public sealed class AuthzExtension : IMessage<AuthzExtension>, IEquatable<AuthzExtension>, IDeepCloneable<AuthzExtension>, IBufferMessage, IMessageReference documentation and code samples for the Network Services v1 API class AuthzExtension.
AuthzExtension is a resource that allows traffic forwarding
to a callout backend service to make an authorization decision.
Implements
IMessageAuthzExtension, IEquatableAuthzExtension, IDeepCloneableAuthzExtension, IBufferMessage, IMessageNamespace
Google.Cloud.NetworkServices.V1Assembly
Google.Cloud.NetworkServices.V1.dll
Constructors
AuthzExtension()
public AuthzExtension()AuthzExtension(AuthzExtension)
public AuthzExtension(AuthzExtension other)| Parameter | |
|---|---|
| Name | Description |
other |
AuthzExtension |
Properties
Authority
public string Authority { get; set; }Required. The :authority header in the gRPC request sent from Envoy
to the extension service.
| Property Value | |
|---|---|
| Type | Description |
string |
|
AuthzExtensionName
public AuthzExtensionName AuthzExtensionName { get; set; }AuthzExtensionName-typed view over the Name resource name property.
| Property Value | |
|---|---|
| Type | Description |
AuthzExtensionName |
|
CreateTime
public Timestamp CreateTime { get; set; }Output only. The timestamp when the resource was created.
| Property Value | |
|---|---|
| Type | Description |
Timestamp |
|
Description
public string Description { get; set; }Optional. A human-readable description of the resource.
| Property Value | |
|---|---|
| Type | Description |
string |
|
FailOpen
public bool FailOpen { get; set; }Optional. Determines how the proxy behaves if the call to the extension fails or times out.
When set to TRUE, request or response processing continues without
error. Any subsequent extensions in the extension chain are also
executed. When set to FALSE or the default setting of FALSE is used,
one of the following happens:
If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.
If response headers have been delivered, then the HTTP stream to the downstream client is reset.
| Property Value | |
|---|---|
| Type | Description |
bool |
|
ForwardHeaders
public RepeatedField<string> ForwardHeaders { get; }Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.
| Property Value | |
|---|---|
| Type | Description |
RepeatedFieldstring |
|
Labels
public MapField<string, string> Labels { get; }Optional. Set of labels associated with the AuthzExtension
resource.
The format must comply with the requirements for labels for Google Cloud resources.
| Property Value | |
|---|---|
| Type | Description |
MapFieldstringstring |
|
LoadBalancingScheme
public LoadBalancingScheme LoadBalancingScheme { get; set; }Required. All backend services and forwarding rules referenced by this
extension must share the same load balancing scheme. Supported values:
INTERNAL_MANAGED, EXTERNAL_MANAGED. For more information, refer to
Backend services
overview.
| Property Value | |
|---|---|
| Type | Description |
LoadBalancingScheme |
|
Metadata
public Struct Metadata { get; set; }Optional. The metadata provided here is included as part of the
metadata_context (of type google.protobuf.Struct) in the
ProcessingRequest message sent to the extension
server. The metadata is available under the namespace
com.google.authz_extension.<resource_name>.
The following variables are supported in the metadata Struct:
{forwarding_rule_id} - substituted with the forwarding rule's fully
qualified resource name.
| Property Value | |
|---|---|
| Type | Description |
Struct |
|
Name
public string Name { get; set; }Required. Identifier. Name of the AuthzExtension resource in the
following format:
projects/{project}/locations/{location}/authzExtensions/{authz_extension}.
| Property Value | |
|---|---|
| Type | Description |
string |
|
Service
public string Service { get; set; }Required. The reference to the service that runs the extension.
To configure a callout extension, service must be a fully-qualified
reference
to a backend
service
in the format:
https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService}
or
https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.
| Property Value | |
|---|---|
| Type | Description |
string |
|
Timeout
public Duration Timeout { get; set; }Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.
| Property Value | |
|---|---|
| Type | Description |
Duration |
|
UpdateTime
public Timestamp UpdateTime { get; set; }Output only. The timestamp when the resource was updated.
| Property Value | |
|---|---|
| Type | Description |
Timestamp |
|
WireFormat
public WireFormat WireFormat { get; set; }Optional. The format of communication supported by the callout extension.
If not specified, the default value EXT_PROC_GRPC is used.
| Property Value | |
|---|---|
| Type | Description |
WireFormat |
|