Documentation ¶
Index ¶
- Variables
- type Permission
- func (*Permission) Descriptor() ([]byte, []int)
- func (m *Permission) GetAndRules() *Permission_Set
- func (m *Permission) GetAny() bool
- func (m *Permission) GetDestinationIp() *core.CidrRange
- func (m *Permission) GetDestinationPort() uint32
- func (m *Permission) GetHeader() *route.HeaderMatcher
- func (m *Permission) GetMetadata() *matcher.MetadataMatcher
- func (m *Permission) GetNotRule() *Permission
- func (m *Permission) GetOrRules() *Permission_Set
- func (m *Permission) GetRequestedServerName() *matcher.StringMatcher
- func (m *Permission) GetRule() isPermission_Rule
- func (m *Permission) GetUrlPath() *matcher.PathMatcher
- func (m *Permission) Marshal() (dAtA []byte, err error)
- func (m *Permission) MarshalTo(dAtA []byte) (int, error)
- func (m *Permission) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Permission) ProtoMessage()
- func (m *Permission) Reset()
- func (m *Permission) Size() (n int)
- func (m *Permission) String() string
- func (m *Permission) Unmarshal(dAtA []byte) error
- func (m *Permission) Validate() error
- func (m *Permission) XXX_DiscardUnknown()
- func (m *Permission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Permission) XXX_Merge(src proto.Message)
- func (*Permission) XXX_OneofWrappers() []interface{}
- func (m *Permission) XXX_Size() int
- func (m *Permission) XXX_Unmarshal(b []byte) error
- type PermissionValidationError
- type Permission_AndRules
- type Permission_Any
- type Permission_DestinationIp
- type Permission_DestinationPort
- type Permission_Header
- type Permission_Metadata
- type Permission_NotRule
- type Permission_OrRules
- type Permission_RequestedServerName
- type Permission_Set
- func (*Permission_Set) Descriptor() ([]byte, []int)
- func (m *Permission_Set) GetRules() []*Permission
- func (m *Permission_Set) Marshal() (dAtA []byte, err error)
- func (m *Permission_Set) MarshalTo(dAtA []byte) (int, error)
- func (m *Permission_Set) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Permission_Set) ProtoMessage()
- func (m *Permission_Set) Reset()
- func (m *Permission_Set) Size() (n int)
- func (m *Permission_Set) String() string
- func (m *Permission_Set) Unmarshal(dAtA []byte) error
- func (m *Permission_Set) Validate() error
- func (m *Permission_Set) XXX_DiscardUnknown()
- func (m *Permission_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Permission_Set) XXX_Merge(src proto.Message)
- func (m *Permission_Set) XXX_Size() int
- func (m *Permission_Set) XXX_Unmarshal(b []byte) error
- type Permission_SetValidationError
- func (e Permission_SetValidationError) Cause() error
- func (e Permission_SetValidationError) Error() string
- func (e Permission_SetValidationError) ErrorName() string
- func (e Permission_SetValidationError) Field() string
- func (e Permission_SetValidationError) Key() bool
- func (e Permission_SetValidationError) Reason() string
- type Permission_UrlPath
- type Policy
- func (*Policy) Descriptor() ([]byte, []int)
- func (m *Policy) GetCondition() *v1alpha1.Expr
- func (m *Policy) GetPermissions() []*Permission
- func (m *Policy) GetPrincipals() []*Principal
- func (m *Policy) Marshal() (dAtA []byte, err error)
- func (m *Policy) MarshalTo(dAtA []byte) (int, error)
- func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Policy) ProtoMessage()
- func (m *Policy) Reset()
- func (m *Policy) Size() (n int)
- func (m *Policy) String() string
- func (m *Policy) Unmarshal(dAtA []byte) error
- func (m *Policy) Validate() error
- func (m *Policy) XXX_DiscardUnknown()
- func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Policy) XXX_Merge(src proto.Message)
- func (m *Policy) XXX_Size() int
- func (m *Policy) XXX_Unmarshal(b []byte) error
- type PolicyValidationError
- type Principal
- func (*Principal) Descriptor() ([]byte, []int)
- func (m *Principal) GetAndIds() *Principal_Set
- func (m *Principal) GetAny() bool
- func (m *Principal) GetAuthenticated() *Principal_Authenticated
- func (m *Principal) GetDirectRemoteIp() *core.CidrRange
- func (m *Principal) GetHeader() *route.HeaderMatcher
- func (m *Principal) GetIdentifier() isPrincipal_Identifier
- func (m *Principal) GetMetadata() *matcher.MetadataMatcher
- func (m *Principal) GetNotId() *Principal
- func (m *Principal) GetOrIds() *Principal_Set
- func (m *Principal) GetRemoteIp() *core.CidrRange
- func (m *Principal) GetSourceIp() *core.CidrRangedeprecated
- func (m *Principal) GetUrlPath() *matcher.PathMatcher
- func (m *Principal) Marshal() (dAtA []byte, err error)
- func (m *Principal) MarshalTo(dAtA []byte) (int, error)
- func (m *Principal) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Principal) ProtoMessage()
- func (m *Principal) Reset()
- func (m *Principal) Size() (n int)
- func (m *Principal) String() string
- func (m *Principal) Unmarshal(dAtA []byte) error
- func (m *Principal) Validate() error
- func (m *Principal) XXX_DiscardUnknown()
- func (m *Principal) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Principal) XXX_Merge(src proto.Message)
- func (*Principal) XXX_OneofWrappers() []interface{}
- func (m *Principal) XXX_Size() int
- func (m *Principal) XXX_Unmarshal(b []byte) error
- type PrincipalValidationError
- type Principal_AndIds
- type Principal_Any
- type Principal_Authenticated
- func (*Principal_Authenticated) Descriptor() ([]byte, []int)
- func (m *Principal_Authenticated) GetPrincipalName() *matcher.StringMatcher
- func (m *Principal_Authenticated) Marshal() (dAtA []byte, err error)
- func (m *Principal_Authenticated) MarshalTo(dAtA []byte) (int, error)
- func (m *Principal_Authenticated) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Principal_Authenticated) ProtoMessage()
- func (m *Principal_Authenticated) Reset()
- func (m *Principal_Authenticated) Size() (n int)
- func (m *Principal_Authenticated) String() string
- func (m *Principal_Authenticated) Unmarshal(dAtA []byte) error
- func (m *Principal_Authenticated) Validate() error
- func (m *Principal_Authenticated) XXX_DiscardUnknown()
- func (m *Principal_Authenticated) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Principal_Authenticated) XXX_Merge(src proto.Message)
- func (m *Principal_Authenticated) XXX_Size() int
- func (m *Principal_Authenticated) XXX_Unmarshal(b []byte) error
- type Principal_AuthenticatedValidationError
- func (e Principal_AuthenticatedValidationError) Cause() error
- func (e Principal_AuthenticatedValidationError) Error() string
- func (e Principal_AuthenticatedValidationError) ErrorName() string
- func (e Principal_AuthenticatedValidationError) Field() string
- func (e Principal_AuthenticatedValidationError) Key() bool
- func (e Principal_AuthenticatedValidationError) Reason() string
- type Principal_Authenticated_
- type Principal_DirectRemoteIp
- type Principal_Header
- type Principal_Metadata
- type Principal_NotId
- type Principal_OrIds
- type Principal_RemoteIp
- type Principal_Set
- func (*Principal_Set) Descriptor() ([]byte, []int)
- func (m *Principal_Set) GetIds() []*Principal
- func (m *Principal_Set) Marshal() (dAtA []byte, err error)
- func (m *Principal_Set) MarshalTo(dAtA []byte) (int, error)
- func (m *Principal_Set) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Principal_Set) ProtoMessage()
- func (m *Principal_Set) Reset()
- func (m *Principal_Set) Size() (n int)
- func (m *Principal_Set) String() string
- func (m *Principal_Set) Unmarshal(dAtA []byte) error
- func (m *Principal_Set) Validate() error
- func (m *Principal_Set) XXX_DiscardUnknown()
- func (m *Principal_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Principal_Set) XXX_Merge(src proto.Message)
- func (m *Principal_Set) XXX_Size() int
- func (m *Principal_Set) XXX_Unmarshal(b []byte) error
- type Principal_SetValidationError
- func (e Principal_SetValidationError) Cause() error
- func (e Principal_SetValidationError) Error() string
- func (e Principal_SetValidationError) ErrorName() string
- func (e Principal_SetValidationError) Field() string
- func (e Principal_SetValidationError) Key() bool
- func (e Principal_SetValidationError) Reason() string
- type Principal_SourceIp
- type Principal_UrlPath
- type RBAC
- func (*RBAC) Descriptor() ([]byte, []int)
- func (m *RBAC) GetAction() RBAC_Action
- func (m *RBAC) GetPolicies() map[string]*Policy
- func (m *RBAC) Marshal() (dAtA []byte, err error)
- func (m *RBAC) MarshalTo(dAtA []byte) (int, error)
- func (m *RBAC) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*RBAC) ProtoMessage()
- func (m *RBAC) Reset()
- func (m *RBAC) Size() (n int)
- func (m *RBAC) String() string
- func (m *RBAC) Unmarshal(dAtA []byte) error
- func (m *RBAC) Validate() error
- func (m *RBAC) XXX_DiscardUnknown()
- func (m *RBAC) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *RBAC) XXX_Merge(src proto.Message)
- func (m *RBAC) XXX_Size() int
- func (m *RBAC) XXX_Unmarshal(b []byte) error
- type RBACValidationError
- type RBAC_Action
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthRbac = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowRbac = fmt.Errorf("proto: integer overflow") ErrUnexpectedEndOfGroupRbac = fmt.Errorf("proto: unexpected end of group") )
var RBAC_Action_name = map[int32]string{
0: "ALLOW",
1: "DENY",
}
var RBAC_Action_value = map[string]int32{
"ALLOW": 0,
"DENY": 1,
}
Functions ¶
This section is empty.
Types ¶
type Permission ¶
type Permission struct { // Types that are valid to be assigned to Rule: // *Permission_AndRules // *Permission_OrRules // *Permission_Any // *Permission_Header // *Permission_UrlPath // *Permission_DestinationIp // *Permission_DestinationPort // *Permission_Metadata // *Permission_NotRule // *Permission_RequestedServerName Rule isPermission_Rule `protobuf_oneof:"rule"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Permission defines an action (or actions) that a principal can take. [#next-free-field: 11]
func (*Permission) Descriptor ¶
func (*Permission) Descriptor() ([]byte, []int)
func (*Permission) GetAndRules ¶
func (m *Permission) GetAndRules() *Permission_Set
func (*Permission) GetAny ¶
func (m *Permission) GetAny() bool
func (*Permission) GetDestinationIp ¶
func (m *Permission) GetDestinationIp() *core.CidrRange
func (*Permission) GetDestinationPort ¶
func (m *Permission) GetDestinationPort() uint32
func (*Permission) GetHeader ¶
func (m *Permission) GetHeader() *route.HeaderMatcher
func (*Permission) GetMetadata ¶
func (m *Permission) GetMetadata() *matcher.MetadataMatcher
func (*Permission) GetNotRule ¶
func (m *Permission) GetNotRule() *Permission
func (*Permission) GetOrRules ¶
func (m *Permission) GetOrRules() *Permission_Set
func (*Permission) GetRequestedServerName ¶
func (m *Permission) GetRequestedServerName() *matcher.StringMatcher
func (*Permission) GetRule ¶
func (m *Permission) GetRule() isPermission_Rule
func (*Permission) GetUrlPath ¶ added in v1.5.0
func (m *Permission) GetUrlPath() *matcher.PathMatcher
func (*Permission) Marshal ¶
func (m *Permission) Marshal() (dAtA []byte, err error)
func (*Permission) MarshalToSizedBuffer ¶
func (m *Permission) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission) ProtoMessage ¶
func (*Permission) ProtoMessage()
func (*Permission) Reset ¶
func (m *Permission) Reset()
func (*Permission) Size ¶
func (m *Permission) Size() (n int)
func (*Permission) String ¶
func (m *Permission) String() string
func (*Permission) Unmarshal ¶
func (m *Permission) Unmarshal(dAtA []byte) error
func (*Permission) Validate ¶
func (m *Permission) Validate() error
Validate checks the field values on Permission with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Permission) XXX_DiscardUnknown ¶
func (m *Permission) XXX_DiscardUnknown()
func (*Permission) XXX_Marshal ¶
func (m *Permission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Permission) XXX_Merge ¶
func (m *Permission) XXX_Merge(src proto.Message)
func (*Permission) XXX_OneofWrappers ¶
func (*Permission) XXX_OneofWrappers() []interface{}
XXX_OneofWrappers is for the internal use of the proto package.
func (*Permission) XXX_Size ¶
func (m *Permission) XXX_Size() int
func (*Permission) XXX_Unmarshal ¶
func (m *Permission) XXX_Unmarshal(b []byte) error
type PermissionValidationError ¶
type PermissionValidationError struct {
// contains filtered or unexported fields
}
PermissionValidationError is the validation error returned by Permission.Validate if the designated constraints aren't met.
func (PermissionValidationError) Cause ¶
func (e PermissionValidationError) Cause() error
Cause function returns cause value.
func (PermissionValidationError) Error ¶
func (e PermissionValidationError) Error() string
Error satisfies the builtin error interface
func (PermissionValidationError) ErrorName ¶
func (e PermissionValidationError) ErrorName() string
ErrorName returns error name.
func (PermissionValidationError) Field ¶
func (e PermissionValidationError) Field() string
Field function returns field value.
func (PermissionValidationError) Key ¶
func (e PermissionValidationError) Key() bool
Key function returns key value.
func (PermissionValidationError) Reason ¶
func (e PermissionValidationError) Reason() string
Reason function returns reason value.
type Permission_AndRules ¶
type Permission_AndRules struct {
AndRules *Permission_Set `protobuf:"bytes,1,opt,name=and_rules,json=andRules,proto3,oneof" json:"and_rules,omitempty"`
}
func (*Permission_AndRules) MarshalTo ¶
func (m *Permission_AndRules) MarshalTo(dAtA []byte) (int, error)
func (*Permission_AndRules) MarshalToSizedBuffer ¶
func (m *Permission_AndRules) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_AndRules) Size ¶
func (m *Permission_AndRules) Size() (n int)
type Permission_Any ¶
type Permission_Any struct {
Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof" json:"any,omitempty"`
}
func (*Permission_Any) MarshalToSizedBuffer ¶
func (m *Permission_Any) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_Any) Size ¶
func (m *Permission_Any) Size() (n int)
type Permission_DestinationIp ¶
type Permission_DestinationIp struct {
DestinationIp *core.CidrRange `protobuf:"bytes,5,opt,name=destination_ip,json=destinationIp,proto3,oneof" json:"destination_ip,omitempty"`
}
func (*Permission_DestinationIp) MarshalTo ¶
func (m *Permission_DestinationIp) MarshalTo(dAtA []byte) (int, error)
func (*Permission_DestinationIp) MarshalToSizedBuffer ¶
func (m *Permission_DestinationIp) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_DestinationIp) Size ¶
func (m *Permission_DestinationIp) Size() (n int)
type Permission_DestinationPort ¶
type Permission_DestinationPort struct {
DestinationPort uint32 `protobuf:"varint,6,opt,name=destination_port,json=destinationPort,proto3,oneof" json:"destination_port,omitempty"`
}
func (*Permission_DestinationPort) MarshalTo ¶
func (m *Permission_DestinationPort) MarshalTo(dAtA []byte) (int, error)
func (*Permission_DestinationPort) MarshalToSizedBuffer ¶
func (m *Permission_DestinationPort) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_DestinationPort) Size ¶
func (m *Permission_DestinationPort) Size() (n int)
type Permission_Header ¶
type Permission_Header struct {
Header *route.HeaderMatcher `protobuf:"bytes,4,opt,name=header,proto3,oneof" json:"header,omitempty"`
}
func (*Permission_Header) MarshalTo ¶
func (m *Permission_Header) MarshalTo(dAtA []byte) (int, error)
func (*Permission_Header) MarshalToSizedBuffer ¶
func (m *Permission_Header) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_Header) Size ¶
func (m *Permission_Header) Size() (n int)
type Permission_Metadata ¶
type Permission_Metadata struct {
Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof" json:"metadata,omitempty"`
}
func (*Permission_Metadata) MarshalTo ¶
func (m *Permission_Metadata) MarshalTo(dAtA []byte) (int, error)
func (*Permission_Metadata) MarshalToSizedBuffer ¶
func (m *Permission_Metadata) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_Metadata) Size ¶
func (m *Permission_Metadata) Size() (n int)
type Permission_NotRule ¶
type Permission_NotRule struct {
NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,proto3,oneof" json:"not_rule,omitempty"`
}
func (*Permission_NotRule) MarshalTo ¶
func (m *Permission_NotRule) MarshalTo(dAtA []byte) (int, error)
func (*Permission_NotRule) MarshalToSizedBuffer ¶
func (m *Permission_NotRule) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_NotRule) Size ¶
func (m *Permission_NotRule) Size() (n int)
type Permission_OrRules ¶
type Permission_OrRules struct {
OrRules *Permission_Set `protobuf:"bytes,2,opt,name=or_rules,json=orRules,proto3,oneof" json:"or_rules,omitempty"`
}
func (*Permission_OrRules) MarshalTo ¶
func (m *Permission_OrRules) MarshalTo(dAtA []byte) (int, error)
func (*Permission_OrRules) MarshalToSizedBuffer ¶
func (m *Permission_OrRules) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_OrRules) Size ¶
func (m *Permission_OrRules) Size() (n int)
type Permission_RequestedServerName ¶
type Permission_RequestedServerName struct {
RequestedServerName *matcher.StringMatcher `` /* 126-byte string literal not displayed */
}
func (*Permission_RequestedServerName) MarshalTo ¶
func (m *Permission_RequestedServerName) MarshalTo(dAtA []byte) (int, error)
func (*Permission_RequestedServerName) MarshalToSizedBuffer ¶
func (m *Permission_RequestedServerName) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_RequestedServerName) Size ¶
func (m *Permission_RequestedServerName) Size() (n int)
type Permission_Set ¶
type Permission_Set struct { Rules []*Permission `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context, each are applied with the associated behavior.
func (*Permission_Set) Descriptor ¶
func (*Permission_Set) Descriptor() ([]byte, []int)
func (*Permission_Set) GetRules ¶
func (m *Permission_Set) GetRules() []*Permission
func (*Permission_Set) Marshal ¶
func (m *Permission_Set) Marshal() (dAtA []byte, err error)
func (*Permission_Set) MarshalToSizedBuffer ¶
func (m *Permission_Set) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_Set) ProtoMessage ¶
func (*Permission_Set) ProtoMessage()
func (*Permission_Set) Reset ¶
func (m *Permission_Set) Reset()
func (*Permission_Set) Size ¶
func (m *Permission_Set) Size() (n int)
func (*Permission_Set) String ¶
func (m *Permission_Set) String() string
func (*Permission_Set) Unmarshal ¶
func (m *Permission_Set) Unmarshal(dAtA []byte) error
func (*Permission_Set) Validate ¶
func (m *Permission_Set) Validate() error
Validate checks the field values on Permission_Set with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Permission_Set) XXX_DiscardUnknown ¶
func (m *Permission_Set) XXX_DiscardUnknown()
func (*Permission_Set) XXX_Marshal ¶
func (m *Permission_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Permission_Set) XXX_Merge ¶
func (m *Permission_Set) XXX_Merge(src proto.Message)
func (*Permission_Set) XXX_Size ¶
func (m *Permission_Set) XXX_Size() int
func (*Permission_Set) XXX_Unmarshal ¶
func (m *Permission_Set) XXX_Unmarshal(b []byte) error
type Permission_SetValidationError ¶
type Permission_SetValidationError struct {
// contains filtered or unexported fields
}
Permission_SetValidationError is the validation error returned by Permission_Set.Validate if the designated constraints aren't met.
func (Permission_SetValidationError) Cause ¶
func (e Permission_SetValidationError) Cause() error
Cause function returns cause value.
func (Permission_SetValidationError) Error ¶
func (e Permission_SetValidationError) Error() string
Error satisfies the builtin error interface
func (Permission_SetValidationError) ErrorName ¶
func (e Permission_SetValidationError) ErrorName() string
ErrorName returns error name.
func (Permission_SetValidationError) Field ¶
func (e Permission_SetValidationError) Field() string
Field function returns field value.
func (Permission_SetValidationError) Key ¶
func (e Permission_SetValidationError) Key() bool
Key function returns key value.
func (Permission_SetValidationError) Reason ¶
func (e Permission_SetValidationError) Reason() string
Reason function returns reason value.
type Permission_UrlPath ¶ added in v1.5.0
type Permission_UrlPath struct {
UrlPath *matcher.PathMatcher `protobuf:"bytes,10,opt,name=url_path,json=urlPath,proto3,oneof" json:"url_path,omitempty"`
}
func (*Permission_UrlPath) MarshalTo ¶ added in v1.5.0
func (m *Permission_UrlPath) MarshalTo(dAtA []byte) (int, error)
func (*Permission_UrlPath) MarshalToSizedBuffer ¶ added in v1.5.0
func (m *Permission_UrlPath) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Permission_UrlPath) Size ¶ added in v1.5.0
func (m *Permission_UrlPath) Size() (n int)
type Policy ¶
type Policy struct { // Required. The set of permissions that define a role. Each permission is matched with OR // semantics. To match all actions for this policy, a single Permission with the `any` field set // to true should be used. Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"` // Required. The set of principals that are assigned/denied the role based on “action”. Each // principal is matched with OR semantics. To match all downstreams for this policy, a single // Principal with the `any` field set to true should be used. Principals []*Principal `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"` // An optional symbolic expression specifying an access control // :ref:`condition <arch_overview_condition>`. The condition is combined // with the permissions and the principals as a clause with AND semantics. Condition *v1alpha1.Expr `protobuf:"bytes,3,opt,name=condition,proto3" json:"condition,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Policy specifies a role and the principals that are assigned/denied the role. A policy matches if and only if at least one of its permissions match the action taking place AND at least one of its principals match the downstream AND the condition is true if specified.
func (*Policy) Descriptor ¶
func (*Policy) GetCondition ¶
func (*Policy) GetPermissions ¶
func (m *Policy) GetPermissions() []*Permission
func (*Policy) GetPrincipals ¶
func (*Policy) MarshalToSizedBuffer ¶
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) Validate ¶
Validate checks the field values on Policy with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Policy) XXX_DiscardUnknown ¶
func (m *Policy) XXX_DiscardUnknown()
func (*Policy) XXX_Marshal ¶
func (*Policy) XXX_Unmarshal ¶
type PolicyValidationError ¶
type PolicyValidationError struct {
// contains filtered or unexported fields
}
PolicyValidationError is the validation error returned by Policy.Validate if the designated constraints aren't met.
func (PolicyValidationError) Cause ¶
func (e PolicyValidationError) Cause() error
Cause function returns cause value.
func (PolicyValidationError) Error ¶
func (e PolicyValidationError) Error() string
Error satisfies the builtin error interface
func (PolicyValidationError) ErrorName ¶
func (e PolicyValidationError) ErrorName() string
ErrorName returns error name.
func (PolicyValidationError) Field ¶
func (e PolicyValidationError) Field() string
Field function returns field value.
func (PolicyValidationError) Key ¶
func (e PolicyValidationError) Key() bool
Key function returns key value.
func (PolicyValidationError) Reason ¶
func (e PolicyValidationError) Reason() string
Reason function returns reason value.
type Principal ¶
type Principal struct { // Types that are valid to be assigned to Identifier: // *Principal_AndIds // *Principal_OrIds // *Principal_Any // *Principal_Authenticated_ // *Principal_SourceIp // *Principal_DirectRemoteIp // *Principal_RemoteIp // *Principal_Header // *Principal_UrlPath // *Principal_Metadata // *Principal_NotId Identifier isPrincipal_Identifier `protobuf_oneof:"identifier"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Principal defines an identity or a group of identities for a downstream subject. [#next-free-field: 12]
func (*Principal) Descriptor ¶
func (*Principal) GetAndIds ¶
func (m *Principal) GetAndIds() *Principal_Set
func (*Principal) GetAuthenticated ¶
func (m *Principal) GetAuthenticated() *Principal_Authenticated
func (*Principal) GetDirectRemoteIp ¶ added in v1.5.0
func (*Principal) GetHeader ¶
func (m *Principal) GetHeader() *route.HeaderMatcher
func (*Principal) GetIdentifier ¶
func (m *Principal) GetIdentifier() isPrincipal_Identifier
func (*Principal) GetMetadata ¶
func (m *Principal) GetMetadata() *matcher.MetadataMatcher
func (*Principal) GetOrIds ¶
func (m *Principal) GetOrIds() *Principal_Set
func (*Principal) GetRemoteIp ¶ added in v1.5.0
func (*Principal) GetSourceIp
deprecated
func (*Principal) GetUrlPath ¶ added in v1.5.0
func (m *Principal) GetUrlPath() *matcher.PathMatcher
func (*Principal) MarshalToSizedBuffer ¶
func (*Principal) ProtoMessage ¶
func (*Principal) ProtoMessage()
func (*Principal) Validate ¶
Validate checks the field values on Principal with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Principal) XXX_DiscardUnknown ¶
func (m *Principal) XXX_DiscardUnknown()
func (*Principal) XXX_Marshal ¶
func (*Principal) XXX_OneofWrappers ¶
func (*Principal) XXX_OneofWrappers() []interface{}
XXX_OneofWrappers is for the internal use of the proto package.
func (*Principal) XXX_Unmarshal ¶
type PrincipalValidationError ¶
type PrincipalValidationError struct {
// contains filtered or unexported fields
}
PrincipalValidationError is the validation error returned by Principal.Validate if the designated constraints aren't met.
func (PrincipalValidationError) Cause ¶
func (e PrincipalValidationError) Cause() error
Cause function returns cause value.
func (PrincipalValidationError) Error ¶
func (e PrincipalValidationError) Error() string
Error satisfies the builtin error interface
func (PrincipalValidationError) ErrorName ¶
func (e PrincipalValidationError) ErrorName() string
ErrorName returns error name.
func (PrincipalValidationError) Field ¶
func (e PrincipalValidationError) Field() string
Field function returns field value.
func (PrincipalValidationError) Key ¶
func (e PrincipalValidationError) Key() bool
Key function returns key value.
func (PrincipalValidationError) Reason ¶
func (e PrincipalValidationError) Reason() string
Reason function returns reason value.
type Principal_AndIds ¶
type Principal_AndIds struct {
AndIds *Principal_Set `protobuf:"bytes,1,opt,name=and_ids,json=andIds,proto3,oneof" json:"and_ids,omitempty"`
}
func (*Principal_AndIds) MarshalToSizedBuffer ¶
func (m *Principal_AndIds) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_AndIds) Size ¶
func (m *Principal_AndIds) Size() (n int)
type Principal_Any ¶
type Principal_Any struct {
Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof" json:"any,omitempty"`
}
func (*Principal_Any) MarshalToSizedBuffer ¶
func (m *Principal_Any) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_Any) Size ¶
func (m *Principal_Any) Size() (n int)
type Principal_Authenticated ¶
type Principal_Authenticated struct { // The name of the principal. If set, The URI SAN or DNS SAN in that order is used from the // certificate, otherwise the subject field is used. If unset, it applies to any user that is // authenticated. PrincipalName *matcher.StringMatcher `protobuf:"bytes,2,opt,name=principal_name,json=principalName,proto3" json:"principal_name,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Authentication attributes for a downstream.
func (*Principal_Authenticated) Descriptor ¶
func (*Principal_Authenticated) Descriptor() ([]byte, []int)
func (*Principal_Authenticated) GetPrincipalName ¶
func (m *Principal_Authenticated) GetPrincipalName() *matcher.StringMatcher
func (*Principal_Authenticated) Marshal ¶
func (m *Principal_Authenticated) Marshal() (dAtA []byte, err error)
func (*Principal_Authenticated) MarshalTo ¶
func (m *Principal_Authenticated) MarshalTo(dAtA []byte) (int, error)
func (*Principal_Authenticated) MarshalToSizedBuffer ¶
func (m *Principal_Authenticated) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_Authenticated) ProtoMessage ¶
func (*Principal_Authenticated) ProtoMessage()
func (*Principal_Authenticated) Reset ¶
func (m *Principal_Authenticated) Reset()
func (*Principal_Authenticated) Size ¶
func (m *Principal_Authenticated) Size() (n int)
func (*Principal_Authenticated) String ¶
func (m *Principal_Authenticated) String() string
func (*Principal_Authenticated) Unmarshal ¶
func (m *Principal_Authenticated) Unmarshal(dAtA []byte) error
func (*Principal_Authenticated) Validate ¶
func (m *Principal_Authenticated) Validate() error
Validate checks the field values on Principal_Authenticated with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Principal_Authenticated) XXX_DiscardUnknown ¶
func (m *Principal_Authenticated) XXX_DiscardUnknown()
func (*Principal_Authenticated) XXX_Marshal ¶
func (m *Principal_Authenticated) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Principal_Authenticated) XXX_Merge ¶
func (m *Principal_Authenticated) XXX_Merge(src proto.Message)
func (*Principal_Authenticated) XXX_Size ¶
func (m *Principal_Authenticated) XXX_Size() int
func (*Principal_Authenticated) XXX_Unmarshal ¶
func (m *Principal_Authenticated) XXX_Unmarshal(b []byte) error
type Principal_AuthenticatedValidationError ¶
type Principal_AuthenticatedValidationError struct {
// contains filtered or unexported fields
}
Principal_AuthenticatedValidationError is the validation error returned by Principal_Authenticated.Validate if the designated constraints aren't met.
func (Principal_AuthenticatedValidationError) Cause ¶
func (e Principal_AuthenticatedValidationError) Cause() error
Cause function returns cause value.
func (Principal_AuthenticatedValidationError) Error ¶
func (e Principal_AuthenticatedValidationError) Error() string
Error satisfies the builtin error interface
func (Principal_AuthenticatedValidationError) ErrorName ¶
func (e Principal_AuthenticatedValidationError) ErrorName() string
ErrorName returns error name.
func (Principal_AuthenticatedValidationError) Field ¶
func (e Principal_AuthenticatedValidationError) Field() string
Field function returns field value.
func (Principal_AuthenticatedValidationError) Key ¶
func (e Principal_AuthenticatedValidationError) Key() bool
Key function returns key value.
func (Principal_AuthenticatedValidationError) Reason ¶
func (e Principal_AuthenticatedValidationError) Reason() string
Reason function returns reason value.
type Principal_Authenticated_ ¶
type Principal_Authenticated_ struct {
Authenticated *Principal_Authenticated `protobuf:"bytes,4,opt,name=authenticated,proto3,oneof" json:"authenticated,omitempty"`
}
func (*Principal_Authenticated_) MarshalTo ¶
func (m *Principal_Authenticated_) MarshalTo(dAtA []byte) (int, error)
func (*Principal_Authenticated_) MarshalToSizedBuffer ¶
func (m *Principal_Authenticated_) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_Authenticated_) Size ¶
func (m *Principal_Authenticated_) Size() (n int)
type Principal_DirectRemoteIp ¶ added in v1.5.0
type Principal_DirectRemoteIp struct {
DirectRemoteIp *core.CidrRange `protobuf:"bytes,10,opt,name=direct_remote_ip,json=directRemoteIp,proto3,oneof" json:"direct_remote_ip,omitempty"`
}
func (*Principal_DirectRemoteIp) MarshalTo ¶ added in v1.5.0
func (m *Principal_DirectRemoteIp) MarshalTo(dAtA []byte) (int, error)
func (*Principal_DirectRemoteIp) MarshalToSizedBuffer ¶ added in v1.5.0
func (m *Principal_DirectRemoteIp) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_DirectRemoteIp) Size ¶ added in v1.5.0
func (m *Principal_DirectRemoteIp) Size() (n int)
type Principal_Header ¶
type Principal_Header struct {
Header *route.HeaderMatcher `protobuf:"bytes,6,opt,name=header,proto3,oneof" json:"header,omitempty"`
}
func (*Principal_Header) MarshalToSizedBuffer ¶
func (m *Principal_Header) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_Header) Size ¶
func (m *Principal_Header) Size() (n int)
type Principal_Metadata ¶
type Principal_Metadata struct {
Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof" json:"metadata,omitempty"`
}
func (*Principal_Metadata) MarshalTo ¶
func (m *Principal_Metadata) MarshalTo(dAtA []byte) (int, error)
func (*Principal_Metadata) MarshalToSizedBuffer ¶
func (m *Principal_Metadata) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_Metadata) Size ¶
func (m *Principal_Metadata) Size() (n int)
type Principal_NotId ¶
type Principal_NotId struct {
NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,proto3,oneof" json:"not_id,omitempty"`
}
func (*Principal_NotId) MarshalToSizedBuffer ¶
func (m *Principal_NotId) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_NotId) Size ¶
func (m *Principal_NotId) Size() (n int)
type Principal_OrIds ¶
type Principal_OrIds struct {
OrIds *Principal_Set `protobuf:"bytes,2,opt,name=or_ids,json=orIds,proto3,oneof" json:"or_ids,omitempty"`
}
func (*Principal_OrIds) MarshalToSizedBuffer ¶
func (m *Principal_OrIds) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_OrIds) Size ¶
func (m *Principal_OrIds) Size() (n int)
type Principal_RemoteIp ¶ added in v1.5.0
type Principal_RemoteIp struct {
RemoteIp *core.CidrRange `protobuf:"bytes,11,opt,name=remote_ip,json=remoteIp,proto3,oneof" json:"remote_ip,omitempty"`
}
func (*Principal_RemoteIp) MarshalTo ¶ added in v1.5.0
func (m *Principal_RemoteIp) MarshalTo(dAtA []byte) (int, error)
func (*Principal_RemoteIp) MarshalToSizedBuffer ¶ added in v1.5.0
func (m *Principal_RemoteIp) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_RemoteIp) Size ¶ added in v1.5.0
func (m *Principal_RemoteIp) Size() (n int)
type Principal_Set ¶
type Principal_Set struct { Ids []*Principal `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. Depending on the context, each are applied with the associated behavior.
func (*Principal_Set) Descriptor ¶
func (*Principal_Set) Descriptor() ([]byte, []int)
func (*Principal_Set) GetIds ¶
func (m *Principal_Set) GetIds() []*Principal
func (*Principal_Set) Marshal ¶
func (m *Principal_Set) Marshal() (dAtA []byte, err error)
func (*Principal_Set) MarshalToSizedBuffer ¶
func (m *Principal_Set) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_Set) ProtoMessage ¶
func (*Principal_Set) ProtoMessage()
func (*Principal_Set) Reset ¶
func (m *Principal_Set) Reset()
func (*Principal_Set) Size ¶
func (m *Principal_Set) Size() (n int)
func (*Principal_Set) String ¶
func (m *Principal_Set) String() string
func (*Principal_Set) Unmarshal ¶
func (m *Principal_Set) Unmarshal(dAtA []byte) error
func (*Principal_Set) Validate ¶
func (m *Principal_Set) Validate() error
Validate checks the field values on Principal_Set with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Principal_Set) XXX_DiscardUnknown ¶
func (m *Principal_Set) XXX_DiscardUnknown()
func (*Principal_Set) XXX_Marshal ¶
func (m *Principal_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Principal_Set) XXX_Merge ¶
func (m *Principal_Set) XXX_Merge(src proto.Message)
func (*Principal_Set) XXX_Size ¶
func (m *Principal_Set) XXX_Size() int
func (*Principal_Set) XXX_Unmarshal ¶
func (m *Principal_Set) XXX_Unmarshal(b []byte) error
type Principal_SetValidationError ¶
type Principal_SetValidationError struct {
// contains filtered or unexported fields
}
Principal_SetValidationError is the validation error returned by Principal_Set.Validate if the designated constraints aren't met.
func (Principal_SetValidationError) Cause ¶
func (e Principal_SetValidationError) Cause() error
Cause function returns cause value.
func (Principal_SetValidationError) Error ¶
func (e Principal_SetValidationError) Error() string
Error satisfies the builtin error interface
func (Principal_SetValidationError) ErrorName ¶
func (e Principal_SetValidationError) ErrorName() string
ErrorName returns error name.
func (Principal_SetValidationError) Field ¶
func (e Principal_SetValidationError) Field() string
Field function returns field value.
func (Principal_SetValidationError) Key ¶
func (e Principal_SetValidationError) Key() bool
Key function returns key value.
func (Principal_SetValidationError) Reason ¶
func (e Principal_SetValidationError) Reason() string
Reason function returns reason value.
type Principal_SourceIp ¶
type Principal_SourceIp struct {
SourceIp *core.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,proto3,oneof" json:"source_ip,omitempty"`
}
func (*Principal_SourceIp) MarshalTo ¶
func (m *Principal_SourceIp) MarshalTo(dAtA []byte) (int, error)
func (*Principal_SourceIp) MarshalToSizedBuffer ¶
func (m *Principal_SourceIp) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_SourceIp) Size ¶
func (m *Principal_SourceIp) Size() (n int)
type Principal_UrlPath ¶ added in v1.5.0
type Principal_UrlPath struct {
UrlPath *matcher.PathMatcher `protobuf:"bytes,9,opt,name=url_path,json=urlPath,proto3,oneof" json:"url_path,omitempty"`
}
func (*Principal_UrlPath) MarshalTo ¶ added in v1.5.0
func (m *Principal_UrlPath) MarshalTo(dAtA []byte) (int, error)
func (*Principal_UrlPath) MarshalToSizedBuffer ¶ added in v1.5.0
func (m *Principal_UrlPath) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Principal_UrlPath) Size ¶ added in v1.5.0
func (m *Principal_UrlPath) Size() (n int)
type RBAC ¶
type RBAC struct { // The action to take if a policy matches. The request is allowed if and only if: // // * `action` is "ALLOWED" and at least one policy matches // * `action` is "DENY" and none of the policies match Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v2.RBAC_Action" json:"action,omitempty"` // Maps from policy name to policy. A match occurs when at least one policy matches the request. Policies map[string]*Policy `` /* 157-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Role Based Access Control (RBAC) provides service-level and method-level access control for a service. RBAC policies are additive. The policies are examined in order. A request is allowed once a matching policy is found (suppose the `action` is ALLOW).
Here is an example of RBAC configuration. It has two policies:
- Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so does "cluster.local/ns/default/sa/superuser".
Any user can read ("GET") the service at paths with prefix "/products", so long as the destination port is either 80 or 443.
.. code-block:: yaml
action: ALLOW policies: "service-admin": permissions:
any: true principals:
authenticated: principal_name: exact: "cluster.local/ns/default/sa/admin"
authenticated: principal_name: exact: "cluster.local/ns/default/sa/superuser" "product-viewer": permissions:
and_rules: rules:
header: { name: ":method", exact_match: "GET" }
url_path: path: { prefix: "/products" }
or_rules: rules:
destination_port: 80
destination_port: 443 principals:
any: true
func (*RBAC) Descriptor ¶
func (*RBAC) GetAction ¶
func (m *RBAC) GetAction() RBAC_Action
func (*RBAC) GetPolicies ¶
func (*RBAC) ProtoMessage ¶
func (*RBAC) ProtoMessage()
func (*RBAC) Validate ¶
Validate checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*RBAC) XXX_DiscardUnknown ¶
func (m *RBAC) XXX_DiscardUnknown()
func (*RBAC) XXX_Unmarshal ¶
type RBACValidationError ¶
type RBACValidationError struct {
// contains filtered or unexported fields
}
RBACValidationError is the validation error returned by RBAC.Validate if the designated constraints aren't met.
func (RBACValidationError) Cause ¶
func (e RBACValidationError) Cause() error
Cause function returns cause value.
func (RBACValidationError) Error ¶
func (e RBACValidationError) Error() string
Error satisfies the builtin error interface
func (RBACValidationError) ErrorName ¶
func (e RBACValidationError) ErrorName() string
ErrorName returns error name.
func (RBACValidationError) Field ¶
func (e RBACValidationError) Field() string
Field function returns field value.
func (RBACValidationError) Key ¶
func (e RBACValidationError) Key() bool
Key function returns key value.
func (RBACValidationError) Reason ¶
func (e RBACValidationError) Reason() string
Reason function returns reason value.
type RBAC_Action ¶
type RBAC_Action int32
Should we do safe-list or block-list style access control?
const ( // The policies grant access to principals. The rest is denied. This is safe-list style // access control. This is the default type. RBAC_ALLOW RBAC_Action = 0 // The policies deny access to principals. The rest is allowed. This is block-list style // access control. RBAC_DENY RBAC_Action = 1 )
func (RBAC_Action) EnumDescriptor ¶
func (RBAC_Action) EnumDescriptor() ([]byte, []int)
func (RBAC_Action) String ¶
func (x RBAC_Action) String() string