Skip to content

Latest commit

 

History

History
 
 

examples

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
auth
auth
 
 
dynamic_routing
dynamic_routing
 
 
grpc_dynamic_routing
grpc_dynamic_routing
 
 
service_control
service_control
 
 
testdata
testdata
 
 
BUILD
BUILD
 
 
README.md
README.md
 
 

README.md

ESPv2 Configurations

This directory contains examples of how to configure ESPv2.

Each folder contains three files:

  1. openapi_swagger.json: API producer defined OpenAPI Specification.

  2. service_config_generated.json: Service configuration generated by Google Service Management. To generate this, deploy openapi_swagger.json to service management:

gcloud endpoints services deploy ./examples/$DIRECTORY/openapi_swagger.json

Then run:

gcloud endpoints configs describe "${CONFIG_ID}" \
  --project="${PROJECT}" \
  --service="${SERVICE}" \
  --format=json \
  > service.json

All the examples can be deployed to the cloudesf-testing GCP project without changes to the host field.

  1. envoy_config.json: Envoy static bootstrap configuration generated by Config Manager for the corresponding service_config_generated.json. It is formatted by "python -m json.tool"

There are a few more configurations in the internal testdata folder directory, but these are primarily for ESPv2 developers and testing.

Auth

Configurations of JWT Authn filter.

  • OpenAPI securityDefinitions are converted to JWT Authn providers.
  • OpenAPI per-path security rules are converted to JWT Authn requirements.

Dynamic Routing

Configurations of Dynamic Routing, where ESPv2 acts as an API Gateway. Google's OpenAPI x-google-backend extension is converted into:

  • The Envoy routeConfig for host rewrite to the remote backend.
  • The Path Rewrite filter for path rewrite to the remote backend.
  • The Backend Auth filter for authentication with the remote backend.

gRPC Dynamic Routing

Configurations of gRPC Dynamic Routing, where ESPv2 acts as an API Gateway. Similar to the Dynamic Routing example above, but:

  • Configures routes for both gRPC and HTTP requests.
  • Configures the gRPC Transcoding filter.
  • Configures the Service Control filter.

Note: When updating the service config, you must call Service Management directly. Otherwise, the proto descriptor will not be included.

curl --fail -o "service.json" -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    "https://servicemanagement.googleapis.com/v1/services/${SERVICE}/configs/${CONFIG_ID}?view=FULL"

Service Control

Configurations of authorization by API key, limiting by quota, and reporting logs / metrics.