Class: Google::Cloud::NetworkServices::V1::AuthzExtension

Inherits:

Object

• Object
• Google::Cloud::NetworkServices::V1::AuthzExtension

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/networkservices/v1/dep.rb

Overview

AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision.

Defined Under Namespace

Classes: LabelsEntry

Instance Attribute Summary

• #authority ⇒ ::String

  Optional.

• #create_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

• #description ⇒ ::String

  Optional.

• #fail_open ⇒ ::Boolean

  Optional.

• #forward_attributes ⇒ ::Array<::String>

  Optional.

• #forward_headers ⇒ ::Array<::String>

  Optional.

• #labels ⇒ ::Google::Protobuf::Map{::String => ::String}

  Optional.

• #load_balancing_scheme ⇒ ::Google::Cloud::NetworkServices::V1::LoadBalancingScheme

  Optional.

• #metadata ⇒ ::Google::Protobuf::Struct

  Optional.

• #name ⇒ ::String

  Required.

• #service ⇒ ::String

  Required.

• #timeout ⇒ ::Google::Protobuf::Duration

  Required.

• #update_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

• #wire_format ⇒ ::Google::Cloud::NetworkServices::V1::WireFormat

  Optional.

Instance Attribute Details

#authority ⇒ ::String

Returns Optional. The :authority header in the gRPC request sent from Envoy to the extension service. It is required when the service field points to a backend service or a wasm plugin.

Returns:

• (::String) —

  Optional. The :authority header in the gRPC request sent from Envoy to the extension service. It is required when the service field points to a backend service or a wasm plugin.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#create_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp when the resource was created.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. The timestamp when the resource was created.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#description ⇒ ::String

Returns Optional. A human-readable description of the resource.

Returns:

• (::String) —

  Optional. A human-readable description of the resource.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#fail_open ⇒ ::Boolean

Returns Optional. Determines how the proxy behaves if the call to the extension fails or times out.

When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:

• If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.

• If response headers have been delivered, then the HTTP stream to the downstream client is reset.

Returns:

• (::Boolean) —

  Optional. Determines how the proxy behaves if the call to the extension fails or times out.

  When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:

  • If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.

  • If response headers have been delivered, then the HTTP stream to the downstream client is reset.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#forward_attributes ⇒ ::Array<::String>

Returns Optional. List of the Envoy attributes to forward to the extension server. The attributes provided here are included as part of the ProcessingRequest.attributes field (of type map<string, google.protobuf.Struct>), where the keys are the attribute names. Refer to the documentation for the names of attributes that can be forwarded. If omitted, no attributes are sent. Each element is a string indicating the attribute name.

Returns:

• (::Array<::String>) —

  Optional. List of the Envoy attributes to forward to the extension server. The attributes provided here are included as part of the ProcessingRequest.attributes field (of type map<string, google.protobuf.Struct>), where the keys are the attribute names. Refer to the documentation for the names of attributes that can be forwarded. If omitted, no attributes are sent. Each element is a string indicating the attribute name.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#forward_headers ⇒ ::Array<::String>

Returns Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.

Returns:

• (::Array<::String>) —

  Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#labels ⇒ ::Google::Protobuf::Map{::String => ::String}

Returns Optional. Set of labels associated with the AuthzExtension resource.

The format must comply with the requirements for labels for Google Cloud resources.

Returns:

• (::Google::Protobuf::Map{::String => ::String}) —

  Optional. Set of labels associated with the AuthzExtension resource.

  The format must comply with the requirements for labels for Google Cloud resources.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#load_balancing_scheme ⇒ ::Google::Cloud::NetworkServices::V1::LoadBalancingScheme

Returns Optional. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: INTERNAL_MANAGED, EXTERNAL_MANAGED. Can be omitted for AuthzExtensions that do not reference a backend service. For more information, refer to Backend services overview.

Returns:

• (::Google::Cloud::NetworkServices::V1::LoadBalancingScheme) —

  Optional. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: INTERNAL_MANAGED, EXTERNAL_MANAGED. Can be omitted for AuthzExtensions that do not reference a backend service. For more information, refer to Backend services overview.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#metadata ⇒ ::Google::Protobuf::Struct

Returns Optional. The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resource_name>. The following variables are supported in the metadata Struct:

{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.

Returns:

• (::Google::Protobuf::Struct) —

  Optional. The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resource_name>. The following variables are supported in the metadata Struct:

  {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#name ⇒ ::String

Returns Required. Identifier. Name of the AuthzExtension resource in the following format: projects/{project}/locations/{location}/authzExtensions/{authz_extension}.

Returns:

• (::String) —

  Required. Identifier. Name of the AuthzExtension resource in the following format: projects/{project}/locations/{location}/authzExtensions/{authz_extension}.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#service ⇒ ::String

Returns Required. The reference to the service that runs the extension.

To configure a callout extension, service must be a fully-qualified reference to a backend service in the format: https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.

Returns:

• (::String) —

  Required. The reference to the service that runs the extension.

  To configure a callout extension, service must be a fully-qualified reference to a backend service in the format: https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#timeout ⇒ ::Google::Protobuf::Duration

Returns Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.

Returns:

• (::Google::Protobuf::Duration) —

  Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#update_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp when the resource was updated.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. The timestamp when the resource was updated.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#wire_format ⇒ ::Google::Cloud::NetworkServices::V1::WireFormat

Returns Optional. The format of communication supported by the callout extension. This field is supported only for regional AuthzExtension resources. If not specified, the default value EXT_PROC_GRPC is used. Global AuthzExtension resources use the EXT_PROC_GRPC wire format.

Returns:

• (::Google::Cloud::NetworkServices::V1::WireFormat) —

  Optional. The format of communication supported by the callout extension. This field is supported only for regional AuthzExtension resources. If not specified, the default value EXT_PROC_GRPC is used. Global AuthzExtension resources use the EXT_PROC_GRPC wire format.

# File 'proto_docs/google/cloud/networkservices/v1/dep.rb', line 969

class AuthzExtension
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end