authz_extensions
Creates, updates, deletes, gets or lists an authz_extensions resource.
Overview
| Name | authz_extensions |
| Type | Resource |
| Id | google.networkservices.authz_extensions |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Required. Identifier. Name of the AuthzExtension resource in the following format: projects/{project}/locations/{location}/authzExtensions/{authz_extension}. |
authority | string | Required. The :authority header in the gRPC request sent from Envoy to the extension service. |
createTime | string (google-datetime) | Output only. The timestamp when the resource was created. |
description | string | Optional. A human-readable description of the resource. |
failOpen | boolean | Optional. Determines how the proxy behaves if the call to the extension fails or times out. When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. * If response headers have been delivered, then the HTTP stream to the downstream client is reset. |
forwardHeaders | array | Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. |
labels | object | Optional. Set of labels associated with the AuthzExtension resource. The format must comply with the requirements for labels for Google Cloud resources. |
loadBalancingScheme | string | Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: INTERNAL_MANAGED, EXTERNAL_MANAGED. For more information, refer to Backend services overview. |
metadata | object | Optional. The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. |
service | string | Required. The reference to the service that runs the extension. To configure a callout extension, service must be a fully-qualified reference to a backend service in the format: https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. |
timeout | string (google-duration) | Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. |
updateTime | string (google-datetime) | Output only. The timestamp when the resource was updated. |
wireFormat | string | Optional. The format of communication supported by the callout extension. If not specified, the default value EXT_PROC_GRPC is used. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Required. Identifier. Name of the AuthzExtension resource in the following format: projects/{project}/locations/{location}/authzExtensions/{authz_extension}. |
authority | string | Required. The :authority header in the gRPC request sent from Envoy to the extension service. |
createTime | string (google-datetime) | Output only. The timestamp when the resource was created. |
description | string | Optional. A human-readable description of the resource. |
failOpen | boolean | Optional. Determines how the proxy behaves if the call to the extension fails or times out. When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. * If response headers have been delivered, then the HTTP stream to the downstream client is reset. |
forwardHeaders | array | Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. |
labels | object | Optional. Set of labels associated with the AuthzExtension resource. The format must comply with the requirements for labels for Google Cloud resources. |
loadBalancingScheme | string | Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: INTERNAL_MANAGED, EXTERNAL_MANAGED. For more information, refer to Backend services overview. |
metadata | object | Optional. The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. |
service | string | Required. The reference to the service that runs the extension. To configure a callout extension, service must be a fully-qualified reference to a backend service in the format: https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. |
timeout | string (google-duration) | Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. |
updateTime | string (google-datetime) | Output only. The timestamp when the resource was updated. |
wireFormat | string | Optional. The format of communication supported by the callout extension. If not specified, the default value EXT_PROC_GRPC is used. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, locationsId, authzExtensionsId | Gets details of the specified AuthzExtension resource. | |
list | select | projectsId, locationsId | pageSize, pageToken, filter, orderBy | Lists AuthzExtension resources in a given project and location. |
create | insert | projectsId, locationsId | authzExtensionId, requestId | Creates a new AuthzExtension resource in a given project and location. |
patch | update | projectsId, locationsId, authzExtensionsId | updateMask, requestId | Updates the parameters of the specified AuthzExtension resource. |
delete | delete | projectsId, locationsId, authzExtensionsId | requestId | Deletes the specified AuthzExtension resource. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
authzExtensionsId | string | |
locationsId | string | |
projectsId | string | |
authzExtensionId | string | |
filter | string | |
orderBy | string | |
pageSize | integer (int32) | |
pageToken | string | |
requestId | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get
- list
Gets details of the specified AuthzExtension resource.
SELECT
name,
authority,
createTime,
description,
failOpen,
forwardHeaders,
labels,
loadBalancingScheme,
metadata,
service,
timeout,
updateTime,
wireFormat
FROM google.networkservices.authz_extensions
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND authzExtensionsId = '{{ authzExtensionsId }}' -- required;
Lists AuthzExtension resources in a given project and location.
SELECT
name,
authority,
createTime,
description,
failOpen,
forwardHeaders,
labels,
loadBalancingScheme,
metadata,
service,
timeout,
updateTime,
wireFormat
FROM google.networkservices.authz_extensions
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}'
AND orderBy = '{{ orderBy }}';
INSERT examples
- create
- Manifest
Creates a new AuthzExtension resource in a given project and location.
INSERT INTO google.networkservices.authz_extensions (
data__name,
data__description,
data__labels,
data__loadBalancingScheme,
data__authority,
data__service,
data__timeout,
data__failOpen,
data__metadata,
data__forwardHeaders,
data__wireFormat,
projectsId,
locationsId,
authzExtensionId,
requestId
)
SELECT
'{{ name }}',
'{{ description }}',
'{{ labels }}',
'{{ loadBalancingScheme }}',
'{{ authority }}',
'{{ service }}',
'{{ timeout }}',
{{ failOpen }},
'{{ metadata }}',
'{{ forwardHeaders }}',
'{{ wireFormat }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ authzExtensionId }}',
'{{ requestId }}'
RETURNING
name,
done,
error,
metadata,
response
;
# Description fields are for documentation purposes
- name: authz_extensions
props:
- name: projectsId
value: string
description: Required parameter for the authz_extensions resource.
- name: locationsId
value: string
description: Required parameter for the authz_extensions resource.
- name: name
value: string
description: >
Required. Identifier. Name of the `AuthzExtension` resource in the following format: `projects/{project}/locations/{location}/authzExtensions/{authz_extension}`.
- name: description
value: string
description: >
Optional. A human-readable description of the resource.
- name: labels
value: object
description: >
Optional. Set of labels associated with the `AuthzExtension` resource. The format must comply with [the requirements for labels](https://cloud.google.com/compute/docs/labeling-resources#requirements) for Google Cloud resources.
- name: loadBalancingScheme
value: string
description: >
Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
valid_values: ['LOAD_BALANCING_SCHEME_UNSPECIFIED', 'INTERNAL_MANAGED', 'EXTERNAL_MANAGED']
- name: authority
value: string
description: >
Required. The `:authority` header in the gRPC request sent from Envoy to the extension service.
- name: service
value: string
description: >
Required. The reference to the service that runs the extension. To configure a callout extension, `service` must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: `https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService}` or `https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}`.
- name: timeout
value: string
description: >
Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.
- name: failOpen
value: boolean
description: >
Optional. Determines how the proxy behaves if the call to the extension fails or times out. When set to `TRUE`, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to `FALSE` or the default setting of `FALSE` is used, one of the following happens: * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. * If response headers have been delivered, then the HTTP stream to the downstream client is reset.
- name: metadata
value: object
description: >
Optional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata is available under the namespace `com.google.authz_extension.`. The following variables are supported in the metadata Struct: `{forwarding_rule_id}` - substituted with the forwarding rule's fully qualified resource name.
- name: forwardHeaders
value: array
description: >
Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.
- name: wireFormat
value: string
description: >
Optional. The format of communication supported by the callout extension. If not specified, the default value `EXT_PROC_GRPC` is used.
valid_values: ['WIRE_FORMAT_UNSPECIFIED', 'EXT_PROC_GRPC', 'EXT_AUTHZ_GRPC']
- name: authzExtensionId
value: string
- name: requestId
value: string
UPDATE examples
- patch
Updates the parameters of the specified AuthzExtension resource.
UPDATE google.networkservices.authz_extensions
SET
data__name = '{{ name }}',
data__description = '{{ description }}',
data__labels = '{{ labels }}',
data__loadBalancingScheme = '{{ loadBalancingScheme }}',
data__authority = '{{ authority }}',
data__service = '{{ service }}',
data__timeout = '{{ timeout }}',
data__failOpen = {{ failOpen }},
data__metadata = '{{ metadata }}',
data__forwardHeaders = '{{ forwardHeaders }}',
data__wireFormat = '{{ wireFormat }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND authzExtensionsId = '{{ authzExtensionsId }}' --required
AND updateMask = '{{ updateMask}}'
AND requestId = '{{ requestId}}'
RETURNING
name,
done,
error,
metadata,
response;
DELETE examples
- delete
Deletes the specified AuthzExtension resource.
DELETE FROM google.networkservices.authz_extensions
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND authzExtensionsId = '{{ authzExtensionsId }}' --required
AND requestId = '{{ requestId }}';