Documentation ¶
Index ¶
- Variables
- type Jwt
- func (*Jwt) Descriptor() ([]byte, []int)
- func (this *Jwt) Equal(that interface{}) bool
- func (m *Jwt) GetAudiences() []string
- func (m *Jwt) GetIssuer() string
- func (m *Jwt) GetJwksUri() string
- func (m *Jwt) GetJwtHeaders() []string
- func (m *Jwt) GetJwtParams() []string
- func (m *Jwt) GetTriggerRules() []*Jwt_TriggerRule
- func (*Jwt) ProtoMessage()
- func (m *Jwt) Reset()
- func (m *Jwt) String() string
- func (m *Jwt) XXX_DiscardUnknown()
- func (m *Jwt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Jwt) XXX_Merge(src proto.Message)
- func (m *Jwt) XXX_Size() int
- func (m *Jwt) XXX_Unmarshal(b []byte) error
- type Jwt_TriggerRule
- func (*Jwt_TriggerRule) Descriptor() ([]byte, []int)
- func (this *Jwt_TriggerRule) Equal(that interface{}) bool
- func (m *Jwt_TriggerRule) GetExcludedPaths() []*StringMatch
- func (m *Jwt_TriggerRule) GetIncludedPaths() []*StringMatch
- func (*Jwt_TriggerRule) ProtoMessage()
- func (m *Jwt_TriggerRule) Reset()
- func (m *Jwt_TriggerRule) String() string
- func (m *Jwt_TriggerRule) XXX_DiscardUnknown()
- func (m *Jwt_TriggerRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Jwt_TriggerRule) XXX_Merge(src proto.Message)
- func (m *Jwt_TriggerRule) XXX_Size() int
- func (m *Jwt_TriggerRule) XXX_Unmarshal(b []byte) error
- type MeshPolicy
- func (o *MeshPolicy) DeepCopyObject() runtime.Object
- func (*MeshPolicy) Descriptor() ([]byte, []int)
- func (this *MeshPolicy) Equal(that interface{}) bool
- func (m *MeshPolicy) GetMetadata() core.Metadata
- func (o *MeshPolicy) GetObjectKind() schema.ObjectKind
- func (m *MeshPolicy) GetOriginIsOptional() bool
- func (m *MeshPolicy) GetOrigins() []*OriginAuthenticationMethod
- func (m *MeshPolicy) GetPeerIsOptional() bool
- func (m *MeshPolicy) GetPeers() []*PeerAuthenticationMethod
- func (m *MeshPolicy) GetPrincipalBinding() PrincipalBinding
- func (m *MeshPolicy) GetStatus() core.Status
- func (m *MeshPolicy) GetTargets() []*TargetSelector
- func (r *MeshPolicy) Hash() uint64
- func (*MeshPolicy) ProtoMessage()
- func (m *MeshPolicy) Reset()
- func (r *MeshPolicy) SetMetadata(meta core.Metadata)
- func (r *MeshPolicy) SetStatus(status core.Status)
- func (m *MeshPolicy) String() string
- func (m *MeshPolicy) XXX_DiscardUnknown()
- func (m *MeshPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *MeshPolicy) XXX_Merge(src proto.Message)
- func (m *MeshPolicy) XXX_Size() int
- func (m *MeshPolicy) XXX_Unmarshal(b []byte) error
- type MeshPolicyClient
- type MeshPolicyList
- func (list MeshPolicyList) AsInputResources() resources.InputResourceList
- func (list MeshPolicyList) AsInterfaces() []interface{}
- func (list MeshPolicyList) AsResources() resources.ResourceList
- func (list MeshPolicyList) Clone() MeshPolicyList
- func (list MeshPolicyList) Each(f func(element *MeshPolicy))
- func (list MeshPolicyList) EachResource(f func(element resources.Resource))
- func (list MeshPolicyList) Find(namespace, name string) (*MeshPolicy, error)
- func (list MeshPolicyList) Names() []string
- func (list MeshPolicyList) NamespacesDotNames() []string
- func (list MeshPolicyList) Sort() MeshPolicyList
- type MeshPolicyReconciler
- type MeshPolicyWatcher
- type MutualTls
- func (*MutualTls) Descriptor() ([]byte, []int)
- func (this *MutualTls) Equal(that interface{}) bool
- func (m *MutualTls) GetAllowTls() bool
- func (m *MutualTls) GetMode() MutualTls_Mode
- func (*MutualTls) ProtoMessage()
- func (m *MutualTls) Reset()
- func (m *MutualTls) String() string
- func (m *MutualTls) XXX_DiscardUnknown()
- func (m *MutualTls) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *MutualTls) XXX_Merge(src proto.Message)
- func (m *MutualTls) XXX_Size() int
- func (m *MutualTls) XXX_Unmarshal(b []byte) error
- type MutualTls_Mode
- type OriginAuthenticationMethod
- func (*OriginAuthenticationMethod) Descriptor() ([]byte, []int)
- func (this *OriginAuthenticationMethod) Equal(that interface{}) bool
- func (m *OriginAuthenticationMethod) GetJwt() *Jwt
- func (*OriginAuthenticationMethod) ProtoMessage()
- func (m *OriginAuthenticationMethod) Reset()
- func (m *OriginAuthenticationMethod) String() string
- func (m *OriginAuthenticationMethod) XXX_DiscardUnknown()
- func (m *OriginAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *OriginAuthenticationMethod) XXX_Merge(src proto.Message)
- func (m *OriginAuthenticationMethod) XXX_Size() int
- func (m *OriginAuthenticationMethod) XXX_Unmarshal(b []byte) error
- type PeerAuthenticationMethod
- func (*PeerAuthenticationMethod) Descriptor() ([]byte, []int)
- func (this *PeerAuthenticationMethod) Equal(that interface{}) bool
- func (m *PeerAuthenticationMethod) GetJwt() *Jwt
- func (m *PeerAuthenticationMethod) GetMtls() *MutualTls
- func (m *PeerAuthenticationMethod) GetParams() isPeerAuthenticationMethod_Params
- func (*PeerAuthenticationMethod) ProtoMessage()
- func (m *PeerAuthenticationMethod) Reset()
- func (m *PeerAuthenticationMethod) String() string
- func (m *PeerAuthenticationMethod) XXX_DiscardUnknown()
- func (m *PeerAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PeerAuthenticationMethod) XXX_Merge(src proto.Message)
- func (*PeerAuthenticationMethod) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *PeerAuthenticationMethod) XXX_Size() int
- func (m *PeerAuthenticationMethod) XXX_Unmarshal(b []byte) error
- type PeerAuthenticationMethod_Jwt
- type PeerAuthenticationMethod_Mtls
- type Policy
- func (o *Policy) DeepCopyObject() runtime.Object
- func (*Policy) Descriptor() ([]byte, []int)
- func (this *Policy) Equal(that interface{}) bool
- func (m *Policy) GetMetadata() core.Metadata
- func (o *Policy) GetObjectKind() schema.ObjectKind
- func (m *Policy) GetOriginIsOptional() bool
- func (m *Policy) GetOrigins() []*OriginAuthenticationMethod
- func (m *Policy) GetPeerIsOptional() bool
- func (m *Policy) GetPeers() []*PeerAuthenticationMethod
- func (m *Policy) GetPrincipalBinding() PrincipalBinding
- func (m *Policy) GetStatus() core.Status
- func (m *Policy) GetTargets() []*TargetSelector
- func (r *Policy) Hash() uint64
- func (*Policy) ProtoMessage()
- func (m *Policy) Reset()
- func (r *Policy) SetMetadata(meta core.Metadata)
- func (r *Policy) SetStatus(status core.Status)
- func (m *Policy) String() string
- func (m *Policy) XXX_DiscardUnknown()
- func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Policy) XXX_Merge(src proto.Message)
- func (m *Policy) XXX_Size() int
- func (m *Policy) XXX_Unmarshal(b []byte) error
- type PolicyClient
- type PolicyList
- func (list PolicyList) AsInputResources() resources.InputResourceList
- func (list PolicyList) AsInterfaces() []interface{}
- func (list PolicyList) AsResources() resources.ResourceList
- func (list PolicyList) Clone() PolicyList
- func (list PolicyList) Each(f func(element *Policy))
- func (list PolicyList) EachResource(f func(element resources.Resource))
- func (list PolicyList) Find(namespace, name string) (*Policy, error)
- func (list PolicyList) Names() []string
- func (list PolicyList) NamespacesDotNames() []string
- func (list PolicyList) Sort() PolicyList
- type PolicyReconciler
- type PolicyWatcher
- type PortSelector
- func (*PortSelector) Descriptor() ([]byte, []int)
- func (this *PortSelector) Equal(that interface{}) bool
- func (m *PortSelector) GetName() string
- func (m *PortSelector) GetNumber() uint32
- func (m *PortSelector) GetPort() isPortSelector_Port
- func (*PortSelector) ProtoMessage()
- func (m *PortSelector) Reset()
- func (m *PortSelector) String() string
- func (m *PortSelector) XXX_DiscardUnknown()
- func (m *PortSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PortSelector) XXX_Merge(src proto.Message)
- func (*PortSelector) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *PortSelector) XXX_Size() int
- func (m *PortSelector) XXX_Unmarshal(b []byte) error
- type PortSelector_Name
- type PortSelector_Number
- type PrincipalBinding
- type StringMatch
- func (*StringMatch) Descriptor() ([]byte, []int)
- func (this *StringMatch) Equal(that interface{}) bool
- func (m *StringMatch) GetExact() string
- func (m *StringMatch) GetMatchType() isStringMatch_MatchType
- func (m *StringMatch) GetPrefix() string
- func (m *StringMatch) GetRegex() string
- func (m *StringMatch) GetSuffix() string
- func (*StringMatch) ProtoMessage()
- func (m *StringMatch) Reset()
- func (m *StringMatch) String() string
- func (m *StringMatch) XXX_DiscardUnknown()
- func (m *StringMatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *StringMatch) XXX_Merge(src proto.Message)
- func (*StringMatch) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *StringMatch) XXX_Size() int
- func (m *StringMatch) XXX_Unmarshal(b []byte) error
- type StringMatch_Exact
- type StringMatch_Prefix
- type StringMatch_Regex
- type StringMatch_Suffix
- type TargetSelector
- func (*TargetSelector) Descriptor() ([]byte, []int)
- func (this *TargetSelector) Equal(that interface{}) bool
- func (m *TargetSelector) GetName() string
- func (m *TargetSelector) GetPorts() []*PortSelector
- func (*TargetSelector) ProtoMessage()
- func (m *TargetSelector) Reset()
- func (m *TargetSelector) String() string
- func (m *TargetSelector) XXX_DiscardUnknown()
- func (m *TargetSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *TargetSelector) XXX_Merge(src proto.Message)
- func (m *TargetSelector) XXX_Size() int
- func (m *TargetSelector) XXX_Unmarshal(b []byte) error
- type TransitionMeshPolicyFunc
- type TransitionPolicyFunc
Constants ¶
This section is empty.
Variables ¶
var MeshPolicyCrd = crd.NewCrd("authentication.istio.io", "meshpolicies", "authentication.istio.io", "v1alpha1", "MeshPolicy", "meshpolicy", true, &MeshPolicy{})
var MutualTls_Mode_name = map[int32]string{
0: "STRICT",
1: "PERMISSIVE",
}
var MutualTls_Mode_value = map[string]int32{
"STRICT": 0,
"PERMISSIVE": 1,
}
var PolicyCrd = crd.NewCrd("authentication.istio.io", "policies", "authentication.istio.io", "v1alpha1", "Policy", "policy", false, &Policy{})
var PrincipalBinding_name = map[int32]string{
0: "USE_PEER",
1: "USE_ORIGIN",
}
var PrincipalBinding_value = map[string]int32{
"USE_PEER": 0,
"USE_ORIGIN": 1,
}
Functions ¶
This section is empty.
Types ¶
type Jwt ¶
type Jwt struct { // Identifies the issuer that issued the JWT. See // [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1) // Usually a URL or an email address. // // Example: https://securetoken.google.com // Example: 1234567-compute@developer.gserviceaccount.com Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` // The list of JWT // [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3). // that are allowed to access. A JWT containing any of these // audiences will be accepted. // // The service name will be accepted if audiences is empty. // // Example: // // “`yaml // audiences: // - bookstore_android.apps.googleusercontent.com // bookstore_web.apps.googleusercontent.com // “` Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // URL of the provider's public key set to validate signature of the // JWT. See [OpenID // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). // // Optional if the key set document can either (a) be retrieved from // [OpenID // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of // the issuer or (b) inferred from the email domain of the issuer (e.g. a // Google service account). // // Example: https://www.googleapis.com/oauth2/v1/certs JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"` // JWT is sent in a request header. `header` represents the // header name. // // For example, if `header=x-goog-iap-jwt-assertion`, the header // format will be x-goog-iap-jwt-assertion: <JWT>. JwtHeaders []string `protobuf:"bytes,6,rep,name=jwt_headers,json=jwtHeaders,proto3" json:"jwt_headers,omitempty"` // JWT is sent in a query parameter. `query` represents the // query parameter name. // // For example, `query=jwt_token`. JwtParams []string `protobuf:"bytes,7,rep,name=jwt_params,json=jwtParams,proto3" json:"jwt_params,omitempty"` // List of trigger rules to decide if this JWT should be used to validate the // request. The JWT validation happens if any one of the rules matched. // If the list is not empty and none of the rules matched, authentication will // skip the JWT validation. // Leave this empty to always trigger the JWT validation. TriggerRules []*Jwt_TriggerRule `protobuf:"bytes,9,rep,name=trigger_rules,json=triggerRules,proto3" json:"trigger_rules,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
JSON Web Token (JWT) token format for authentication as defined by https://tools.ietf.org/html/rfc7519. See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC 1.0](http://openid.net/connect) for how this is used in the whole authentication flow.
For example:
A JWT for any requests:
```yaml issuer: https://example.com audiences:
- bookstore_android.apps.googleusercontent.com bookstore_web.apps.googleusercontent.com
jwksUri: https://example.com/.well-known/jwks.json ```
A JWT for all requests except request at path `/health_check` and path with prefix `/status/`. This is useful to expose some paths for public access but keep others JWT validated.
```yaml issuer: https://example.com jwks_uri: https://example.com/.well-known/jwks.json trigger_rules: - excluded_paths:
- exact: /health_check
- prefix: /status/
```
A JWT only for requests at path `/admin`. This is useful to only require JWT validation on a specific set of paths but keep others public accessible.
```yaml issuer: https://example.com jwks_uri: https://example.com/.well-known/jwks.json trigger_rules: - included_paths:
- prefix: /admin
```
A JWT only for requests at path of prefix `/status/` but except the path of `/status/version`. This means for any request path with prefix `/status/` except `/status/version` will require a valid JWT to proceed.
```yaml issuer: https://example.com jwks_uri: https://example.com/.well-known/jwks.json trigger_rules: - excluded_paths:
- exact: /status/version included_paths:
- prefix: /status/
```
func (*Jwt) Descriptor ¶
func (*Jwt) GetAudiences ¶
func (*Jwt) GetJwksUri ¶
func (*Jwt) GetJwtHeaders ¶
func (*Jwt) GetJwtParams ¶
func (*Jwt) GetTriggerRules ¶
func (m *Jwt) GetTriggerRules() []*Jwt_TriggerRule
func (*Jwt) ProtoMessage ¶
func (*Jwt) ProtoMessage()
func (*Jwt) XXX_DiscardUnknown ¶
func (m *Jwt) XXX_DiscardUnknown()
func (*Jwt) XXX_Unmarshal ¶
type Jwt_TriggerRule ¶
type Jwt_TriggerRule struct { // List of paths to be excluded from the request. The rule is satisfied if // request path does not match to any of the path in this list. ExcludedPaths []*StringMatch `protobuf:"bytes,1,rep,name=excluded_paths,json=excludedPaths,proto3" json:"excluded_paths,omitempty"` // List of paths that the request must include. If the list is not empty, the // rule is satisfied if request path matches at least one of the path in the list. // If the list is empty, the rule is ignored, in other words the rule is always satisfied. IncludedPaths []*StringMatch `protobuf:"bytes,2,rep,name=included_paths,json=includedPaths,proto3" json:"included_paths,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Trigger rule to match against a request. The trigger rule is satisfied if and only if both rules, excluded_paths and include_paths are satisfied.
func (*Jwt_TriggerRule) Descriptor ¶
func (*Jwt_TriggerRule) Descriptor() ([]byte, []int)
func (*Jwt_TriggerRule) Equal ¶
func (this *Jwt_TriggerRule) Equal(that interface{}) bool
func (*Jwt_TriggerRule) GetExcludedPaths ¶
func (m *Jwt_TriggerRule) GetExcludedPaths() []*StringMatch
func (*Jwt_TriggerRule) GetIncludedPaths ¶
func (m *Jwt_TriggerRule) GetIncludedPaths() []*StringMatch
func (*Jwt_TriggerRule) ProtoMessage ¶
func (*Jwt_TriggerRule) ProtoMessage()
func (*Jwt_TriggerRule) Reset ¶
func (m *Jwt_TriggerRule) Reset()
func (*Jwt_TriggerRule) String ¶
func (m *Jwt_TriggerRule) String() string
func (*Jwt_TriggerRule) XXX_DiscardUnknown ¶
func (m *Jwt_TriggerRule) XXX_DiscardUnknown()
func (*Jwt_TriggerRule) XXX_Marshal ¶
func (m *Jwt_TriggerRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Jwt_TriggerRule) XXX_Merge ¶
func (m *Jwt_TriggerRule) XXX_Merge(src proto.Message)
func (*Jwt_TriggerRule) XXX_Size ¶
func (m *Jwt_TriggerRule) XXX_Size() int
func (*Jwt_TriggerRule) XXX_Unmarshal ¶
func (m *Jwt_TriggerRule) XXX_Unmarshal(b []byte) error
type MeshPolicy ¶
type MeshPolicy struct { // Status indicates the validation status of this resource. // Status is read-only by clients, and set by supergloo during validation Status core.Status `protobuf:"bytes,100,opt,name=status,proto3" json:"status" testdiff:"ignore"` // Metadata contains the object metadata for this resource Metadata core.Metadata `protobuf:"bytes,101,opt,name=metadata,proto3" json:"metadata"` // List rules to select workloads that the policy should be applied on. // If empty, policy will be used on all workloads in the same namespace. Targets []*TargetSelector `protobuf:"bytes,1,rep,name=targets,proto3" json:"targets,omitempty"` // List of authentication methods that can be used for peer authentication. // They will be evaluated in order; the first validate one will be used to // set peer identity (source.user) and other peer attributes. If none of // these methods pass, request will be rejected with authentication failed error (401). // Leave the list empty if peer authentication is not required Peers []*PeerAuthenticationMethod `protobuf:"bytes,2,rep,name=peers,proto3" json:"peers,omitempty"` // Set this flag to true to accept request (for peer authentication perspective), // even when none of the peer authentication methods defined above satisfied. // Typically, this is used to delay the rejection decision to next layer (e.g // authorization). // This flag is ignored if no authentication defined for peer (peers field is empty). PeerIsOptional bool `protobuf:"varint,3,opt,name=peer_is_optional,json=peerIsOptional,proto3" json:"peer_is_optional,omitempty"` // List of authentication methods that can be used for origin authentication. // Similar to peers, these will be evaluated in order; the first validate one // will be used to set origin identity and attributes (i.e request.auth.user, // request.auth.issuer etc). If none of these methods pass, request will be // rejected with authentication failed error (401). // A method may be skipped, depends on its trigger rule. If all of these methods // are skipped, origin authentication will be ignored, as if it is not defined. // Leave the list empty if origin authentication is not required. Origins []*OriginAuthenticationMethod `protobuf:"bytes,4,rep,name=origins,proto3" json:"origins,omitempty"` // Set this flag to true to accept request (for origin authentication perspective), // even when none of the origin authentication methods defined above satisfied. // Typically, this is used to delay the rejection decision to next layer (e.g // authorization). // This flag is ignored if no authentication defined for origin (origins field is empty). OriginIsOptional bool `protobuf:"varint,5,opt,name=origin_is_optional,json=originIsOptional,proto3" json:"origin_is_optional,omitempty"` // Define whether peer or origin identity should be use for principal. Default // value is USE_PEER. // If peer (or origin) identity is not available, either because of peer/origin // authentication is not defined, or failed, principal will be left unset. // In other words, binding rule does not affect the decision to accept or // reject request. PrincipalBinding PrincipalBinding `` /* 162-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
MeshPolicy copied from Policy
func NewMeshPolicy ¶
func NewMeshPolicy(namespace, name string) *MeshPolicy
func (*MeshPolicy) DeepCopyObject ¶
func (o *MeshPolicy) DeepCopyObject() runtime.Object
func (*MeshPolicy) Descriptor ¶
func (*MeshPolicy) Descriptor() ([]byte, []int)
func (*MeshPolicy) Equal ¶
func (this *MeshPolicy) Equal(that interface{}) bool
func (*MeshPolicy) GetMetadata ¶
func (m *MeshPolicy) GetMetadata() core.Metadata
func (*MeshPolicy) GetObjectKind ¶
func (o *MeshPolicy) GetObjectKind() schema.ObjectKind
func (*MeshPolicy) GetOriginIsOptional ¶
func (m *MeshPolicy) GetOriginIsOptional() bool
func (*MeshPolicy) GetOrigins ¶
func (m *MeshPolicy) GetOrigins() []*OriginAuthenticationMethod
func (*MeshPolicy) GetPeerIsOptional ¶
func (m *MeshPolicy) GetPeerIsOptional() bool
func (*MeshPolicy) GetPeers ¶
func (m *MeshPolicy) GetPeers() []*PeerAuthenticationMethod
func (*MeshPolicy) GetPrincipalBinding ¶
func (m *MeshPolicy) GetPrincipalBinding() PrincipalBinding
func (*MeshPolicy) GetStatus ¶
func (m *MeshPolicy) GetStatus() core.Status
func (*MeshPolicy) GetTargets ¶
func (m *MeshPolicy) GetTargets() []*TargetSelector
func (*MeshPolicy) Hash ¶
func (r *MeshPolicy) Hash() uint64
func (*MeshPolicy) ProtoMessage ¶
func (*MeshPolicy) ProtoMessage()
func (*MeshPolicy) Reset ¶
func (m *MeshPolicy) Reset()
func (*MeshPolicy) SetMetadata ¶
func (r *MeshPolicy) SetMetadata(meta core.Metadata)
func (*MeshPolicy) SetStatus ¶
func (r *MeshPolicy) SetStatus(status core.Status)
func (*MeshPolicy) String ¶
func (m *MeshPolicy) String() string
func (*MeshPolicy) XXX_DiscardUnknown ¶
func (m *MeshPolicy) XXX_DiscardUnknown()
func (*MeshPolicy) XXX_Marshal ¶
func (m *MeshPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*MeshPolicy) XXX_Merge ¶
func (m *MeshPolicy) XXX_Merge(src proto.Message)
func (*MeshPolicy) XXX_Size ¶
func (m *MeshPolicy) XXX_Size() int
func (*MeshPolicy) XXX_Unmarshal ¶
func (m *MeshPolicy) XXX_Unmarshal(b []byte) error
type MeshPolicyClient ¶
type MeshPolicyClient interface { BaseClient() clients.ResourceClient Register() error Read(name string, opts clients.ReadOpts) (*MeshPolicy, error) Write(resource *MeshPolicy, opts clients.WriteOpts) (*MeshPolicy, error) Delete(name string, opts clients.DeleteOpts) error List(opts clients.ListOpts) (MeshPolicyList, error) MeshPolicyWatcher }
func NewMeshPolicyClient ¶
func NewMeshPolicyClient(rcFactory factory.ResourceClientFactory) (MeshPolicyClient, error)
func NewMeshPolicyClientWithBase ¶
func NewMeshPolicyClientWithBase(rc clients.ResourceClient) MeshPolicyClient
func NewMeshPolicyClientWithToken ¶
func NewMeshPolicyClientWithToken(rcFactory factory.ResourceClientFactory, token string) (MeshPolicyClient, error)
type MeshPolicyList ¶
type MeshPolicyList []*MeshPolicy
func (MeshPolicyList) AsInputResources ¶
func (list MeshPolicyList) AsInputResources() resources.InputResourceList
func (MeshPolicyList) AsInterfaces ¶
func (list MeshPolicyList) AsInterfaces() []interface{}
func (MeshPolicyList) AsResources ¶
func (list MeshPolicyList) AsResources() resources.ResourceList
func (MeshPolicyList) Clone ¶
func (list MeshPolicyList) Clone() MeshPolicyList
func (MeshPolicyList) Each ¶
func (list MeshPolicyList) Each(f func(element *MeshPolicy))
func (MeshPolicyList) EachResource ¶ added in v0.3.18
func (list MeshPolicyList) EachResource(f func(element resources.Resource))
func (MeshPolicyList) Find ¶
func (list MeshPolicyList) Find(namespace, name string) (*MeshPolicy, error)
namespace is optional, if left empty, names can collide if the list contains more than one with the same name
func (MeshPolicyList) Names ¶
func (list MeshPolicyList) Names() []string
func (MeshPolicyList) NamespacesDotNames ¶
func (list MeshPolicyList) NamespacesDotNames() []string
func (MeshPolicyList) Sort ¶
func (list MeshPolicyList) Sort() MeshPolicyList
type MeshPolicyReconciler ¶
type MeshPolicyReconciler interface {
Reconcile(namespace string, desiredResources MeshPolicyList, transition TransitionMeshPolicyFunc, opts clients.ListOpts) error
}
func NewMeshPolicyReconciler ¶
func NewMeshPolicyReconciler(client MeshPolicyClient) MeshPolicyReconciler
type MeshPolicyWatcher ¶ added in v0.3.18
type MeshPolicyWatcher interface { // watch cluster-scoped Meshpolicies Watch(opts clients.WatchOpts) (<-chan MeshPolicyList, <-chan error, error) }
type MutualTls ¶
type MutualTls struct { // WILL BE DEPRECATED, if set, will translates to `TLS_PERMISSIVE` mode. // Set this flag to true to allow regular TLS (i.e without client x509 // certificate). If request carries client certificate, identity will be // extracted and used (set to peer identity). Otherwise, peer identity will // be left unset. // When the flag is false (default), request must have client certificate. AllowTls bool `protobuf:"varint,1,opt,name=allow_tls,json=allowTls,proto3" json:"allow_tls,omitempty"` // Defines the mode of mTLS authentication. Mode MutualTls_Mode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.authentication.v1alpha1.MutualTls_Mode" json:"mode,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
TLS authentication params.
func (*MutualTls) Descriptor ¶
func (*MutualTls) GetAllowTls ¶
func (*MutualTls) GetMode ¶
func (m *MutualTls) GetMode() MutualTls_Mode
func (*MutualTls) ProtoMessage ¶
func (*MutualTls) ProtoMessage()
func (*MutualTls) XXX_DiscardUnknown ¶
func (m *MutualTls) XXX_DiscardUnknown()
func (*MutualTls) XXX_Marshal ¶
func (*MutualTls) XXX_Unmarshal ¶
type MutualTls_Mode ¶
type MutualTls_Mode int32
Defines the acceptable connection TLS mode.
const ( // Client cert must be presented, connection is in TLS. MutualTls_STRICT MutualTls_Mode = 0 // Connection can be either plaintext or TLS, and client cert can be omitted. MutualTls_PERMISSIVE MutualTls_Mode = 1 )
func (MutualTls_Mode) EnumDescriptor ¶
func (MutualTls_Mode) EnumDescriptor() ([]byte, []int)
func (MutualTls_Mode) String ¶
func (x MutualTls_Mode) String() string
type OriginAuthenticationMethod ¶
type OriginAuthenticationMethod struct { // Jwt params for the method. Jwt *Jwt `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
OriginAuthenticationMethod defines authentication method/params for origin authentication. Origin could be end-user, device, delegate service etc. Currently, only JWT is supported for origin authentication.
func (*OriginAuthenticationMethod) Descriptor ¶
func (*OriginAuthenticationMethod) Descriptor() ([]byte, []int)
func (*OriginAuthenticationMethod) Equal ¶
func (this *OriginAuthenticationMethod) Equal(that interface{}) bool
func (*OriginAuthenticationMethod) GetJwt ¶
func (m *OriginAuthenticationMethod) GetJwt() *Jwt
func (*OriginAuthenticationMethod) ProtoMessage ¶
func (*OriginAuthenticationMethod) ProtoMessage()
func (*OriginAuthenticationMethod) Reset ¶
func (m *OriginAuthenticationMethod) Reset()
func (*OriginAuthenticationMethod) String ¶
func (m *OriginAuthenticationMethod) String() string
func (*OriginAuthenticationMethod) XXX_DiscardUnknown ¶
func (m *OriginAuthenticationMethod) XXX_DiscardUnknown()
func (*OriginAuthenticationMethod) XXX_Marshal ¶
func (m *OriginAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*OriginAuthenticationMethod) XXX_Merge ¶
func (m *OriginAuthenticationMethod) XXX_Merge(src proto.Message)
func (*OriginAuthenticationMethod) XXX_Size ¶
func (m *OriginAuthenticationMethod) XXX_Size() int
func (*OriginAuthenticationMethod) XXX_Unmarshal ¶
func (m *OriginAuthenticationMethod) XXX_Unmarshal(b []byte) error
type PeerAuthenticationMethod ¶
type PeerAuthenticationMethod struct { // Types that are valid to be assigned to Params: // *PeerAuthenticationMethod_Mtls // *PeerAuthenticationMethod_Jwt Params isPeerAuthenticationMethod_Params `protobuf_oneof:"params"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
PeerAuthenticationMethod defines one particular type of authentication, e.g mutual TLS, JWT etc, (no authentication is one type by itself) that can be used for peer authentication. The type can be progammatically determine by checking the type of the "params" field.
func (*PeerAuthenticationMethod) Descriptor ¶
func (*PeerAuthenticationMethod) Descriptor() ([]byte, []int)
func (*PeerAuthenticationMethod) Equal ¶
func (this *PeerAuthenticationMethod) Equal(that interface{}) bool
func (*PeerAuthenticationMethod) GetJwt ¶
func (m *PeerAuthenticationMethod) GetJwt() *Jwt
func (*PeerAuthenticationMethod) GetMtls ¶
func (m *PeerAuthenticationMethod) GetMtls() *MutualTls
func (*PeerAuthenticationMethod) GetParams ¶
func (m *PeerAuthenticationMethod) GetParams() isPeerAuthenticationMethod_Params
func (*PeerAuthenticationMethod) ProtoMessage ¶
func (*PeerAuthenticationMethod) ProtoMessage()
func (*PeerAuthenticationMethod) Reset ¶
func (m *PeerAuthenticationMethod) Reset()
func (*PeerAuthenticationMethod) String ¶
func (m *PeerAuthenticationMethod) String() string
func (*PeerAuthenticationMethod) XXX_DiscardUnknown ¶
func (m *PeerAuthenticationMethod) XXX_DiscardUnknown()
func (*PeerAuthenticationMethod) XXX_Marshal ¶
func (m *PeerAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PeerAuthenticationMethod) XXX_Merge ¶
func (m *PeerAuthenticationMethod) XXX_Merge(src proto.Message)
func (*PeerAuthenticationMethod) XXX_OneofFuncs ¶
func (*PeerAuthenticationMethod) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*PeerAuthenticationMethod) XXX_Size ¶
func (m *PeerAuthenticationMethod) XXX_Size() int
func (*PeerAuthenticationMethod) XXX_Unmarshal ¶
func (m *PeerAuthenticationMethod) XXX_Unmarshal(b []byte) error
type PeerAuthenticationMethod_Jwt ¶
type PeerAuthenticationMethod_Jwt struct {
Jwt *Jwt `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"`
}
func (*PeerAuthenticationMethod_Jwt) Equal ¶
func (this *PeerAuthenticationMethod_Jwt) Equal(that interface{}) bool
type PeerAuthenticationMethod_Mtls ¶
type PeerAuthenticationMethod_Mtls struct {
Mtls *MutualTls `protobuf:"bytes,1,opt,name=mtls,proto3,oneof"`
}
func (*PeerAuthenticationMethod_Mtls) Equal ¶
func (this *PeerAuthenticationMethod_Mtls) Equal(that interface{}) bool
type Policy ¶
type Policy struct { // Status indicates the validation status of this resource. // Status is read-only by clients, and set by supergloo during validation Status core.Status `protobuf:"bytes,100,opt,name=status,proto3" json:"status" testdiff:"ignore"` // Metadata contains the object metadata for this resource Metadata core.Metadata `protobuf:"bytes,101,opt,name=metadata,proto3" json:"metadata"` // List rules to select workloads that the policy should be applied on. // If empty, policy will be used on all workloads in the same namespace. Targets []*TargetSelector `protobuf:"bytes,1,rep,name=targets,proto3" json:"targets,omitempty"` // List of authentication methods that can be used for peer authentication. // They will be evaluated in order; the first validate one will be used to // set peer identity (source.user) and other peer attributes. If none of // these methods pass, request will be rejected with authentication failed error (401). // Leave the list empty if peer authentication is not required Peers []*PeerAuthenticationMethod `protobuf:"bytes,2,rep,name=peers,proto3" json:"peers,omitempty"` // Set this flag to true to accept request (for peer authentication perspective), // even when none of the peer authentication methods defined above satisfied. // Typically, this is used to delay the rejection decision to next layer (e.g // authorization). // This flag is ignored if no authentication defined for peer (peers field is empty). PeerIsOptional bool `protobuf:"varint,3,opt,name=peer_is_optional,json=peerIsOptional,proto3" json:"peer_is_optional,omitempty"` // List of authentication methods that can be used for origin authentication. // Similar to peers, these will be evaluated in order; the first validate one // will be used to set origin identity and attributes (i.e request.auth.user, // request.auth.issuer etc). If none of these methods pass, request will be // rejected with authentication failed error (401). // A method may be skipped, depends on its trigger rule. If all of these methods // are skipped, origin authentication will be ignored, as if it is not defined. // Leave the list empty if origin authentication is not required. Origins []*OriginAuthenticationMethod `protobuf:"bytes,4,rep,name=origins,proto3" json:"origins,omitempty"` // Set this flag to true to accept request (for origin authentication perspective), // even when none of the origin authentication methods defined above satisfied. // Typically, this is used to delay the rejection decision to next layer (e.g // authorization). // This flag is ignored if no authentication defined for origin (origins field is empty). OriginIsOptional bool `protobuf:"varint,5,opt,name=origin_is_optional,json=originIsOptional,proto3" json:"origin_is_optional,omitempty"` // Define whether peer or origin identity should be use for principal. Default // value is USE_PEER. // If peer (or origin) identity is not available, either because of peer/origin // authentication is not defined, or failed, principal will be left unset. // In other words, binding rule does not affect the decision to accept or // reject request. PrincipalBinding PrincipalBinding `` /* 162-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Policy defines what authentication methods can be accepted on workload(s), and if authenticated, which method/certificate will set the request principal (i.e request.auth.principal attribute).
Authentication policy is composed of 2-part authentication: - peer: verify caller service credentials. This part will set source.user (peer identity). - origin: verify the origin credentials. This part will set request.auth.user (origin identity), as well as other attributes like request.auth.presenter, request.auth.audiences and raw claims. Note that the identity could be end-user, service account, device etc.
Last but not least, the principal binding rule defines which identity (peer or origin) should be used as principal. By default, it uses peer.
Examples:
Policy to enable mTLS for all services in namespace frod ¶
```yaml apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata:
name: mTLS_enable namespace: frod
spec:
peers: - mtls:
``` Policy to disable mTLS for "productpage" service
```yaml apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata:
name: mTLS_disable namespace: frod
spec:
targets: - name: productpage
``` Policy to require mTLS for peer authentication, and JWT for origin authentication for productpage:9000 except the path '/health_check' . Principal is set from origin identity.
```yaml apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata:
name: mTLS_enable namespace: frod
spec:
targets: - name: productpage ports: - number: 9000 peers: - mtls: origins: - jwt: issuer: "https://securetoken.google.com" audiences: - "productpage" jwksUri: "https://www.googleapis.com/oauth2/v1/certs" jwt_headers: - "x-goog-iap-jwt-assertion" trigger_rules: - excluded_paths: - exact: /health_check principalBinding: USE_ORIGIN
```
func (*Policy) DeepCopyObject ¶
func (*Policy) Descriptor ¶
func (*Policy) GetMetadata ¶
func (*Policy) GetObjectKind ¶
func (o *Policy) GetObjectKind() schema.ObjectKind
func (*Policy) GetOriginIsOptional ¶
func (*Policy) GetOrigins ¶
func (m *Policy) GetOrigins() []*OriginAuthenticationMethod
func (*Policy) GetPeerIsOptional ¶
func (*Policy) GetPeers ¶
func (m *Policy) GetPeers() []*PeerAuthenticationMethod
func (*Policy) GetPrincipalBinding ¶
func (m *Policy) GetPrincipalBinding() PrincipalBinding
func (*Policy) GetTargets ¶
func (m *Policy) GetTargets() []*TargetSelector
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) SetMetadata ¶
func (*Policy) XXX_DiscardUnknown ¶
func (m *Policy) XXX_DiscardUnknown()
func (*Policy) XXX_Marshal ¶
func (*Policy) XXX_Unmarshal ¶
type PolicyClient ¶
type PolicyClient interface { BaseClient() clients.ResourceClient Register() error Read(namespace, name string, opts clients.ReadOpts) (*Policy, error) Write(resource *Policy, opts clients.WriteOpts) (*Policy, error) Delete(namespace, name string, opts clients.DeleteOpts) error List(namespace string, opts clients.ListOpts) (PolicyList, error) PolicyWatcher }
func NewPolicyClient ¶
func NewPolicyClient(rcFactory factory.ResourceClientFactory) (PolicyClient, error)
func NewPolicyClientWithBase ¶
func NewPolicyClientWithBase(rc clients.ResourceClient) PolicyClient
func NewPolicyClientWithToken ¶
func NewPolicyClientWithToken(rcFactory factory.ResourceClientFactory, token string) (PolicyClient, error)
type PolicyList ¶
type PolicyList []*Policy
func (PolicyList) AsInputResources ¶
func (list PolicyList) AsInputResources() resources.InputResourceList
func (PolicyList) AsInterfaces ¶
func (list PolicyList) AsInterfaces() []interface{}
func (PolicyList) AsResources ¶
func (list PolicyList) AsResources() resources.ResourceList
func (PolicyList) Clone ¶
func (list PolicyList) Clone() PolicyList
func (PolicyList) Each ¶
func (list PolicyList) Each(f func(element *Policy))
func (PolicyList) EachResource ¶ added in v0.3.18
func (list PolicyList) EachResource(f func(element resources.Resource))
func (PolicyList) Find ¶
func (list PolicyList) Find(namespace, name string) (*Policy, error)
namespace is optional, if left empty, names can collide if the list contains more than one with the same name
func (PolicyList) Names ¶
func (list PolicyList) Names() []string
func (PolicyList) NamespacesDotNames ¶
func (list PolicyList) NamespacesDotNames() []string
func (PolicyList) Sort ¶
func (list PolicyList) Sort() PolicyList
type PolicyReconciler ¶
type PolicyReconciler interface {
Reconcile(namespace string, desiredResources PolicyList, transition TransitionPolicyFunc, opts clients.ListOpts) error
}
func NewPolicyReconciler ¶
func NewPolicyReconciler(client PolicyClient) PolicyReconciler
type PolicyWatcher ¶ added in v0.3.18
type PortSelector ¶
type PortSelector struct { // Types that are valid to be assigned to Port: // *PortSelector_Number // *PortSelector_Name Port isPortSelector_Port `protobuf_oneof:"port"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
PortSelector specifies the name or number of a port to be used for matching targets for authentication policy. This is copied from networking API to avoid dependency.
func (*PortSelector) Descriptor ¶
func (*PortSelector) Descriptor() ([]byte, []int)
func (*PortSelector) Equal ¶
func (this *PortSelector) Equal(that interface{}) bool
func (*PortSelector) GetName ¶
func (m *PortSelector) GetName() string
func (*PortSelector) GetNumber ¶
func (m *PortSelector) GetNumber() uint32
func (*PortSelector) GetPort ¶
func (m *PortSelector) GetPort() isPortSelector_Port
func (*PortSelector) ProtoMessage ¶
func (*PortSelector) ProtoMessage()
func (*PortSelector) Reset ¶
func (m *PortSelector) Reset()
func (*PortSelector) String ¶
func (m *PortSelector) String() string
func (*PortSelector) XXX_DiscardUnknown ¶
func (m *PortSelector) XXX_DiscardUnknown()
func (*PortSelector) XXX_Marshal ¶
func (m *PortSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PortSelector) XXX_Merge ¶
func (m *PortSelector) XXX_Merge(src proto.Message)
func (*PortSelector) XXX_OneofFuncs ¶
func (*PortSelector) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*PortSelector) XXX_Size ¶
func (m *PortSelector) XXX_Size() int
func (*PortSelector) XXX_Unmarshal ¶
func (m *PortSelector) XXX_Unmarshal(b []byte) error
type PortSelector_Name ¶
type PortSelector_Name struct {
Name string `protobuf:"bytes,2,opt,name=name,proto3,oneof"`
}
func (*PortSelector_Name) Equal ¶
func (this *PortSelector_Name) Equal(that interface{}) bool
type PortSelector_Number ¶
type PortSelector_Number struct {
Number uint32 `protobuf:"varint,1,opt,name=number,proto3,oneof"`
}
func (*PortSelector_Number) Equal ¶
func (this *PortSelector_Number) Equal(that interface{}) bool
type PrincipalBinding ¶
type PrincipalBinding int32
Associates authentication with request principal.
const ( // Principal will be set to the identity from peer authentication. PrincipalBinding_USE_PEER PrincipalBinding = 0 // Principal will be set to the identity from origin authentication. PrincipalBinding_USE_ORIGIN PrincipalBinding = 1 )
func (PrincipalBinding) EnumDescriptor ¶
func (PrincipalBinding) EnumDescriptor() ([]byte, []int)
func (PrincipalBinding) String ¶
func (x PrincipalBinding) String() string
type StringMatch ¶
type StringMatch struct { // Types that are valid to be assigned to MatchType: // *StringMatch_Exact // *StringMatch_Prefix // *StringMatch_Suffix // *StringMatch_Regex MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Describes how to match a given string. Match is case-sensitive.
func (*StringMatch) Descriptor ¶
func (*StringMatch) Descriptor() ([]byte, []int)
func (*StringMatch) Equal ¶
func (this *StringMatch) Equal(that interface{}) bool
func (*StringMatch) GetExact ¶
func (m *StringMatch) GetExact() string
func (*StringMatch) GetMatchType ¶
func (m *StringMatch) GetMatchType() isStringMatch_MatchType
func (*StringMatch) GetPrefix ¶
func (m *StringMatch) GetPrefix() string
func (*StringMatch) GetRegex ¶
func (m *StringMatch) GetRegex() string
func (*StringMatch) GetSuffix ¶
func (m *StringMatch) GetSuffix() string
func (*StringMatch) ProtoMessage ¶
func (*StringMatch) ProtoMessage()
func (*StringMatch) Reset ¶
func (m *StringMatch) Reset()
func (*StringMatch) String ¶
func (m *StringMatch) String() string
func (*StringMatch) XXX_DiscardUnknown ¶
func (m *StringMatch) XXX_DiscardUnknown()
func (*StringMatch) XXX_Marshal ¶
func (m *StringMatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*StringMatch) XXX_Merge ¶
func (m *StringMatch) XXX_Merge(src proto.Message)
func (*StringMatch) XXX_OneofFuncs ¶
func (*StringMatch) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*StringMatch) XXX_Size ¶
func (m *StringMatch) XXX_Size() int
func (*StringMatch) XXX_Unmarshal ¶
func (m *StringMatch) XXX_Unmarshal(b []byte) error
type StringMatch_Exact ¶
type StringMatch_Exact struct {
Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
}
func (*StringMatch_Exact) Equal ¶
func (this *StringMatch_Exact) Equal(that interface{}) bool
type StringMatch_Prefix ¶
type StringMatch_Prefix struct {
Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
}
func (*StringMatch_Prefix) Equal ¶
func (this *StringMatch_Prefix) Equal(that interface{}) bool
type StringMatch_Regex ¶
type StringMatch_Regex struct {
Regex string `protobuf:"bytes,4,opt,name=regex,proto3,oneof"`
}
func (*StringMatch_Regex) Equal ¶
func (this *StringMatch_Regex) Equal(that interface{}) bool
type StringMatch_Suffix ¶
type StringMatch_Suffix struct {
Suffix string `protobuf:"bytes,3,opt,name=suffix,proto3,oneof"`
}
func (*StringMatch_Suffix) Equal ¶
func (this *StringMatch_Suffix) Equal(that interface{}) bool
type TargetSelector ¶
type TargetSelector struct { // REQUIRED. The name must be a short name from the service registry. The // fully qualified domain name will be resolved in a platform specific manner. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports. // For example, if a service is defined as below, then `8000` should be used, not `9000`. // “` // kind: Service // metadata: // ... // spec: // ports: // - name: http // port: 8000 // targetPort: 9000 // selector: // app: backend // “` //Leave empty to match all ports that are exposed. Ports []*PortSelector `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
TargetSelector defines a matching rule to a workload. A workload is selected if it is associated with the service name and service port(s) specified in the selector rule.
func (*TargetSelector) Descriptor ¶
func (*TargetSelector) Descriptor() ([]byte, []int)
func (*TargetSelector) Equal ¶
func (this *TargetSelector) Equal(that interface{}) bool
func (*TargetSelector) GetName ¶
func (m *TargetSelector) GetName() string
func (*TargetSelector) GetPorts ¶
func (m *TargetSelector) GetPorts() []*PortSelector
func (*TargetSelector) ProtoMessage ¶
func (*TargetSelector) ProtoMessage()
func (*TargetSelector) Reset ¶
func (m *TargetSelector) Reset()
func (*TargetSelector) String ¶
func (m *TargetSelector) String() string
func (*TargetSelector) XXX_DiscardUnknown ¶
func (m *TargetSelector) XXX_DiscardUnknown()
func (*TargetSelector) XXX_Marshal ¶
func (m *TargetSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*TargetSelector) XXX_Merge ¶
func (m *TargetSelector) XXX_Merge(src proto.Message)
func (*TargetSelector) XXX_Size ¶
func (m *TargetSelector) XXX_Size() int
func (*TargetSelector) XXX_Unmarshal ¶
func (m *TargetSelector) XXX_Unmarshal(b []byte) error
type TransitionMeshPolicyFunc ¶
type TransitionMeshPolicyFunc func(original, desired *MeshPolicy) (bool, error)
Option to copy anything from the original to the desired before writing. Return value of false means don't update
type TransitionPolicyFunc ¶
Option to copy anything from the original to the desired before writing. Return value of false means don't update