package envoy.extensions.filters.http.gcp_authn.v3

Get desktop application:
View/edit binary Protocol Buffers messages

Audience is the URL of the receiving service that performs token authentication. It will be provided to the filter through cluster's typed_filter_metadata.

• string url = 1

Filter configuration. [#next-free-field: 7]

• optional config.core.v3.HttpUri http_uri = 1

  The HTTP URI to fetch tokens from GCE Metadata Server(https://cloud.google.com/compute/docs/metadata/overview). The URL format is "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience=[AUDIENCE]" This field is deprecated because it does not match the API surface provided by the google auth libraries. Control planes should not attempt to override the metadata server URI. The cluster and timeout can be configured using the ``cluster`` and ``timeout`` fields instead. For backward compatibility, the cluster and timeout configured in this field will be used if the new ``cluster`` and ``timeout`` fields are not set.

• optional config.core.v3.RetryPolicy retry_policy = 2

  Retry policy for fetching tokens. Not supported by all data planes.

• optional TokenCacheConfig cache_config = 3

  Token cache configuration. This field is optional.

• optional TokenHeader token_header = 4

  Request header location to extract the token. By default (i.e. if this field is not specified), the token is extracted to the Authorization HTTP header, in the format "Authorization: Bearer <token>". Not supported by all data planes.

• string cluster = 5

  Cluster to send traffic to the GCE metadata server. Not supported by all data planes; a data plane may instead have its own mechanism for contacting the metadata server.

• optional google.protobuf.Duration timeout = 6

  Timeout for fetching the tokens from the GCE metadata server. Not supported by all data planes.

Token Cache configuration.

Used in: GcpAuthnFilterConfig

• optional google.protobuf.UInt64Value cache_size = 1

  The number of cache entries. The maximum number of entries is INT64_MAX as it is constrained by underlying cache implementation. Default value 0 (i.e., proto3 defaults) disables the cache by default. Other default values will enable the cache.

Used in: GcpAuthnFilterConfig

• string name = 1

  The HTTP header's name.

• string value_prefix = 2

  The header's prefix. The format is "value_prefix<token>" For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the end.