122 lines
4.4 KiB
YAML
122 lines
4.4 KiB
YAML
$schema: "http://json-schema.org/draft-06/schema#"
|
|
|
|
title: networkservices v1beta1 AuthzExtension export schema
|
|
description: A gcloud export/import command YAML validation schema.
|
|
type: object
|
|
required:
|
|
- authority
|
|
- loadBalancingScheme
|
|
- name
|
|
- service
|
|
- timeout
|
|
additionalProperties: false
|
|
properties:
|
|
COMMENT:
|
|
type: object
|
|
description: User specified info ignored by gcloud import.
|
|
additionalProperties: false
|
|
properties:
|
|
template-id:
|
|
type: string
|
|
region:
|
|
type: string
|
|
description:
|
|
type: string
|
|
date:
|
|
type: string
|
|
version:
|
|
type: string
|
|
UNKNOWN:
|
|
type: array
|
|
description: Unknown API fields that cannot be imported.
|
|
items:
|
|
type: string
|
|
authority:
|
|
description: |-
|
|
The `:authority` header in the gRPC request sent from Envoy to the
|
|
extension service.
|
|
type: string
|
|
description:
|
|
description: A human-readable description of the resource.
|
|
type: string
|
|
failOpen:
|
|
description: |-
|
|
Determines how the proxy behaves if the call to the extension fails or
|
|
times out. When set to `TRUE`, request or response processing continues
|
|
without error. Any subsequent extensions in the extension chain are also
|
|
executed. When set to `FALSE` or the default setting of `FALSE` is used,
|
|
one of the following happens: * If response headers have not been
|
|
delivered to the downstream client, a generic 500 error is returned to the
|
|
client. The error response can be tailored by configuring a custom error
|
|
response in the load balancer. * If response headers have been delivered,
|
|
then the HTTP stream to the downstream client is reset.
|
|
type: boolean
|
|
forwardHeaders:
|
|
description: |-
|
|
List of the HTTP headers to forward to the extension (from the client). If
|
|
omitted, all headers are sent. Each element is a string indicating the
|
|
header name.
|
|
type: array
|
|
items:
|
|
type: string
|
|
labels:
|
|
description: |-
|
|
Set of labels associated with the `AuthzExtension` resource. The
|
|
format must comply with [the requirements for
|
|
labels](/compute/docs/labeling-resources#requirements) for Google
|
|
Cloud resources.
|
|
$ref: LabelsValue.yaml
|
|
loadBalancingScheme:
|
|
description: |-
|
|
All backend services and forwarding rules referenced by this extension
|
|
must share the same load balancing scheme. Supported values:
|
|
`INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. For more information, refer to
|
|
[Backend services overview](https://cloud.google.com/load-
|
|
balancing/docs/backend-service).
|
|
type: string
|
|
enum:
|
|
- EXTERNAL_MANAGED
|
|
- INTERNAL_MANAGED
|
|
- LOAD_BALANCING_SCHEME_UNSPECIFIED
|
|
metadata:
|
|
description: |-
|
|
The metadata provided here is included as part of the
|
|
`metadata_context` (of type `google.protobuf.Struct`) in the
|
|
`ProcessingRequest` message sent to the extension server. The metadata
|
|
is available under the namespace `com.google.authz_extension.`. The
|
|
following variables are supported in the metadata Struct:
|
|
`{forwarding_rule_id}` - substituted with the forwarding rule's fully
|
|
qualified resource name.
|
|
type: object
|
|
name:
|
|
description: |-
|
|
Identifier. Name of the `AuthzExtension` resource in the following
|
|
format: `projects/{project}/locations/{location}/authzExtensio
|
|
ns/{authz_extension}`.
|
|
type: string
|
|
service:
|
|
description: |-
|
|
The reference to the service that runs the extension. To configure a
|
|
callout extension, `service` must be a fully-qualified reference to a
|
|
[backend service](https://cloud.google.com/compute/docs/r
|
|
eference/rest/v1/backendServices) in the format:
|
|
`https://www.googleapis .com/compute/v1/projects/{project}/regions/{re
|
|
gion}/backendServices/{bac kendService}` or
|
|
`https://www.googleapis.com/compute/v1/projects/{projec
|
|
t}/global/backendServices/{backendService}`.
|
|
type: string
|
|
timeout:
|
|
description: |-
|
|
Specifies the timeout for each individual message on the stream. The
|
|
timeout must be between 10-10000 milliseconds.
|
|
type: string
|
|
wireFormat:
|
|
description: |-
|
|
The format of communication supported by the callout extension. If not
|
|
specified, the default value `EXT_PROC_GRPC` is used.
|
|
type: string
|
|
enum:
|
|
- EXT_AUTHZ_GRPC
|
|
- EXT_PROC_GRPC
|
|
- WIRE_FORMAT_UNSPECIFIED
|