envoy_types/lib.rs
1/*!
2Collection of protobuf types and other assets to work with the [Envoy Proxy]
3through Rust gRPC services.
4
5Among other use cases, this crate can be used to implement an
6[Envoy External Authorization] (ExtAuthz) gRPC Server written in Rust.
7
8# Getting Started
9
10### Rust Version
11
12This project's MSRV is `1.75`.
13
14### Dependencies
15
16```toml
17[dependencies]
18envoy-types = "<envoy-types-version>"
19```
20
21The protobuf types made available are already pre-compiled, so you only need the
22latest stable Protocol Buffer Compiler (`protoc`) to run the crate's tests.
23Generated code may vary across `protoc` versions, and the use of the latest
24stable version is enforced by CI.
25Installation instructions can be found [here][protoc-install].
26
27# Examples
28
29The example bellow covers a bare-bones implementation of an Envoy ExtAuthz gRPC
30`AuthorizationServer`, with [`tonic`]. A more complete implementation, including
31query parameters and header manipulation, can be found at the [examples]
32directory.
33
34```rust
35use std::env;
36use tonic::{transport::Server, Request, Response, Status};
37
38use envoy_types::ext_authz::v3::pb::{
39 Authorization, AuthorizationServer, CheckRequest, CheckResponse,
40};
41use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt};
42
43#[derive(Default)]
44struct MyServer;
45
46#[tonic::async_trait]
47impl Authorization for MyServer {
48 async fn check(
49 &self,
50 request: Request<CheckRequest>,
51 ) -> Result<Response<CheckResponse>, Status> {
52 let request = request.into_inner();
53
54 let client_headers = request
55 .get_client_headers()
56 .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?;
57
58 let mut request_status = Status::unauthenticated("not authorized");
59
60 if let Some(authorization) = client_headers.get("authorization") {
61 if authorization == "Bearer valid-token" {
62 request_status = Status::ok("request is valid");
63 }
64 }
65
66 Ok(Response::new(CheckResponse::with_status(request_status)))
67 }
68}
69
70// #[tokio::main]
71// async fn main() -> Result<(), Box<dyn std::error::Error>> {
72// let server_port = env::var("SERVER_PORT").unwrap_or("50051".into());
73// let addr = format!("0.0.0.0:{server_port}").parse().unwrap();
74// let server = MyServer;
75
76// println!("AuthorizationServer listening on {addr}");
77
78// Server::builder()
79// .add_service(AuthorizationServer::new(server))
80// .serve(addr)
81// .await?;
82
83// Ok(())
84// }
85```
86
87# Compatibility
88
89The table bellow outlines the correspondence between the versions of [`tonic`]
90and the compatible versions of [`envoy-types`].
91
92`tonic` | `envoy-types`
93:- | :-
94v0.14 | [v0.7](https://crates.io/crates/envoy-types/0.7.1)
95v0.13 | [v0.6](https://crates.io/crates/envoy-types/0.6.1)
96v0.12 | [v0.5](https://crates.io/crates/envoy-types/0.5.6)
97v0.11 | [v0.4](https://crates.io/crates/envoy-types/0.4.0)
98v0.10 | [v0.3](https://crates.io/crates/envoy-types/0.3.0)
99v0.9 | [v0.2](https://crates.io/crates/envoy-types/0.2.0)
100
101[Envoy Proxy]: https://www.envoyproxy.io
102[Envoy External Authorization]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter
103[protoc-install]: https://grpc.io/docs/protoc-installation/
104[`tonic`]: https://github.com/hyperium/tonic
105[examples]: https://github.com/flemosr/envoy-types/tree/main/examples
106[`envoy-types`]: https://crates.io/crates/envoy-types
107*/
108
109#![warn(missing_debug_implementations, rust_2018_idioms)]
110#![allow(missing_docs, rustdoc::invalid_html_tags, rustdoc::bare_urls)]
111
112#[rustfmt::skip]
113#[allow(clippy::all)]
114mod generated;
115
116/// Compiled protobuf types
117pub mod pb {
118 pub use crate::generated::*;
119}
120
121/// Convenience mod for `ext_authz` server implementation
122pub mod ext_authz;
123pub mod util;
124
125mod sealed {
126 pub trait Sealed {}
127}