.. _envoy_v3_api_file_envoy/config/core/v3/grpc_service.proto: gRPC services ============= .. _envoy_v3_api_msg_config.core.v3.GrpcService: config.core.v3.GrpcService -------------------------- `[config.core.v3.GrpcService proto] `_ gRPC service configuration. This is used by :ref:`ApiConfigSource ` and filter configurations. .. code-block:: json { "envoy_grpc": "{...}", "google_grpc": "{...}", "timeout": "{...}", "initial_metadata": [] } .. _envoy_v3_api_field_config.core.v3.GrpcService.envoy_grpc: envoy_grpc (:ref:`config.core.v3.GrpcService.EnvoyGrpc `) Envoy's in-built gRPC client. See the :ref:`gRPC services overview ` documentation for discussion on gRPC client selection. Precisely one of :ref:`envoy_grpc `, :ref:`google_grpc ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.google_grpc: google_grpc (:ref:`config.core.v3.GrpcService.GoogleGrpc `) `Google C++ gRPC client `_ See the :ref:`gRPC services overview ` documentation for discussion on gRPC client selection. Precisely one of :ref:`envoy_grpc `, :ref:`google_grpc ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.timeout: timeout (`Duration `_) The timeout for the gRPC request. This is the timeout for a specific request. .. _envoy_v3_api_field_config.core.v3.GrpcService.initial_metadata: initial_metadata (:ref:`config.core.v3.HeaderValue `) Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. ``x-foo-bar: baz-key``) are to be injected. .. _envoy_v3_api_msg_config.core.v3.GrpcService.EnvoyGrpc: config.core.v3.GrpcService.EnvoyGrpc ------------------------------------ `[config.core.v3.GrpcService.EnvoyGrpc proto] `_ .. code-block:: json { "cluster_name": "...", "authority": "..." } .. _envoy_v3_api_field_config.core.v3.GrpcService.EnvoyGrpc.cluster_name: cluster_name (`string `_, *REQUIRED*) The name of the upstream gRPC cluster. SSL credentials will be supplied in the :ref:`Cluster ` :ref:`transport_socket `. .. _envoy_v3_api_field_config.core.v3.GrpcService.EnvoyGrpc.authority: authority (`string `_) The `:authority` header in the grpc request. If this field is not set, the authority header value will be `cluster_name`. Note that this authority does not override the SNI. The SNI is provided by the transport socket of the cluster. .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc: config.core.v3.GrpcService.GoogleGrpc ------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc proto] `_ .. code-block:: json { "target_uri": "...", "channel_credentials": "{...}", "call_credentials": [], "stat_prefix": "...", "credentials_factory_name": "...", "config": "{...}", "per_stream_buffer_limit_bytes": "{...}", "channel_args": "{...}" } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.target_uri: target_uri (`string `_, *REQUIRED*) The target URI when using the `Google C++ gRPC client `_. SSL credentials will be supplied in :ref:`channel_credentials `. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials: channel_credentials (:ref:`config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials `) .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.call_credentials: call_credentials (:ref:`config.core.v3.GrpcService.GoogleGrpc.CallCredentials `) A set of call credentials that can be composed with `channel credentials `_. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.stat_prefix: stat_prefix (`string `_, *REQUIRED*) The human readable prefix to use when emitting statistics for the gRPC service. .. csv-table:: :header: Name, Type, Description :widths: 1, 1, 2 streams_total, Counter, Total number of streams opened streams_closed_, Counter, Total streams closed with .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.credentials_factory_name: credentials_factory_name (`string `_) The name of the Google gRPC credentials factory to use. This must have been registered with Envoy. If this is empty, a default credentials factory will be used that sets up channel credentials based on other configuration parameters. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.config: config (`Struct `_) Additional configuration for site-specific customizations of the Google gRPC library. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.per_stream_buffer_limit_bytes: per_stream_buffer_limit_bytes (`UInt32Value `_) How many bytes each stream can buffer internally. If not set an implementation defined default is applied (1MiB). .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_args: channel_args (:ref:`config.core.v3.GrpcService.GoogleGrpc.ChannelArgs `) Custom channels args. .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.SslCredentials: config.core.v3.GrpcService.GoogleGrpc.SslCredentials ---------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.SslCredentials proto] `_ See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html. .. code-block:: json { "root_certs": "{...}", "private_key": "{...}", "cert_chain": "{...}" } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.SslCredentials.root_certs: root_certs (:ref:`config.core.v3.DataSource `) PEM encoded server root certificates. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.SslCredentials.private_key: private_key (:ref:`config.core.v3.DataSource `) PEM encoded client private key. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.SslCredentials.cert_chain: cert_chain (:ref:`config.core.v3.DataSource `) PEM encoded client certificate chain. .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials: config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials ------------------------------------------------------------ `[config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials proto] `_ Local channel credentials. Only UDS is supported for now. See https://github.com/grpc/grpc/pull/15909. .. code-block:: json {} .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials: config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials -------------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials proto] `_ See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call credential types. .. code-block:: json { "ssl_credentials": "{...}", "google_default": "{...}", "local_credentials": "{...}" } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials.ssl_credentials: ssl_credentials (:ref:`config.core.v3.GrpcService.GoogleGrpc.SslCredentials `) Precisely one of :ref:`ssl_credentials `, :ref:`google_default `, :ref:`local_credentials ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials.google_default: google_default (`Empty `_) https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61 Precisely one of :ref:`ssl_credentials `, :ref:`google_default `, :ref:`local_credentials ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials.local_credentials: local_credentials (:ref:`config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials `) Precisely one of :ref:`ssl_credentials `, :ref:`google_default `, :ref:`local_credentials ` must be set. .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.CallCredentials: config.core.v3.GrpcService.GoogleGrpc.CallCredentials ----------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.CallCredentials proto] `_ .. code-block:: json { "access_token": "...", "google_compute_engine": "{...}", "google_refresh_token": "...", "service_account_jwt_access": "{...}", "google_iam": "{...}", "from_plugin": "{...}", "sts_service": "{...}" } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.access_token: access_token (`string `_) Access token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d. Precisely one of :ref:`access_token `, :ref:`google_compute_engine `, :ref:`google_refresh_token `, :ref:`service_account_jwt_access `, :ref:`google_iam `, :ref:`from_plugin `, :ref:`sts_service ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.google_compute_engine: google_compute_engine (`Empty `_) Google Compute Engine credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61 Precisely one of :ref:`access_token `, :ref:`google_compute_engine `, :ref:`google_refresh_token `, :ref:`service_account_jwt_access `, :ref:`google_iam `, :ref:`from_plugin `, :ref:`sts_service ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.google_refresh_token: google_refresh_token (`string `_) Google refresh token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c. Precisely one of :ref:`access_token `, :ref:`google_compute_engine `, :ref:`google_refresh_token `, :ref:`service_account_jwt_access `, :ref:`google_iam `, :ref:`from_plugin `, :ref:`sts_service ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.service_account_jwt_access: service_account_jwt_access (:ref:`config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials `) Service Account JWT Access credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa. Precisely one of :ref:`access_token `, :ref:`google_compute_engine `, :ref:`google_refresh_token `, :ref:`service_account_jwt_access `, :ref:`google_iam `, :ref:`from_plugin `, :ref:`sts_service ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.google_iam: google_iam (:ref:`config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials `) Google IAM credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0. Precisely one of :ref:`access_token `, :ref:`google_compute_engine `, :ref:`google_refresh_token `, :ref:`service_account_jwt_access `, :ref:`google_iam `, :ref:`from_plugin `, :ref:`sts_service ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.from_plugin: from_plugin (:ref:`config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin `) Custom authenticator credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07. https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms. Precisely one of :ref:`access_token `, :ref:`google_compute_engine `, :ref:`google_refresh_token `, :ref:`service_account_jwt_access `, :ref:`google_iam `, :ref:`from_plugin `, :ref:`sts_service ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.sts_service: sts_service (:ref:`config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService `) Custom security token service which implements OAuth 2.0 token exchange. https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 See https://github.com/grpc/grpc/pull/19587. Precisely one of :ref:`access_token `, :ref:`google_compute_engine `, :ref:`google_refresh_token `, :ref:`service_account_jwt_access `, :ref:`google_iam `, :ref:`from_plugin `, :ref:`sts_service ` must be set. .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials: config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials ---------------------------------------------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials proto] `_ .. code-block:: json { "json_key": "...", "token_lifetime_seconds": "..." } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials.json_key: json_key (`string `_) .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials.token_lifetime_seconds: token_lifetime_seconds (`uint64 `_) .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials: config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials -------------------------------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials proto] `_ .. code-block:: json { "authorization_token": "...", "authority_selector": "..." } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials.authorization_token: authorization_token (`string `_) .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials.authority_selector: authority_selector (`string `_) .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin: config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin ----------------------------------------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin proto] `_ .. code-block:: json { "name": "...", "typed_config": "{...}" } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin.name: name (`string `_) .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin.typed_config: typed_config (`Any `_) .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService: config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService ---------------------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService proto] `_ Security token service configuration that allows Google gRPC to fetch security token from an OAuth 2.0 authorization server. See https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 and https://github.com/grpc/grpc/pull/19587. .. code-block:: json { "token_exchange_service_uri": "...", "resource": "...", "audience": "...", "scope": "...", "requested_token_type": "...", "subject_token_path": "...", "subject_token_type": "...", "actor_token_path": "...", "actor_token_type": "..." } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.token_exchange_service_uri: token_exchange_service_uri (`string `_) URI of the token exchange service that handles token exchange requests. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.resource: resource (`string `_) Location of the target service or resource where the client intends to use the requested security token. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.audience: audience (`string `_) Logical name of the target service where the client intends to use the requested security token. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.scope: scope (`string `_) The desired scope of the requested security token in the context of the service or resource where the token will be used. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.requested_token_type: requested_token_type (`string `_) Type of the requested security token. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.subject_token_path: subject_token_path (`string `_, *REQUIRED*) The path of subject token, a security token that represents the identity of the party on behalf of whom the request is being made. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.subject_token_type: subject_token_type (`string `_, *REQUIRED*) Type of the subject token. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.actor_token_path: actor_token_path (`string `_) The path of actor token, a security token that represents the identity of the acting party. The acting party is authorized to use the requested security token and act on behalf of the subject. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService.actor_token_type: actor_token_type (`string `_) Type of the actor token. .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.ChannelArgs: config.core.v3.GrpcService.GoogleGrpc.ChannelArgs ------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.ChannelArgs proto] `_ Channel arguments. .. code-block:: json { "args": "{...}" } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.args: args (map<`string `_, :ref:`config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value `>) See grpc_types.h GRPC_ARG #defines for keys that work here. .. _envoy_v3_api_msg_config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value: config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value ------------------------------------------------------- `[config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value proto] `_ .. code-block:: json { "string_value": "...", "int_value": "..." } .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value.string_value: string_value (`string `_) Pointer values are not supported, since they don't make any sense when delivered via the API. Precisely one of :ref:`string_value `, :ref:`int_value ` must be set. .. _envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value.int_value: int_value (`int64 `_) Pointer values are not supported, since they don't make any sense when delivered via the API. Precisely one of :ref:`string_value `, :ref:`int_value ` must be set.