All Downloads are FREE. Search and download functionalities are using the official Maven repository.

envoy.api.v2.core.grpc_service.proto Maven / Gradle / Ivy

There is a newer version: 1.0.46
Show newest version
syntax = "proto3";

package envoy.api.v2.core;

import "envoy/api/v2/core/base.proto";

import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";

import "udpa/annotations/migrate.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";

option java_package = "io.envoyproxy.envoy.api.v2.core";
option java_outer_classname = "GrpcServiceProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/api/v2/core";
option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: gRPC services]

// gRPC service configuration. This is used by :ref:`ApiConfigSource
// ` and filter configurations.
// [#next-free-field: 6]
message GrpcService {
  message EnvoyGrpc {
    // The name of the upstream gRPC cluster. SSL credentials will be supplied
    // in the :ref:`Cluster ` :ref:`transport_socket
    // `.
    string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
  }

  // [#next-free-field: 7]
  message GoogleGrpc {
    // See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html.
    message SslCredentials {
      // PEM encoded server root certificates.
      DataSource root_certs = 1;

      // PEM encoded client private key.
      DataSource private_key = 2 [(udpa.annotations.sensitive) = true];

      // PEM encoded client certificate chain.
      DataSource cert_chain = 3;
    }

    // Local channel credentials. Only UDS is supported for now.
    // See https://github.com/grpc/grpc/pull/15909.
    message GoogleLocalCredentials {
    }

    // See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call
    // credential types.
    message ChannelCredentials {
      oneof credential_specifier {
        option (validate.required) = true;

        SslCredentials ssl_credentials = 1;

        // https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61
        google.protobuf.Empty google_default = 2;

        GoogleLocalCredentials local_credentials = 3;
      }
    }

    // [#next-free-field: 8]
    message CallCredentials {
      message ServiceAccountJWTAccessCredentials {
        string json_key = 1;

        uint64 token_lifetime_seconds = 2;
      }

      message GoogleIAMCredentials {
        string authorization_token = 1;

        string authority_selector = 2;
      }

      message MetadataCredentialsFromPlugin {
        string name = 1;

        oneof config_type {
          google.protobuf.Struct config = 2 [deprecated = true];

          google.protobuf.Any typed_config = 3;
        }
      }

      // Security token service configuration that allows Google gRPC to
      // fetch security token from an OAuth 2.0 authorization server.
      // See https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 and
      // https://github.com/grpc/grpc/pull/19587.
      // [#next-free-field: 10]
      message StsService {
        // URI of the token exchange service that handles token exchange requests.
        // [#comment:TODO(asraa): Add URI validation when implemented. Tracked by
        // https://github.com/bufbuild/protoc-gen-validate/issues/303]
        string token_exchange_service_uri = 1;

        // Location of the target service or resource where the client
        // intends to use the requested security token.
        string resource = 2;

        // Logical name of the target service where the client intends to
        // use the requested security token.
        string audience = 3;

        // The desired scope of the requested security token in the
        // context of the service or resource where the token will be used.
        string scope = 4;

        // Type of the requested security token.
        string requested_token_type = 5;

        // The path of subject token, a security token that represents the
        // identity of the party on behalf of whom the request is being made.
        string subject_token_path = 6 [(validate.rules).string = {min_bytes: 1}];

        // Type of the subject token.
        string subject_token_type = 7 [(validate.rules).string = {min_bytes: 1}];

        // The path of actor token, a security token that represents the identity
        // of the acting party. The acting party is authorized to use the
        // requested security token and act on behalf of the subject.
        string actor_token_path = 8;

        // Type of the actor token.
        string actor_token_type = 9;
      }

      oneof credential_specifier {
        option (validate.required) = true;

        // Access token credentials.
        // https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d.
        string access_token = 1;

        // Google Compute Engine credentials.
        // https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61
        google.protobuf.Empty google_compute_engine = 2;

        // Google refresh token credentials.
        // https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c.
        string google_refresh_token = 3;

        // Service Account JWT Access credentials.
        // https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa.
        ServiceAccountJWTAccessCredentials service_account_jwt_access = 4;

        // Google IAM credentials.
        // https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0.
        GoogleIAMCredentials google_iam = 5;

        // Custom authenticator credentials.
        // https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07.
        // https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms.
        MetadataCredentialsFromPlugin from_plugin = 6;

        // Custom security token service which implements OAuth 2.0 token exchange.
        // https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16
        // See https://github.com/grpc/grpc/pull/19587.
        StsService sts_service = 7;
      }
    }

    // The target URI when using the `Google C++ gRPC client
    // `_. SSL credentials will be supplied in
    // :ref:`channel_credentials `.
    string target_uri = 1 [(validate.rules).string = {min_bytes: 1}];

    ChannelCredentials channel_credentials = 2;

    // A set of call credentials that can be composed with `channel credentials
    // `_.
    repeated CallCredentials call_credentials = 3;

    // The human readable prefix to use when emitting statistics for the gRPC
    // service.
    //
    // .. csv-table::
    //    :header: Name, Type, Description
    //    :widths: 1, 1, 2
    //
    //    streams_total, Counter, Total number of streams opened
    //    streams_closed_, Counter, Total streams closed with 
    string stat_prefix = 4 [(validate.rules).string = {min_bytes: 1}];

    // The name of the Google gRPC credentials factory to use. This must have been registered with
    // Envoy. If this is empty, a default credentials factory will be used that sets up channel
    // credentials based on other configuration parameters.
    string credentials_factory_name = 5;

    // Additional configuration for site-specific customizations of the Google
    // gRPC library.
    google.protobuf.Struct config = 6;
  }

  reserved 4;

  oneof target_specifier {
    option (validate.required) = true;

    // Envoy's in-built gRPC client.
    // See the :ref:`gRPC services overview `
    // documentation for discussion on gRPC client selection.
    EnvoyGrpc envoy_grpc = 1;

    // `Google C++ gRPC client `_
    // See the :ref:`gRPC services overview `
    // documentation for discussion on gRPC client selection.
    GoogleGrpc google_grpc = 2;
  }

  // The timeout for the gRPC request. This is the timeout for a specific
  // request.
  google.protobuf.Duration timeout = 3;

  // Additional metadata to include in streams initiated to the GrpcService.
  // This can be used for scenarios in which additional ad hoc authorization
  // headers (e.g. ``x-foo-bar: baz-key``) are to be injected.
  repeated HeaderValue initial_metadata = 5;
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy