AuthzExtension(mapping=None, *, ignore_unknown_fields=False, **kwargs)AuthzExtension is a resource that allows traffic forwarding to a
callout backend service to make an authorization decision.
Attributes |
|
|---|---|
| Name | Description |
name |
str
Required. Identifier. Name of the AuthzExtension
resource in the following format:
projects/{project}/locations/{location}/authzExtensions/{authz_extension}.
|
create_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp when the resource was created. |
update_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp when the resource was updated. |
description |
str
Optional. A human-readable description of the resource. |
labels |
MutableMapping[str, str]
Optional. Set of labels associated with the AuthzExtension resource.
The format must comply with `the requirements for
labels `__
for Google Cloud resources.
|
load_balancing_scheme |
google.cloud.network_services_v1.types.LoadBalancingScheme
Optional. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: INTERNAL_MANAGED,
EXTERNAL_MANAGED. Can be omitted for AuthzExtensions
that do not reference a backend service. For more
information, refer to `Backend services
overview |
authority |
str
Optional. The :authority header in the gRPC request sent
from Envoy to the extension service. It is required when the
service field points to a backend service or a wasm
plugin.
|
service |
str
Required. The reference to the service that runs the extension. To configure a callout extension, service must be a
fully-qualified reference to a `backend
service |
timeout |
google.protobuf.duration_pb2.Duration
Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. |
fail_open |
bool
Optional. Determines how the proxy behaves if the call to the extension fails or times out. When set to TRUE, request or response processing
continues without error. Any subsequent extensions in the
extension chain are also executed. When set to FALSE or
the default setting of FALSE is used, one of the
following happens:
- If response headers have not been delivered to the
downstream client, a generic 500 error is returned to the
client. The error response can be tailored by configuring
a custom error response in the load balancer.
- If response headers have been delivered, then the HTTP
stream to the downstream client is reset.
|
metadata |
google.protobuf.struct_pb2.Struct
Optional. The metadata provided here is included as part of the metadata_context (of type
google.protobuf.Struct) in the ProcessingRequest
message sent to the extension server. The metadata is
available under the namespace
com.google.authz_extension.. The
following variables are supported in the metadata Struct:
{forwarding_rule_id} - substituted with the forwarding
rule's fully qualified resource name.
|
forward_headers |
MutableSequence[str]
Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. |
forward_attributes |
MutableSequence[str]
Optional. List of the Envoy attributes to forward to the extension server. The attributes provided here are included as part of the ProcessingRequest.attributes field (of
type map), where the
keys are the attribute names. Refer to the
documentation __
for the names of attributes that can be forwarded. If
omitted, no attributes are sent. Each element is a string
indicating the attribute name.
|
wire_format |
google.cloud.network_services_v1.types.WireFormat
Optional. The format of communication supported by the callout extension. This field is supported only for regional AuthzExtension resources. If not specified, the default
value EXT_PROC_GRPC is used. Global AuthzExtension
resources use the EXT_PROC_GRPC wire format.
|
Classes
LabelsEntry
LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)The abstract base class for a message.
| Parameters | |
|---|---|
| Name | Description |
kwargs |
dict
Keys and values corresponding to the fields of the message. |
mapping |
Union[dict,
A dictionary or message to be used to determine the values for this message. |
ignore_unknown_fields |
Optional(bool)
If True, do not raise errors for unknown fields. Only applied if |