Documentation
¶
Overview ¶
Package authz converts Istio RBAC (role-based-access-control) policies (ServiceRole and ServiceRoleBinding) to corresponding filter config that is used by the envoy RBAC filter to enforce access control to the service co-located with envoy. Currently the config is only generated for sidecar node on inbound HTTP listener. The generation is controlled by RbacConfig (a singleton custom resource with cluster scope). User could disable this plugin by either deleting the RbacConfig or set the RbacConfig.mode to OFF. Note: no RbacConfig is created in the deployment of Istio which means this plugin doesn't generate any RBAC config by default.
Index ¶
- func NewPlugin() plugin.Plugin
- type Plugin
- func (Plugin) OnInboundCluster(env model.Environment, node model.Proxy, service *model.Service, ...)
- func (Plugin) OnInboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error
- func (Plugin) OnInboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)
- func (Plugin) OnOutboundCluster(env model.Environment, node model.Proxy, service *model.Service, ...)
- func (Plugin) OnOutboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error
- func (Plugin) OnOutboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Plugin ¶
type Plugin struct{}
Plugin implements Istio RBAC authz
func (Plugin) OnInboundCluster ¶
func (Plugin) OnInboundCluster(env model.Environment, node model.Proxy, service *model.Service, servicePort *model.Port, cluster *xdsapi.Cluster)
OnInboundCluster implements the Plugin interface method.
func (Plugin) OnInboundListener ¶
func (Plugin) OnInboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error
OnInboundListener is called whenever a new listener is added to the LDS output for a given service Can be used to add additional filters (e.g., mixer filter) or add more stuff to the HTTP connection manager on the inbound path
func (Plugin) OnInboundRouteConfiguration ¶
func (Plugin) OnInboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)
OnInboundRouteConfiguration implements the Plugin interface method.
func (Plugin) OnOutboundCluster ¶
func (Plugin) OnOutboundCluster(env model.Environment, node model.Proxy, service *model.Service, servicePort *model.Port, cluster *xdsapi.Cluster)
OnOutboundCluster implements the Plugin interface method.
func (Plugin) OnOutboundListener ¶
func (Plugin) OnOutboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error
OnOutboundListener is called whenever a new outbound listener is added to the LDS output for a given service Can be used to add additional filters on the outbound path
func (Plugin) OnOutboundRouteConfiguration ¶
func (Plugin) OnOutboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)
OnOutboundRouteConfiguration implements the Plugin interface method.
Source Files