Google C++ gRPC client <https://github.com/grpc/grpc>_ See the :ref:gRPC services overview <arch_overview_grpc_services> documentation for discussion on gRPC client selection.
Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. x-foo-bar: baz-key) are to be injected. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.
GrpcService.EnvoyGrpc
Field
Type
Label
Description
clusterName
string
The name of the upstream gRPC cluster. SSL credentials will be supplied in the :ref:Cluster <envoy_api_msg_config.cluster.v3.Cluster> :ref:transport_socket <envoy_api_field_config.cluster.v3.Cluster.transport_socket>.
authority
string
The :authority header in the grpc request. If this field is not set, the authority header value will be cluster_name. Note that this authority does not override the SNI. The SNI is provided by the transport socket of the cluster.
GrpcService.GoogleGrpc
Field
Type
Label
Description
targetUri
string
The target URI when using the Google C++ gRPC client <https://github.com/grpc/grpc>_. SSL credentials will be supplied in :ref:channel_credentials <envoy_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials>.
A set of call credentials that can be composed with channel credentials <https://grpc.io/docs/guides/auth.html#credential-types>_.
statPrefix
string
The human readable prefix to use when emitting statistics for the gRPC service. .. csv-table:: :header: Name, Type, Description :widths: 1, 1, 2 streams_total, Counter, Total number of streams opened streams_closed_, Counter, Total streams closed with
credentialsFactoryName
string
The name of the Google gRPC credentials factory to use. This must have been registered with Envoy. If this is empty, a default credentials factory will be used that sets up channel credentials based on other configuration parameters.
URI of the token exchange service that handles token exchange requests. [#comment:TODO(asraa): Add URI validation when implemented. Tracked by https://github.com/envoyproxy/protoc-gen-validate/issues/303]
resource
string
Location of the target service or resource where the client intends to use the requested security token.
audience
string
Logical name of the target service where the client intends to use the requested security token.
scope
string
The desired scope of the requested security token in the context of the service or resource where the token will be used.
requestedTokenType
string
Type of the requested security token.
subjectTokenPath
string
The path of subject token, a security token that represents the identity of the party on behalf of whom the request is being made.
subjectTokenType
string
Type of the subject token.
actorTokenPath
string
The path of actor token, a security token that represents the identity of the acting party. The acting party is authorized to use the requested security token and act on behalf of the subject.