAuth); ok { + return x.ApiKeyAuth + } + return nil +} + +func (m *ExtAuthConfig_Config) GetPluginAuth() *AuthPlugin { + if x, ok := m.GetAuthConfig().(*ExtAuthConfig_Config_PluginAuth); ok { + return x.PluginAuth + } + return nil +} + +func (m *ExtAuthConfig_Config) GetOpaAuth() *ExtAuthConfig_OpaAuthConfig { + if x, ok := m.GetAuthConfig().(*ExtAuthConfig_Config_OpaAuth); ok { + return x.OpaAuth + } + return nil +} + +func (m *ExtAuthConfig_Config) GetLdap() *Ldap { + if x, ok := m.GetAuthConfig().(*ExtAuthConfig_Config_Ldap); ok { + return x.Ldap + } + return nil +} + +// XXX_OneofWrappers is for the internal use of the proto package. +func (*ExtAuthConfig_Config) XXX_OneofWrappers() []interface{} { + return []interface{}{ + (*ExtAuthConfig_Config_Oauth)(nil), + (*ExtAuthConfig_Config_BasicAuth)(nil), + (*ExtAuthConfig_Config_ApiKeyAuth)(nil), + (*ExtAuthConfig_Config_PluginAuth)(nil), + (*ExtAuthConfig_Config_OpaAuth)(nil), + (*ExtAuthConfig_Config_Ldap)(nil), + } +} + +func init() { + proto.RegisterType((*AuthConfig)(nil), "enterprise.gloo.solo.io.AuthConfig") + proto.RegisterType((*AuthConfig_Config)(nil), "enterprise.gloo.solo.io.AuthConfig.Config") + proto.RegisterType((*ExtAuthExtension)(nil), "enterprise.gloo.solo.io.ExtAuthExtension") + proto.RegisterType((*VhostExtension)(nil), "enterprise.gloo.solo.io.VhostExtension") + proto.RegisterType((*VhostExtension_AuthConfig)(nil), "enterprise.gloo.solo.io.VhostExtension.AuthConfig") + proto.RegisterType((*RouteExtension)(nil), "enterprise.gloo.solo.io.RouteExtension") + proto.RegisterType((*Settings)(nil), "enterprise.gloo.solo.io.Settings") + proto.RegisterType((*HttpService)(nil), "enterprise.gloo.solo.io.HttpService") + proto.RegisterType((*HttpService_Request)(nil), "enterprise.gloo.solo.io.HttpService.Request") + proto.RegisterMapType((map[string]string)(nil), "enterprise.gloo.solo.io.HttpService.Request.HeadersToAddEntry") + proto.RegisterType((*HttpService_Response)(nil), "enterprise.gloo.solo.io.HttpService.Response") + proto.RegisterType((*BufferSettings)(nil), "enterprise.gloo.solo.io.BufferSettings") + proto.RegisterType((*CustomAuth)(nil), "enterprise.gloo.solo.io.CustomAuth") + proto.RegisterType((*PluginAuth)(nil), "enterprise.gloo.solo.io.PluginAuth") + proto.RegisterType((*AuthPlugin)(nil), "enterprise.gloo.solo.io.AuthPlugin") + proto.RegisterType((*BasicAuth)(nil), "enterprise.gloo.solo.io.BasicAuth") + proto.RegisterType((*BasicAuth_Apr)(nil), "enterprise.gloo.solo.io.BasicAuth.Apr") + proto.RegisterMapType((map[string]*BasicAuth_Apr_SaltedHashedPassword)(nil), "enterprise.gloo.solo.io.BasicAuth.Apr.UsersEntry") + proto.RegisterType((*BasicAuth_Apr_SaltedHashedPassword)(nil), "enterprise.gloo.solo.io.BasicAuth.Apr.SaltedHashedPassword") + proto.RegisterType((*OAuth)(nil), "enterprise.gloo.solo.io.OAuth") + proto.RegisterType((*OauthSecret)(nil), "enterprise.gloo.solo.io.OauthSecret") + proto.RegisterType((*ApiKeyAuth)(nil), "enterprise.gloo.solo.io.ApiKeyAuth") + proto.RegisterMapType((map[string]string)(nil), "enterprise.gloo.solo.io.ApiKeyAuth.LabelSelectorEntry") + proto.RegisterType((*ApiKeySecret)(nil), "enterprise.gloo.solo.io.ApiKeySecret") + proto.RegisterType((*OpaAuth)(nil), "enterprise.gloo.solo.io.OpaAuth") + proto.RegisterType((*Ldap)(nil), "enterprise.gloo.solo.io.Ldap") + proto.RegisterType((*Ldap_ConnectionPool)(nil), "enterprise.gloo.solo.io.Ldap.ConnectionPool") + proto.RegisterType((*ExtAuthConfig)(nil), "enterprise.gloo.solo.io.ExtAuthConfig") + proto.RegisterType((*ExtAuthConfig_OAuthConfig)(nil), "enterprise.gloo.solo.io.ExtAuthConfig.OAuthConfig") + proto.RegisterType((*ExtAuthConfig_ApiKeyAuthConfig)(nil), "enterprise.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig") + proto.RegisterMapType((map[string]string)(nil), "enterprise.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig.ValidApiKeyAndUserEntry") + proto.RegisterType((*ExtAuthConfig_OpaAuthConfig)(nil), "enterprise.gloo.solo.io.ExtAuthConfig.OpaAuthConfig") + proto.RegisterMapType((map[string]string)(nil), "enterprise.gloo.solo.io.ExtAuthConfig.OpaAuthConfig.ModulesEntry") + proto.RegisterType((*ExtAuthConfig_Config)(nil), "enterprise.gloo.solo.io.ExtAuthConfig.Config") +} + +func init() { + proto.RegisterFile("github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto", fileDescriptor_fd292ca1013ff82a) +} + +var fileDescriptor_fd292ca1013ff82a = []byte{ + // 2175 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x59, 0xdd, 0x8f, 0x1c, 0x47, + 0x11, 0xf7, 0x7e, 0xdc, 0x7e, 0xd4, 0xee, 0xad, 0xcf, 0xed, 0xc3, 0x77, 0xde, 0x24, 0xb6, 0x35, + 0xb6, 0x9c, 0x93, 0x65, 0xcf, 0xc6, 0xeb, 0xc8, 0x58, 0x87, 0x08, 0xb9, 0x3b, 0x9f, 0x7d, 0x4e, + 0xec, 0xf8, 0x32, 0x6b, 0x5b, 0x88, 0x80, 0x46, 0xbd, 0x33, 0xbd, 0xbb, 0x83, 0x67, 0xa7, 0x27, + 0xdd, 0x3d, 0xe7, 0x5b, 0x4b, 0xbc, 0x98, 0x17, 0xde, 0x79, 0x01, 0xfe, 0x00, 0x84, 0x84, 0xf8, + 0x17, 0x78, 0xe2, 0x81, 0x77, 0x94, 0x07, 0x24, 0x48, 0x00, 0xc1, 0x1f, 0x10, 0x24, 0x04, 0x8f, + 0xa8, 0x3f, 0x66, 0xbf, 0xce, 0x7b, 0xde, 0x3b, 0x22, 0x21, 0x45, 0x7e, 0xda, 0xe9, 0xaa, 0xfa, + 0x55, 0x77, 0x75, 0x55, 0x57, 0x57, 0xf5, 0xc2, 0x77, 0xbb, 0x81, 0xe8, 0x25, 0x6d, 0xdb, 0xa3, + 0xfd, 0x06, 0xa7, 0x21, 0xbd, 0x16, 0xd0, 0x46, 0x37, 0xa4, 0xb4, 0x11, 0x33, 0xfa, 0x43, 0xe2, + 0x09, 0xae, 0x47, 0x38, 0x0e, 0x1a, 0x7b, 0xd7, 0x1b, 0x24, 0x12, 0x84, 0xc5, 0x2c, 0xe0, 0xa4, + 0x11, 0x87, 0x49, 0x37, 0x88, 0x78, 0x83, 0xec, 0x0b, 0x9c, 0x88, 0x9e, 0xe2, 0xea, 0x4f, 0x3b, + 0x66, 0x54, 0x50, 0xb4, 0x32, 0x12, 0xb6, 0xa5, 0x0e, 0x5b, 0xaa, 0xb7, 0x03, 0x5a, 0xbf, 0xfa, + 0x92, 0x29, 0xd5, 0xef, 0xd3, 0x40, 0xa4, 0x13, 0x31, 0xd2, 0xd1, 0x6a, 0xea, 0xcb, 0x5d, 0xda, + 0xa5, 0xea, 0xb3, 0x21, 0xbf, 0x0c, 0xf5, 0xfa, 0x1c, 0x3a, 0xfa, 0x44, 0x60, 0x1f, 0x0b, 0x6c, + 0x20, 0x8d, 0x39, 0x20, 0x5c, 0x60, 0x91, 0xf0, 0x23, 0xcc, 0x91, 0x8e, 0x0d, 0xe4, 0x4d, 0x12, + 0xed, 0xd1, 0x81, 0x66, 0x36, 0x1b, 0x7e, 0xc0, 0x3d, 0xba, 0x47, 0xd8, 0x20, 0xe5, 0x76, 0x29, + 0xed, 0x86, 0x44, 0xb1, 0x71, 0x14, 0x51, 0x81, 0x45, 0x40, 0xa3, 0x74, 0xba, 0x73, 0x86, 0xab, + 0x46, 0xed, 0xa4, 0xd3, 0xf0, 0x13, 0xa6, 0x04, 0xa6, 0xd0, 0x43, 0x3e, 0x17, 0x2c, 0xf1, 0xc4, + 0x2c, 0xf4, 0x33, 0x86, 0xe3, 0x98, 0x30, 0xa3, 0xdd, 0xfa, 0x6c, 0x01, 0x60, 0x23, 0x11, 0xbd, + 0x2d, 0x1a, 0x75, 0x82, 0x2e, 0xba, 0x0b, 0x05, 0x6d, 0xeb, 0x6a, 0xe6, 0x42, 0x66, 0xad, 0xd2, + 0x5c, 0xb6, 0x3d, 0xca, 0x48, 0xea, 0x22, 0xbb, 0xa5, 0x78, 0x9b, 0x67, 0x7f, 0xff, 0xf9, 0xf9, + 0x13, 0xff, 0xfc, 0xfc, 0xfc, 0x29, 0x41, 0xb8, 0xf0, 0x83, 0x4e, 0x67, 0xdd, 0x0a, 0xba, 0x11, + 0x65, 0xc4, 0x72, 0x0c, 0x1c, 0xdd, 0x82, 0x52, 0xba, 0xcf, 0xab, 0x59, 0xa5, 0xea, 0xcc, 0xa4, + 0xaa, 0x07, 0x86, 0xbb, 0x99, 0x97, 0xca, 0x9c, 0xa1, 0x34, 0xba, 0x0d, 0x45, 0x4f, 0x2d, 0x86, + 0xaf, 0xe6, 0x2e, 0xe4, 0xd6, 0x2a, 0xcd, 0x2b, 0xf6, 0x8c, 0x88, 0xb1, 0x47, 0x0b, 0xb7, 0xf5, + 0x8f, 0x93, 0x42, 0xeb, 0x7f, 0xcd, 0x41, 0xc1, 0xd8, 0xb4, 0x05, 0xd0, 0xc6, 0x3c, 0xf0, 0x5c, + 0x19, 0x84, 0xc6, 0x2e, 0x6b, 0xa6, 0xce, 0x4d, 0x29, 0x2a, 0x15, 0xef, 0x9c, 0x70, 0xca, 0xed, + 0x74, 0x80, 0x6e, 0xc2, 0x02, 0x55, 0x78, 0x6d, 0xcc, 0xb9, 0x99, 0xf8, 0x87, 0x06, 0xab, 0xc5, + 0xd1, 0x1d, 0xa8, 0x78, 0x09, 0x17, 0xb4, 0xaf, 0x67, 0xcf, 0x29, 0xf4, 0xc5, 0x99, 0xe8, 0x2d, + 0x25, 0x6b, 0x54, 0x80, 0x37, 0x1c, 0xa1, 0xbb, 0x50, 0xc5, 0x71, 0xe0, 0x3e, 0x25, 0x03, 0xad, + 0x28, 0xff, 0x0a, 0x45, 0x1b, 0x71, 0xf0, 0x21, 0x19, 0xa4, 0x8a, 0xf0, 0x70, 0x24, 0x17, 0xa4, + 0x8f, 0xa8, 0xd6, 0xb3, 0xf0, 0x2a, 0x3d, 0x89, 0xe8, 0xed, 0x2a, 0x79, 0xa9, 0x47, 0x23, 0x95, + 0x9e, 0x6f, 0x43, 0x89, 0xc6, 0x58, 0x2b, 0x29, 0x28, 0x25, 0x17, 0x66, 0xef, 0x49, 0x8c, 0xcd, + 0x4a, 0x8a, 0x54, 0x7f, 0xa2, 0x1b, 0x90, 0x0f, 0x7d, 0x1c, 0xaf, 0x16, 0x15, 0xf4, 0xad, 0x99, + 0xd0, 0xfb, 0x3e, 0x8e, 0x77, 0x4e, 0x38, 0x4a, 0x78, 0x73, 0x11, 0x2a, 0x72, 0x3e, 0x57, 0x3b, + 0x79, 0xbd, 0xfe, 0xe2, 0xcb, 0x7c, 0x1e, 0xb2, 0xd8, 0x7b, 0xf1, 0x65, 0xbe, 0x86, 0xaa, 0x63, + 0x2c, 0x6e, 0x31, 0x58, 0xda, 0xde, 0x17, 0x72, 0xaa, 0xed, 0x7d, 0x41, 0x22, 0x1e, 0xd0, 0x08, + 0xd5, 0xa1, 0xe8, 0x07, 0x1c, 0xb7, 0x43, 0xa2, 0xa2, 0xa0, 0x24, 0xd7, 0x63, 0x08, 0x68, 0x1d, + 0x40, 0x43, 0x5d, 0x46, 0x3a, 0xc6, 0xc9, 0x67, 0x27, 0x23, 0xd6, 0x21, 0x9c, 0x26, 0xcc, 0x23, + 0x0e, 0xe9, 0xc8, 0xd8, 0xd0, 0xe2, 0x0e, 0xe9, 0x6c, 0x16, 0x20, 0xcf, 0x63, 0xe2, 0x59, 0xbf, + 0x2e, 0x42, 0xed, 0x49, 0x8f, 0x72, 0x31, 0x9a, 0xf2, 0x75, 0xec, 0xfd, 0x0f, 0xb1, 0xb7, 0x3b, + 0x8c, 0xb6, 0xa9, 0xd8, 0xbb, 0x3f, 0x4a, 0x11, 0x05, 0x95, 0x22, 0x9a, 0x33, 0x75, 0x4c, 0xfa, + 0x63, 0x2c, 0x63, 0x8c, 0x52, 0xc5, 0x3f, 0x72, 0x13, 0x29, 0xf0, 0xb5, 0xcb, 0xbe, 0x9e, 0xe9, + 0x62, 0x6a, 0x68, 0x5d, 0x81, 0x9a, 0x43, 0x13, 0x41, 0x46, 0x87, 0x75, 0x75, 0x2a, 0x3f, 0x0c, + 0xb3, 0x83, 0xf5, 0xa7, 0x1c, 0x94, 0x5a, 0x44, 0x88, 0x20, 0xea, 0x72, 0x74, 0x0f, 0x4e, 0x9b, + 0x8a, 0xe6, 0xb9, 0xcb, 0x09, 0xdb, 0x23, 0x4c, 0xe5, 0x8c, 0xcc, 0x2b, 0x72, 0x86, 0x73, 0x2a, + 0x45, 0xb5, 0x14, 0xc8, 0x21, 0x1d, 0xe9, 0xa6, 0x9e, 0x10, 0xb1, 0x52, 0x13, 0x78, 0xc4, 0x44, + 0xcb, 0xa5, 0x99, 0xe6, 0xed, 0x08, 0x11, 0xb7, 0xb4, 0xac, 0x53, 0xe9, 0x8d, 0x06, 0xe8, 0x12, + 0xd4, 0x12, 0x4e, 0x98, 0x1b, 0xf8, 0x6e, 0x8f, 0x60, 0x9f, 0x30, 0x15, 0x3a, 0x65, 0xa7, 0x2a, + 0xa9, 0xf7, 0xfc, 0x1d, 0x45, 0x43, 0x3b, 0x70, 0x92, 0x91, 0x4f, 0x13, 0xc2, 0x85, 0x2b, 0x82, + 0x3e, 0xa1, 0x89, 0x30, 0x81, 0x71, 0xd6, 0xd6, 0x65, 0x82, 0x9d, 0x96, 0x09, 0xf6, 0x6d, 0x53, + 0x64, 0x6c, 0xe6, 0x7f, 0xf6, 0xc5, 0xf9, 0x8c, 0x53, 0x33, 0xb8, 0x47, 0x1a, 0x86, 0xae, 0x02, + 0xea, 0xe0, 0x20, 0x4c, 0x18, 0x71, 0xfb, 0xd4, 0x27, 0x2e, 0x0e, 0x43, 0xfa, 0x4c, 0x45, 0x47, + 0xc9, 0x59, 0x32, 0x9c, 0x07, 0xd4, 0x27, 0x1b, 0x92, 0x8e, 0x3e, 0x80, 0x6a, 0x3a, 0x6f, 0x9b, + 0xfa, 0x03, 0x13, 0x00, 0x6f, 0xcf, 0x3e, 0x54, 0x49, 0xa7, 0x43, 0x58, 0xba, 0xe1, 0x4e, 0xc5, + 0x80, 0x37, 0xa9, 0x3f, 0x40, 0x57, 0xe0, 0x94, 0x17, 0x12, 0xcc, 0x5c, 0x26, 0x9d, 0xe7, 0x7a, + 0xd8, 0xeb, 0x11, 0x15, 0x16, 0x25, 0xe7, 0xa4, 0x62, 0x28, 0xa7, 0x6e, 0x49, 0x32, 0xba, 0x0c, + 0x27, 0x75, 0x39, 0xe2, 0xd2, 0xc8, 0x25, 0x8c, 0x51, 0xb6, 0x5a, 0xba, 0x90, 0x59, 0x5b, 0x74, + 0x16, 0x35, 0xf9, 0x61, 0xb4, 0x2d, 0x89, 0xd6, 0xcf, 0xf3, 0x50, 0x19, 0xdb, 0x5a, 0x74, 0x1e, + 0x2a, 0x31, 0x16, 0x3d, 0x37, 0x66, 0xa4, 0x13, 0xec, 0x2b, 0xcf, 0x96, 0x1d, 0x90, 0xa4, 0x5d, + 0x45, 0x41, 0x77, 0xa0, 0x68, 0xd6, 0x64, 0x5c, 0x76, 0x75, 0x1e, 0x97, 0xd9, 0x8e, 0xc6, 0x38, + 0x29, 0x18, 0xdd, 0x83, 0x12, 0x23, 0x3c, 0xa6, 0x11, 0x27, 0xe6, 0xac, 0x5f, 0x9b, 0x53, 0x91, + 0x06, 0x39, 0x43, 0x78, 0xfd, 0x8f, 0x19, 0x28, 0x1a, 0xfd, 0xe8, 0x6d, 0x38, 0xa9, 0x1c, 0x42, + 0xd2, 0x68, 0x90, 0xe5, 0x5c, 0x6e, 0xad, 0xec, 0xd4, 0x0c, 0x59, 0xc7, 0x03, 0x47, 0x3e, 0xd4, + 0x8c, 0x80, 0x2b, 0xa8, 0x8b, 0x7d, 0x7f, 0x35, 0xab, 0xf2, 0xe9, 0x7b, 0x47, 0x31, 0xc7, 0x36, + 0xda, 0x1e, 0xd1, 0x0d, 0xdf, 0xdf, 0x8e, 0x04, 0x1b, 0x38, 0xd5, 0xde, 0x18, 0xa9, 0xfe, 0x1d, + 0x38, 0x75, 0x40, 0x04, 0x2d, 0x41, 0xee, 0x29, 0x19, 0x98, 0xbd, 0x95, 0x9f, 0x68, 0x19, 0x16, + 0xf6, 0x70, 0x98, 0xe8, 0x53, 0x50, 0x76, 0xf4, 0x60, 0x3d, 0x7b, 0x2b, 0x53, 0x7f, 0x0e, 0xa5, + 0xd4, 0x62, 0x74, 0x0b, 0x56, 0x53, 0xdb, 0x92, 0x98, 0x0b, 0x46, 0x70, 0x7f, 0xca, 0xc8, 0x33, + 0x86, 0xff, 0xd8, 0xb0, 0x53, 0x63, 0xdf, 0x85, 0x94, 0xe3, 0x7a, 0x61, 0x40, 0x22, 0x31, 0xc4, + 0x65, 0x15, 0x6e, 0xd9, 0x70, 0xb7, 0x14, 0xd3, 0xa0, 0xac, 0x18, 0x6a, 0x93, 0xe1, 0x28, 0x23, + 0xb0, 0x8f, 0xf7, 0xdd, 0x61, 0x44, 0x0f, 0x04, 0xd1, 0xe5, 0xf2, 0xa2, 0x73, 0xb2, 0x8f, 0xf7, + 0xcd, 0xae, 0x6c, 0x4a, 0x32, 0x6a, 0xc2, 0x37, 0x94, 0x56, 0x37, 0xc6, 0x4c, 0x04, 0x38, 0x74, + 0xfb, 0x84, 0x73, 0xdc, 0xd5, 0x36, 0x96, 0x9c, 0xd3, 0x8a, 0xb9, 0xab, 0x79, 0x0f, 0x34, 0xcb, + 0xaa, 0x02, 0x8c, 0xf2, 0xba, 0xf5, 0x21, 0xc0, 0xee, 0x78, 0x1a, 0x2d, 0x9a, 0x06, 0x4b, 0x19, + 0x3b, 0x5f, 0x2a, 0x76, 0x52, 0x8c, 0xf5, 0x9b, 0x8c, 0xbe, 0xea, 0x34, 0x1d, 0x21, 0xc8, 0x47, + 0xb8, 0x4f, 0x8c, 0x13, 0xd4, 0x37, 0x5a, 0x83, 0x25, 0x93, 0xf0, 0x3b, 0x41, 0x48, 0x5c, 0xc5, + 0xd7, 0x0e, 0xa9, 0x69, 0xfa, 0x9d, 0x20, 0x24, 0x1f, 0x49, 0xc9, 0x77, 0x60, 0x99, 0xec, 0xc7, + 0x94, 0x09, 0xe2, 0xbb, 0x7c, 0xd0, 0x6f, 0xd3, 0x50, 0x4b, 0xeb, 0xcc, 0x83, 0x52, 0x5e, 0x4b, + 0xb1, 0x14, 0xa2, 0x01, 0x05, 0x9d, 0x7c, 0x4d, 0xda, 0x59, 0x39, 0x90, 0x76, 0x5a, 0xaa, 0x77, + 0x71, 0x8c, 0x98, 0xf5, 0x9f, 0x2c, 0x94, 0x87, 0x37, 0xac, 0x0c, 0x10, 0x46, 0x70, 0xd8, 0x37, + 0xeb, 0xd5, 0x03, 0x74, 0x0b, 0x72, 0x38, 0x66, 0xe6, 0x1c, 0x5e, 0x7e, 0xf5, 0x45, 0x6d, 0x6f, + 0xc4, 0xcc, 0x91, 0x90, 0xfa, 0x2f, 0xb2, 0x90, 0xdb, 0x88, 0x19, 0xba, 0x0b, 0x0b, 0x32, 0x4d, + 0x72, 0x13, 0xfc, 0xd7, 0xe7, 0xd3, 0x61, 0x3f, 0x96, 0x18, 0x1d, 0xef, 0x1a, 0x5f, 0x6f, 0xc1, + 0x72, 0x0b, 0x87, 0x82, 0xf8, 0x3b, 0x98, 0xf7, 0x88, 0xbf, 0x8b, 0x39, 0x7f, 0x46, 0x99, 0x2f, + 0xf7, 0x99, 0xe3, 0x50, 0xa4, 0xfb, 0x2c, 0xbf, 0xe5, 0x19, 0xed, 0x29, 0x29, 0x37, 0x36, 0x62, + 0xe9, 0x36, 0xf7, 0x26, 0xc0, 0xf5, 0x04, 0x60, 0x34, 0xd3, 0x4b, 0x8e, 0xcd, 0xc7, 0xe3, 0xc7, + 0xa6, 0xd2, 0xfc, 0xd6, 0x9c, 0xab, 0x7f, 0xd9, 0x42, 0xc7, 0xce, 0x9c, 0xf5, 0x97, 0x0c, 0x2c, + 0xa8, 0xe2, 0x04, 0xbd, 0x01, 0x65, 0x73, 0x5e, 0x02, 0xdf, 0x4c, 0x5c, 0xd2, 0x84, 0x7b, 0x3e, + 0xda, 0x96, 0xe9, 0x58, 0x31, 0x39, 0xf1, 0x18, 0x11, 0x73, 0x95, 0xcf, 0x32, 0x53, 0x4b, 0x4c, + 0x4b, 0x41, 0xe4, 0x45, 0xf8, 0x16, 0x40, 0xc0, 0x79, 0x42, 0x98, 0x9b, 0xb0, 0xd0, 0x44, 0x50, + 0x59, 0x53, 0x1e, 0xb3, 0x10, 0xad, 0x40, 0x11, 0xc7, 0xb1, 0xe2, 0xe5, 0x15, 0xaf, 0x80, 0xe3, + 0x58, 0x32, 0x2e, 0xc2, 0xa2, 0x87, 0xc3, 0xb0, 0x8d, 0xbd, 0xa7, 0xae, 0xcc, 0xcf, 0xea, 0x0a, + 0x2a, 0x3b, 0xd5, 0x94, 0xb8, 0x8b, 0x45, 0x0f, 0x9d, 0x81, 0x02, 0xf7, 0x68, 0x4c, 0x74, 0xb5, + 0x58, 0x76, 0xcc, 0xc8, 0x6a, 0x42, 0xe5, 0xa1, 0xbc, 0x90, 0xf5, 0x32, 0x94, 0xae, 0x71, 0x53, + 0x8c, 0xad, 0xd5, 0xf1, 0xb5, 0x5a, 0xff, 0x96, 0x27, 0x68, 0x54, 0x1e, 0xfd, 0x00, 0x6a, 0x21, + 0x6e, 0x93, 0xd0, 0xe5, 0x24, 0x24, 0x9e, 0xa0, 0xcc, 0x1c, 0xcb, 0x9b, 0x73, 0x54, 0x5a, 0xf6, + 0x7d, 0x89, 0x6c, 0x19, 0xa0, 0x0e, 0xa4, 0xc5, 0x70, 0x9c, 0x86, 0x76, 0xe0, 0x74, 0x5a, 0xc6, + 0x8d, 0xb6, 0x37, 0x8d, 0xd3, 0x43, 0xf6, 0x77, 0x49, 0x57, 0x70, 0xc3, 0xfd, 0xe5, 0xf5, 0xf7, + 0x01, 0x1d, 0x9c, 0xee, 0x28, 0x49, 0xd8, 0x0a, 0xa0, 0xba, 0x31, 0xa6, 0x55, 0x26, 0x8a, 0x2e, + 0x89, 0x08, 0xc3, 0x82, 0xb8, 0x66, 0x91, 0xa6, 0x6c, 0xaa, 0xa5, 0x74, 0x2d, 0xaf, 0xbd, 0xa7, + 0x05, 0xb2, 0xa9, 0xf7, 0x14, 0xe3, 0x0c, 0x14, 0x94, 0xbd, 0xba, 0xd3, 0x2f, 0x3b, 0x66, 0x64, + 0x3d, 0x82, 0xe2, 0xc3, 0x61, 0xe1, 0x57, 0xec, 0x53, 0x3f, 0x09, 0x49, 0x9a, 0xf0, 0x0e, 0xb1, + 0x3a, 0x95, 0x94, 0x46, 0x7c, 0x9a, 0x10, 0x96, 0x4e, 0xa7, 0x07, 0xd6, 0xbf, 0xb2, 0x90, 0x97, + 0xf5, 0xa1, 0xac, 0xf3, 0xb0, 0xef, 0x33, 0xc2, 0xb9, 0xb1, 0x3c, 0x1d, 0xa2, 0xcb, 0xba, 0x8c, + 0xba, 0x1d, 0x3d, 0x22, 0xfd, 0x38, 0xc4, 0x62, 0x98, 0xfa, 0x26, 0xa9, 0xe8, 0x16, 0xac, 0xf4, + 0x49, 0xbf, 0x4d, 0x18, 0xef, 0x05, 0xf1, 0x86, 0x10, 0x2c, 0x68, 0x27, 0x42, 0x65, 0x45, 0x13, + 0xbb, 0xb3, 0xd8, 0xe8, 0x12, 0x2c, 0x9a, 0x6b, 0xe6, 0x2e, 0xa3, 0x49, 0xcc, 0x57, 0xf3, 0xca, + 0xf2, 0x49, 0x22, 0x7a, 0x1f, 0xf2, 0x31, 0xa5, 0xa1, 0x29, 0xb7, 0xaf, 0x1e, 0x5a, 0xee, 0xda, + 0x5b, 0x34, 0x8a, 0x88, 0x27, 0x8b, 0xb5, 0x5d, 0x4a, 0x43, 0x47, 0x21, 0xeb, 0x3f, 0xc9, 0x40, + 0x6d, 0x92, 0x81, 0x6e, 0x42, 0xb1, 0x8f, 0xf7, 0x5b, 0xc1, 0x73, 0x62, 0x6a, 0xd5, 0x37, 0x0f, + 0xa4, 0xdf, 0xc7, 0xf7, 0x22, 0x71, 0xa3, 0xf9, 0x44, 0xfa, 0xdc, 0x49, 0x85, 0xd1, 0x7b, 0x50, + 0x09, 0xa2, 0x40, 0xde, 0x50, 0x0a, 0x9b, 0x9d, 0x03, 0x3b, 0x0e, 0xb0, 0x7e, 0x59, 0x85, 0x45, + 0xd3, 0x8b, 0x9b, 0x16, 0xab, 0x01, 0xcb, 0x63, 0x95, 0xb8, 0x8c, 0x69, 0x77, 0xec, 0x1e, 0x3a, + 0x85, 0x47, 0x4d, 0x1a, 0xe9, 0xa8, 0x5d, 0x93, 0x51, 0x29, 0x1b, 0xb9, 0x61, 0x54, 0xca, 0x01, + 0xfa, 0x20, 0x6d, 0xb2, 0x74, 0xe9, 0x34, 0xbb, 0x09, 0x9c, 0x98, 0x5d, 0xb7, 0x5c, 0xfa, 0x7b, + 0xd4, 0x78, 0x4d, 0x76, 0x7d, 0xf9, 0xe3, 0x75, 0x7d, 0x9f, 0x4c, 0x75, 0x5d, 0xda, 0x7d, 0xdf, + 0x9c, 0x73, 0x5d, 0xa3, 0xcc, 0x30, 0x5c, 0xdc, 0x21, 0x9d, 0x58, 0xe1, 0xb8, 0xcd, 0xf3, 0xdd, + 0x51, 0xf3, 0x5c, 0x52, 0x27, 0xea, 0xda, 0x9c, 0xeb, 0x9b, 0xee, 0x9b, 0x7f, 0x97, 0x81, 0xca, + 0xd8, 0x5e, 0x1e, 0x7e, 0x4f, 0x1c, 0x48, 0xae, 0xd9, 0x83, 0xc9, 0xf5, 0xff, 0x72, 0x0b, 0xd4, + 0xbf, 0xc8, 0xc0, 0xd2, 0xf4, 0xd6, 0xa3, 0x1f, 0x67, 0xe0, 0xcc, 0x1e, 0x0e, 0x03, 0xdf, 0x1d, + 0x3a, 0x34, 0xf2, 0x5d, 0x99, 0x05, 0x4c, 0x1a, 0x7a, 0x78, 0x4c, 0xa7, 0xda, 0x4f, 0xa4, 0x56, + 0x43, 0x8d, 0x7c, 0x79, 0xb3, 0xeb, 0xcc, 0x8f, 0xf6, 0x0e, 0x30, 0xea, 0xdb, 0xb0, 0x32, 0x43, + 0xfc, 0x48, 0xe5, 0xf3, 0x6f, 0x33, 0xb0, 0x68, 0xf2, 0xa9, 0x31, 0xef, 0x93, 0xe9, 0xac, 0xba, + 0x31, 0xef, 0xd9, 0x19, 0x57, 0x63, 0x3f, 0xd0, 0x3a, 0xb4, 0x01, 0x87, 0x67, 0xdf, 0xfa, 0x3a, + 0x54, 0xc7, 0xc5, 0x8f, 0x64, 0xc0, 0x67, 0xa3, 0xc7, 0xdc, 0xd7, 0x67, 0xfe, 0x38, 0xaf, 0x2f, + 0x1f, 0x8f, 0xbd, 0xbe, 0xe8, 0x27, 0x94, 0x77, 0x8f, 0xe3, 0xf0, 0x97, 0xbd, 0xc8, 0x94, 0xbe, + 0xb2, 0x17, 0x99, 0xe6, 0x9f, 0xb3, 0xb0, 0x62, 0x66, 0xbf, 0x9d, 0xfe, 0x45, 0x92, 0xb6, 0xe4, + 0xdf, 0x87, 0xd3, 0x2d, 0xd5, 0xcd, 0x4d, 0xde, 0x24, 0xe7, 0x6c, 0xf5, 0xcf, 0x8a, 0x8d, 0xe3, + 0xc0, 0xde, 0x6b, 0xda, 0x43, 0x98, 0x69, 0xc2, 0xea, 0xe7, 0x67, 0xf2, 0x75, 0x3b, 0x69, 0x9d, + 0x58, 0xcb, 0xbc, 0x93, 0x41, 0x04, 0xd0, 0x6d, 0x12, 0x0a, 0x3c, 0xa9, 0xfc, 0xe2, 0x14, 0x58, + 0x4a, 0x1c, 0x98, 0xe1, 0xd2, 0xe1, 0x42, 0x13, 0xd3, 0xfc, 0x08, 0xd0, 0x1d, 0x22, 0xbc, 0xde, + 0x57, 0x6c, 0xc3, 0xe5, 0x17, 0x7f, 0xf8, 0xfb, 0x4f, 0xb3, 0x17, 0xac, 0x37, 0x26, 0xfe, 0x5c, + 0x5a, 0x37, 0xcf, 0x4d, 0xe6, 0xb1, 0x3c, 0x73, 0x65, 0xf3, 0xd1, 0xaf, 0xfe, 0x76, 0x2e, 0xf3, + 0xbd, 0x8f, 0xe6, 0xfb, 0x67, 0x2f, 0x7e, 0xda, 0x9d, 0xeb, 0xdf, 0xbd, 0x76, 0x41, 0x55, 0x00, + 0x37, 0xfe, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x6d, 0x69, 0x5d, 0x72, 0x32, 0x1c, 0x00, 0x00, +} + +func (this *AuthConfig) Equal(that interface{}) bool { + if that == nil { + return this == nil + } + + that1, ok := that.(*AuthConfig) + if !ok { + that2, ok := that.(AuthConfig) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { + return false + } + if !this.Status.Equal(&that1.Status) { + return false + } + if !this.Metadata.Equal(&that1.Metadata) { + return false + } + if len(this.Configs) != len(that1.Configs) { + return false + } + for i := range this.Configs { + if !this.Configs[i].Equal(that1.Configs[i]) { + return false + } + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + return false + } + return true } - -func (m *ExtAuthConfig_AuthConfig) GetApiKeyAuth() *ExtAuthConfig_ApiKeyAuthConfig { - if x, ok := m.GetAuthConfig().(*ExtAuthConfig_AuthConfig_ApiKeyAuth); ok { - return x.ApiKeyAuth +func (this *AuthConfig_Config) Equal(that interface{}) bool { + if that == nil { + return this == nil } - return nil -} -func (m *ExtAuthConfig_AuthConfig) GetPluginAuth() *AuthPlugin { - if x, ok := m.GetAuthConfig().(*ExtAuthConfig_AuthConfig_PluginAuth); ok { - return x.PluginAuth + that1, ok := that.(*AuthConfig_Config) + if !ok { + that2, ok := that.(AuthConfig_Config) + if ok { + that1 = &that2 + } else { + return false + } } - return nil -} - -func (m *ExtAuthConfig_AuthConfig) GetOpaAuth() *ExtAuthConfig_OpaAuthConfig { - if x, ok := m.GetAuthConfig().(*ExtAuthConfig_AuthConfig_OpaAuth); ok { - return x.OpaAuth + if that1 == nil { + return this == nil + } else if this == nil { + return false } - return nil -} - -func (m *ExtAuthConfig_AuthConfig) GetLdap() *Ldap { - if x, ok := m.GetAuthConfig().(*ExtAuthConfig_AuthConfig_Ldap); ok { - return x.Ldap + if that1.AuthConfig == nil { + if this.AuthConfig != nil { + return false + } + } else if this.AuthConfig == nil { + return false + } else if !this.AuthConfig.Equal(that1.AuthConfig) { + return false } - return nil + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + return false + } + return true } +func (this *AuthConfig_Config_BasicAuth) Equal(that interface{}) bool { + if that == nil { + return this == nil + } -// XXX_OneofWrappers is for the internal use of the proto package. -func (*ExtAuthConfig_AuthConfig) XXX_OneofWrappers() []interface{} { - return []interface{}{ - (*ExtAuthConfig_AuthConfig_Oauth)(nil), - (*ExtAuthConfig_AuthConfig_BasicAuth)(nil), - (*ExtAuthConfig_AuthConfig_ApiKeyAuth)(nil), - (*ExtAuthConfig_AuthConfig_PluginAuth)(nil), - (*ExtAuthConfig_AuthConfig_OpaAuth)(nil), - (*ExtAuthConfig_AuthConfig_Ldap)(nil), + that1, ok := that.(*AuthConfig_Config_BasicAuth) + if !ok { + that2, ok := that.(AuthConfig_Config_BasicAuth) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { + return false + } + if !this.BasicAuth.Equal(that1.BasicAuth) { + return false } + return true } +func (this *AuthConfig_Config_Oauth) Equal(that interface{}) bool { + if that == nil { + return this == nil + } -func init() { - proto.RegisterType((*Settings)(nil), "extauth.plugins.gloo.solo.io.Settings") - proto.RegisterType((*HttpService)(nil), "extauth.plugins.gloo.solo.io.HttpService") - proto.RegisterType((*HttpService_Request)(nil), "extauth.plugins.gloo.solo.io.HttpService.Request") - proto.RegisterMapType((map[string]string)(nil), "extauth.plugins.gloo.solo.io.HttpService.Request.HeadersToAddEntry") - proto.RegisterType((*HttpService_Response)(nil), "extauth.plugins.gloo.solo.io.HttpService.Response") - proto.RegisterType((*BufferSettings)(nil), "extauth.plugins.gloo.solo.io.BufferSettings") - proto.RegisterType((*CustomAuth)(nil), "extauth.plugins.gloo.solo.io.CustomAuth") - proto.RegisterType((*PluginAuth)(nil), "extauth.plugins.gloo.solo.io.PluginAuth") - proto.RegisterType((*AuthPlugin)(nil), "extauth.plugins.gloo.solo.io.AuthPlugin") - proto.RegisterType((*BasicAuth)(nil), "extauth.plugins.gloo.solo.io.BasicAuth") - proto.RegisterType((*BasicAuth_Apr)(nil), "extauth.plugins.gloo.solo.io.BasicAuth.Apr") - proto.RegisterMapType((map[string]*BasicAuth_Apr_SaltedHashedPassword)(nil), "extauth.plugins.gloo.solo.io.BasicAuth.Apr.UsersEntry") - proto.RegisterType((*BasicAuth_Apr_SaltedHashedPassword)(nil), "extauth.plugins.gloo.solo.io.BasicAuth.Apr.SaltedHashedPassword") - proto.RegisterType((*OAuth)(nil), "extauth.plugins.gloo.solo.io.OAuth") - proto.RegisterType((*OauthSecret)(nil), "extauth.plugins.gloo.solo.io.OauthSecret") - proto.RegisterType((*ApiKeyAuth)(nil), "extauth.plugins.gloo.solo.io.ApiKeyAuth") - proto.RegisterMapType((map[string]string)(nil), "extauth.plugins.gloo.solo.io.ApiKeyAuth.LabelSelectorEntry") - proto.RegisterType((*ApiKeySecret)(nil), "extauth.plugins.gloo.solo.io.ApiKeySecret") - proto.RegisterType((*OpaAuth)(nil), "extauth.plugins.gloo.solo.io.OpaAuth") - proto.RegisterType((*Ldap)(nil), "extauth.plugins.gloo.solo.io.Ldap") - proto.RegisterType((*Ldap_ConnectionPool)(nil), "extauth.plugins.gloo.solo.io.Ldap.ConnectionPool") - proto.RegisterType((*AuthConfig)(nil), "extauth.plugins.gloo.solo.io.AuthConfig") - proto.RegisterType((*VhostExtension)(nil), "extauth.plugins.gloo.solo.io.VhostExtension") - proto.RegisterType((*RouteExtension)(nil), "extauth.plugins.gloo.solo.io.RouteExtension") - proto.RegisterType((*ExtAuthConfig)(nil), "extauth.plugins.gloo.solo.io.ExtAuthConfig") - proto.RegisterType((*ExtAuthConfig_OAuthConfig)(nil), "extauth.plugins.gloo.solo.io.ExtAuthConfig.OAuthConfig") - proto.RegisterType((*ExtAuthConfig_ApiKeyAuthConfig)(nil), "extauth.plugins.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig") - proto.RegisterMapType((map[string]string)(nil), "extauth.plugins.gloo.solo.io.ExtAuthConfig.ApiKeyAuthConfig.ValidApiKeyAndUserEntry") - proto.RegisterType((*ExtAuthConfig_OpaAuthConfig)(nil), "extauth.plugins.gloo.solo.io.ExtAuthConfig.OpaAuthConfig") - proto.RegisterMapType((map[string]string)(nil), "extauth.plugins.gloo.solo.io.ExtAuthConfig.OpaAuthConfig.ModulesEntry") - proto.RegisterType((*ExtAuthConfig_AuthConfig)(nil), "extauth.plugins.gloo.solo.io.ExtAuthConfig.AuthConfig") + that1, ok := that.(*AuthConfig_Config_Oauth) + if !ok { + that2, ok := that.(AuthConfig_Config_Oauth) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { + return false + } + if !this.Oauth.Equal(that1.Oauth) { + return false + } + return true } +func (this *AuthConfig_Config_CustomAuth) Equal(that interface{}) bool { + if that == nil { + return this == nil + } -func init() { - proto.RegisterFile("github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto", fileDescriptor_6eb2ccbcf0f13656) -} - -var fileDescriptor_6eb2ccbcf0f13656 = []byte{ - // 1996 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x59, 0xcd, 0x73, 0x1b, 0x49, - 0x15, 0xcf, 0x48, 0xb2, 0x25, 0x3f, 0xc9, 0x72, 0xd2, 0x31, 0xb1, 0xd0, 0x86, 0xc4, 0xa5, 0x84, - 0xac, 0x09, 0x61, 0xb4, 0xab, 0x50, 0x4b, 0xc8, 0xf2, 0xb1, 0xb6, 0xe3, 0xa0, 0x94, 0x93, 0xb5, - 0x19, 0xd9, 0x3e, 0x50, 0x54, 0xcd, 0xb6, 0x66, 0x5a, 0xd2, 0xe0, 0xd1, 0xf4, 0x6c, 0x77, 0x8f, - 0x63, 0xa5, 0x8a, 0x0b, 0x17, 0x72, 0xe7, 0xc2, 0x1f, 0xc0, 0x61, 0x2f, 0xfc, 0x0b, 0x5c, 0xe0, - 0x2f, 0x80, 0x33, 0x1f, 0x45, 0x6d, 0xf1, 0x2f, 0x50, 0x45, 0x71, 0xa0, 0xfa, 0x63, 0xf4, 0x61, - 0xc5, 0xb2, 0x45, 0xa0, 0xf6, 0xb2, 0x27, 0x4f, 0xbf, 0xaf, 0xee, 0xf7, 0x7e, 0xaf, 0xdf, 0x7b, - 0x6a, 0xc3, 0x61, 0x37, 0x10, 0xbd, 0xa4, 0x6d, 0x7b, 0xb4, 0x5f, 0xe7, 0x34, 0xa4, 0xdf, 0x0a, - 0x68, 0xbd, 0x1b, 0x52, 0x5a, 0x8f, 0x19, 0xfd, 0x19, 0xf1, 0x04, 0xd7, 0x2b, 0x1c, 0x07, 0xf5, - 0x93, 0xf7, 0xeb, 0x24, 0x12, 0x84, 0xc5, 0x2c, 0xe0, 0xa4, 0x1e, 0x87, 0x49, 0x37, 0x88, 0x78, - 0x9d, 0x9c, 0x0a, 0x9c, 0x88, 0x5e, 0xfa, 0xd7, 0x8e, 0x19, 0x15, 0x14, 0xdd, 0x1c, 0x2e, 0xb5, - 0x98, 0x2d, 0xad, 0xd8, 0x72, 0x03, 0x3b, 0xa0, 0xd5, 0x07, 0x6f, 0xd8, 0x54, 0xfd, 0x3d, 0x0e, - 0x44, 0xba, 0x15, 0x23, 0x1d, 0x6d, 0xab, 0xba, 0xda, 0xa5, 0x5d, 0xaa, 0x3e, 0xeb, 0xf2, 0xcb, - 0x50, 0x6f, 0x92, 0xe8, 0x84, 0x0e, 0xb4, 0x74, 0xa3, 0xee, 0x07, 0xdc, 0xa3, 0x27, 0x84, 0x0d, - 0x52, 0x6e, 0x97, 0xd2, 0x6e, 0x48, 0x14, 0x1b, 0x47, 0x11, 0x15, 0x58, 0x04, 0x34, 0xe2, 0x86, - 0x7b, 0xcb, 0x70, 0xd5, 0xaa, 0x9d, 0x74, 0xea, 0x7e, 0xc2, 0x94, 0xc0, 0x19, 0xed, 0x21, 0x9f, - 0x0b, 0x96, 0x78, 0xe2, 0x3c, 0xed, 0x97, 0x0c, 0xc7, 0x31, 0x61, 0xc6, 0x7a, 0xed, 0x1f, 0x59, - 0x28, 0xb4, 0x88, 0x10, 0x41, 0xd4, 0xe5, 0xe8, 0x19, 0x5c, 0x37, 0xa1, 0x78, 0xe5, 0x72, 0xc2, - 0x4e, 0x08, 0x73, 0x19, 0xe9, 0x54, 0xac, 0x75, 0x6b, 0xa3, 0xd8, 0xf8, 0xaa, 0xed, 0x51, 0x46, - 0xd2, 0xb0, 0xd8, 0x0e, 0xe1, 0x34, 0x61, 0x1e, 0x71, 0x48, 0xc7, 0xb9, 0x96, 0x6a, 0xb5, 0x94, - 0x92, 0x43, 0x3a, 0xe8, 0x39, 0x94, 0x7a, 0x42, 0xc4, 0xca, 0x4c, 0xe0, 0x91, 0x4a, 0x46, 0xd9, - 0xf8, 0x86, 0x3d, 0x2b, 0xd4, 0x76, 0x53, 0x88, 0xb8, 0xa5, 0x15, 0x9c, 0x62, 0x6f, 0xb4, 0x40, - 0x77, 0xa1, 0x9c, 0x70, 0xc2, 0xdc, 0xc0, 0x77, 0x7b, 0x04, 0xfb, 0x84, 0x55, 0xb2, 0xeb, 0xd6, - 0xc6, 0x92, 0x53, 0x92, 0xd4, 0x67, 0x7e, 0x53, 0xd1, 0x50, 0x13, 0x56, 0x18, 0xf9, 0x34, 0x21, - 0x5c, 0xb8, 0x22, 0xe8, 0x13, 0x9a, 0x88, 0x4a, 0xce, 0x1c, 0x5d, 0x47, 0xc1, 0x4e, 0xa3, 0x60, - 0x3f, 0x31, 0x31, 0xdc, 0xca, 0xfd, 0xfa, 0xaf, 0xb7, 0x2d, 0xa7, 0x6c, 0xf4, 0x0e, 0xb4, 0x1a, - 0x7a, 0x00, 0xa8, 0x83, 0x83, 0x30, 0x61, 0xc4, 0xed, 0x53, 0x9f, 0xb8, 0x38, 0x0c, 0xe9, 0xcb, - 0xca, 0xc2, 0xba, 0xb5, 0x51, 0x70, 0xae, 0x1a, 0xce, 0x0b, 0xea, 0x93, 0x4d, 0x49, 0x47, 0x7b, - 0x50, 0x4a, 0xf7, 0x6d, 0x53, 0x7f, 0x50, 0x59, 0x54, 0x9b, 0x3e, 0x98, 0xed, 0xeb, 0x56, 0xd2, - 0xe9, 0x10, 0x96, 0x86, 0xde, 0x29, 0x1a, 0x0b, 0x5b, 0xd4, 0x1f, 0xa0, 0xfb, 0x70, 0xcd, 0x0b, - 0x09, 0x66, 0x2e, 0xa3, 0x89, 0x20, 0xae, 0x87, 0xbd, 0x1e, 0xa9, 0xe4, 0xd5, 0xee, 0x2b, 0x8a, - 0xe1, 0x48, 0xfa, 0xb6, 0x24, 0xa3, 0x7b, 0xb0, 0xc2, 0x05, 0x16, 0x09, 0x77, 0x69, 0xe4, 0x12, - 0xc6, 0x28, 0xab, 0x14, 0xd6, 0xad, 0x8d, 0x65, 0x67, 0x59, 0x93, 0xf7, 0xa2, 0x1d, 0x49, 0xac, - 0x7d, 0x96, 0x83, 0xe2, 0x58, 0x7c, 0xd1, 0x6d, 0x28, 0xc6, 0x58, 0xf4, 0xdc, 0x98, 0x91, 0x4e, - 0x70, 0xaa, 0x30, 0x5e, 0x72, 0x40, 0x92, 0xf6, 0x15, 0x05, 0xed, 0x42, 0xde, 0x9c, 0xc9, 0x80, - 0xf7, 0xfe, 0xa5, 0xc1, 0xb3, 0x1d, 0xad, 0xe8, 0xa4, 0x16, 0xd0, 0xc7, 0x50, 0x60, 0x84, 0xc7, - 0x34, 0xe2, 0x44, 0x41, 0x57, 0x6c, 0x34, 0xe6, 0xb1, 0xa6, 0x35, 0x9d, 0xa1, 0x8d, 0xea, 0x5f, - 0x2c, 0xc8, 0x9b, 0x4d, 0xd0, 0xbb, 0xb0, 0xa2, 0xf0, 0x21, 0x69, 0x72, 0xf0, 0x8a, 0xb5, 0x9e, - 0xdd, 0x58, 0x72, 0xca, 0x86, 0xac, 0xd3, 0x83, 0xa3, 0x00, 0xca, 0x46, 0xc0, 0x15, 0xd4, 0xc5, - 0xbe, 0x5f, 0xc9, 0xac, 0x67, 0x37, 0x8a, 0x8d, 0xed, 0xb9, 0x1d, 0xb3, 0x8d, 0xc9, 0x03, 0xba, - 0xe9, 0xfb, 0x3b, 0x91, 0x60, 0x03, 0xa7, 0xd4, 0x1b, 0x23, 0x55, 0x7f, 0x08, 0xd7, 0xa6, 0x44, - 0xd0, 0x55, 0xc8, 0x1e, 0x93, 0x81, 0x09, 0xb5, 0xfc, 0x44, 0xab, 0xb0, 0x70, 0x82, 0xc3, 0x44, - 0x5f, 0x8f, 0x25, 0x47, 0x2f, 0x1e, 0x67, 0x1e, 0x59, 0xd5, 0x57, 0x50, 0x48, 0xdd, 0x46, 0x8f, - 0xa0, 0x92, 0x3a, 0x98, 0xc4, 0x5c, 0x30, 0x82, 0xfb, 0x67, 0x3c, 0xbd, 0x61, 0xf8, 0x87, 0x86, - 0x9d, 0x7a, 0xfc, 0x6d, 0x48, 0x39, 0xae, 0x17, 0x06, 0x24, 0x12, 0x43, 0xbd, 0x8c, 0xd2, 0x5b, - 0x35, 0xdc, 0x6d, 0xc5, 0x34, 0x5a, 0xb5, 0x18, 0xca, 0x93, 0xd9, 0x29, 0x13, 0xb2, 0x8f, 0x4f, - 0xdd, 0x61, 0x96, 0x0f, 0x04, 0xe1, 0xca, 0x8f, 0x65, 0x67, 0xa5, 0x8f, 0x4f, 0x4d, 0x54, 0xb6, - 0x24, 0x19, 0x35, 0xe0, 0x2b, 0xca, 0xaa, 0x1b, 0x63, 0x26, 0x02, 0x1c, 0xba, 0x7d, 0xc2, 0x39, - 0xee, 0x6a, 0x1f, 0x0b, 0xce, 0x75, 0xc5, 0xdc, 0xd7, 0xbc, 0x17, 0x9a, 0x55, 0x2b, 0x01, 0x6c, - 0x27, 0x5c, 0xd0, 0xfe, 0x66, 0x22, 0x7a, 0xb5, 0x7d, 0x80, 0x7d, 0x05, 0x84, 0x5c, 0xa1, 0x2d, - 0xc8, 0x1b, 0x58, 0x94, 0xb3, 0xc5, 0xc6, 0xc6, 0x6c, 0xb8, 0xa4, 0x92, 0x56, 0x77, 0x52, 0xc5, - 0xda, 0x6f, 0x2d, 0x80, 0x11, 0x1d, 0x21, 0xc8, 0x45, 0xb8, 0x4f, 0x0c, 0x12, 0xea, 0x1b, 0x6d, - 0xc0, 0x55, 0x2d, 0xed, 0x76, 0x82, 0x90, 0xb8, 0x8a, 0xaf, 0x51, 0x29, 0x6b, 0xfa, 0xd3, 0x20, - 0x24, 0x1f, 0x4b, 0xc9, 0xf7, 0x60, 0x95, 0x9c, 0xc6, 0x94, 0x09, 0xe2, 0xbb, 0x7c, 0xd0, 0x6f, - 0xd3, 0x50, 0x4b, 0xeb, 0x92, 0x84, 0x52, 0x5e, 0x4b, 0xb1, 0x94, 0x46, 0x1d, 0x16, 0x3d, 0x1a, - 0x75, 0x82, 0xae, 0xa9, 0x47, 0x6b, 0x53, 0xf5, 0xa8, 0xa5, 0x6a, 0xb6, 0x63, 0xc4, 0x6a, 0xbf, - 0xcc, 0xc2, 0xd2, 0x16, 0xe6, 0x81, 0xa7, 0x22, 0xb0, 0x0a, 0x0b, 0x8c, 0xe0, 0xb0, 0x6f, 0xce, - 0xab, 0x17, 0xe8, 0xfb, 0x90, 0xc5, 0x31, 0x33, 0x77, 0xf3, 0x9b, 0x17, 0x14, 0x9b, 0xd4, 0x96, - 0xbd, 0x19, 0x33, 0x47, 0xea, 0x55, 0x7f, 0x93, 0x81, 0xec, 0x66, 0xcc, 0xd0, 0x73, 0x58, 0x90, - 0x45, 0x94, 0x9b, 0xbb, 0xf0, 0xc1, 0x1c, 0x86, 0xec, 0x43, 0xa9, 0xa8, 0xd3, 0x5f, 0x1b, 0xa9, - 0xb6, 0x60, 0xb5, 0x85, 0x43, 0x41, 0xfc, 0x26, 0xe6, 0x3d, 0xe2, 0xef, 0x63, 0xce, 0x5f, 0x52, - 0xe6, 0xcb, 0x88, 0x73, 0x1c, 0x8a, 0x34, 0xe2, 0xf2, 0x5b, 0xde, 0xdb, 0x9e, 0x92, 0x72, 0x63, - 0x23, 0x96, 0x06, 0xbc, 0x37, 0xa1, 0x5c, 0x7d, 0x05, 0x30, 0xda, 0xe9, 0x0d, 0xb7, 0xe8, 0x68, - 0xfc, 0x16, 0x15, 0x1b, 0x1f, 0xcd, 0xe3, 0xc2, 0x9b, 0x4e, 0x3b, 0x76, 0x0f, 0x6b, 0x7f, 0xb3, - 0x60, 0x61, 0x4f, 0xa1, 0xf0, 0x0e, 0x2c, 0x99, 0x3b, 0x14, 0xf8, 0x66, 0xf7, 0x82, 0x26, 0x3c, - 0xf3, 0xd1, 0x8e, 0xac, 0xd8, 0x8a, 0xc9, 0x89, 0xc7, 0x88, 0x50, 0x7d, 0x33, 0x73, 0x51, 0xdf, - 0x5c, 0xd1, 0x3a, 0x2d, 0xa5, 0x22, 0xbb, 0xe6, 0xd7, 0x00, 0x02, 0xce, 0x13, 0xc2, 0xdc, 0x84, - 0x85, 0x26, 0xa1, 0x96, 0x34, 0xe5, 0x90, 0x85, 0x68, 0x0d, 0xf2, 0x38, 0x8e, 0x15, 0x2f, 0xa7, - 0x78, 0x8b, 0x38, 0x8e, 0x25, 0xe3, 0x0e, 0x2c, 0x7b, 0x38, 0x0c, 0xdb, 0xd8, 0x3b, 0x76, 0x65, - 0x09, 0x57, 0xad, 0x6a, 0xc9, 0x29, 0xa5, 0xc4, 0x7d, 0x2c, 0x7a, 0xe8, 0x06, 0x2c, 0x72, 0x8f, - 0xc6, 0x84, 0x57, 0x16, 0xd5, 0xe5, 0x37, 0xab, 0x5a, 0x03, 0x8a, 0x7b, 0x32, 0x5c, 0xfa, 0x18, - 0xca, 0xd6, 0xb8, 0x2b, 0xc6, 0xd7, 0xd2, 0xf8, 0x59, 0x6b, 0xff, 0x96, 0x17, 0x2a, 0x0e, 0x76, - 0xc9, 0x40, 0xc5, 0xa6, 0x0d, 0xe5, 0x10, 0xb7, 0x49, 0xe8, 0x72, 0x12, 0x12, 0x4f, 0x50, 0x66, - 0xae, 0xea, 0x87, 0x17, 0x5c, 0xd5, 0xa1, 0x05, 0xfb, 0xb9, 0x54, 0x6f, 0x19, 0x6d, 0x9d, 0x52, - 0xcb, 0xe1, 0x38, 0x0d, 0x35, 0xe1, 0x3a, 0x8e, 0x03, 0xf7, 0x98, 0x0c, 0xc6, 0x62, 0x9c, 0xa6, - 0xed, 0x8c, 0x20, 0x5f, 0xc5, 0x6a, 0x97, 0x61, 0x90, 0x79, 0xf5, 0x23, 0x40, 0xd3, 0xdb, 0xcd, - 0x53, 0x9d, 0x6b, 0x01, 0x94, 0x36, 0xc7, 0xac, 0xca, 0xe2, 0xd1, 0x25, 0x11, 0x61, 0x58, 0x10, - 0xd7, 0x1c, 0x52, 0x19, 0x2a, 0x38, 0xe5, 0x94, 0xae, 0xe5, 0x35, 0x84, 0x5a, 0x20, 0x93, 0x42, - 0xa8, 0x18, 0x37, 0x60, 0x51, 0xf9, 0xcb, 0x2b, 0x59, 0x8d, 0x8e, 0x5e, 0xd5, 0x0e, 0x20, 0xbf, - 0x17, 0x63, 0x15, 0xe5, 0x87, 0x90, 0xef, 0x53, 0x3f, 0x09, 0x49, 0x5a, 0x09, 0x67, 0x78, 0x9d, - 0x4a, 0x4a, 0x27, 0x3e, 0x4d, 0x08, 0x4b, 0xb7, 0xd3, 0x8b, 0xda, 0xbf, 0x32, 0x90, 0x7b, 0xee, - 0xe3, 0x18, 0x55, 0x20, 0x8f, 0x7d, 0x9f, 0x11, 0xce, 0x8d, 0xe7, 0xe9, 0x12, 0xdd, 0xd3, 0x33, - 0xd7, 0x93, 0xe8, 0x80, 0xf4, 0xe3, 0x10, 0x8b, 0x61, 0x39, 0x9c, 0xa4, 0xa2, 0x47, 0xb0, 0xd6, - 0x27, 0xfd, 0x36, 0x61, 0xbc, 0x17, 0xc4, 0x9b, 0x42, 0xb0, 0xa0, 0x9d, 0x08, 0x55, 0x29, 0x4d, - 0x02, 0x9f, 0xc7, 0x46, 0x77, 0x61, 0xd9, 0xf4, 0x9f, 0x1f, 0x31, 0x9a, 0xc4, 0xbc, 0x92, 0x53, - 0x9e, 0x4f, 0x12, 0xd1, 0x0e, 0xe4, 0x62, 0x4a, 0x43, 0x95, 0xd2, 0x17, 0x0e, 0x21, 0xd2, 0x27, - 0x7b, 0x9b, 0x46, 0x11, 0xf1, 0xe4, 0x78, 0xb7, 0x4f, 0x69, 0xe8, 0x28, 0xf5, 0xea, 0x6b, 0x0b, - 0xca, 0x93, 0x0c, 0xf4, 0x01, 0xe4, 0xfb, 0xf8, 0xb4, 0x15, 0xbc, 0x22, 0x66, 0xc4, 0xbd, 0x39, - 0x55, 0x97, 0x0f, 0x9f, 0x45, 0xe2, 0x61, 0xe3, 0x48, 0x02, 0xef, 0xa4, 0xc2, 0xe8, 0x07, 0x50, - 0x0c, 0xa2, 0x40, 0xf6, 0x2f, 0xa5, 0x9b, 0xb9, 0x84, 0xee, 0xb8, 0x42, 0xed, 0x75, 0x4e, 0x77, - 0xa3, 0x6d, 0x55, 0xec, 0x51, 0x13, 0xa0, 0x2d, 0x6b, 0x92, 0x2b, 0xdd, 0x32, 0x27, 0x79, 0xf7, - 0x92, 0x35, 0xac, 0x79, 0xc5, 0x59, 0x6a, 0x0f, 0x1b, 0xc5, 0x87, 0xb0, 0x40, 0x95, 0x11, 0x7d, - 0xa4, 0x3b, 0xb3, 0x8d, 0xec, 0x19, 0x03, 0x5a, 0x07, 0xed, 0x42, 0xd1, 0x53, 0x3d, 0x58, 0x9f, - 0x43, 0x4f, 0x69, 0x17, 0xf4, 0xda, 0x51, 0xd3, 0x6e, 0x5e, 0x71, 0xc0, 0x1b, 0xae, 0xe4, 0xf8, - 0x9f, 0x5e, 0x56, 0x65, 0x2d, 0x77, 0x19, 0x6b, 0xa3, 0x72, 0x20, 0xad, 0xe1, 0x51, 0x79, 0xd9, - 0x85, 0xa2, 0xe9, 0xcd, 0xca, 0xd8, 0xc2, 0xa5, 0x8c, 0x0d, 0xdb, 0xbd, 0x34, 0x16, 0x8f, 0xcf, - 0x13, 0x05, 0x1a, 0x63, 0x6d, 0x49, 0x4f, 0xea, 0x5f, 0xbf, 0x20, 0x4e, 0xfa, 0xfa, 0x35, 0xaf, - 0x38, 0x79, 0x6a, 0x6e, 0xe2, 0x23, 0xc8, 0x85, 0x3e, 0x8e, 0xd5, 0x4c, 0x5e, 0x6c, 0xd4, 0x2e, - 0xce, 0xc9, 0xe6, 0x15, 0x47, 0x69, 0x6c, 0x2d, 0x43, 0x51, 0x4a, 0xba, 0xa6, 0xd1, 0xff, 0x31, - 0x0b, 0xe5, 0xa3, 0x1e, 0xe5, 0x62, 0xe7, 0x54, 0x90, 0x88, 0x07, 0x34, 0xfa, 0x32, 0x1d, 0xfe, - 0x2f, 0xe9, 0x30, 0x1a, 0x28, 0xa7, 0xd2, 0x21, 0xaf, 0xb1, 0xd0, 0x6d, 0xf1, 0x52, 0x79, 0xa5, - 0x2f, 0xae, 0x93, 0x2a, 0x9e, 0x05, 0xf5, 0x3e, 0x94, 0xd5, 0x0f, 0xb4, 0x11, 0xa6, 0x15, 0xc8, - 0xfb, 0x01, 0xc7, 0xed, 0x90, 0x98, 0xb6, 0x90, 0x2e, 0x6b, 0xbf, 0x2b, 0xc1, 0xf2, 0xce, 0xa9, - 0x18, 0x2b, 0x07, 0xb2, 0xeb, 0xc8, 0x8c, 0x48, 0xa7, 0x3d, 0xb5, 0x40, 0x7b, 0x29, 0x96, 0x1a, - 0x88, 0xef, 0xcc, 0x3e, 0xe4, 0x84, 0x45, 0x8d, 0xac, 0xfe, 0x1e, 0xe1, 0x3b, 0x99, 0x66, 0xb9, - 0xb7, 0x48, 0xb3, 0x4f, 0xce, 0x80, 0xab, 0xf1, 0xf8, 0xde, 0x3c, 0x27, 0x1c, 0x41, 0x3d, 0x3c, - 0xe6, 0x0c, 0xc0, 0x17, 0xdf, 0x0a, 0xf0, 0xfd, 0x11, 0xe0, 0x85, 0xcb, 0x8c, 0xbc, 0x67, 0x4e, - 0x3a, 0x0d, 0x7f, 0xf5, 0x0f, 0x16, 0x14, 0xc7, 0x62, 0x3c, 0x7b, 0x52, 0x9c, 0x1a, 0xaf, 0x32, - 0xd3, 0xe3, 0xd5, 0x17, 0x32, 0x07, 0x56, 0x3f, 0xb7, 0xe0, 0xea, 0x59, 0x20, 0xd0, 0x6b, 0x0b, - 0x6e, 0x9c, 0xe0, 0x30, 0xf0, 0xdd, 0x21, 0xc6, 0x91, 0xef, 0xca, 0x11, 0xc0, 0xcc, 0x20, 0x07, - 0x6f, 0x83, 0xb3, 0x7d, 0x24, 0x4d, 0x1b, 0x6a, 0xe4, 0xcb, 0x29, 0x5f, 0xcf, 0x7e, 0xe8, 0x64, - 0x8a, 0x51, 0xdd, 0x81, 0xb5, 0x73, 0xc4, 0xe7, 0xfa, 0x65, 0xfd, 0x7b, 0x0b, 0x96, 0x4d, 0x49, - 0x37, 0x3e, 0x7e, 0x72, 0x76, 0xae, 0x7a, 0x3a, 0xd7, 0xed, 0x1a, 0xb7, 0x65, 0xbf, 0xd0, 0x86, - 0xb4, 0x17, 0xb3, 0x87, 0xb0, 0xea, 0x63, 0x28, 0x8d, 0x8b, 0xcf, 0xe5, 0xc5, 0x3f, 0xb3, 0x13, - 0x33, 0xc4, 0x97, 0xe5, 0x61, 0xce, 0xf2, 0x70, 0xee, 0x78, 0x70, 0x34, 0x36, 0x1e, 0xe8, 0xf6, - 0xfe, 0xdd, 0xff, 0x3a, 0x1b, 0xde, 0x34, 0x32, 0x14, 0xde, 0x72, 0x64, 0x38, 0xb3, 0x6c, 0xfc, - 0x39, 0x03, 0x6b, 0xe6, 0x08, 0x4f, 0xd2, 0x77, 0xe5, 0xf4, 0x8d, 0xef, 0xa7, 0x70, 0xbd, 0xa5, - 0xde, 0x83, 0x26, 0x3b, 0xcc, 0x2d, 0x5b, 0x3d, 0x47, 0xdb, 0x38, 0x0e, 0xec, 0x93, 0x86, 0x3d, - 0x54, 0x33, 0xcf, 0x38, 0xd5, 0xdb, 0xe7, 0xf2, 0xf5, 0x83, 0x54, 0xed, 0xca, 0x86, 0xf5, 0x9e, - 0x85, 0x08, 0xa0, 0x27, 0x24, 0x14, 0x78, 0xd2, 0xf8, 0x9d, 0x33, 0xca, 0x52, 0x62, 0x6a, 0x87, - 0xbb, 0xb3, 0x85, 0x26, 0xb6, 0xf9, 0x39, 0xa0, 0xa7, 0x44, 0x78, 0xbd, 0xff, 0xb1, 0x0f, 0xf7, - 0x7e, 0xf1, 0xa7, 0xcf, 0x7f, 0x95, 0x59, 0xaf, 0xbd, 0x33, 0xf1, 0x22, 0xff, 0xd8, 0xc0, 0xa2, - 0x83, 0xfb, 0xd8, 0xba, 0xbf, 0xf5, 0xe3, 0xcf, 0xfe, 0x7e, 0xcb, 0xfa, 0xc9, 0xee, 0xe5, 0xfe, - 0xf3, 0x10, 0x1f, 0x77, 0x2f, 0xfe, 0xef, 0x43, 0x7b, 0x51, 0xfd, 0x44, 0x78, 0xf8, 0x9f, 0x00, - 0x00, 0x00, 0xff, 0xff, 0x76, 0xa7, 0xb0, 0xde, 0xcf, 0x18, 0x00, 0x00, + that1, ok := that.(*AuthConfig_Config_CustomAuth) + if !ok { + that2, ok := that.(AuthConfig_Config_CustomAuth) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { + return false + } + if !this.CustomAuth.Equal(that1.CustomAuth) { + return false + } + return true } - -func (this *Settings) Equal(that interface{}) bool { +func (this *AuthConfig_Config_ApiKeyAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*Settings) + that1, ok := that.(*AuthConfig_Config_ApiKeyAuth) if !ok { - that2, ok := that.(Settings) + that2, ok := that.(AuthConfig_Config_ApiKeyAuth) if ok { that1 = &that2 } else { @@ -1988,34 +2440,109 @@ func (this *Settings) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.ExtauthzServerRef.Equal(that1.ExtauthzServerRef) { + if !this.ApiKeyAuth.Equal(that1.ApiKeyAuth) { return false } - if !this.HttpService.Equal(that1.HttpService) { + return true +} +func (this *AuthConfig_Config_PluginAuth) Equal(that interface{}) bool { + if that == nil { + return this == nil + } + + that1, ok := that.(*AuthConfig_Config_PluginAuth) + if !ok { + that2, ok := that.(AuthConfig_Config_PluginAuth) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { return false } - if this.UserIdHeader != that1.UserIdHeader { + if !this.PluginAuth.Equal(that1.PluginAuth) { return false } - if this.RequestTimeout != nil && that1.RequestTimeout != nil { - if *this.RequestTimeout != *that1.RequestTimeout { + return true +} +func (this *AuthConfig_Config_OpaAuth) Equal(that interface{}) bool { + if that == nil { + return this == nil + } + + that1, ok := that.(*AuthConfig_Config_OpaAuth) + if !ok { + that2, ok := that.(AuthConfig_Config_OpaAuth) + if ok { + that1 = &that2 + } else { return false } - } else if this.RequestTimeout != nil { + } + if that1 == nil { + return this == nil + } else if this == nil { return false - } else if that1.RequestTimeout != nil { + } + if !this.OpaAuth.Equal(that1.OpaAuth) { return false } - if this.FailureModeAllow != that1.FailureModeAllow { + return true +} +func (this *AuthConfig_Config_Ldap) Equal(that interface{}) bool { + if that == nil { + return this == nil + } + + that1, ok := that.(*AuthConfig_Config_Ldap) + if !ok { + that2, ok := that.(AuthConfig_Config_Ldap) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { return false } - if !this.RequestBody.Equal(that1.RequestBody) { + if !this.Ldap.Equal(that1.Ldap) { return false } - if this.ClearRouteCache != that1.ClearRouteCache { + return true +} +func (this *ExtAuthExtension) Equal(that interface{}) bool { + if that == nil { + return this == nil + } + + that1, ok := that.(*ExtAuthExtension) + if !ok { + that2, ok := that.(ExtAuthExtension) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { return false } - if this.StatusOnError != that1.StatusOnError { + if that1.Spec == nil { + if this.Spec != nil { + return false + } + } else if this.Spec == nil { + return false + } else if !this.Spec.Equal(that1.Spec) { return false } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { @@ -2023,14 +2550,14 @@ func (this *Settings) Equal(that interface{}) bool { } return true } -func (this *HttpService) Equal(that interface{}) bool { +func (this *ExtAuthExtension_Disable) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*HttpService) + that1, ok := that.(*ExtAuthExtension_Disable) if !ok { - that2, ok := that.(HttpService) + that2, ok := that.(ExtAuthExtension_Disable) if ok { that1 = &that2 } else { @@ -2042,28 +2569,43 @@ func (this *HttpService) Equal(that interface{}) bool { } else if this == nil { return false } - if this.PathPrefix != that1.PathPrefix { + if this.Disable != that1.Disable { return false } - if !this.Request.Equal(that1.Request) { - return false + return true +} +func (this *ExtAuthExtension_ConfigRef) Equal(that interface{}) bool { + if that == nil { + return this == nil } - if !this.Response.Equal(that1.Response) { + + that1, ok := that.(*ExtAuthExtension_ConfigRef) + if !ok { + that2, ok := that.(ExtAuthExtension_ConfigRef) + if ok { + that1 = &that2 + } else { + return false + } + } + if that1 == nil { + return this == nil + } else if this == nil { return false } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.ConfigRef.Equal(that1.ConfigRef) { return false } return true } -func (this *HttpService_Request) Equal(that interface{}) bool { +func (this *VhostExtension) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*HttpService_Request) + that1, ok := that.(*VhostExtension) if !ok { - that2, ok := that.(HttpService_Request) + that2, ok := that.(VhostExtension) if ok { that1 = &that2 } else { @@ -2075,19 +2617,20 @@ func (this *HttpService_Request) Equal(that interface{}) bool { } else if this == nil { return false } - if len(this.AllowedHeaders) != len(that1.AllowedHeaders) { - return false - } - for i := range this.AllowedHeaders { - if this.AllowedHeaders[i] != that1.AllowedHeaders[i] { + if that1.AuthConfig == nil { + if this.AuthConfig != nil { return false } + } else if this.AuthConfig == nil { + return false + } else if !this.AuthConfig.Equal(that1.AuthConfig) { + return false } - if len(this.HeadersToAdd) != len(that1.HeadersToAdd) { + if len(this.Configs) != len(that1.Configs) { return false } - for i := range this.HeadersToAdd { - if this.HeadersToAdd[i] != that1.HeadersToAdd[i] { + for i := range this.Configs { + if !this.Configs[i].Equal(that1.Configs[i]) { return false } } @@ -2096,14 +2639,14 @@ func (this *HttpService_Request) Equal(that interface{}) bool { } return true } -func (this *HttpService_Response) Equal(that interface{}) bool { +func (this *VhostExtension_BasicAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*HttpService_Response) + that1, ok := that.(*VhostExtension_BasicAuth) if !ok { - that2, ok := that.(HttpService_Response) + that2, ok := that.(VhostExtension_BasicAuth) if ok { that1 = &that2 } else { @@ -2115,35 +2658,43 @@ func (this *HttpService_Response) Equal(that interface{}) bool { } else if this == nil { return false } - if len(this.AllowedUpstreamHeaders) != len(that1.AllowedUpstreamHeaders) { + if !this.BasicAuth.Equal(that1.BasicAuth) { return false } - for i := range this.AllowedUpstreamHeaders { - if this.AllowedUpstreamHeaders[i] != that1.AllowedUpstreamHeaders[i] { + return true +} +func (this *VhostExtension_Oauth) Equal(that interface{}) bool { + if that == nil { + return this == nil + } + + that1, ok := that.(*VhostExtension_Oauth) + if !ok { + that2, ok := that.(VhostExtension_Oauth) + if ok { + that1 = &that2 + } else { return false } } - if len(this.AllowedClientHeaders) != len(that1.AllowedClientHeaders) { + if that1 == nil { + return this == nil + } else if this == nil { return false } - for i := range this.AllowedClientHeaders { - if this.AllowedClientHeaders[i] != that1.AllowedClientHeaders[i] { - return false - } - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.Oauth.Equal(that1.Oauth) { return false } return true } -func (this *BufferSettings) Equal(that interface{}) bool { +func (this *VhostExtension_CustomAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*BufferSettings) + that1, ok := that.(*VhostExtension_CustomAuth) if !ok { - that2, ok := that.(BufferSettings) + that2, ok := that.(VhostExtension_CustomAuth) if ok { that1 = &that2 } else { @@ -2155,25 +2706,19 @@ func (this *BufferSettings) Equal(that interface{}) bool { } else if this == nil { return false } - if this.MaxRequestBytes != that1.MaxRequestBytes { - return false - } - if this.AllowPartialMessage != that1.AllowPartialMessage { - return false - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.CustomAuth.Equal(that1.CustomAuth) { return false } return true } -func (this *CustomAuth) Equal(that interface{}) bool { +func (this *VhostExtension_ApiKeyAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*CustomAuth) + that1, ok := that.(*VhostExtension_ApiKeyAuth) if !ok { - that2, ok := that.(CustomAuth) + that2, ok := that.(VhostExtension_ApiKeyAuth) if ok { that1 = &that2 } else { @@ -2185,19 +2730,19 @@ func (this *CustomAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.ApiKeyAuth.Equal(that1.ApiKeyAuth) { return false } return true } -func (this *PluginAuth) Equal(that interface{}) bool { +func (this *VhostExtension_PluginAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*PluginAuth) + that1, ok := that.(*VhostExtension_PluginAuth) if !ok { - that2, ok := that.(PluginAuth) + that2, ok := that.(VhostExtension_PluginAuth) if ok { that1 = &that2 } else { @@ -2209,27 +2754,19 @@ func (this *PluginAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if len(this.Plugins) != len(that1.Plugins) { - return false - } - for i := range this.Plugins { - if !this.Plugins[i].Equal(that1.Plugins[i]) { - return false - } - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.PluginAuth.Equal(that1.PluginAuth) { return false } return true } -func (this *AuthPlugin) Equal(that interface{}) bool { +func (this *VhostExtension_AuthConfig) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthPlugin) + that1, ok := that.(*VhostExtension_AuthConfig) if !ok { - that2, ok := that.(AuthPlugin) + that2, ok := that.(VhostExtension_AuthConfig) if ok { that1 = &that2 } else { @@ -2241,16 +2778,13 @@ func (this *AuthPlugin) Equal(that interface{}) bool { } else if this == nil { return false } - if this.Name != that1.Name { - return false - } - if this.PluginFileName != that1.PluginFileName { - return false - } - if this.ExportedSymbolName != that1.ExportedSymbolName { + if that1.AuthConfig == nil { + if this.AuthConfig != nil { + return false + } + } else if this.AuthConfig == nil { return false - } - if !this.Config.Equal(that1.Config) { + } else if !this.AuthConfig.Equal(that1.AuthConfig) { return false } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { @@ -2258,14 +2792,14 @@ func (this *AuthPlugin) Equal(that interface{}) bool { } return true } -func (this *BasicAuth) Equal(that interface{}) bool { +func (this *VhostExtension_AuthConfig_BasicAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*BasicAuth) + that1, ok := that.(*VhostExtension_AuthConfig_BasicAuth) if !ok { - that2, ok := that.(BasicAuth) + that2, ok := that.(VhostExtension_AuthConfig_BasicAuth) if ok { that1 = &that2 } else { @@ -2277,25 +2811,19 @@ func (this *BasicAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if this.Realm != that1.Realm { - return false - } - if !this.Apr.Equal(that1.Apr) { - return false - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.BasicAuth.Equal(that1.BasicAuth) { return false } return true } -func (this *BasicAuth_Apr) Equal(that interface{}) bool { +func (this *VhostExtension_AuthConfig_Oauth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*BasicAuth_Apr) + that1, ok := that.(*VhostExtension_AuthConfig_Oauth) if !ok { - that2, ok := that.(BasicAuth_Apr) + that2, ok := that.(VhostExtension_AuthConfig_Oauth) if ok { that1 = &that2 } else { @@ -2307,27 +2835,19 @@ func (this *BasicAuth_Apr) Equal(that interface{}) bool { } else if this == nil { return false } - if len(this.Users) != len(that1.Users) { - return false - } - for i := range this.Users { - if !this.Users[i].Equal(that1.Users[i]) { - return false - } - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.Oauth.Equal(that1.Oauth) { return false } return true } -func (this *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool { +func (this *VhostExtension_AuthConfig_CustomAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*BasicAuth_Apr_SaltedHashedPassword) + that1, ok := that.(*VhostExtension_AuthConfig_CustomAuth) if !ok { - that2, ok := that.(BasicAuth_Apr_SaltedHashedPassword) + that2, ok := that.(VhostExtension_AuthConfig_CustomAuth) if ok { that1 = &that2 } else { @@ -2339,25 +2859,19 @@ func (this *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool { } else if this == nil { return false } - if this.Salt != that1.Salt { - return false - } - if this.HashedPassword != that1.HashedPassword { - return false - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.CustomAuth.Equal(that1.CustomAuth) { return false } return true } -func (this *OAuth) Equal(that interface{}) bool { +func (this *VhostExtension_AuthConfig_ApiKeyAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*OAuth) + that1, ok := that.(*VhostExtension_AuthConfig_ApiKeyAuth) if !ok { - that2, ok := that.(OAuth) + that2, ok := that.(VhostExtension_AuthConfig_ApiKeyAuth) if ok { that1 = &that2 } else { @@ -2369,42 +2883,19 @@ func (this *OAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if this.ClientId != that1.ClientId { - return false - } - if !this.ClientSecretRef.Equal(that1.ClientSecretRef) { - return false - } - if this.IssuerUrl != that1.IssuerUrl { - return false - } - if this.AppUrl != that1.AppUrl { - return false - } - if this.CallbackPath != that1.CallbackPath { - return false - } - if len(this.Scopes) != len(that1.Scopes) { - return false - } - for i := range this.Scopes { - if this.Scopes[i] != that1.Scopes[i] { - return false - } - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.ApiKeyAuth.Equal(that1.ApiKeyAuth) { return false } return true } -func (this *OauthSecret) Equal(that interface{}) bool { +func (this *VhostExtension_AuthConfig_PluginAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*OauthSecret) + that1, ok := that.(*VhostExtension_AuthConfig_PluginAuth) if !ok { - that2, ok := that.(OauthSecret) + that2, ok := that.(VhostExtension_AuthConfig_PluginAuth) if ok { that1 = &that2 } else { @@ -2416,22 +2907,19 @@ func (this *OauthSecret) Equal(that interface{}) bool { } else if this == nil { return false } - if this.ClientSecret != that1.ClientSecret { - return false - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.PluginAuth.Equal(that1.PluginAuth) { return false } return true } -func (this *ApiKeyAuth) Equal(that interface{}) bool { +func (this *VhostExtension_AuthConfig_OpaAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ApiKeyAuth) + that1, ok := that.(*VhostExtension_AuthConfig_OpaAuth) if !ok { - that2, ok := that.(ApiKeyAuth) + that2, ok := that.(VhostExtension_AuthConfig_OpaAuth) if ok { that1 = &that2 } else { @@ -2443,35 +2931,43 @@ func (this *ApiKeyAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if len(this.LabelSelector) != len(that1.LabelSelector) { + if !this.OpaAuth.Equal(that1.OpaAuth) { return false } - for i := range this.LabelSelector { - if this.LabelSelector[i] != that1.LabelSelector[i] { + return true +} +func (this *VhostExtension_AuthConfig_Ldap) Equal(that interface{}) bool { + if that == nil { + return this == nil + } + + that1, ok := that.(*VhostExtension_AuthConfig_Ldap) + if !ok { + that2, ok := that.(VhostExtension_AuthConfig_Ldap) + if ok { + that1 = &that2 + } else { return false } } - if len(this.ApiKeySecretRefs) != len(that1.ApiKeySecretRefs) { + if that1 == nil { + return this == nil + } else if this == nil { return false } - for i := range this.ApiKeySecretRefs { - if !this.ApiKeySecretRefs[i].Equal(that1.ApiKeySecretRefs[i]) { - return false - } - } - if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { + if !this.Ldap.Equal(that1.Ldap) { return false } return true } -func (this *ApiKeySecret) Equal(that interface{}) bool { +func (this *RouteExtension) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ApiKeySecret) + that1, ok := that.(*RouteExtension) if !ok { - that2, ok := that.(ApiKeySecret) + that2, ok := that.(RouteExtension) if ok { that1 = &that2 } else { @@ -2483,33 +2979,22 @@ func (this *ApiKeySecret) Equal(that interface{}) bool { } else if this == nil { return false } - if this.GenerateApiKey != that1.GenerateApiKey { - return false - } - if this.ApiKey != that1.ApiKey { - return false - } - if len(this.Labels) != len(that1.Labels) { + if this.Disable != that1.Disable { return false } - for i := range this.Labels { - if this.Labels[i] != that1.Labels[i] { - return false - } - } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *OpaAuth) Equal(that interface{}) bool { +func (this *Settings) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*OpaAuth) + that1, ok := that.(*Settings) if !ok { - that2, ok := that.(OpaAuth) + that2, ok := that.(Settings) if ok { that1 = &that2 } else { @@ -2521,15 +3006,34 @@ func (this *OpaAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if len(this.Modules) != len(that1.Modules) { + if !this.ExtauthzServerRef.Equal(that1.ExtauthzServerRef) { return false } - for i := range this.Modules { - if !this.Modules[i].Equal(that1.Modules[i]) { + if !this.HttpService.Equal(that1.HttpService) { + return false + } + if this.UserIdHeader != that1.UserIdHeader { + return false + } + if this.RequestTimeout != nil && that1.RequestTimeout != nil { + if *this.RequestTimeout != *that1.RequestTimeout { return false } + } else if this.RequestTimeout != nil { + return false + } else if that1.RequestTimeout != nil { + return false } - if this.Query != that1.Query { + if this.FailureModeAllow != that1.FailureModeAllow { + return false + } + if !this.RequestBody.Equal(that1.RequestBody) { + return false + } + if this.ClearRouteCache != that1.ClearRouteCache { + return false + } + if this.StatusOnError != that1.StatusOnError { return false } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { @@ -2537,14 +3041,14 @@ func (this *OpaAuth) Equal(that interface{}) bool { } return true } -func (this *Ldap) Equal(that interface{}) bool { +func (this *HttpService) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*Ldap) + that1, ok := that.(*HttpService) if !ok { - that2, ok := that.(Ldap) + that2, ok := that.(HttpService) if ok { that1 = &that2 } else { @@ -2556,24 +3060,13 @@ func (this *Ldap) Equal(that interface{}) bool { } else if this == nil { return false } - if this.Address != that1.Address { - return false - } - if this.UserDnTemplate != that1.UserDnTemplate { - return false - } - if this.MembershipAttributeName != that1.MembershipAttributeName { + if this.PathPrefix != that1.PathPrefix { return false } - if len(this.AllowedGroups) != len(that1.AllowedGroups) { + if !this.Request.Equal(that1.Request) { return false } - for i := range this.AllowedGroups { - if this.AllowedGroups[i] != that1.AllowedGroups[i] { - return false - } - } - if !this.Pool.Equal(that1.Pool) { + if !this.Response.Equal(that1.Response) { return false } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { @@ -2581,14 +3074,14 @@ func (this *Ldap) Equal(that interface{}) bool { } return true } -func (this *Ldap_ConnectionPool) Equal(that interface{}) bool { +func (this *HttpService_Request) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*Ldap_ConnectionPool) + that1, ok := that.(*HttpService_Request) if !ok { - that2, ok := that.(Ldap_ConnectionPool) + that2, ok := that.(HttpService_Request) if ok { that1 = &that2 } else { @@ -2600,25 +3093,35 @@ func (this *Ldap_ConnectionPool) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.MaxSize.Equal(that1.MaxSize) { + if len(this.AllowedHeaders) != len(that1.AllowedHeaders) { return false } - if !this.InitialSize.Equal(that1.InitialSize) { + for i := range this.AllowedHeaders { + if this.AllowedHeaders[i] != that1.AllowedHeaders[i] { + return false + } + } + if len(this.HeadersToAdd) != len(that1.HeadersToAdd) { return false } + for i := range this.HeadersToAdd { + if this.HeadersToAdd[i] != that1.HeadersToAdd[i] { + return false + } + } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig) Equal(that interface{}) bool { +func (this *HttpService_Response) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig) + that1, ok := that.(*HttpService_Response) if !ok { - that2, ok := that.(AuthConfig) + that2, ok := that.(HttpService_Response) if ok { that1 = &that2 } else { @@ -2630,28 +3133,35 @@ func (this *AuthConfig) Equal(that interface{}) bool { } else if this == nil { return false } - if that1.AuthConfig == nil { - if this.AuthConfig != nil { + if len(this.AllowedUpstreamHeaders) != len(that1.AllowedUpstreamHeaders) { + return false + } + for i := range this.AllowedUpstreamHeaders { + if this.AllowedUpstreamHeaders[i] != that1.AllowedUpstreamHeaders[i] { return false } - } else if this.AuthConfig == nil { - return false - } else if !this.AuthConfig.Equal(that1.AuthConfig) { + } + if len(this.AllowedClientHeaders) != len(that1.AllowedClientHeaders) { return false } + for i := range this.AllowedClientHeaders { + if this.AllowedClientHeaders[i] != that1.AllowedClientHeaders[i] { + return false + } + } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig_BasicAuth) Equal(that interface{}) bool { +func (this *BufferSettings) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig_BasicAuth) + that1, ok := that.(*BufferSettings) if !ok { - that2, ok := that.(AuthConfig_BasicAuth) + that2, ok := that.(BufferSettings) if ok { that1 = &that2 } else { @@ -2663,19 +3173,25 @@ func (this *AuthConfig_BasicAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.BasicAuth.Equal(that1.BasicAuth) { + if this.MaxRequestBytes != that1.MaxRequestBytes { + return false + } + if this.AllowPartialMessage != that1.AllowPartialMessage { + return false + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig_Oauth) Equal(that interface{}) bool { +func (this *CustomAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig_Oauth) + that1, ok := that.(*CustomAuth) if !ok { - that2, ok := that.(AuthConfig_Oauth) + that2, ok := that.(CustomAuth) if ok { that1 = &that2 } else { @@ -2687,19 +3203,19 @@ func (this *AuthConfig_Oauth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.Oauth.Equal(that1.Oauth) { + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig_CustomAuth) Equal(that interface{}) bool { +func (this *PluginAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig_CustomAuth) + that1, ok := that.(*PluginAuth) if !ok { - that2, ok := that.(AuthConfig_CustomAuth) + that2, ok := that.(PluginAuth) if ok { that1 = &that2 } else { @@ -2711,19 +3227,27 @@ func (this *AuthConfig_CustomAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.CustomAuth.Equal(that1.CustomAuth) { + if len(this.Plugins) != len(that1.Plugins) { + return false + } + for i := range this.Plugins { + if !this.Plugins[i].Equal(that1.Plugins[i]) { + return false + } + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig_ApiKeyAuth) Equal(that interface{}) bool { +func (this *AuthPlugin) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig_ApiKeyAuth) + that1, ok := that.(*AuthPlugin) if !ok { - that2, ok := that.(AuthConfig_ApiKeyAuth) + that2, ok := that.(AuthPlugin) if ok { that1 = &that2 } else { @@ -2735,19 +3259,31 @@ func (this *AuthConfig_ApiKeyAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.ApiKeyAuth.Equal(that1.ApiKeyAuth) { + if this.Name != that1.Name { + return false + } + if this.PluginFileName != that1.PluginFileName { + return false + } + if this.ExportedSymbolName != that1.ExportedSymbolName { + return false + } + if !this.Config.Equal(that1.Config) { + return false + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig_PluginAuth) Equal(that interface{}) bool { +func (this *BasicAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig_PluginAuth) + that1, ok := that.(*BasicAuth) if !ok { - that2, ok := that.(AuthConfig_PluginAuth) + that2, ok := that.(BasicAuth) if ok { that1 = &that2 } else { @@ -2759,19 +3295,25 @@ func (this *AuthConfig_PluginAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.PluginAuth.Equal(that1.PluginAuth) { + if this.Realm != that1.Realm { + return false + } + if !this.Apr.Equal(that1.Apr) { + return false + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig_OpaAuth) Equal(that interface{}) bool { +func (this *BasicAuth_Apr) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig_OpaAuth) + that1, ok := that.(*BasicAuth_Apr) if !ok { - that2, ok := that.(AuthConfig_OpaAuth) + that2, ok := that.(BasicAuth_Apr) if ok { that1 = &that2 } else { @@ -2783,19 +3325,27 @@ func (this *AuthConfig_OpaAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.OpaAuth.Equal(that1.OpaAuth) { + if len(this.Users) != len(that1.Users) { + return false + } + for i := range this.Users { + if !this.Users[i].Equal(that1.Users[i]) { + return false + } + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *AuthConfig_Ldap) Equal(that interface{}) bool { +func (this *BasicAuth_Apr_SaltedHashedPassword) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*AuthConfig_Ldap) + that1, ok := that.(*BasicAuth_Apr_SaltedHashedPassword) if !ok { - that2, ok := that.(AuthConfig_Ldap) + that2, ok := that.(BasicAuth_Apr_SaltedHashedPassword) if ok { that1 = &that2 } else { @@ -2807,19 +3357,25 @@ func (this *AuthConfig_Ldap) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.Ldap.Equal(that1.Ldap) { + if this.Salt != that1.Salt { + return false + } + if this.HashedPassword != that1.HashedPassword { + return false + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *VhostExtension) Equal(that interface{}) bool { +func (this *OAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*VhostExtension) + that1, ok := that.(*OAuth) if !ok { - that2, ok := that.(VhostExtension) + that2, ok := that.(OAuth) if ok { that1 = &that2 } else { @@ -2831,20 +3387,26 @@ func (this *VhostExtension) Equal(that interface{}) bool { } else if this == nil { return false } - if that1.AuthConfig == nil { - if this.AuthConfig != nil { - return false - } - } else if this.AuthConfig == nil { + if this.ClientId != that1.ClientId { return false - } else if !this.AuthConfig.Equal(that1.AuthConfig) { + } + if !this.ClientSecretRef.Equal(that1.ClientSecretRef) { return false } - if len(this.Configs) != len(that1.Configs) { + if this.IssuerUrl != that1.IssuerUrl { return false } - for i := range this.Configs { - if !this.Configs[i].Equal(that1.Configs[i]) { + if this.AppUrl != that1.AppUrl { + return false + } + if this.CallbackPath != that1.CallbackPath { + return false + } + if len(this.Scopes) != len(that1.Scopes) { + return false + } + for i := range this.Scopes { + if this.Scopes[i] != that1.Scopes[i] { return false } } @@ -2853,14 +3415,14 @@ func (this *VhostExtension) Equal(that interface{}) bool { } return true } -func (this *VhostExtension_BasicAuth) Equal(that interface{}) bool { +func (this *OauthSecret) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*VhostExtension_BasicAuth) + that1, ok := that.(*OauthSecret) if !ok { - that2, ok := that.(VhostExtension_BasicAuth) + that2, ok := that.(OauthSecret) if ok { that1 = &that2 } else { @@ -2872,19 +3434,22 @@ func (this *VhostExtension_BasicAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.BasicAuth.Equal(that1.BasicAuth) { + if this.ClientSecret != that1.ClientSecret { + return false + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *VhostExtension_Oauth) Equal(that interface{}) bool { +func (this *ApiKeyAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*VhostExtension_Oauth) + that1, ok := that.(*ApiKeyAuth) if !ok { - that2, ok := that.(VhostExtension_Oauth) + that2, ok := that.(ApiKeyAuth) if ok { that1 = &that2 } else { @@ -2896,19 +3461,35 @@ func (this *VhostExtension_Oauth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.Oauth.Equal(that1.Oauth) { + if len(this.LabelSelector) != len(that1.LabelSelector) { + return false + } + for i := range this.LabelSelector { + if this.LabelSelector[i] != that1.LabelSelector[i] { + return false + } + } + if len(this.ApiKeySecretRefs) != len(that1.ApiKeySecretRefs) { + return false + } + for i := range this.ApiKeySecretRefs { + if !this.ApiKeySecretRefs[i].Equal(that1.ApiKeySecretRefs[i]) { + return false + } + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *VhostExtension_CustomAuth) Equal(that interface{}) bool { +func (this *ApiKeySecret) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*VhostExtension_CustomAuth) + that1, ok := that.(*ApiKeySecret) if !ok { - that2, ok := that.(VhostExtension_CustomAuth) + that2, ok := that.(ApiKeySecret) if ok { that1 = &that2 } else { @@ -2920,19 +3501,33 @@ func (this *VhostExtension_CustomAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.CustomAuth.Equal(that1.CustomAuth) { + if this.GenerateApiKey != that1.GenerateApiKey { + return false + } + if this.ApiKey != that1.ApiKey { + return false + } + if len(this.Labels) != len(that1.Labels) { + return false + } + for i := range this.Labels { + if this.Labels[i] != that1.Labels[i] { + return false + } + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *VhostExtension_ApiKeyAuth) Equal(that interface{}) bool { +func (this *OpaAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*VhostExtension_ApiKeyAuth) + that1, ok := that.(*OpaAuth) if !ok { - that2, ok := that.(VhostExtension_ApiKeyAuth) + that2, ok := that.(OpaAuth) if ok { that1 = &that2 } else { @@ -2944,19 +3539,30 @@ func (this *VhostExtension_ApiKeyAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.ApiKeyAuth.Equal(that1.ApiKeyAuth) { + if len(this.Modules) != len(that1.Modules) { + return false + } + for i := range this.Modules { + if !this.Modules[i].Equal(that1.Modules[i]) { + return false + } + } + if this.Query != that1.Query { + return false + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *VhostExtension_PluginAuth) Equal(that interface{}) bool { +func (this *Ldap) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*VhostExtension_PluginAuth) + that1, ok := that.(*Ldap) if !ok { - that2, ok := that.(VhostExtension_PluginAuth) + that2, ok := that.(Ldap) if ok { that1 = &that2 } else { @@ -2968,19 +3574,39 @@ func (this *VhostExtension_PluginAuth) Equal(that interface{}) bool { } else if this == nil { return false } - if !this.PluginAuth.Equal(that1.PluginAuth) { + if this.Address != that1.Address { + return false + } + if this.UserDnTemplate != that1.UserDnTemplate { + return false + } + if this.MembershipAttributeName != that1.MembershipAttributeName { + return false + } + if len(this.AllowedGroups) != len(that1.AllowedGroups) { + return false + } + for i := range this.AllowedGroups { + if this.AllowedGroups[i] != that1.AllowedGroups[i] { + return false + } + } + if !this.Pool.Equal(that1.Pool) { + return false + } + if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } return true } -func (this *RouteExtension) Equal(that interface{}) bool { +func (this *Ldap_ConnectionPool) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*RouteExtension) + that1, ok := that.(*Ldap_ConnectionPool) if !ok { - that2, ok := that.(RouteExtension) + that2, ok := that.(Ldap_ConnectionPool) if ok { that1 = &that2 } else { @@ -2992,7 +3618,10 @@ func (this *RouteExtension) Equal(that interface{}) bool { } else if this == nil { return false } - if this.Disable != that1.Disable { + if !this.MaxSize.Equal(that1.MaxSize) { + return false + } + if !this.InitialSize.Equal(that1.InitialSize) { return false } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { @@ -3019,6 +3648,9 @@ func (this *ExtAuthConfig) Equal(that interface{}) bool { } else if this == nil { return false } + if this.AuthConfigRefName != that1.AuthConfigRefName { + return false + } if this.Vhost != that1.Vhost { return false } @@ -3254,14 +3886,14 @@ func (this *ExtAuthConfig_OpaAuthConfig) Equal(that interface{}) bool { } return true } -func (this *ExtAuthConfig_AuthConfig) Equal(that interface{}) bool { +func (this *ExtAuthConfig_Config) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ExtAuthConfig_AuthConfig) + that1, ok := that.(*ExtAuthConfig_Config) if !ok { - that2, ok := that.(ExtAuthConfig_AuthConfig) + that2, ok := that.(ExtAuthConfig_Config) if ok { that1 = &that2 } else { @@ -3287,14 +3919,14 @@ func (this *ExtAuthConfig_AuthConfig) Equal(that interface{}) bool { } return true } -func (this *ExtAuthConfig_AuthConfig_Oauth) Equal(that interface{}) bool { +func (this *ExtAuthConfig_Config_Oauth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ExtAuthConfig_AuthConfig_Oauth) + that1, ok := that.(*ExtAuthConfig_Config_Oauth) if !ok { - that2, ok := that.(ExtAuthConfig_AuthConfig_Oauth) + that2, ok := that.(ExtAuthConfig_Config_Oauth) if ok { that1 = &that2 } else { @@ -3311,14 +3943,14 @@ func (this *ExtAuthConfig_AuthConfig_Oauth) Equal(that interface{}) bool { } return true } -func (this *ExtAuthConfig_AuthConfig_BasicAuth) Equal(that interface{}) bool { +func (this *ExtAuthConfig_Config_BasicAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ExtAuthConfig_AuthConfig_BasicAuth) + that1, ok := that.(*ExtAuthConfig_Config_BasicAuth) if !ok { - that2, ok := that.(ExtAuthConfig_AuthConfig_BasicAuth) + that2, ok := that.(ExtAuthConfig_Config_BasicAuth) if ok { that1 = &that2 } else { @@ -3335,14 +3967,14 @@ func (this *ExtAuthConfig_AuthConfig_BasicAuth) Equal(that interface{}) bool { } return true } -func (this *ExtAuthConfig_AuthConfig_ApiKeyAuth) Equal(that interface{}) bool { +func (this *ExtAuthConfig_Config_ApiKeyAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ExtAuthConfig_AuthConfig_ApiKeyAuth) + that1, ok := that.(*ExtAuthConfig_Config_ApiKeyAuth) if !ok { - that2, ok := that.(ExtAuthConfig_AuthConfig_ApiKeyAuth) + that2, ok := that.(ExtAuthConfig_Config_ApiKeyAuth) if ok { that1 = &that2 } else { @@ -3359,14 +3991,14 @@ func (this *ExtAuthConfig_AuthConfig_ApiKeyAuth) Equal(that interface{}) bool { } return true } -func (this *ExtAuthConfig_AuthConfig_PluginAuth) Equal(that interface{}) bool { +func (this *ExtAuthConfig_Config_PluginAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ExtAuthConfig_AuthConfig_PluginAuth) + that1, ok := that.(*ExtAuthConfig_Config_PluginAuth) if !ok { - that2, ok := that.(ExtAuthConfig_AuthConfig_PluginAuth) + that2, ok := that.(ExtAuthConfig_Config_PluginAuth) if ok { that1 = &that2 } else { @@ -3383,14 +4015,14 @@ func (this *ExtAuthConfig_AuthConfig_PluginAuth) Equal(that interface{}) bool { } return true } -func (this *ExtAuthConfig_AuthConfig_OpaAuth) Equal(that interface{}) bool { +func (this *ExtAuthConfig_Config_OpaAuth) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ExtAuthConfig_AuthConfig_OpaAuth) + that1, ok := that.(*ExtAuthConfig_Config_OpaAuth) if !ok { - that2, ok := that.(ExtAuthConfig_AuthConfig_OpaAuth) + that2, ok := that.(ExtAuthConfig_Config_OpaAuth) if ok { that1 = &that2 } else { @@ -3407,14 +4039,14 @@ func (this *ExtAuthConfig_AuthConfig_OpaAuth) Equal(that interface{}) bool { } return true } -func (this *ExtAuthConfig_AuthConfig_Ldap) Equal(that interface{}) bool { +func (this *ExtAuthConfig_Config_Ldap) Equal(that interface{}) bool { if that == nil { return this == nil } - that1, ok := that.(*ExtAuthConfig_AuthConfig_Ldap) + that1, ok := that.(*ExtAuthConfig_Config_Ldap) if !ok { - that2, ok := that.(ExtAuthConfig_AuthConfig_Ldap) + that2, ok := that.(ExtAuthConfig_Config_Ldap) if ok { that1 = &that2 } else { @@ -3458,7 +4090,7 @@ func NewExtAuthDiscoveryServiceClient(cc *grpc.ClientConn) ExtAuthDiscoveryServi } func (c *extAuthDiscoveryServiceClient) StreamExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_StreamExtAuthConfigClient, error) { - stream, err := c.cc.NewStream(ctx, &_ExtAuthDiscoveryService_serviceDesc.Streams[0], "/extauth.plugins.gloo.solo.io.ExtAuthDiscoveryService/StreamExtAuthConfig", opts...) + stream, err := c.cc.NewStream(ctx, &_ExtAuthDiscoveryService_serviceDesc.Streams[0], "/enterprise.gloo.solo.io.ExtAuthDiscoveryService/StreamExtAuthConfig", opts...) if err != nil { return nil, err } @@ -3489,7 +4121,7 @@ func (x *extAuthDiscoveryServiceStreamExtAuthConfigClient) Recv() (*v2.Discovery } func (c *extAuthDiscoveryServiceClient) DeltaExtAuthConfig(ctx context.Context, opts ...grpc.CallOption) (ExtAuthDiscoveryService_DeltaExtAuthConfigClient, error) { - stream, err := c.cc.NewStream(ctx, &_ExtAuthDiscoveryService_serviceDesc.Streams[1], "/extauth.plugins.gloo.solo.io.ExtAuthDiscoveryService/DeltaExtAuthConfig", opts...) + stream, err := c.cc.NewStream(ctx, &_ExtAuthDiscoveryService_serviceDesc.Streams[1], "/enterprise.gloo.solo.io.ExtAuthDiscoveryService/DeltaExtAuthConfig", opts...) if err != nil { return nil, err } @@ -3521,7 +4153,7 @@ func (x *extAuthDiscoveryServiceDeltaExtAuthConfigClient) Recv() (*v2.DeltaDisco func (c *extAuthDiscoveryServiceClient) FetchExtAuthConfig(ctx context.Context, in *v2.DiscoveryRequest, opts ...grpc.CallOption) (*v2.DiscoveryResponse, error) { out := new(v2.DiscoveryResponse) - err := c.cc.Invoke(ctx, "/extauth.plugins.gloo.solo.io.ExtAuthDiscoveryService/FetchExtAuthConfig", in, out, opts...) + err := c.cc.Invoke(ctx, "/enterprise.gloo.solo.io.ExtAuthDiscoveryService/FetchExtAuthConfig", in, out, opts...) if err != nil { return nil, err } @@ -3615,7 +4247,7 @@ func _ExtAuthDiscoveryService_FetchExtAuthConfig_Handler(srv interface{}, ctx co } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/extauth.plugins.gloo.solo.io.ExtAuthDiscoveryService/FetchExtAuthConfig", + FullMethod: "/enterprise.gloo.solo.io.ExtAuthDiscoveryService/FetchExtAuthConfig", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(ExtAuthDiscoveryServiceServer).FetchExtAuthConfig(ctx, req.(*v2.DiscoveryRequest)) @@ -3624,7 +4256,7 @@ func _ExtAuthDiscoveryService_FetchExtAuthConfig_Handler(srv interface{}, ctx co } var _ExtAuthDiscoveryService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "extauth.plugins.gloo.solo.io.ExtAuthDiscoveryService", + ServiceName: "enterprise.gloo.solo.io.ExtAuthDiscoveryService", HandlerType: (*ExtAuthDiscoveryServiceServer)(nil), Methods: []grpc.MethodDesc{ { @@ -3646,5 +4278,5 @@ var _ExtAuthDiscoveryService_serviceDesc = grpc.ServiceDesc{ ClientStreams: true, }, }, - Metadata: "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/extauth.proto", + Metadata: "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/extauth/v1/extauth.proto", } diff --git a/projects/gloo/pkg/api/v1/enterprise/verify.go b/projects/gloo/pkg/api/v1/enterprise/verify.go index 20a8567e9ba..879670bd83b 100644 --- a/projects/gloo/pkg/api/v1/enterprise/verify.go +++ b/projects/gloo/pkg/api/v1/enterprise/verify.go @@ -2,7 +2,7 @@ package enterprise // This is a workaround to verify that all the generated proto files that are not used in this repository are valid import ( - _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/jwt" _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/ratelimit" _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/rbac" diff --git a/projects/gloo/pkg/api/v1/plugins.pb.go b/projects/gloo/pkg/api/v1/plugins.pb.go index 285b4e85aea..13556b02387 100644 --- a/projects/gloo/pkg/api/v1/plugins.pb.go +++ b/projects/gloo/pkg/api/v1/plugins.pb.go @@ -14,7 +14,7 @@ import ( _ "github.com/gogo/protobuf/gogoproto" proto "github.com/gogo/protobuf/proto" _ "github.com/gogo/protobuf/types" - _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth" + _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/jwt" ratelimit "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/ratelimit" _ "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/rbac" @@ -605,10 +605,12 @@ type WeightedDestinationPlugins struct { // Append/Remove headers on Requests or Responses to/from this Weighted Destination HeaderManipulation *headers.HeaderManipulation `protobuf:"bytes,1,opt,name=header_manipulation,json=headerManipulation,proto3" json:"header_manipulation,omitempty"` // Transformations to apply - Transformations *transformation.RouteTransformations `protobuf:"bytes,2,opt,name=transformations,proto3" json:"transformations,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Transformations *transformation.RouteTransformations `protobuf:"bytes,2,opt,name=transformations,proto3" json:"transformations,omitempty"` + // Deprecated: Opaque config for Gloo plugins + Extensions *Extensions `protobuf:"bytes,3,opt,name=extensions,proto3" json:"extensions,omitempty"` // Deprecated: Do not use. + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *WeightedDestinationPlugins) Reset() { *m = WeightedDestinationPlugins{} } @@ -649,6 +651,14 @@ func (m *WeightedDestinationPlugins) GetTransformations() *transformation.RouteT return nil } +// Deprecated: Do not use. +func (m *WeightedDestinationPlugins) GetExtensions() *Extensions { + if m != nil { + return m.Extensions + } + return nil +} + // Each upstream in Gloo has a type. Supported types include `static`, `kubernetes`, `aws`, `consul`, and more. // Each upstream type is handled by a corresponding Gloo plugin. type UpstreamSpec struct { @@ -875,113 +885,114 @@ func init() { } var fileDescriptor_ae47d2df5fad2a45 = []byte{ - // 1696 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x99, 0x4f, 0x73, 0x1b, 0xb7, - 0x15, 0xc0, 0x4b, 0x59, 0x16, 0x65, 0x48, 0xb2, 0x64, 0xc4, 0xd3, 0x61, 0xdd, 0xd6, 0x71, 0x35, - 0xd3, 0x24, 0x76, 0xc7, 0x60, 0xca, 0xce, 0x24, 0x93, 0x4c, 0xdd, 0xda, 0xa4, 0x9d, 0xa8, 0x8d, - 0xdc, 0x68, 0x56, 0x4e, 0xec, 0xf4, 0xb2, 0x03, 0x82, 0xe0, 0x2e, 0xac, 0xd5, 0x62, 0x07, 0xc0, - 0x8a, 0x52, 0x4f, 0xbd, 0xf5, 0x2b, 0xf4, 0x23, 0xf4, 0xd2, 0x63, 0x3f, 0x4c, 0x7a, 0xe9, 0x4c, - 0xaf, 0xfd, 0x12, 0x1d, 0x00, 0x6f, 0x97, 0x4b, 0x6a, 0xe5, 0x92, 0x5c, 0xf5, 0xc0, 0xfd, 0xfb, - 0xde, 0x6f, 0x1f, 0x80, 0x87, 0xf7, 0x1e, 0x40, 0xf4, 0x79, 0x24, 0x4c, 0x9c, 0x0f, 0x09, 0x93, - 0xa7, 0x5d, 0x2d, 0x13, 0xf9, 0x58, 0xc8, 0x6e, 0x94, 0x48, 0xd9, 0xcd, 0x94, 0x7c, 0xcb, 0x99, - 0xd1, 0xfe, 0x8e, 0x66, 0xa2, 0x7b, 0xf6, 0xcb, 0x6e, 0x96, 0xe4, 0x91, 0x48, 0x35, 0xc9, 0x94, - 0x34, 0x12, 0x6f, 0xdb, 0x57, 0xc4, 0x6a, 0x11, 0x21, 0xef, 0xfd, 0x24, 0x92, 0x32, 0x4a, 0x78, - 0xd7, 0xbd, 0x1b, 0xe6, 0xe3, 0xae, 0x36, 0x2a, 0x67, 0xc6, 0xcb, 0xde, 0xbb, 0x1b, 0xc9, 0x48, - 0xba, 0xcb, 0xae, 0xbd, 0x82, 0xa7, 0x9f, 0x2c, 0xf5, 0x75, 0xad, 0x13, 0xd0, 0x7b, 0xb2, 0x94, - 0x1e, 0x3f, 0x37, 0x3c, 0xd5, 0x42, 0x16, 0x86, 0xdf, 0xeb, 0x2f, 0xa5, 0xce, 0x84, 0x62, 0xb9, - 0x30, 0xe1, 0x50, 0x71, 0x7a, 0xc2, 0x15, 0x30, 0x9e, 0x2e, 0xc5, 0x48, 0x24, 0x1d, 0x85, 0x43, - 0x9a, 0xd0, 0x94, 0x95, 0x84, 0xe5, 0x1a, 0xc1, 0x64, 0x9a, 0x72, 0x66, 0x84, 0x4c, 0x57, 0x6a, - 0x04, 0x8c, 0x5c, 0x97, 0x4e, 0xdc, 0x0f, 0x18, 0xbf, 0x5f, 0x99, 0xc1, 0x59, 0xcf, 0x9e, 0x43, - 0xce, 0x7a, 0xc0, 0x7a, 0xbe, 0x12, 0x8b, 0x49, 0xe5, 0x0f, 0x8d, 0x28, 0x8a, 0x6b, 0xe3, 0x0e, - 0x8d, 0x28, 0x91, 0xca, 0x98, 0x3b, 0x34, 0xeb, 0xe1, 0xc4, 0xfd, 0x80, 0x71, 0xb8, 0xb2, 0x25, - 0xe1, 0x84, 0x0f, 0xcb, 0x8b, 0x46, 0x16, 0xc5, 0xec, 0xd4, 0xfe, 0x80, 0x71, 0xb0, 0x12, 0x23, - 0x19, 0xc6, 0x54, 0xc7, 0x70, 0x02, 0xd2, 0x1f, 0x56, 0x22, 0xe9, 0x98, 0x8e, 0xe4, 0x44, 0xa4, - 0xd1, 0xf4, 0xaa, 0x51, 0xeb, 0x0c, 0xcb, 0xec, 0xaf, 0x91, 0x47, 0x1b, 0x45, 0x99, 0xb5, 0x08, - 0xce, 0xc0, 0xfa, 0x62, 0xb5, 0xf1, 0xff, 0x53, 0xae, 0xb8, 0x3f, 0x36, 0xea, 0x71, 0x26, 0x53, - 0x9d, 0x27, 0x70, 0x02, 0xd2, 0xd1, 0x4a, 0xa4, 0x93, 0x7c, 0xc8, 0x55, 0xca, 0x0d, 0xaf, 0x5e, - 0x36, 0xea, 0x2f, 0xc5, 0x8d, 0x12, 0xbc, 0x3c, 0x37, 0x6a, 0xa7, 0x36, 0xd4, 0x08, 0x06, 0xa7, - 0x46, 0xf3, 0x37, 0x13, 0x19, 0x77, 0x87, 0x46, 0xe3, 0x67, 0x0d, 0x81, 0x23, 0x70, 0xde, 0xac, - 0xea, 0x53, 0xa9, 0x1e, 0x4b, 0x75, 0x4a, 0x6d, 0xd0, 0xee, 0x66, 0x8a, 0x8f, 0xc5, 0x79, 0xa8, - 0xf8, 0x44, 0x09, 0xc3, 0xaf, 0x93, 0x3c, 0x7b, 0x0b, 0xe4, 0xaf, 0x57, 0x22, 0x8f, 0x69, 0x9e, - 0x18, 0x91, 0xbe, 0xf5, 0x89, 0xc6, 0xdf, 0x36, 0x72, 0x94, 0x98, 0xd3, 0x11, 0x57, 0xe5, 0x19, - 0x58, 0xc1, 0xaa, 0xac, 0xc4, 0xc4, 0x2c, 0xe6, 0xec, 0xa4, 0x7a, 0xdd, 0x8c, 0x29, 0xb5, 0x81, - 0x21, 0xa9, 0x5e, 0x03, 0xf3, 0x9b, 0xe5, 0xca, 0x8c, 0xd4, 0x70, 0x95, 0x29, 0xa1, 0x79, 0x89, - 0xe7, 0xe7, 0x86, 0xe6, 0x26, 0x2e, 0xce, 0x80, 0x7d, 0xd9, 0x14, 0xfb, 0x76, 0x62, 0xec, 0x0f, - 0x70, 0xdf, 0x35, 0xc5, 0x29, 0x6a, 0x78, 0x22, 0x4e, 0x85, 0x99, 0x5e, 0xad, 0xe4, 0x45, 0x75, - 0xe8, 0x21, 0x65, 0xee, 0x70, 0x5d, 0x4d, 0x9f, 0xd0, 0xb1, 0xfd, 0x01, 0x2e, 0x5c, 0x1c, 0x67, - 0x8b, 0x40, 0x95, 0xd2, 0xa4, 0xcb, 0xd3, 0x33, 0x79, 0xe1, 0xbf, 0xd0, 0xeb, 0xb2, 0x24, 0xd7, - 0x86, 0xab, 0xae, 0xcc, 0x4d, 0x22, 0xb8, 0x0a, 0x47, 0xdc, 0xcc, 0x14, 0x59, 0xaf, 0x1b, 0x7f, - 0x40, 0x2a, 0x0e, 0xde, 0x1a, 0x56, 0xdd, 0xf5, 0xfe, 0x7c, 0xb5, 0x3c, 0xca, 0x55, 0x65, 0xfe, - 0xee, 0xff, 0xa3, 0x85, 0x76, 0x0f, 0x85, 0x36, 0x3c, 0xe5, 0xea, 0xc8, 0xb7, 0x1d, 0x8f, 0xd0, - 0x0f, 0x29, 0x63, 0x5c, 0xeb, 0x30, 0x91, 0x51, 0x24, 0xd2, 0x28, 0xd4, 0x5c, 0x9d, 0x09, 0xc6, - 0x3b, 0xad, 0x07, 0xad, 0x8f, 0xb6, 0x7a, 0x84, 0xb8, 0xba, 0x03, 0x6a, 0xf4, 0x6a, 0x71, 0x4e, - 0x9e, 0x39, 0xbd, 0x43, 0xaf, 0x76, 0xec, 0xb5, 0x82, 0xbb, 0xb4, 0xe6, 0x29, 0xfe, 0x35, 0x42, - 0xd3, 0x82, 0xb9, 0xb3, 0xe6, 0xc8, 0x9d, 0x59, 0xda, 0x8b, 0xf2, 0x7d, 0x7f, 0xad, 0xd3, 0x0a, - 0x2a, 0xf2, 0xfb, 0xff, 0x59, 0x43, 0xef, 0x1d, 0x18, 0x93, 0xcd, 0xdb, 0xfe, 0x0c, 0x6d, 0x16, - 0xb5, 0x0c, 0x58, 0xfb, 0x01, 0x99, 0x16, 0x37, 0x75, 0x26, 0x7f, 0xa9, 0x32, 0xf6, 0x9a, 0x0f, - 0x83, 0x76, 0xe4, 0x2f, 0xf0, 0x9f, 0x5b, 0xe8, 0x41, 0x6c, 0x4c, 0x16, 0x4e, 0x4b, 0xe1, 0xf0, - 0x94, 0xa6, 0x34, 0xe2, 0x2a, 0xd4, 0xdc, 0x18, 0x91, 0x46, 0x85, 0xbd, 0x9f, 0x12, 0x57, 0xef, - 0xd4, 0x61, 0xad, 0x71, 0x83, 0x12, 0xf0, 0xd2, 0xeb, 0x1f, 0x83, 0x7a, 0xf0, 0xd3, 0xf8, 0x5d, - 0xaf, 0xf1, 0x11, 0xda, 0xae, 0x8e, 0x65, 0x67, 0xdd, 0x7d, 0xed, 0x31, 0x99, 0x09, 0x47, 0xb5, - 0x5f, 0x75, 0x02, 0x03, 0x2b, 0x10, 0x6c, 0xc5, 0xd3, 0x9b, 0xb9, 0xde, 0xbe, 0xb1, 0x64, 0x6f, - 0xa7, 0x08, 0xbf, 0x62, 0x97, 0xfa, 0xfa, 0x0d, 0xc2, 0x86, 0x65, 0x61, 0xa6, 0xe4, 0xf9, 0xc5, - 0xb4, 0x67, 0x3c, 0xfb, 0x11, 0x71, 0xb5, 0x52, 0x9d, 0x8d, 0xaf, 0x58, 0x76, 0x64, 0x55, 0xca, - 0xce, 0xd8, 0x33, 0x73, 0x4f, 0xf6, 0xff, 0x72, 0x13, 0xe1, 0x6f, 0x85, 0x32, 0x39, 0x4d, 0x0e, - 0xa4, 0x36, 0xc5, 0x07, 0x67, 0x1b, 0xd1, 0x5a, 0xae, 0x11, 0x78, 0x80, 0xda, 0x50, 0x47, 0x74, - 0x6e, 0x3a, 0xd5, 0x87, 0xa4, 0xac, 0x2b, 0xea, 0xec, 0x0c, 0xb8, 0x51, 0x17, 0x47, 0x32, 0x11, - 0xec, 0x22, 0x28, 0x34, 0xf1, 0xa7, 0xe8, 0xa6, 0x4b, 0xd9, 0x1d, 0xe4, 0x10, 0x3f, 0x23, 0x90, - 0xc0, 0xeb, 0x00, 0xc7, 0xf6, 0x55, 0xe0, 0xe5, 0x31, 0x45, 0xef, 0xf9, 0xe4, 0x64, 0x7d, 0x49, - 0x64, 0x79, 0xe2, 0x66, 0x21, 0xf8, 0xd1, 0xc7, 0xa4, 0x4c, 0x5c, 0x57, 0x8c, 0xea, 0x88, 0xab, - 0x97, 0x15, 0xbd, 0x00, 0xc7, 0x97, 0x9e, 0xe1, 0xcf, 0xd0, 0xba, 0x5d, 0xe1, 0xc0, 0x08, 0xfc, - 0x9c, 0xf8, 0xe5, 0x4e, 0x1d, 0x70, 0x20, 0x95, 0x86, 0x96, 0x39, 0x15, 0xfc, 0x06, 0xed, 0xce, - 0xa6, 0x77, 0x0d, 0x3e, 0x47, 0x88, 0x0b, 0x33, 0x84, 0x66, 0x82, 0x9c, 0xf5, 0xc8, 0x58, 0x24, - 0x86, 0x2b, 0x62, 0xbd, 0x97, 0x04, 0x32, 0x37, 0xfc, 0xd5, 0xac, 0x56, 0x30, 0x8f, 0xc1, 0xaf, - 0xd1, 0xed, 0x32, 0xda, 0x87, 0xd6, 0x88, 0xce, 0x06, 0x34, 0xb9, 0x92, 0x04, 0xea, 0x6c, 0xfc, - 0x5d, 0x1a, 0x29, 0xae, 0x75, 0x40, 0x0d, 0x3f, 0xb4, 0x52, 0xc1, 0x4e, 0xa9, 0xf0, 0x65, 0x22, - 0x25, 0x1e, 0xa1, 0x3b, 0x53, 0x30, 0x65, 0xde, 0xe8, 0x36, 0x4c, 0xcb, 0xff, 0xc1, 0x2e, 0xa1, - 0xdf, 0xda, 0x64, 0x5c, 0xfa, 0x4c, 0xb0, 0x57, 0xea, 0x3d, 0xf3, 0xc0, 0xfd, 0x7f, 0x6e, 0xa2, - 0x6d, 0xd7, 0xd0, 0xa9, 0xd3, 0x5f, 0xea, 0xa9, 0xd6, 0xf5, 0xf4, 0xd4, 0x6f, 0xd1, 0x86, 0x2b, - 0x84, 0x8a, 0xe0, 0xf2, 0x21, 0x81, 0xba, 0xa8, 0xb6, 0x05, 0x16, 0xf9, 0x85, 0x13, 0x0f, 0x40, - 0x0d, 0x7f, 0x87, 0x6e, 0xcf, 0x56, 0x7f, 0xe0, 0x09, 0x3d, 0x32, 0x5f, 0xba, 0xd5, 0x11, 0x8f, - 0x9c, 0x6a, 0xe0, 0x35, 0x83, 0x9d, 0xac, 0x7a, 0x8b, 0x3f, 0x43, 0x6d, 0x23, 0x4e, 0xb9, 0xcc, - 0x0d, 0xf8, 0xc5, 0x8f, 0x88, 0x4f, 0x2c, 0xa4, 0x48, 0x2c, 0xe4, 0x39, 0x24, 0x96, 0xfe, 0xfa, - 0x5f, 0xff, 0xf5, 0x7e, 0x2b, 0x28, 0xe4, 0xaf, 0x67, 0xda, 0xcd, 0xce, 0xfc, 0x8d, 0x25, 0x67, - 0xfe, 0x21, 0x6a, 0xc3, 0x8a, 0x0b, 0x1c, 0xc4, 0xf5, 0x88, 0x5f, 0x81, 0x5d, 0xd9, 0xb9, 0xaf, - 0xbc, 0x44, 0x19, 0xa5, 0x0a, 0x04, 0x3e, 0x44, 0xb7, 0xca, 0x15, 0x65, 0x67, 0x13, 0xc6, 0xbe, - 0xb2, 0xc6, 0xbc, 0x92, 0x78, 0x5c, 0xc8, 0x04, 0x53, 0xc0, 0x55, 0x71, 0xe1, 0xd6, 0x35, 0xc6, - 0x05, 0x9b, 0x4d, 0xa4, 0x36, 0xa5, 0x57, 0xa0, 0x22, 0x9b, 0x54, 0x0b, 0xd1, 0x5a, 0xbe, 0xd4, - 0xa6, 0x70, 0x88, 0xad, 0x78, 0x7a, 0x53, 0x46, 0x9a, 0xad, 0xe5, 0x23, 0xcd, 0x57, 0xa8, 0x9d, - 0x0c, 0x43, 0xbb, 0xba, 0xef, 0x6c, 0xc3, 0x58, 0x14, 0x8b, 0xfd, 0x2b, 0x3b, 0xce, 0x4f, 0xc6, - 0x03, 0xaa, 0xe3, 0x81, 0x4c, 0xc7, 0x22, 0x0a, 0x36, 0x92, 0xa1, 0xbd, 0xab, 0x09, 0x2e, 0x3b, - 0xff, 0xc7, 0xe0, 0x72, 0x7b, 0xc9, 0xe0, 0xe2, 0x6c, 0x7f, 0x57, 0x70, 0xf9, 0xfb, 0x1a, 0xda, - 0x7d, 0xce, 0xb5, 0x11, 0xa9, 0x1b, 0xa8, 0xe3, 0x8c, 0x33, 0xfc, 0x04, 0xdd, 0xa0, 0x93, 0x22, - 0xa6, 0x3c, 0x24, 0x6e, 0x0f, 0xad, 0xee, 0x2b, 0x73, 0x7a, 0x07, 0x3f, 0x08, 0xac, 0x1e, 0x1e, - 0xa0, 0x9b, 0x6e, 0x4b, 0x00, 0x62, 0xc8, 0x2f, 0x08, 0x6c, 0x10, 0x2c, 0x86, 0xf0, 0xba, 0xf8, - 0x29, 0x5a, 0x57, 0x5c, 0x9b, 0x32, 0x95, 0xfb, 0x1d, 0xaf, 0xc5, 0x10, 0x4e, 0xd3, 0x12, 0x6c, - 0x39, 0x05, 0xc1, 0xe2, 0x11, 0xf1, 0xbb, 0x5d, 0x0b, 0x12, 0xac, 0x70, 0x1f, 0xa3, 0xbd, 0xd1, - 0xf4, 0x55, 0x68, 0x2e, 0x32, 0xbe, 0xff, 0x7d, 0x0b, 0xdd, 0x7b, 0xcd, 0x45, 0x14, 0x1b, 0x3e, - 0xaa, 0xe8, 0x15, 0xa1, 0xf9, 0x8a, 0xa9, 0xd4, 0xba, 0xc6, 0xa9, 0x54, 0x13, 0xfd, 0xd7, 0xae, - 0x25, 0xfa, 0xef, 0x7f, 0xdf, 0x46, 0xdb, 0xdf, 0x64, 0x76, 0x42, 0xd2, 0x53, 0xe7, 0x08, 0xbf, - 0x41, 0x48, 0xeb, 0xc4, 0x16, 0xa1, 0x63, 0x11, 0x41, 0x23, 0xde, 0x9f, 0x35, 0xba, 0x94, 0xd7, - 0x09, 0x4c, 0x8c, 0x5b, 0xba, 0xb8, 0xc4, 0x2f, 0xd1, 0xde, 0xdc, 0x8e, 0x72, 0x61, 0xeb, 0xfe, - 0xdc, 0x14, 0xf5, 0x52, 0x7d, 0x2f, 0x04, 0xa0, 0x5d, 0x36, 0xf3, 0x54, 0xe3, 0x00, 0xdd, 0x9d, - 0xd9, 0x5c, 0x2e, 0x0c, 0xf3, 0x3e, 0xf2, 0x60, 0x16, 0x79, 0x28, 0xe9, 0xa8, 0x0f, 0x82, 0x00, - 0xc4, 0xc9, 0xa5, 0x67, 0xf8, 0x2b, 0x74, 0xa7, 0x52, 0x63, 0x03, 0xd0, 0xbb, 0xcc, 0xfd, 0xf9, - 0x30, 0x52, 0x88, 0x01, 0x6e, 0x8f, 0xcd, 0x3d, 0xc1, 0x03, 0xb4, 0x53, 0xad, 0x99, 0x6d, 0xb6, - 0xb9, 0xe1, 0x40, 0x33, 0x03, 0x63, 0xd7, 0x49, 0x33, 0x55, 0xf2, 0x76, 0xa5, 0x4a, 0xd6, 0xf8, - 0x18, 0xdd, 0xb9, 0xb4, 0x44, 0x83, 0x74, 0xf3, 0xc1, 0x1c, 0xc8, 0xaf, 0xe8, 0xc8, 0xd7, 0x5e, - 0xfc, 0x79, 0x21, 0x1d, 0xec, 0xc9, 0xb9, 0x27, 0xf8, 0xc7, 0xe8, 0x56, 0xae, 0x79, 0x68, 0x9d, - 0xa1, 0xe7, 0x12, 0xd0, 0x66, 0xb0, 0x99, 0x6b, 0x6e, 0x57, 0x08, 0x3d, 0x3c, 0x40, 0xeb, 0x27, - 0xf9, 0x90, 0x43, 0x22, 0x79, 0x4c, 0xaa, 0x3b, 0x67, 0x75, 0x8e, 0x5a, 0xf5, 0x11, 0x3b, 0x59, - 0xac, 0x3c, 0x1e, 0xa0, 0x0d, 0xbf, 0xaf, 0x05, 0x79, 0xe3, 0x21, 0x29, 0xb6, 0xb9, 0x16, 0x40, - 0x80, 0x2a, 0x7e, 0x82, 0xd6, 0x33, 0x91, 0x15, 0xe9, 0xe1, 0x43, 0xe2, 0x77, 0xb8, 0x16, 0xb1, - 0xc1, 0x4a, 0xe2, 0xcf, 0x7d, 0xe0, 0xda, 0x82, 0xce, 0xba, 0x32, 0x70, 0xcd, 0x29, 0xbb, 0xa8, - 0xf5, 0xb4, 0x88, 0x5a, 0x3e, 0x25, 0x7c, 0xf4, 0xae, 0xa8, 0x35, 0xa7, 0x0f, 0x21, 0x6b, 0x80, - 0x36, 0xfc, 0x0e, 0x26, 0x64, 0x80, 0x87, 0xa4, 0xd8, 0xd0, 0x5c, 0xa4, 0x07, 0xbc, 0x2c, 0x7e, - 0x81, 0xda, 0xf0, 0x5f, 0x03, 0xc4, 0xfa, 0x47, 0xa4, 0xfc, 0xef, 0x61, 0x11, 0x0c, 0x9d, 0xe8, - 0x17, 0xac, 0xd7, 0xdf, 0x45, 0x3b, 0x39, 0xbc, 0x71, 0x71, 0xab, 0xff, 0xc9, 0xdf, 0xfe, 0x7d, - 0xbf, 0xf5, 0xc7, 0x8f, 0x17, 0x5b, 0xe3, 0x67, 0x27, 0x11, 0xec, 0x4b, 0x0c, 0x37, 0x5c, 0x71, - 0xf5, 0xab, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0xcb, 0x28, 0x93, 0xb1, 0x3d, 0x1b, 0x00, 0x00, + // 1699 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x99, 0x4f, 0x73, 0xdb, 0xb8, + 0x15, 0xc0, 0x2b, 0xc7, 0xb1, 0x1c, 0xd8, 0x8e, 0x1d, 0x6c, 0xa6, 0xa3, 0xa6, 0x6d, 0x36, 0xf5, + 0x4c, 0x77, 0x37, 0xe9, 0x04, 0xda, 0xaa, 0x33, 0xbb, 0xb3, 0x3b, 0x4d, 0x9b, 0x48, 0xc9, 0xae, + 0xdb, 0x75, 0xba, 0x1e, 0x3a, 0xdd, 0x64, 0x7b, 0xe1, 0x40, 0x10, 0x44, 0x22, 0xa6, 0x09, 0x0e, + 0x00, 0x5a, 0x76, 0x4f, 0xbd, 0xf5, 0x23, 0xb4, 0x1f, 0xa1, 0x97, 0x1e, 0xfb, 0x61, 0xda, 0x4b, + 0x67, 0x7a, 0xed, 0x97, 0xe8, 0x00, 0x78, 0xa4, 0x28, 0x99, 0x4e, 0x25, 0xd1, 0x7b, 0x10, 0x09, + 0x82, 0xef, 0xfd, 0x88, 0x3f, 0x0f, 0xef, 0x3d, 0x40, 0xe8, 0xf3, 0x48, 0x98, 0x38, 0x1f, 0x12, + 0x26, 0x4f, 0xbb, 0x5a, 0x26, 0xf2, 0xb1, 0x90, 0xdd, 0x28, 0x91, 0xb2, 0x9b, 0x29, 0xf9, 0x96, + 0x33, 0xa3, 0xfd, 0x13, 0xcd, 0x44, 0xf7, 0xec, 0xe7, 0xdd, 0x2c, 0xc9, 0x23, 0x91, 0x6a, 0x92, + 0x29, 0x69, 0x24, 0xde, 0xb6, 0xaf, 0x88, 0xd5, 0x22, 0x42, 0xde, 0xfb, 0x51, 0x24, 0x65, 0x94, + 0xf0, 0xae, 0x7b, 0x37, 0xcc, 0xc7, 0x5d, 0x6d, 0x54, 0xce, 0x8c, 0x97, 0xbd, 0x77, 0x37, 0x92, + 0x91, 0x74, 0xc5, 0xae, 0x2d, 0x41, 0xed, 0x27, 0x4b, 0x7d, 0x5d, 0xeb, 0x04, 0xf4, 0x9e, 0x2c, + 0xa5, 0xc7, 0xcf, 0x0d, 0x4f, 0xb5, 0x90, 0x45, 0xc3, 0xef, 0xf5, 0x97, 0x52, 0x67, 0x42, 0xb1, + 0x5c, 0x98, 0x70, 0xa8, 0x38, 0x3d, 0xe1, 0x0a, 0x18, 0x4f, 0x97, 0x62, 0x24, 0x92, 0x8e, 0xc2, + 0x21, 0x4d, 0x68, 0xca, 0x4a, 0xc2, 0x72, 0x9d, 0x60, 0x32, 0x4d, 0x39, 0x33, 0x42, 0xa6, 0x2b, + 0x75, 0x02, 0x66, 0xae, 0x4b, 0x27, 0xee, 0x07, 0x8c, 0xdf, 0xae, 0xcc, 0xe0, 0xac, 0x67, 0xef, + 0x21, 0x67, 0x3d, 0x60, 0x3d, 0x5f, 0x89, 0xc5, 0xa4, 0xf2, 0x97, 0x46, 0x14, 0xc5, 0xb5, 0x71, + 0x97, 0x46, 0x94, 0x48, 0x65, 0xcc, 0x5d, 0x9a, 0x8d, 0x70, 0xe2, 0x7e, 0xc0, 0x38, 0x5c, 0xb9, + 0x25, 0xe1, 0x84, 0x0f, 0xcb, 0x42, 0xa3, 0x16, 0xc5, 0xec, 0xd4, 0xfe, 0x80, 0x71, 0xb0, 0x12, + 0x23, 0x19, 0xc6, 0x54, 0xc7, 0x70, 0x03, 0xd2, 0xef, 0x56, 0x22, 0xe9, 0x98, 0x8e, 0xe4, 0x44, + 0xa4, 0xd1, 0xb4, 0xd4, 0xa8, 0x77, 0x86, 0x65, 0xf6, 0xd7, 0xc8, 0xa2, 0x8d, 0xa2, 0xcc, 0xb6, + 0x08, 0xee, 0xc0, 0xfa, 0x62, 0xb5, 0xf9, 0xff, 0x63, 0xae, 0xb8, 0xbf, 0x36, 0x1a, 0x71, 0x26, + 0x53, 0x9d, 0x27, 0x70, 0x03, 0xd2, 0xd1, 0x4a, 0xa4, 0x93, 0x7c, 0xc8, 0x55, 0xca, 0x0d, 0xaf, + 0x16, 0x1b, 0x8d, 0x97, 0xe2, 0x46, 0x09, 0x5e, 0xde, 0x1b, 0xf5, 0x53, 0x1b, 0x6a, 0x04, 0x83, + 0x5b, 0xa3, 0xf5, 0x9b, 0x89, 0x8c, 0xbb, 0x4b, 0xa3, 0xf9, 0xb3, 0x0d, 0x81, 0x2b, 0x70, 0xde, + 0xac, 0x6a, 0x53, 0xa9, 0x1e, 0x4b, 0x75, 0x4a, 0xad, 0xd3, 0xee, 0x66, 0x8a, 0x8f, 0xc5, 0x79, + 0xa8, 0xf8, 0x44, 0x09, 0xc3, 0xaf, 0x93, 0x3c, 0xfb, 0x08, 0xe4, 0xaf, 0x57, 0x22, 0x8f, 0x69, + 0x9e, 0x18, 0x91, 0xbe, 0xf5, 0x81, 0xc6, 0x3f, 0x36, 0x32, 0x94, 0x98, 0xd3, 0x11, 0x57, 0xe5, + 0x1d, 0x58, 0xc1, 0xaa, 0xac, 0xc4, 0xc4, 0x2c, 0xe6, 0xec, 0xa4, 0x5a, 0x6e, 0xc6, 0x94, 0xda, + 0xc0, 0x94, 0x54, 0xcb, 0x2b, 0x4d, 0x0f, 0x4f, 0x0d, 0x57, 0x99, 0x12, 0x9a, 0x97, 0x78, 0x7e, + 0x6e, 0x68, 0x6e, 0x62, 0x48, 0x42, 0x6c, 0x11, 0xc8, 0x2f, 0x9b, 0x92, 0xdf, 0x4e, 0x8c, 0xfd, + 0x01, 0xee, 0xdb, 0xa6, 0x38, 0x45, 0x0d, 0x4f, 0xc4, 0xa9, 0x30, 0xd3, 0xd2, 0x4a, 0x86, 0x54, + 0x87, 0x1e, 0x52, 0xe6, 0x2e, 0xd7, 0xd5, 0xf5, 0x09, 0x1d, 0xdb, 0x1f, 0xe0, 0xc2, 0xc5, 0x71, + 0x36, 0x0f, 0x54, 0x29, 0x4d, 0xba, 0x3c, 0x3d, 0x93, 0x17, 0xfe, 0x0b, 0xbd, 0x2e, 0x4b, 0x72, + 0x6d, 0xb8, 0xea, 0xca, 0xdc, 0x24, 0x82, 0xab, 0x70, 0xc4, 0xcd, 0x4c, 0x9e, 0xf5, 0xba, 0xf1, + 0x07, 0xa4, 0xe2, 0x60, 0xb0, 0x61, 0xd5, 0x62, 0xef, 0xcf, 0x27, 0xcc, 0xa3, 0x5c, 0x55, 0x96, + 0xf0, 0xfe, 0x3f, 0x5a, 0x68, 0xf7, 0x50, 0x68, 0xc3, 0x53, 0xae, 0x8e, 0x7c, 0xdf, 0xf1, 0x08, + 0x7d, 0x9f, 0x32, 0xc6, 0xb5, 0x0e, 0x13, 0x19, 0x45, 0x22, 0x8d, 0x42, 0xcd, 0xd5, 0x99, 0x60, + 0xbc, 0xd3, 0x7a, 0xd0, 0xfa, 0x68, 0xab, 0x47, 0x88, 0x4b, 0x3d, 0x20, 0x4d, 0xaf, 0xe6, 0xe7, + 0xe4, 0x99, 0xd3, 0x3b, 0xf4, 0x6a, 0xc7, 0x5e, 0x2b, 0xb8, 0x4b, 0x6b, 0x6a, 0xf1, 0x2f, 0x11, + 0x9a, 0xe6, 0xcc, 0x9d, 0x35, 0x47, 0xee, 0xcc, 0xd2, 0x5e, 0x94, 0xef, 0xfb, 0x6b, 0x9d, 0x56, + 0x50, 0x91, 0xdf, 0xff, 0xef, 0x1a, 0x7a, 0xef, 0xc0, 0x98, 0x6c, 0xbe, 0xed, 0xcf, 0xd0, 0x66, + 0x91, 0xce, 0x40, 0x6b, 0x3f, 0x20, 0xd3, 0xfc, 0xa6, 0xae, 0xc9, 0x5f, 0xaa, 0x8c, 0xbd, 0xe6, + 0xc3, 0xa0, 0x1d, 0xf9, 0x02, 0xfe, 0x53, 0x0b, 0x3d, 0x88, 0x8d, 0xc9, 0xc2, 0x69, 0x36, 0x1c, + 0x9e, 0xd2, 0x94, 0x46, 0x5c, 0x85, 0x9a, 0x1b, 0x23, 0xd2, 0xa8, 0x68, 0xef, 0xa7, 0xc4, 0xa5, + 0x3c, 0x75, 0x58, 0xdb, 0xb8, 0x41, 0x09, 0x78, 0xe9, 0xf5, 0x8f, 0x41, 0x3d, 0xf8, 0x71, 0xfc, + 0xae, 0xd7, 0xf8, 0x08, 0x6d, 0x57, 0xe7, 0xb2, 0xb3, 0xee, 0xbe, 0xf6, 0x98, 0xcc, 0x78, 0xa4, + 0xda, 0xaf, 0x3a, 0x81, 0x81, 0x15, 0x08, 0xb6, 0xe2, 0xe9, 0xc3, 0xdc, 0x68, 0xdf, 0x58, 0x72, + 0xb4, 0x53, 0x84, 0x5f, 0xb1, 0x4b, 0x63, 0xfd, 0x06, 0x61, 0xc3, 0xb2, 0x30, 0x53, 0xf2, 0xfc, + 0x62, 0x3a, 0x32, 0x9e, 0xfd, 0x88, 0xb8, 0x74, 0xa9, 0xae, 0x8d, 0xaf, 0x58, 0x76, 0x64, 0x55, + 0xca, 0xc1, 0xd8, 0x33, 0x73, 0x35, 0xfb, 0x7f, 0xbe, 0x89, 0xf0, 0x37, 0x42, 0x99, 0x9c, 0x26, + 0x07, 0x52, 0x9b, 0xe2, 0x83, 0xb3, 0x9d, 0x68, 0x2d, 0xd7, 0x09, 0x3c, 0x40, 0x6d, 0x48, 0x25, + 0x3a, 0x37, 0x9d, 0xea, 0x43, 0x52, 0xa6, 0x16, 0x75, 0xed, 0x0c, 0xb8, 0x51, 0x17, 0x47, 0x32, + 0x11, 0xec, 0x22, 0x28, 0x34, 0xf1, 0xa7, 0xe8, 0xa6, 0x8b, 0xda, 0x1d, 0xe4, 0x10, 0x3f, 0x21, + 0x10, 0xc3, 0xeb, 0x00, 0xc7, 0xf6, 0x55, 0xe0, 0xe5, 0x31, 0x45, 0xef, 0xf9, 0xf8, 0x64, 0x6d, + 0x49, 0x64, 0x79, 0xe2, 0x56, 0x21, 0xd8, 0xd1, 0xc7, 0xa4, 0x8c, 0x5d, 0x57, 0xcc, 0xea, 0x88, + 0xab, 0x97, 0x15, 0xbd, 0x00, 0xc7, 0x97, 0xea, 0xf0, 0x67, 0x68, 0xdd, 0x6e, 0x72, 0x60, 0x06, + 0x7e, 0x4a, 0xfc, 0x8e, 0xa7, 0x0e, 0x38, 0x90, 0x4a, 0x43, 0xcf, 0x9c, 0x0a, 0x7e, 0x83, 0x76, + 0x67, 0x23, 0xbc, 0x06, 0x9b, 0x23, 0xc4, 0xb9, 0x19, 0x42, 0x33, 0x41, 0xce, 0x7a, 0x64, 0x2c, + 0x12, 0xc3, 0x15, 0xb1, 0xd6, 0x4b, 0x02, 0x99, 0x1b, 0xfe, 0x6a, 0x56, 0x2b, 0x98, 0xc7, 0xe0, + 0xd7, 0xe8, 0x76, 0xe9, 0xed, 0x43, 0xdb, 0x88, 0xce, 0x06, 0x74, 0xb9, 0x12, 0x04, 0xea, 0xda, + 0xf8, 0x9b, 0x34, 0x52, 0x5c, 0xeb, 0x80, 0x1a, 0x7e, 0x68, 0xa5, 0x82, 0x9d, 0x52, 0xe1, 0xcb, + 0x44, 0x4a, 0x3c, 0x42, 0x77, 0xa6, 0x60, 0xca, 0x7c, 0xa3, 0xdb, 0xb0, 0x2c, 0xff, 0x0f, 0xbb, + 0x84, 0x7e, 0x63, 0xe3, 0x71, 0x69, 0x33, 0xc1, 0x5e, 0xa9, 0xf7, 0xcc, 0x03, 0xf7, 0xff, 0xb5, + 0x89, 0xb6, 0x5d, 0x47, 0xa7, 0x46, 0x7f, 0x69, 0xa4, 0x5a, 0xd7, 0x33, 0x52, 0xbf, 0x46, 0x1b, + 0x2e, 0x17, 0x2a, 0x9c, 0xcb, 0x87, 0x04, 0x52, 0xa3, 0xda, 0x1e, 0x58, 0xe4, 0x17, 0x4e, 0x3c, + 0x00, 0x35, 0xfc, 0x2d, 0xba, 0x3d, 0x9b, 0x00, 0x82, 0x25, 0xf4, 0xc8, 0x7c, 0xf6, 0x56, 0x47, + 0x3c, 0x72, 0xaa, 0x81, 0xd7, 0x0c, 0x76, 0xb2, 0xea, 0x23, 0xfe, 0x0c, 0xb5, 0x8d, 0x38, 0xe5, + 0x32, 0x37, 0x60, 0x17, 0x3f, 0x20, 0x3e, 0xb0, 0x90, 0x22, 0xb0, 0x90, 0xe7, 0x10, 0x58, 0xfa, + 0xeb, 0x7f, 0xfd, 0xf7, 0xfb, 0xad, 0xa0, 0x90, 0xbf, 0x9e, 0x65, 0x37, 0xbb, 0xf2, 0x37, 0x96, + 0x5c, 0xf9, 0x87, 0xa8, 0x0d, 0x9b, 0x2e, 0x30, 0x10, 0x37, 0x22, 0x7e, 0x13, 0x76, 0xe5, 0xe0, + 0xbe, 0xf2, 0x12, 0xa5, 0x97, 0x2a, 0x10, 0xf8, 0x10, 0xdd, 0x2a, 0x37, 0x95, 0x9d, 0x4d, 0x98, + 0xfb, 0xca, 0x36, 0xf3, 0x4a, 0xe2, 0x71, 0x21, 0x13, 0x4c, 0x01, 0x57, 0xf9, 0x85, 0x5b, 0xd7, + 0xe8, 0x17, 0x6c, 0x34, 0x91, 0xda, 0x94, 0x56, 0x81, 0x8a, 0x68, 0x52, 0xcd, 0x45, 0x6b, 0xf9, + 0x52, 0x9b, 0xc2, 0x20, 0xb6, 0xe2, 0xe9, 0x43, 0xe9, 0x69, 0xb6, 0x96, 0xf7, 0x34, 0x5f, 0xa1, + 0x76, 0x32, 0x0c, 0xed, 0x06, 0xbf, 0xb3, 0x0d, 0x73, 0x51, 0xec, 0xf7, 0xaf, 0x1c, 0x38, 0xbf, + 0x18, 0x0f, 0xa8, 0x8e, 0x07, 0x32, 0x1d, 0x8b, 0x28, 0xd8, 0x48, 0x86, 0xf6, 0xa9, 0xc6, 0xb9, + 0xec, 0x7c, 0x87, 0xce, 0xe5, 0xf6, 0x92, 0xce, 0xc5, 0xb5, 0xfd, 0x5d, 0xce, 0xe5, 0xef, 0x6b, + 0x68, 0xf7, 0x39, 0xd7, 0x46, 0xa4, 0x6e, 0xa2, 0x8e, 0x33, 0xce, 0xf0, 0x13, 0x74, 0x83, 0x4e, + 0x0a, 0x9f, 0xf2, 0x90, 0xb8, 0x63, 0xb4, 0xba, 0xaf, 0xcc, 0xe9, 0x1d, 0x7c, 0x2f, 0xb0, 0x7a, + 0x78, 0x80, 0x6e, 0xba, 0x53, 0x01, 0xf0, 0x21, 0x3f, 0x23, 0x70, 0x46, 0xb0, 0x18, 0xc2, 0xeb, + 0xe2, 0xa7, 0x68, 0x5d, 0x71, 0x6d, 0xca, 0x50, 0xee, 0x0f, 0xbd, 0x16, 0x43, 0x38, 0x4d, 0x4b, + 0xb0, 0xe9, 0x14, 0x38, 0x8b, 0x47, 0xc4, 0x1f, 0x78, 0x2d, 0x48, 0xb0, 0xc2, 0x7d, 0x8c, 0xf6, + 0x46, 0xd3, 0x57, 0xa1, 0xb9, 0xc8, 0xf8, 0xfe, 0x5f, 0xd6, 0xd0, 0xbd, 0xd7, 0x5c, 0x44, 0xb1, + 0xe1, 0xa3, 0x8a, 0x5e, 0xe1, 0x9a, 0xaf, 0x58, 0x4a, 0xad, 0x6b, 0x5c, 0x4a, 0x35, 0xde, 0x7f, + 0xed, 0x7a, 0xbc, 0x7f, 0xb3, 0x04, 0xed, 0x9f, 0x6d, 0xb4, 0xfd, 0xfb, 0xcc, 0x2e, 0x67, 0x7a, + 0xea, 0xcc, 0xe8, 0x57, 0x08, 0x69, 0x9d, 0xd8, 0x14, 0x76, 0x2c, 0x22, 0x18, 0x82, 0xf7, 0x67, + 0x71, 0xa5, 0xbc, 0x4e, 0x60, 0x59, 0xdd, 0xd2, 0x45, 0x11, 0xbf, 0x44, 0x7b, 0x73, 0x47, 0xd2, + 0x45, 0x4f, 0xf7, 0xe7, 0x16, 0xb8, 0x97, 0xea, 0x7b, 0x21, 0x00, 0xed, 0xb2, 0x99, 0x5a, 0x8d, + 0x03, 0x74, 0x77, 0xe6, 0x74, 0xba, 0x68, 0x98, 0xef, 0xe7, 0x83, 0x59, 0xe4, 0xa1, 0xa4, 0xa3, + 0x3e, 0x08, 0x02, 0x10, 0x27, 0x97, 0xea, 0xf0, 0x57, 0xe8, 0x4e, 0x25, 0x43, 0x07, 0xa0, 0x37, + 0xb8, 0xfb, 0xf3, 0x4e, 0xa8, 0x10, 0x03, 0xdc, 0x1e, 0x9b, 0xab, 0xc1, 0x03, 0xb4, 0x53, 0xcd, + 0xb8, 0x6d, 0xac, 0xba, 0xe1, 0x40, 0x33, 0xd3, 0x6a, 0x77, 0x59, 0x33, 0x39, 0xf6, 0x76, 0x25, + 0xc7, 0xd6, 0xf8, 0x18, 0xdd, 0xb9, 0xb4, 0xc1, 0x83, 0x60, 0xf5, 0xc1, 0x1c, 0xc8, 0xef, 0x07, + 0xc9, 0xd7, 0x5e, 0xfc, 0x79, 0x21, 0x1d, 0xec, 0xc9, 0xb9, 0x1a, 0xfc, 0x43, 0x74, 0x2b, 0xd7, + 0x3c, 0xb4, 0xa6, 0xd4, 0x73, 0xe1, 0x6b, 0x33, 0xd8, 0xcc, 0x35, 0xb7, 0xfb, 0x8b, 0x1e, 0x1e, + 0xa0, 0xf5, 0x93, 0x7c, 0xc8, 0x21, 0x0c, 0x3d, 0x26, 0xd5, 0xa3, 0xb7, 0x3a, 0x33, 0xaf, 0xda, + 0x88, 0x5d, 0x6a, 0x56, 0x1e, 0x0f, 0xd0, 0x86, 0x3f, 0x18, 0x83, 0xa8, 0xf3, 0x90, 0x14, 0xe7, + 0x64, 0x0b, 0x20, 0x40, 0x15, 0x3f, 0x41, 0xeb, 0x99, 0xc8, 0x8a, 0xe0, 0xf2, 0x21, 0xf1, 0x47, + 0x64, 0x8b, 0xb4, 0xc1, 0x4a, 0xe2, 0xcf, 0xbd, 0xdb, 0xdb, 0x82, 0xc1, 0xba, 0xd2, 0xed, 0xcd, + 0x29, 0x3b, 0x9f, 0xf7, 0xb4, 0xf0, 0x79, 0x3e, 0xa0, 0x7c, 0xf4, 0x2e, 0x9f, 0x37, 0xa7, 0x0f, + 0x0e, 0x6f, 0x80, 0x36, 0xfc, 0x11, 0x28, 0xc4, 0x8f, 0x87, 0xa4, 0x38, 0x11, 0x5d, 0x64, 0x04, + 0xbc, 0x2c, 0x7e, 0x81, 0xda, 0xf0, 0x67, 0x05, 0x44, 0x8a, 0x47, 0xa4, 0xfc, 0xf3, 0x62, 0x11, + 0x0c, 0x9d, 0xe8, 0x17, 0xac, 0xd7, 0xdf, 0x45, 0x3b, 0x39, 0xbc, 0x71, 0x5e, 0xaf, 0xff, 0xc9, + 0xdf, 0xfe, 0x73, 0xbf, 0xf5, 0x87, 0x8f, 0x17, 0x3b, 0x21, 0xc8, 0x4e, 0x22, 0x38, 0xd5, 0x18, + 0x6e, 0xb8, 0xd4, 0xec, 0x17, 0xff, 0x0b, 0x00, 0x00, 0xff, 0xff, 0xf4, 0xeb, 0x7e, 0x73, 0x7e, + 0x1b, 0x00, 0x00, } func (this *ListenerPlugins) Equal(that interface{}) bool { @@ -1351,6 +1362,9 @@ func (this *WeightedDestinationPlugins) Equal(that interface{}) bool { if !this.Transformations.Equal(that1.Transformations) { return false } + if !this.Extensions.Equal(that1.Extensions) { + return false + } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } diff --git a/projects/gloo/pkg/bootstrap/opts.go b/projects/gloo/pkg/bootstrap/opts.go index 1c937edf079..7a6871d29e5 100644 --- a/projects/gloo/pkg/bootstrap/opts.go +++ b/projects/gloo/pkg/bootstrap/opts.go @@ -26,6 +26,7 @@ type Opts struct { Proxies factory.ResourceClientFactory Secrets factory.ResourceClientFactory Artifacts factory.ResourceClientFactory + AuthConfigs factory.ResourceClientFactory KubeClient kubernetes.Interface ConsulWatcher consul.ConsulWatcher WatchOpts clients.WatchOpts diff --git a/projects/gloo/pkg/syncer/envoy_translator_syncer.go b/projects/gloo/pkg/syncer/envoy_translator_syncer.go index 4867f50810a..2d021fe3807 100644 --- a/projects/gloo/pkg/syncer/envoy_translator_syncer.go +++ b/projects/gloo/pkg/syncer/envoy_translator_syncer.go @@ -52,8 +52,8 @@ func (s *translatorSyncer) syncEnvoy(ctx context.Context, snap *v1.ApiSnapshot) s.latestSnap = snap ctx = contextutils.WithLogger(ctx, "envoyTranslatorSyncer") logger := contextutils.LoggerFrom(ctx) - logger.Infof("begin sync %v (%v proxies, %v upstreams, %v endpoints, %v secrets, %v artifacts, )", snap.Hash(), - len(snap.Proxies), len(snap.Upstreams), len(snap.Endpoints), len(snap.Secrets), len(snap.Artifacts)) + logger.Infof("begin sync %v (%v proxies, %v upstreams, %v endpoints, %v secrets, %v artifacts, %v auth configs)", snap.Hash(), + len(snap.Proxies), len(snap.Upstreams), len(snap.Endpoints), len(snap.Secrets), len(snap.Artifacts), len(snap.AuthConfigs)) defer logger.Infof("end sync %v", snap.Hash()) logger.Debugf("%v", snap) diff --git a/projects/gloo/pkg/syncer/setup_syncer.go b/projects/gloo/pkg/syncer/setup_syncer.go index 7521aa6d013..ba05ef4f37a 100644 --- a/projects/gloo/pkg/syncer/setup_syncer.go +++ b/projects/gloo/pkg/syncer/setup_syncer.go @@ -10,6 +10,8 @@ import ( "github.com/solo-io/gloo/projects/gloo/pkg/validation" + extauth "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/plugins/extauth/v1" + consulapi "github.com/hashicorp/consul/api" vaultapi "github.com/hashicorp/vault/api" "github.com/solo-io/gloo/projects/gloo/pkg/upstreams/consul" @@ -357,6 +359,14 @@ func RunGlooWithExtensions(opts bootstrap.Opts, extensions Extensions) error { return err } + authConfigClient, err := extauth.NewAuthConfigClient(opts.AuthConfigs) + if err != nil { + return err + } + if err := authConfigClient.Register(); err != nil { + return err + } + // Register grpc endpoints to the grpc server xds.SetupEnvoyXds(opts.ControlPlane.GrpcServer, opts.ControlPlane.XDSServer, opts.ControlPlane.SnapshotCache) xdsHasher := xds.NewNodeHasher() @@ -417,7 +427,7 @@ func RunGlooWithExtensions(opts bootstrap.Opts, extensions Extensions) error { go errutils.AggregateErrs(watchOpts.Ctx, errs, edsErrs, "eds.gloo") - apiCache := v1.NewApiEmitter(artifactClient, endpointClient, proxyClient, upstreamGroupClient, secretClient, hybridUsClient) + apiCache := v1.NewApiEmitter(artifactClient, endpointClient, proxyClient, upstreamGroupClient, secretClient, hybridUsClient, authConfigClient) rpt := reporter.NewReporter("gloo", hybridUsClient.BaseClient(), proxyClient.BaseClient(), upstreamGroupClient.BaseClient()) t := translator.NewTranslator(sslutils.NewSslConfigTranslator(), opts.Settings, allPlugins...) @@ -579,6 +589,12 @@ func constructOpts(ctx context.Context, clientset *kubernetes.Interface, kubeCac if err != nil { return bootstrap.Opts{}, err } + + authConfigFactory, err := bootstrap.ConfigFactoryForSettings(params, extauth.AuthConfigCrd) + if err != nil { + return bootstrap.Opts{}, err + } + return bootstrap.Opts{ Upstreams: upstreamFactory, KubeServiceClient: kubeServiceClient, @@ -586,6 +602,7 @@ func constructOpts(ctx context.Context, clientset *kubernetes.Interface, kubeCac UpstreamGroups: upstreamGroupFactory, Secrets: secretFactory, Artifacts: artifactFactory, + AuthConfigs: authConfigFactory, KubeCoreCache: kubeCoreCache, }, nil } diff --git a/test/kube2e/ingress/ingress_test.go b/test/kube2e/ingress/ingress_test.go index c097fe2d354..b35f8390f01 100644 --- a/test/kube2e/ingress/ingress_test.go +++ b/test/kube2e/ingress/ingress_test.go @@ -39,15 +39,8 @@ var _ = Describe("Kube2e: Ingress", func() { }, Spec: v1beta1.IngressSpec{ Backend: backend, - //TLS: []v1beta1.IngressTLS{ - // { - // Hosts: []string{"some.host"}, - // SecretName: "doesntexistanyway", - // }, - //}, Rules: []v1beta1.IngressRule{ { - //Host: "some.host", IngressRuleValue: v1beta1.IngressRuleValue{ HTTP: &v1beta1.HTTPIngressRuleValue{ Paths: []v1beta1.HTTPIngressPath{ diff --git a/test/services/gateway.go b/test/services/gateway.go index 6fa7c9f79ee..393c0b2bdd4 100644 --- a/test/services/gateway.go +++ b/test/services/gateway.go @@ -238,6 +238,7 @@ func defaultGlooOpts(ctx context.Context, runOptions *RunOptions) bootstrap.Opts Proxies: f, Secrets: f, Artifacts: f, + AuthConfigs: f, KubeServiceClient: newServiceClient(ctx, f, runOptions), WatchNamespaces: runOptions.NsToWatch, WatchOpts: clients.WatchOpts{