Proto API Scrubber (proto)

This extension has the qualified name envoy.filters.http.proto_api_scrubber

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension category:

envoy.filters.http

This extension must be configured with one of the following type URLs:

type.googleapis.com/envoy.extensions.filters.http.proto_api_scrubber.v3.ProtoApiScrubberConfig

ProtoApiScrubber filter supports filtering of the request and response payloads based on the configured field restrictions and actions. The field restrictions and actions can be defined using unified matcher API. The filter evaluates the configured restriction for each field to produce the filtered output using the configured actions. The design doc for this filter is available here

extensions.filters.http.proto_api_scrubber.v3.ProtoApiScrubberConfig

[extensions.filters.http.proto_api_scrubber.v3.ProtoApiScrubberConfig proto]

{
  "descriptor_set": {...},
  "restrictions": {...},
  "filtering_mode": ...
}

descriptor_set: (extensions.filters.http.proto_api_scrubber.v3.DescriptorSet) The proto descriptor set for the proto services.

restrictions: (extensions.filters.http.proto_api_scrubber.v3.Restrictions) Contains the restrictions for the supported proto elements.

filtering_mode: (extensions.filters.http.proto_api_scrubber.v3.ProtoApiScrubberConfig.FilteringMode) Specifies the filtering mode of this filter.

Enum extensions.filters.http.proto_api_scrubber.v3.ProtoApiScrubberConfig.FilteringMode

[extensions.filters.http.proto_api_scrubber.v3.ProtoApiScrubberConfig.FilteringMode proto]

An enum enlisting all the filtering modes supported by this filter.

OVERRIDE: (DEFAULT) ⁣Override the original request/response body with the filtered request/response body.

extensions.filters.http.proto_api_scrubber.v3.DescriptorSet

[extensions.filters.http.proto_api_scrubber.v3.DescriptorSet proto]

Specifies the descriptor set for proto services.

{
  "data_source": {...}
}

data_source: (config.core.v3.DataSource) It could be passed by a local file through Datasource.filename or embedded in the Datasource.inline_bytes.

extensions.filters.http.proto_api_scrubber.v3.Restrictions

[extensions.filters.http.proto_api_scrubber.v3.Restrictions proto]

Contains the restrictions for the methods.

{
  "method_restrictions": {...},
  "message_restrictions": {...}
}

method_restrictions: (repeated map<string, extensions.filters.http.proto_api_scrubber.v3.MethodRestrictions>) Specifies the method restrictions. Key - Fully qualified method name e.g., endpoints.examples.bookstore.BookStore/GetShelf. Value - Method restrictions.

message_restrictions: (repeated map<string, extensions.filters.http.proto_api_scrubber.v3.MessageRestrictions>) Specifies the message restrictions. Key - Fully qualified message name e.g., endpoints.examples.bookstore.Book. Value - Message restrictions.

extensions.filters.http.proto_api_scrubber.v3.MethodRestrictions

[extensions.filters.http.proto_api_scrubber.v3.MethodRestrictions proto]

Contains the method restrictions which include the field level restrictions for the request and response fields.

{
  "request_field_restrictions": {...},
  "response_field_restrictions": {...},
  "method_restriction": {...}
}

request_field_restrictions: (repeated map<string, extensions.filters.http.proto_api_scrubber.v3.RestrictionConfig>) Restrictions that apply to request fields of the method. Key - field mask like path of the field e.g., foo.bar.baz Value - Restrictions map containing the mapping from restriction name to the restriction values.

response_field_restrictions: (repeated map<string, extensions.filters.http.proto_api_scrubber.v3.RestrictionConfig>) Restrictions that apply to response fields of the method. Key - field mask like path of the field e.g., foo.bar.baz Value - Restrictions map containing the mapping from restriction name to the restriction values.

method_restriction

(extensions.filters.http.proto_api_scrubber.v3.RestrictionConfig) Optional restriction that applies to the entire method. If present, this rule takes precedence for the method itself over field-level or message-level rules. The ‘matcher’ within RestrictionConfig will determine if the method is denied/scrubbed. If the matcher evaluates to true:

The request is denied, and further processing is stopped.
The implementation should generate an immediate error response (e.g., an HTTP 403 Forbidden status) and send it to the client.

extensions.filters.http.proto_api_scrubber.v3.MessageRestrictions

[extensions.filters.http.proto_api_scrubber.v3.MessageRestrictions proto]

Contains message-level restrictions.

{
  "config": {...},
  "field_restrictions": {...}
}

config: (extensions.filters.http.proto_api_scrubber.v3.RestrictionConfig) The core restriction to apply to this message type. The ‘matcher’ within RestrictionConfig will determine if the message is scrubbed/denied/allowed.

field_restrictions: (repeated map<string, extensions.filters.http.proto_api_scrubber.v3.RestrictionConfig>) Restrictions that apply to specific fields within this message type. Key - field mask (e.g. “social_security_number”). Value - The restriction configuration for that field.

extensions.filters.http.proto_api_scrubber.v3.RestrictionConfig

[extensions.filters.http.proto_api_scrubber.v3.RestrictionConfig proto]

The restriction configuration.

{
  "matcher": {...}
}

matcher: (.xds.type.matcher.v3.Matcher) Matcher tree for matching requests and responses with the configured restrictions.