Lib.rs

Network programming
#grpc #envoy #grpc-server

envoy-types

Collection of protobuf types and other assets to work with the Envoy Proxy through Rust gRPC services

by Rafael Lemos and 2 contributors

10 releases

new 0.5.4 Feb 6, 2025
0.5.2 Dec 14, 2024
0.5.1 Nov 26, 2024
0.4.0 Apr 1, 2024
0.2.0 Jul 28, 2023

#199 in Network programming

Download history 232/week @ 2024-10-20 305/week @ 2024-10-27 490/week @ 2024-11-03 302/week @ 2024-11-10 252/week @ 2024-11-17 354/week @ 2024-11-24 456/week @ 2024-12-01 507/week @ 2024-12-08 594/week @ 2024-12-15 209/week @ 2024-12-22 152/week @ 2024-12-29 349/week @ 2025-01-05 621/week @ 2025-01-12 399/week @ 2025-01-19 445/week @ 2025-01-26 654/week @ 2025-02-02

2,153 downloads per month

Apache-2.0

3MB
34K SLoC

Envoy Types

Collection of protobuf types and other assets to work with the Envoy Proxy through Rust gRPC services.

Among other use cases, this crate can be used to implement an Envoy External Authorization (ExtAuthz) gRPC Server written in Rust.

Crates.io Badge Documentation Badge License Badge CI Badge

Examples | Docs

Getting Started

Rust Version

This project's MSRV is 1.75.

Dependencies

[dependencies]
envoy-types = "<envoy-types-version>"

The protobuf types made available are already pre-compiled, so you only need the latest stable Protocol Buffer Compiler (protoc) to run the crate's tests. Generated code may vary across protoc versions, and the use of the latest stable version is enforced by CI. Installation instructions can be found here.

Examples

The example bellow covers a bare-bones implementation of an Envoy ExtAuthz gRPC AuthorizationServer, with tonic. A more complete implementation, including query parameters and header manipulation, can be found at the examples directory.

use std::env;
use tonic::{transport::Server, Request, Response, Status};

use envoy_types::ext_authz::v3::pb::{
    Authorization, AuthorizationServer, CheckRequest, CheckResponse,
};
use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt};

#[derive(Default)]
struct MyServer;

#[tonic::async_trait]
impl Authorization for MyServer {
    async fn check(
        &self,
        request: Request<CheckRequest>,
    ) -> Result<Response<CheckResponse>, Status> {
        let request = request.into_inner();

        let client_headers = request
            .get_client_headers()
            .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?;

        let mut request_status = Status::unauthenticated("not authorized");

        if let Some(authorization) = client_headers.get("authorization") {
            if authorization == "Bearer valid-token" {
                request_status = Status::ok("request is valid");
            }
        }

        Ok(Response::new(CheckResponse::with_status(request_status)))
    }
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let server_port = env::var("SERVER_PORT").unwrap_or("50051".into());
    let addr = format!("0.0.0.0:{server_port}").parse().unwrap();
    let server = MyServer;

    println!("AuthorizationServer listening on {addr}");

    Server::builder()
        .add_service(AuthorizationServer::new(server))
        .serve(addr)
        .await?;

    Ok(())
}

Compatibility

The table bellow outlines the correspondence between the versions of tonic and the compatible versions of envoy-types.

tonic envoy-types
v0.12 v0.5
v0.11 v0.4
v0.10 v0.3
v0.9 v0.2

License

This project is licensed under the Apache License (Version 2.0).

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion by you, shall be licensed as Apache-2.0, without any additional terms or conditions.

Dependencies

~5–11MB
~111K SLoC