gRPC services

core.GrpcService

[core.GrpcService proto]

gRPC service configuration. This is used by ApiConfigSource and filter configurations.

  1. {
  2. "envoy_grpc": "{...}",
  3. "google_grpc": "{...}",
  4. "timeout": "{...}",
  5. "initial_metadata": []
  6. }

envoy_grpc

(core.GrpcService.EnvoyGrpc) Envoy’s in-built gRPC client. See the gRPC services overview documentation for discussion on gRPC client selection.

Precisely one of envoy_grpc, google_grpc must be set.

google_grpc

(core.GrpcService.GoogleGrpc) Google C++ gRPC client See the gRPC services overview documentation for discussion on gRPC client selection.

Precisely one of envoy_grpc, google_grpc must be set.

timeout

(Duration) The timeout for the gRPC request. This is the timeout for a specific request.

initial_metadata

(core.HeaderValue) Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. x-foo-bar: baz-key) are to be injected.

core.GrpcService.EnvoyGrpc

[core.GrpcService.EnvoyGrpc proto]

  1. {
  2. "cluster_name": "..."
  3. }

cluster_name

(string, REQUIRED) The name of the upstream gRPC cluster. SSL credentials will be supplied in the Cluster tls_context.

core.GrpcService.GoogleGrpc

[core.GrpcService.GoogleGrpc proto]

Warning

This message type has draft status.

  1. {
  2. "target_uri": "...",
  3. "channel_credentials": "{...}",
  4. "call_credentials": [],
  5. "stat_prefix": "...",
  6. "credentials_factory_name": "...",
  7. "config": "{...}"
  8. }

target_uri

(string, REQUIRED) The target URI when using the Google C++ gRPC client. SSL credentials will be supplied in channel_credentials.

channel_credentials

(core.GrpcService.GoogleGrpc.ChannelCredentials)

call_credentials

(core.GrpcService.GoogleGrpc.CallCredentials) A set of call credentials that can be composed with channel credentials.

stat_prefix

(string, REQUIRED) The human readable prefix to use when emitting statistics for the gRPC service.

NameTypeDescription
streamstotalCounterTotal number of streams opened
streams_closed<gRPC status code>CounterTotal streams closed with <gRPC status code>

credentials_factory_name

(string) The name of the Google gRPC credentials factory to use. This must have been registered with Envoy. If this is empty, a default credentials factory will be used that sets up channel credentials based on other configuration parameters.

config

(Struct) Additional configuration for site-specific customizations of the Google gRPC library.

core.GrpcService.GoogleGrpc.SslCredentials

[core.GrpcService.GoogleGrpc.SslCredentials proto]

See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html.

  1. {
  2. "root_certs": "{...}",
  3. "private_key": "{...}",
  4. "cert_chain": "{...}"
  5. }

root_certs

(core.DataSource) PEM encoded server root certificates.

private_key

(core.DataSource) PEM encoded client private key.

cert_chain

(core.DataSource) PEM encoded client certificate chain.

core.GrpcService.GoogleGrpc.GoogleLocalCredentials

[core.GrpcService.GoogleGrpc.GoogleLocalCredentials proto]

Local channel credentials. Only UDS is supported for now. See https://github.com/grpc/grpc/pull/15909.

  1. {}

core.GrpcService.GoogleGrpc.ChannelCredentials

[core.GrpcService.GoogleGrpc.ChannelCredentials proto]

See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call credential types.

  1. {
  2. "ssl_credentials": "{...}",
  3. "google_default": "{...}",
  4. "local_credentials": "{...}"
  5. }

ssl_credentials

(core.GrpcService.GoogleGrpc.SslCredentials)

Precisely one of ssl_credentials, google_default, local_credentials must be set.

google_default

(Empty) https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61

Precisely one of ssl_credentials, google_default, local_credentials must be set.

local_credentials

(core.GrpcService.GoogleGrpc.GoogleLocalCredentials)

Precisely one of ssl_credentials, google_default, local_credentials must be set.

core.GrpcService.GoogleGrpc.CallCredentials

[core.GrpcService.GoogleGrpc.CallCredentials proto]

  1. {
  2. "access_token": "...",
  3. "google_compute_engine": "{...}",
  4. "google_refresh_token": "...",
  5. "service_account_jwt_access": "{...}",
  6. "google_iam": "{...}",
  7. "from_plugin": "{...}"
  8. }

access_token

(string) Access token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d.

Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.

google_compute_engine

(Empty) Google Compute Engine credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61

Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.

google_refresh_token

(string) Google refresh token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c.

Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.

service_account_jwt_access

(core.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials) Service Account JWT Access credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa.

Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.

google_iam

(core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials) Google IAM credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0.

Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.

from_plugin

(core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin) Custom authenticator credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07. https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms.

Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.

core.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials

[core.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials proto]

  1. {
  2. "json_key": "...",
  3. "token_lifetime_seconds": "..."
  4. }

json_key

(string)

token_lifetime_seconds

(uint64)

core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials

[core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials proto]

  1. {
  2. "authorization_token": "...",
  3. "authority_selector": "..."
  4. }

authorization_token

(string)

authority_selector

(string)

core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin

[core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin proto]

  1. {
  2. "name": "...",
  3. "config": "{...}",
  4. "typed_config": "{...}"
  5. }

name

(string)

config

(Struct)

Only one of config, typed_config may be set.

typed_config

(Any)

Only one of config, typed_config may be set.