Class AuthzExtension (0.23.0)

AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision.

Protobuf type google.cloud.networkservices.v1.AuthzExtension

Optional. Set of labels associated with the AuthzExtension resource.

The format must comply with the requirements for labels for Google Cloud resources.

map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];

Required. The :authority header in the gRPC request sent from Envoy to the extension service.

string authority = 7 [(.google.api.field_behavior) = REQUIRED];

Required. The :authority header in the gRPC request sent from Envoy to the extension service.

string authority = 7 [(.google.api.field_behavior) = REQUIRED];

Output only. The timestamp when the resource was created.

.google.protobuf.Timestamp create_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The timestamp when the resource was created.

.google.protobuf.Timestamp create_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Optional. A human-readable description of the resource.

string description = 4 [(.google.api.field_behavior) = OPTIONAL];

Optional. A human-readable description of the resource.

string description = 4 [(.google.api.field_behavior) = OPTIONAL];

Optional. Determines how the proxy behaves if the call to the extension fails or times out.

When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:

• If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.

• If response headers have been delivered, then the HTTP stream to the downstream client is reset.

bool fail_open = 10 [(.google.api.field_behavior) = OPTIONAL];

Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.

repeated string forward_headers = 12 [(.google.api.field_behavior) = OPTIONAL];

Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.

repeated string forward_headers = 12 [(.google.api.field_behavior) = OPTIONAL];

Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.

repeated string forward_headers = 12 [(.google.api.field_behavior) = OPTIONAL];

Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.

repeated string forward_headers = 12 [(.google.api.field_behavior) = OPTIONAL];

Use #getLabelsMap() instead.

Optional. Set of labels associated with the AuthzExtension resource.

The format must comply with the requirements for labels for Google Cloud resources.

map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];

Optional. Set of labels associated with the AuthzExtension resource.

The format must comply with the requirements for labels for Google Cloud resources.

map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];

Optional. Set of labels associated with the AuthzExtension resource.

The format must comply with the requirements for labels for Google Cloud resources.

map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];

Optional. Set of labels associated with the AuthzExtension resource.

The format must comply with the requirements for labels for Google Cloud resources.

map<string, string> labels = 5 [(.google.api.field_behavior) = OPTIONAL];

Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: INTERNAL_MANAGED, EXTERNAL_MANAGED. For more information, refer to Backend services overview.

.google.cloud.networkservices.v1.LoadBalancingScheme load_balancing_scheme = 6 [(.google.api.field_behavior) = REQUIRED];

Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: INTERNAL_MANAGED, EXTERNAL_MANAGED. For more information, refer to Backend services overview.

.google.cloud.networkservices.v1.LoadBalancingScheme load_balancing_scheme = 6 [(.google.api.field_behavior) = REQUIRED];

Optional. The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resource_name>. The following variables are supported in the metadata Struct:

{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.

.google.protobuf.Struct metadata = 11 [(.google.api.field_behavior) = OPTIONAL];

Optional. The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resource_name>. The following variables are supported in the metadata Struct:

{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.

.google.protobuf.Struct metadata = 11 [(.google.api.field_behavior) = OPTIONAL];

Required. Identifier. Name of the AuthzExtension resource in the following format: projects/{project}/locations/{location}/authzExtensions/{authz_extension}.

string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IDENTIFIER];

Required. Identifier. Name of the AuthzExtension resource in the following format: projects/{project}/locations/{location}/authzExtensions/{authz_extension}.

string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IDENTIFIER];

Required. The reference to the service that runs the extension.

To configure a callout extension, service must be a fully-qualified reference to a backend service in the format: https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.

string service = 8 [(.google.api.field_behavior) = REQUIRED];

Required. The reference to the service that runs the extension.

To configure a callout extension, service must be a fully-qualified reference to a backend service in the format: https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.

string service = 8 [(.google.api.field_behavior) = REQUIRED];

Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.

.google.protobuf.Duration timeout = 9 [(.google.api.field_behavior) = REQUIRED];

Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.

.google.protobuf.Duration timeout = 9 [(.google.api.field_behavior) = REQUIRED];

Output only. The timestamp when the resource was updated.

.google.protobuf.Timestamp update_time = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The timestamp when the resource was updated.

.google.protobuf.Timestamp update_time = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];

Optional. The format of communication supported by the callout extension. If not specified, the default value EXT_PROC_GRPC is used.

.google.cloud.networkservices.v1.WireFormat wire_format = 14 [(.google.api.field_behavior) = OPTIONAL];

Optional. The format of communication supported by the callout extension. If not specified, the default value EXT_PROC_GRPC is used.

.google.cloud.networkservices.v1.WireFormat wire_format = 14 [(.google.api.field_behavior) = OPTIONAL];

Output only. The timestamp when the resource was created.

.google.protobuf.Timestamp create_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Optional. The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resource_name>. The following variables are supported in the metadata Struct:

{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.

.google.protobuf.Struct metadata = 11 [(.google.api.field_behavior) = OPTIONAL];

Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.

.google.protobuf.Duration timeout = 9 [(.google.api.field_behavior) = REQUIRED];

Output only. The timestamp when the resource was updated.

.google.protobuf.Timestamp update_time = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];