grpc_service.proto

Package: solo.io.envoy.config.core.v3

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/external/envoy/config/core/v3/grpc_service.proto

GrpcService

gRPC service configuration. This is used by :ref:ApiConfigSource <envoy_api_msg_config.core.v3.ApiConfigSource> and filter configurations. [#next-free-field: 6]

"envoyGrpc": .solo.io.envoy.config.core.v3.GrpcService.EnvoyGrpc
"googleGrpc": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc
"timeout": .google.protobuf.Duration
"initialMetadata": []solo.io.envoy.config.core.v3.HeaderValue

Field Type Description
envoyGrpc .solo.io.envoy.config.core.v3.GrpcService.EnvoyGrpc Envoy’s in-built gRPC client. See the :ref:gRPC services overview <arch_overview_grpc_services> documentation for discussion on gRPC client selection. Only one of envoyGrpc or googleGrpc can be set.
googleGrpc .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc Google C++ gRPC client <https://github.com/grpc/grpc>_ See the :ref:gRPC services overview <arch_overview_grpc_services> documentation for discussion on gRPC client selection. Only one of googleGrpc or envoyGrpc can be set.
timeout .google.protobuf.Duration The timeout for the gRPC request. This is the timeout for a specific request.
initialMetadata []solo.io.envoy.config.core.v3.HeaderValue Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. x-foo-bar: baz-key) are to be injected.

EnvoyGrpc

"clusterName": string
"authority": string
"retryPolicy": .solo.io.envoy.config.core.v3.RetryPolicy

Field Type Description
clusterName string The name of the upstream gRPC cluster. SSL credentials will be supplied in the :ref:Cluster <envoy_api_msg_config.cluster.v3.Cluster> :ref:transport_socket <envoy_api_field_config.cluster.v3.Cluster.transport_socket>.
authority string The :authority header in the grpc request. If this field is not set, the authority header value will be cluster_name. Note that this authority does not override the SNI. The SNI is provided by the transport socket of the cluster.
retryPolicy .solo.io.envoy.config.core.v3.RetryPolicy Indicates the retry policy for re-establishing the gRPC stream This field is optional. If max interval is not provided, it will be set to ten times the provided base interval. Currently only supported for xDS gRPC streams. If not set, xDS gRPC streams default base interval:500ms, maximum interval:30s will be applied.

GoogleGrpc

[#next-free-field: 9]

"targetUri": string
"channelCredentials": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials
"callCredentials": []solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials
"statPrefix": string
"credentialsFactoryName": string
"config": .google.protobuf.Struct
"perStreamBufferLimitBytes": .google.protobuf.UInt32Value
"channelArgs": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs

Field Type Description
targetUri string The target URI when using the Google C++ gRPC client <https://github.com/grpc/grpc>_. SSL credentials will be supplied in :ref:channel_credentials <envoy_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials>.
channelCredentials .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials
callCredentials []solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials A set of call credentials that can be composed with channel credentials <https://grpc.io/docs/guides/auth.html#credential-types>_.
statPrefix string The human readable prefix to use when emitting statistics for the gRPC service. .. csv-table:: :header: Name, Type, Description :widths: 1, 1, 2 streams_total, Counter, Total number of streams opened streams_closed_, Counter, Total streams closed with .
credentialsFactoryName string The name of the Google gRPC credentials factory to use. This must have been registered with Envoy. If this is empty, a default credentials factory will be used that sets up channel credentials based on other configuration parameters.
config .google.protobuf.Struct Additional configuration for site-specific customizations of the Google gRPC library.
perStreamBufferLimitBytes .google.protobuf.UInt32Value How many bytes each stream can buffer internally. If not set an implementation defined default is applied (1MiB).
channelArgs .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs Custom channels args.

SslCredentials

See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html.

"rootCerts": .solo.io.envoy.config.core.v3.DataSource
"privateKey": .solo.io.envoy.config.core.v3.DataSource
"certChain": .solo.io.envoy.config.core.v3.DataSource

Field Type Description
rootCerts .solo.io.envoy.config.core.v3.DataSource PEM encoded server root certificates.
privateKey .solo.io.envoy.config.core.v3.DataSource PEM encoded client private key.
certChain .solo.io.envoy.config.core.v3.DataSource PEM encoded client certificate chain.

GoogleLocalCredentials

Local channel credentials. Only UDS is supported for now. See https://github.com/grpc/grpc/pull/15909.


Field Type Description

ChannelCredentials

See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call credential types.

"sslCredentials": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.SslCredentials
"googleDefault": .google.protobuf.Empty
"localCredentials": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials

Field Type Description
sslCredentials .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.SslCredentials Only one of sslCredentials, googleDefault, or localCredentials can be set.
googleDefault .google.protobuf.Empty https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61. Only one of googleDefault, sslCredentials, or localCredentials can be set.
localCredentials .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials Only one of localCredentials, sslCredentials, or googleDefault can be set.

CallCredentials

[#next-free-field: 8]

"accessToken": string
"googleComputeEngine": .google.protobuf.Empty
"googleRefreshToken": string
"serviceAccountJwtAccess": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials
"googleIam": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials
"fromPlugin": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin
"stsService": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService

Field Type Description
accessToken string Access token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d. Only one of accessToken, googleComputeEngine, googleRefreshToken, serviceAccountJwtAccess, googleIam, fromPlugin, or stsService can be set.
googleComputeEngine .google.protobuf.Empty Google Compute Engine credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61. Only one of googleComputeEngine, accessToken, googleRefreshToken, serviceAccountJwtAccess, googleIam, fromPlugin, or stsService can be set.
googleRefreshToken string Google refresh token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c. Only one of googleRefreshToken, accessToken, googleComputeEngine, serviceAccountJwtAccess, googleIam, fromPlugin, or stsService can be set.
serviceAccountJwtAccess .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials Service Account JWT Access credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa. Only one of serviceAccountJwtAccess, accessToken, googleComputeEngine, googleRefreshToken, googleIam, fromPlugin, or stsService can be set.
googleIam .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials Google IAM credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0. Only one of googleIam, accessToken, googleComputeEngine, googleRefreshToken, serviceAccountJwtAccess, fromPlugin, or stsService can be set.
fromPlugin .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin Custom authenticator credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07. https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms. Only one of fromPlugin, accessToken, googleComputeEngine, googleRefreshToken, serviceAccountJwtAccess, googleIam, or stsService can be set.
stsService .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService Custom security token service which implements OAuth 2.0 token exchange. https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-exchange-16 See https://github.com/grpc/grpc/pull/19587. Only one of stsService, accessToken, googleComputeEngine, googleRefreshToken, serviceAccountJwtAccess, googleIam, or fromPlugin can be set.

ServiceAccountJWTAccessCredentials

"jsonKey": string
"tokenLifetimeSeconds": int

Field Type Description
jsonKey string
tokenLifetimeSeconds int

GoogleIAMCredentials

"authorizationToken": string
"authoritySelector": string

Field Type Description
authorizationToken string
authoritySelector string

MetadataCredentialsFromPlugin

"name": string
"typedConfig": .google.protobuf.Any

Field Type Description
name string
typedConfig .google.protobuf.Any

StsService

Security token service configuration that allows Google gRPC to fetch security token from an OAuth 2.0 authorization server. See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-exchange-16 and https://github.com/grpc/grpc/pull/19587. [#next-free-field: 10]

"tokenExchangeServiceUri": string
"resource": string
"audience": string
"scope": string
"requestedTokenType": string
"subjectTokenPath": string
"subjectTokenType": string
"actorTokenPath": string
"actorTokenType": string

Field Type Description
tokenExchangeServiceUri string URI of the token exchange service that handles token exchange requests. [#comment:TODO(asraa): Add URI validation when implemented. Tracked by https://github.com/envoyproxy/protoc-gen-validate/issues/303].
resource string Location of the target service or resource where the client intends to use the requested security token.
audience string Logical name of the target service where the client intends to use the requested security token.
scope string The desired scope of the requested security token in the context of the service or resource where the token will be used.
requestedTokenType string Type of the requested security token.
subjectTokenPath string The path of subject token, a security token that represents the identity of the party on behalf of whom the request is being made.
subjectTokenType string Type of the subject token.
actorTokenPath string The path of actor token, a security token that represents the identity of the acting party. The acting party is authorized to use the requested security token and act on behalf of the subject.
actorTokenType string Type of the actor token.

ChannelArgs

Channel arguments.

"args": map<string, .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value>

Field Type Description
args map<string, .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value> See grpc_types.h GRPC_ARG #defines for keys that work here.

Value

"stringValue": string
"intValue": int

Field Type Description
stringValue string Only one of stringValue or intValue can be set.
intValue int Only one of intValue or stringValue can be set.