xds_api/generated/envoy.service.auth.v3.rs
1// This file is @generated by prost-build.
2/// An attribute is a piece of metadata that describes an activity on a network.
3/// For example, the size of an HTTP request, or the status code of an HTTP response.
4///
5/// Each attribute has a type and a name, which is logically defined as a proto message field
6/// of the ``AttributeContext``. The ``AttributeContext`` is a collection of individual attributes
7/// supported by Envoy authorization system.
8/// [#comment: The following items are left out of this proto
9/// Request.Auth field for jwt tokens
10/// Request.Api for api management
11/// Origin peer that originated the request
12/// Caching Protocol
13/// request_context return values to inject back into the filter chain
14/// peer.claims -- from X.509 extensions
15/// Configuration
16/// - field mask to send
17/// - which return values from request_context are copied back
18/// - which return values are copied into request_headers]
19/// \[#next-free-field: 14\]
20#[derive(Clone, PartialEq, ::prost::Message)]
21pub struct AttributeContext {
22 /// The source of a network activity, such as starting a TCP connection.
23 /// In a multi hop network activity, the source represents the sender of the
24 /// last hop.
25 #[prost(message, optional, tag = "1")]
26 pub source: ::core::option::Option<attribute_context::Peer>,
27 /// The destination of a network activity, such as accepting a TCP connection.
28 /// In a multi hop network activity, the destination represents the receiver of
29 /// the last hop.
30 #[prost(message, optional, tag = "2")]
31 pub destination: ::core::option::Option<attribute_context::Peer>,
32 /// Represents a network request, such as an HTTP request.
33 #[prost(message, optional, tag = "4")]
34 pub request: ::core::option::Option<attribute_context::Request>,
35 /// This is analogous to http_request.headers, however these contents will not be sent to the
36 /// upstream server. Context_extensions provide an extension mechanism for sending additional
37 /// information to the auth server without modifying the proto definition. It maps to the
38 /// internal opaque context in the filter chain.
39 #[prost(map = "string, string", tag = "10")]
40 pub context_extensions: ::std::collections::HashMap<
41 ::prost::alloc::string::String,
42 ::prost::alloc::string::String,
43 >,
44 /// Dynamic metadata associated with the request.
45 #[prost(message, optional, tag = "11")]
46 pub metadata_context: ::core::option::Option<
47 super::super::super::config::core::v3::Metadata,
48 >,
49 /// Metadata associated with the selected route.
50 #[prost(message, optional, tag = "13")]
51 pub route_metadata_context: ::core::option::Option<
52 super::super::super::config::core::v3::Metadata,
53 >,
54 /// TLS session details of the underlying connection.
55 /// This is not populated by default and will be populated only if the ext_authz filter has
56 /// been specifically configured to include this information.
57 /// For HTTP ext_authz, that requires :ref:`include_tls_session <config_http_filters_ext_authz>`
58 /// to be set to true.
59 /// For network ext_authz, that requires :ref:`include_tls_session <config_network_filters_ext_authz>`
60 /// to be set to true.
61 #[prost(message, optional, tag = "12")]
62 pub tls_session: ::core::option::Option<attribute_context::TlsSession>,
63}
64/// Nested message and enum types in `AttributeContext`.
65pub mod attribute_context {
66 /// This message defines attributes for a node that handles a network request.
67 /// The node can be either a service or an application that sends, forwards,
68 /// or receives the request. Service peers should fill in the ``service``,
69 /// ``principal``, and ``labels`` as appropriate.
70 /// \[#next-free-field: 6\]
71 #[derive(Clone, PartialEq, ::prost::Message)]
72 pub struct Peer {
73 /// The address of the peer, this is typically the IP address.
74 /// It can also be UDS path, or others.
75 #[prost(message, optional, tag = "1")]
76 pub address: ::core::option::Option<
77 super::super::super::super::config::core::v3::Address,
78 >,
79 /// The canonical service name of the peer.
80 /// It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster
81 /// <config_http_conn_man_headers_downstream-service-cluster>`
82 /// If a more trusted source of the service name is available through mTLS/secure naming, it
83 /// should be used.
84 #[prost(string, tag = "2")]
85 pub service: ::prost::alloc::string::String,
86 /// The labels associated with the peer.
87 /// These could be pod labels for Kubernetes or tags for VMs.
88 /// The source of the labels could be an X.509 certificate or other configuration.
89 #[prost(map = "string, string", tag = "3")]
90 pub labels: ::std::collections::HashMap<
91 ::prost::alloc::string::String,
92 ::prost::alloc::string::String,
93 >,
94 /// The authenticated identity of this peer.
95 /// For example, the identity associated with the workload such as a service account.
96 /// If an X.509 certificate is used to assert the identity this field should be sourced from
97 /// ``URI Subject Alternative Names``, ``DNS Subject Alternate Names`` or ``Subject`` in that order.
98 /// The primary identity should be the principal. The principal format is issuer specific.
99 ///
100 /// Examples:
101 ///
102 /// - SPIFFE format is ``spiffe://trust-domain/path``.
103 /// - Google account format is ``<https://accounts.google.com/{userid}``.>
104 #[prost(string, tag = "4")]
105 pub principal: ::prost::alloc::string::String,
106 /// The X.509 certificate used to authenticate the identify of this peer.
107 /// When present, the certificate contents are encoded in URL and PEM format.
108 #[prost(string, tag = "5")]
109 pub certificate: ::prost::alloc::string::String,
110 }
111 impl ::prost::Name for Peer {
112 const NAME: &'static str = "Peer";
113 const PACKAGE: &'static str = "envoy.service.auth.v3";
114 fn full_name() -> ::prost::alloc::string::String {
115 "envoy.service.auth.v3.AttributeContext.Peer".into()
116 }
117 fn type_url() -> ::prost::alloc::string::String {
118 "type.googleapis.com/envoy.service.auth.v3.AttributeContext.Peer".into()
119 }
120 }
121 /// Represents a network request, such as an HTTP request.
122 #[derive(Clone, PartialEq, ::prost::Message)]
123 pub struct Request {
124 /// The timestamp when the proxy receives the first byte of the request.
125 #[prost(message, optional, tag = "1")]
126 pub time: ::core::option::Option<
127 super::super::super::super::super::google::protobuf::Timestamp,
128 >,
129 /// Represents an HTTP request or an HTTP-like request.
130 #[prost(message, optional, tag = "2")]
131 pub http: ::core::option::Option<HttpRequest>,
132 }
133 impl ::prost::Name for Request {
134 const NAME: &'static str = "Request";
135 const PACKAGE: &'static str = "envoy.service.auth.v3";
136 fn full_name() -> ::prost::alloc::string::String {
137 "envoy.service.auth.v3.AttributeContext.Request".into()
138 }
139 fn type_url() -> ::prost::alloc::string::String {
140 "type.googleapis.com/envoy.service.auth.v3.AttributeContext.Request".into()
141 }
142 }
143 /// This message defines attributes for an HTTP request.
144 /// HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests.
145 /// \[#next-free-field: 14\]
146 #[derive(Clone, PartialEq, ::prost::Message)]
147 pub struct HttpRequest {
148 /// The unique ID for a request, which can be propagated to downstream
149 /// systems. The ID should have low probability of collision
150 /// within a single day for a specific service.
151 /// For HTTP requests, it should be X-Request-ID or equivalent.
152 #[prost(string, tag = "1")]
153 pub id: ::prost::alloc::string::String,
154 /// The HTTP request method, such as ``GET``, ``POST``.
155 #[prost(string, tag = "2")]
156 pub method: ::prost::alloc::string::String,
157 /// The HTTP request headers. If multiple headers share the same key, they
158 /// must be merged according to the HTTP spec. All header keys must be
159 /// lower-cased, because HTTP header keys are case-insensitive.
160 /// Header value is encoded as UTF-8 string. Non-UTF-8 characters will be replaced by "!".
161 /// This field will not be set if
162 /// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
163 /// is set to true.
164 #[prost(map = "string, string", tag = "3")]
165 pub headers: ::std::collections::HashMap<
166 ::prost::alloc::string::String,
167 ::prost::alloc::string::String,
168 >,
169 /// A list of the raw HTTP request headers. This is used instead of
170 /// :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>` when
171 /// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
172 /// is set to true.
173 ///
174 /// Note that this is not actually a map type. ``header_map`` contains a single repeated field
175 /// ``headers``.
176 ///
177 /// Here, only the ``key`` and ``raw_value`` fields will be populated for each HeaderValue, and
178 /// that is only when
179 /// :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
180 /// is set to true.
181 ///
182 /// Also, unlike the
183 /// :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>`
184 /// field, headers with the same key are not combined into a single comma separated header.
185 #[prost(message, optional, tag = "13")]
186 pub header_map: ::core::option::Option<
187 super::super::super::super::config::core::v3::HeaderMap,
188 >,
189 /// The request target, as it appears in the first line of the HTTP request. This includes
190 /// the URL path and query-string. No decoding is performed.
191 #[prost(string, tag = "4")]
192 pub path: ::prost::alloc::string::String,
193 /// The HTTP request ``Host`` or ``:authority`` header value.
194 #[prost(string, tag = "5")]
195 pub host: ::prost::alloc::string::String,
196 /// The HTTP URL scheme, such as ``http`` and ``https``.
197 #[prost(string, tag = "6")]
198 pub scheme: ::prost::alloc::string::String,
199 /// This field is always empty, and exists for compatibility reasons. The HTTP URL query is
200 /// included in ``path`` field.
201 #[prost(string, tag = "7")]
202 pub query: ::prost::alloc::string::String,
203 /// This field is always empty, and exists for compatibility reasons. The URL fragment is
204 /// not submitted as part of HTTP requests; it is unknowable.
205 #[prost(string, tag = "8")]
206 pub fragment: ::prost::alloc::string::String,
207 /// The HTTP request size in bytes. If unknown, it must be -1.
208 #[prost(int64, tag = "9")]
209 pub size: i64,
210 /// The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2".
211 ///
212 /// See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all
213 /// possible values.
214 #[prost(string, tag = "10")]
215 pub protocol: ::prost::alloc::string::String,
216 /// The HTTP request body.
217 #[prost(string, tag = "11")]
218 pub body: ::prost::alloc::string::String,
219 /// The HTTP request body in bytes. This is used instead of
220 /// :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when
221 /// :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>`
222 /// is set to true.
223 #[prost(bytes = "vec", tag = "12")]
224 pub raw_body: ::prost::alloc::vec::Vec<u8>,
225 }
226 impl ::prost::Name for HttpRequest {
227 const NAME: &'static str = "HttpRequest";
228 const PACKAGE: &'static str = "envoy.service.auth.v3";
229 fn full_name() -> ::prost::alloc::string::String {
230 "envoy.service.auth.v3.AttributeContext.HttpRequest".into()
231 }
232 fn type_url() -> ::prost::alloc::string::String {
233 "type.googleapis.com/envoy.service.auth.v3.AttributeContext.HttpRequest"
234 .into()
235 }
236 }
237 /// This message defines attributes for the underlying TLS session.
238 #[derive(Clone, PartialEq, ::prost::Message)]
239 pub struct TlsSession {
240 /// SNI used for TLS session.
241 #[prost(string, tag = "1")]
242 pub sni: ::prost::alloc::string::String,
243 }
244 impl ::prost::Name for TlsSession {
245 const NAME: &'static str = "TLSSession";
246 const PACKAGE: &'static str = "envoy.service.auth.v3";
247 fn full_name() -> ::prost::alloc::string::String {
248 "envoy.service.auth.v3.AttributeContext.TLSSession".into()
249 }
250 fn type_url() -> ::prost::alloc::string::String {
251 "type.googleapis.com/envoy.service.auth.v3.AttributeContext.TLSSession"
252 .into()
253 }
254 }
255}
256impl ::prost::Name for AttributeContext {
257 const NAME: &'static str = "AttributeContext";
258 const PACKAGE: &'static str = "envoy.service.auth.v3";
259 fn full_name() -> ::prost::alloc::string::String {
260 "envoy.service.auth.v3.AttributeContext".into()
261 }
262 fn type_url() -> ::prost::alloc::string::String {
263 "type.googleapis.com/envoy.service.auth.v3.AttributeContext".into()
264 }
265}
266#[derive(Clone, PartialEq, ::prost::Message)]
267pub struct CheckRequest {
268 /// The request attributes.
269 #[prost(message, optional, tag = "1")]
270 pub attributes: ::core::option::Option<AttributeContext>,
271}
272impl ::prost::Name for CheckRequest {
273 const NAME: &'static str = "CheckRequest";
274 const PACKAGE: &'static str = "envoy.service.auth.v3";
275 fn full_name() -> ::prost::alloc::string::String {
276 "envoy.service.auth.v3.CheckRequest".into()
277 }
278 fn type_url() -> ::prost::alloc::string::String {
279 "type.googleapis.com/envoy.service.auth.v3.CheckRequest".into()
280 }
281}
282/// HTTP attributes for a denied response.
283#[derive(Clone, PartialEq, ::prost::Message)]
284pub struct DeniedHttpResponse {
285 /// This field allows the authorization service to send an HTTP response status code to the
286 /// downstream client. If not set, Envoy sends ``403 Forbidden`` HTTP status code by default.
287 #[prost(message, optional, tag = "1")]
288 pub status: ::core::option::Option<super::super::super::r#type::v3::HttpStatus>,
289 /// This field allows the authorization service to send HTTP response headers
290 /// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
291 /// false when used in this message.
292 #[prost(message, repeated, tag = "2")]
293 pub headers: ::prost::alloc::vec::Vec<
294 super::super::super::config::core::v3::HeaderValueOption,
295 >,
296 /// This field allows the authorization service to send a response body data
297 /// to the downstream client.
298 #[prost(string, tag = "3")]
299 pub body: ::prost::alloc::string::String,
300}
301impl ::prost::Name for DeniedHttpResponse {
302 const NAME: &'static str = "DeniedHttpResponse";
303 const PACKAGE: &'static str = "envoy.service.auth.v3";
304 fn full_name() -> ::prost::alloc::string::String {
305 "envoy.service.auth.v3.DeniedHttpResponse".into()
306 }
307 fn type_url() -> ::prost::alloc::string::String {
308 "type.googleapis.com/envoy.service.auth.v3.DeniedHttpResponse".into()
309 }
310}
311/// HTTP attributes for an OK response.
312/// \[#next-free-field: 9\]
313#[derive(Clone, PartialEq, ::prost::Message)]
314pub struct OkHttpResponse {
315 /// HTTP entity headers in addition to the original request headers. This allows the authorization
316 /// service to append, to add or to override headers from the original request before
317 /// dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
318 /// false when used in this message. By setting the ``append`` field to ``true``,
319 /// the filter will append the correspondent header value to the matched request header.
320 /// By leaving ``append`` as false, the filter will either add a new header, or override an existing
321 /// one if there is a match.
322 #[prost(message, repeated, tag = "2")]
323 pub headers: ::prost::alloc::vec::Vec<
324 super::super::super::config::core::v3::HeaderValueOption,
325 >,
326 /// HTTP entity headers to remove from the original request before dispatching
327 /// it to the upstream. This allows the authorization service to act on auth
328 /// related headers (like ``Authorization``), process them, and consume them.
329 /// Under this model, the upstream will either receive the request (if it's
330 /// authorized) or not receive it (if it's not), but will not see headers
331 /// containing authorization credentials.
332 ///
333 /// Pseudo headers (such as ``:authority``, ``:method``, ``:path`` etc), as well as
334 /// the header ``Host``, may not be removed as that would make the request
335 /// malformed. If mentioned in ``headers_to_remove`` these special headers will
336 /// be ignored.
337 ///
338 /// When using the HTTP service this must instead be set by the HTTP
339 /// authorization service as a comma separated list like so:
340 /// ``x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header``.
341 #[prost(string, repeated, tag = "5")]
342 pub headers_to_remove: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
343 /// This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
344 /// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
345 /// setting this field overrides :ref:`CheckResponse.dynamic_metadata
346 /// <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
347 #[deprecated]
348 #[prost(message, optional, tag = "3")]
349 pub dynamic_metadata: ::core::option::Option<
350 super::super::super::super::google::protobuf::Struct,
351 >,
352 /// This field allows the authorization service to send HTTP response headers
353 /// to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
354 /// defaults to false when used in this message.
355 #[prost(message, repeated, tag = "6")]
356 pub response_headers_to_add: ::prost::alloc::vec::Vec<
357 super::super::super::config::core::v3::HeaderValueOption,
358 >,
359 /// This field allows the authorization service to set (and overwrite) query
360 /// string parameters on the original request before it is sent upstream.
361 #[prost(message, repeated, tag = "7")]
362 pub query_parameters_to_set: ::prost::alloc::vec::Vec<
363 super::super::super::config::core::v3::QueryParameter,
364 >,
365 /// This field allows the authorization service to specify which query parameters
366 /// should be removed from the original request before it is sent upstream. Each
367 /// element in this list is a case-sensitive query parameter name to be removed.
368 #[prost(string, repeated, tag = "8")]
369 pub query_parameters_to_remove: ::prost::alloc::vec::Vec<
370 ::prost::alloc::string::String,
371 >,
372}
373impl ::prost::Name for OkHttpResponse {
374 const NAME: &'static str = "OkHttpResponse";
375 const PACKAGE: &'static str = "envoy.service.auth.v3";
376 fn full_name() -> ::prost::alloc::string::String {
377 "envoy.service.auth.v3.OkHttpResponse".into()
378 }
379 fn type_url() -> ::prost::alloc::string::String {
380 "type.googleapis.com/envoy.service.auth.v3.OkHttpResponse".into()
381 }
382}
383/// Intended for gRPC and Network Authorization servers ``only``.
384#[derive(Clone, PartialEq, ::prost::Message)]
385pub struct CheckResponse {
386 /// Status ``OK`` allows the request. Any other status indicates the request should be denied, and
387 /// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
388 /// Envoy sends ``403 Forbidden`` HTTP status code by default.
389 #[prost(message, optional, tag = "1")]
390 pub status: ::core::option::Option<super::super::super::super::google::rpc::Status>,
391 /// Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
392 /// filter. This metadata lives in a namespace specified by the canonical name of extension filter
393 /// that requires it:
394 ///
395 /// - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
396 /// - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
397 #[prost(message, optional, tag = "4")]
398 pub dynamic_metadata: ::core::option::Option<
399 super::super::super::super::google::protobuf::Struct,
400 >,
401 /// An message that contains HTTP response attributes. This message is
402 /// used when the authorization service needs to send custom responses to the
403 /// downstream client or, to modify/add request headers being dispatched to the upstream.
404 #[prost(oneof = "check_response::HttpResponse", tags = "2, 3")]
405 pub http_response: ::core::option::Option<check_response::HttpResponse>,
406}
407/// Nested message and enum types in `CheckResponse`.
408pub mod check_response {
409 /// An message that contains HTTP response attributes. This message is
410 /// used when the authorization service needs to send custom responses to the
411 /// downstream client or, to modify/add request headers being dispatched to the upstream.
412 #[derive(Clone, PartialEq, ::prost::Oneof)]
413 pub enum HttpResponse {
414 /// Supplies http attributes for a denied response.
415 #[prost(message, tag = "2")]
416 DeniedResponse(super::DeniedHttpResponse),
417 /// Supplies http attributes for an ok response.
418 #[prost(message, tag = "3")]
419 OkResponse(super::OkHttpResponse),
420 }
421}
422impl ::prost::Name for CheckResponse {
423 const NAME: &'static str = "CheckResponse";
424 const PACKAGE: &'static str = "envoy.service.auth.v3";
425 fn full_name() -> ::prost::alloc::string::String {
426 "envoy.service.auth.v3.CheckResponse".into()
427 }
428 fn type_url() -> ::prost::alloc::string::String {
429 "type.googleapis.com/envoy.service.auth.v3.CheckResponse".into()
430 }
431}
432/// Generated client implementations.
433pub mod authorization_client {
434 #![allow(
435 unused_variables,
436 dead_code,
437 missing_docs,
438 clippy::wildcard_imports,
439 clippy::let_unit_value,
440 )]
441 use tonic::codegen::*;
442 use tonic::codegen::http::Uri;
443 /// A generic interface for performing authorization check on incoming
444 /// requests to a networked service.
445 #[derive(Debug, Clone)]
446 pub struct AuthorizationClient<T> {
447 inner: tonic::client::Grpc<T>,
448 }
449 impl<T> AuthorizationClient<T>
450 where
451 T: tonic::client::GrpcService<tonic::body::BoxBody>,
452 T::Error: Into<StdError>,
453 T::ResponseBody: Body<Data = Bytes> + std::marker::Send + 'static,
454 <T::ResponseBody as Body>::Error: Into<StdError> + std::marker::Send,
455 {
456 pub fn new(inner: T) -> Self {
457 let inner = tonic::client::Grpc::new(inner);
458 Self { inner }
459 }
460 pub fn with_origin(inner: T, origin: Uri) -> Self {
461 let inner = tonic::client::Grpc::with_origin(inner, origin);
462 Self { inner }
463 }
464 pub fn with_interceptor<F>(
465 inner: T,
466 interceptor: F,
467 ) -> AuthorizationClient<InterceptedService<T, F>>
468 where
469 F: tonic::service::Interceptor,
470 T::ResponseBody: Default,
471 T: tonic::codegen::Service<
472 http::Request<tonic::body::BoxBody>,
473 Response = http::Response<
474 <T as tonic::client::GrpcService<tonic::body::BoxBody>>::ResponseBody,
475 >,
476 >,
477 <T as tonic::codegen::Service<
478 http::Request<tonic::body::BoxBody>,
479 >>::Error: Into<StdError> + std::marker::Send + std::marker::Sync,
480 {
481 AuthorizationClient::new(InterceptedService::new(inner, interceptor))
482 }
483 /// Compress requests with the given encoding.
484 ///
485 /// This requires the server to support it otherwise it might respond with an
486 /// error.
487 #[must_use]
488 pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
489 self.inner = self.inner.send_compressed(encoding);
490 self
491 }
492 /// Enable decompressing responses.
493 #[must_use]
494 pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
495 self.inner = self.inner.accept_compressed(encoding);
496 self
497 }
498 /// Limits the maximum size of a decoded message.
499 ///
500 /// Default: `4MB`
501 #[must_use]
502 pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
503 self.inner = self.inner.max_decoding_message_size(limit);
504 self
505 }
506 /// Limits the maximum size of an encoded message.
507 ///
508 /// Default: `usize::MAX`
509 #[must_use]
510 pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
511 self.inner = self.inner.max_encoding_message_size(limit);
512 self
513 }
514 /// Performs authorization check based on the attributes associated with the
515 /// incoming request, and returns status `OK` or not `OK`.
516 pub async fn check(
517 &mut self,
518 request: impl tonic::IntoRequest<super::CheckRequest>,
519 ) -> std::result::Result<tonic::Response<super::CheckResponse>, tonic::Status> {
520 self.inner
521 .ready()
522 .await
523 .map_err(|e| {
524 tonic::Status::unknown(
525 format!("Service was not ready: {}", e.into()),
526 )
527 })?;
528 let codec = tonic::codec::ProstCodec::default();
529 let path = http::uri::PathAndQuery::from_static(
530 "/envoy.service.auth.v3.Authorization/Check",
531 );
532 let mut req = request.into_request();
533 req.extensions_mut()
534 .insert(GrpcMethod::new("envoy.service.auth.v3.Authorization", "Check"));
535 self.inner.unary(req, path, codec).await
536 }
537 }
538}
539/// Generated server implementations.
540pub mod authorization_server {
541 #![allow(
542 unused_variables,
543 dead_code,
544 missing_docs,
545 clippy::wildcard_imports,
546 clippy::let_unit_value,
547 )]
548 use tonic::codegen::*;
549 /// Generated trait containing gRPC methods that should be implemented for use with AuthorizationServer.
550 #[async_trait]
551 pub trait Authorization: std::marker::Send + std::marker::Sync + 'static {
552 /// Performs authorization check based on the attributes associated with the
553 /// incoming request, and returns status `OK` or not `OK`.
554 async fn check(
555 &self,
556 request: tonic::Request<super::CheckRequest>,
557 ) -> std::result::Result<tonic::Response<super::CheckResponse>, tonic::Status>;
558 }
559 /// A generic interface for performing authorization check on incoming
560 /// requests to a networked service.
561 #[derive(Debug)]
562 pub struct AuthorizationServer<T> {
563 inner: Arc<T>,
564 accept_compression_encodings: EnabledCompressionEncodings,
565 send_compression_encodings: EnabledCompressionEncodings,
566 max_decoding_message_size: Option<usize>,
567 max_encoding_message_size: Option<usize>,
568 }
569 impl<T> AuthorizationServer<T> {
570 pub fn new(inner: T) -> Self {
571 Self::from_arc(Arc::new(inner))
572 }
573 pub fn from_arc(inner: Arc<T>) -> Self {
574 Self {
575 inner,
576 accept_compression_encodings: Default::default(),
577 send_compression_encodings: Default::default(),
578 max_decoding_message_size: None,
579 max_encoding_message_size: None,
580 }
581 }
582 pub fn with_interceptor<F>(
583 inner: T,
584 interceptor: F,
585 ) -> InterceptedService<Self, F>
586 where
587 F: tonic::service::Interceptor,
588 {
589 InterceptedService::new(Self::new(inner), interceptor)
590 }
591 /// Enable decompressing requests with the given encoding.
592 #[must_use]
593 pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
594 self.accept_compression_encodings.enable(encoding);
595 self
596 }
597 /// Compress responses with the given encoding, if the client supports it.
598 #[must_use]
599 pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
600 self.send_compression_encodings.enable(encoding);
601 self
602 }
603 /// Limits the maximum size of a decoded message.
604 ///
605 /// Default: `4MB`
606 #[must_use]
607 pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
608 self.max_decoding_message_size = Some(limit);
609 self
610 }
611 /// Limits the maximum size of an encoded message.
612 ///
613 /// Default: `usize::MAX`
614 #[must_use]
615 pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
616 self.max_encoding_message_size = Some(limit);
617 self
618 }
619 }
620 impl<T, B> tonic::codegen::Service<http::Request<B>> for AuthorizationServer<T>
621 where
622 T: Authorization,
623 B: Body + std::marker::Send + 'static,
624 B::Error: Into<StdError> + std::marker::Send + 'static,
625 {
626 type Response = http::Response<tonic::body::BoxBody>;
627 type Error = std::convert::Infallible;
628 type Future = BoxFuture<Self::Response, Self::Error>;
629 fn poll_ready(
630 &mut self,
631 _cx: &mut Context<'_>,
632 ) -> Poll<std::result::Result<(), Self::Error>> {
633 Poll::Ready(Ok(()))
634 }
635 fn call(&mut self, req: http::Request<B>) -> Self::Future {
636 match req.uri().path() {
637 "/envoy.service.auth.v3.Authorization/Check" => {
638 #[allow(non_camel_case_types)]
639 struct CheckSvc<T: Authorization>(pub Arc<T>);
640 impl<
641 T: Authorization,
642 > tonic::server::UnaryService<super::CheckRequest> for CheckSvc<T> {
643 type Response = super::CheckResponse;
644 type Future = BoxFuture<
645 tonic::Response<Self::Response>,
646 tonic::Status,
647 >;
648 fn call(
649 &mut self,
650 request: tonic::Request<super::CheckRequest>,
651 ) -> Self::Future {
652 let inner = Arc::clone(&self.0);
653 let fut = async move {
654 <T as Authorization>::check(&inner, request).await
655 };
656 Box::pin(fut)
657 }
658 }
659 let accept_compression_encodings = self.accept_compression_encodings;
660 let send_compression_encodings = self.send_compression_encodings;
661 let max_decoding_message_size = self.max_decoding_message_size;
662 let max_encoding_message_size = self.max_encoding_message_size;
663 let inner = self.inner.clone();
664 let fut = async move {
665 let method = CheckSvc(inner);
666 let codec = tonic::codec::ProstCodec::default();
667 let mut grpc = tonic::server::Grpc::new(codec)
668 .apply_compression_config(
669 accept_compression_encodings,
670 send_compression_encodings,
671 )
672 .apply_max_message_size_config(
673 max_decoding_message_size,
674 max_encoding_message_size,
675 );
676 let res = grpc.unary(method, req).await;
677 Ok(res)
678 };
679 Box::pin(fut)
680 }
681 _ => {
682 Box::pin(async move {
683 let mut response = http::Response::new(empty_body());
684 let headers = response.headers_mut();
685 headers
686 .insert(
687 tonic::Status::GRPC_STATUS,
688 (tonic::Code::Unimplemented as i32).into(),
689 );
690 headers
691 .insert(
692 http::header::CONTENT_TYPE,
693 tonic::metadata::GRPC_CONTENT_TYPE,
694 );
695 Ok(response)
696 })
697 }
698 }
699 }
700 }
701 impl<T> Clone for AuthorizationServer<T> {
702 fn clone(&self) -> Self {
703 let inner = self.inner.clone();
704 Self {
705 inner,
706 accept_compression_encodings: self.accept_compression_encodings,
707 send_compression_encodings: self.send_compression_encodings,
708 max_decoding_message_size: self.max_decoding_message_size,
709 max_encoding_message_size: self.max_encoding_message_size,
710 }
711 }
712 }
713 /// Generated gRPC service name
714 pub const SERVICE_NAME: &str = "envoy.service.auth.v3.Authorization";
715 impl<T> tonic::server::NamedService for AuthorizationServer<T> {
716 const NAME: &'static str = SERVICE_NAME;
717 }
718}