Skip to content

Latest commit

 

History

History
72 lines (47 loc) · 2.72 KB

README.md

File metadata and controls

72 lines (47 loc) · 2.72 KB
Raw

ESPv2 Configurations

This directory contains examples of how to configure ESPv2.

Each folder contains three files:

  1. openapi_swagger.json: API producer defined OpenAPI Specification.

  2. service_config_generated.json: Service configuration generated by Google Service Management. To generate this, deploy openapi_swagger.json to service management:

gcloud endpoints services deploy ./examples/$DIRECTORY/openapi_swagger.json

Then run:

gcloud endpoints configs describe "${CONFIG_ID}" \
  --project="${PROJECT}" \
  --service="${SERVICE}" \
  --format=json \
  > service.json

All the examples can be deployed to the cloudesf-testing GCP project without changes to the host field.

  1. envoy_config.json: Envoy static bootstrap configuration generated by Config Manager for the corresponding service_config_generated.json. It is formatted by "python -m json.tool"

There are a few more configurations in the internal testdata folder directory, but these are primarily for ESPv2 developers and testing.

Auth

Configurations of JWT Authn filter.

  • OpenAPI securityDefinitions are converted to JWT Authn providers.
  • OpenAPI per-path security rules are converted to JWT Authn requirements.

Dynamic Routing

Configurations of Dynamic Routing, where ESPv2 acts as an API Gateway. Google's OpenAPI x-google-backend extension is converted into:

  • The Envoy routeConfig for host rewrite to the remote backend.
  • The Backend Routing filter for path rewrite to the remote backend.
  • The Backend Auth filter for authentication with the remote backend.

gRPC Dynamic Routing

Configurations of gRPC Dynamic Routing, where ESPv2 acts as an API Gateway. Similar to the Dynamic Routing example above, but:

  • Configures routes for both gRPC and HTTP requests.
  • Configures the gRPC Transcoding filter.
  • Configures the Service Control filter.

Note: When updating the service config, you must call Service Management directly. Otherwise, the proto descriptor will not be included.

curl --fail -o "service.json" -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://servicemanagement.googleapis.com/v1/services/${SERVICE}/configs/${CONFIG_ID}?view=FULL"

Service Control

Configurations of authorization by API key, limiting by quota, and reporting logs / metrics.