Documentation ¶
Index ¶
- Variables
- type RBAC
- func (*RBAC) Descriptor() ([]byte, []int)deprecated
- func (x *RBAC) GetEnforcementType() RBAC_EnforcementType
- func (x *RBAC) GetRules() *v3.RBAC
- func (x *RBAC) GetShadowRules() *v3.RBAC
- func (x *RBAC) GetShadowRulesStatPrefix() string
- func (x *RBAC) GetStatPrefix() string
- func (*RBAC) ProtoMessage()
- func (x *RBAC) ProtoReflect() protoreflect.Message
- func (x *RBAC) Reset()
- func (x *RBAC) String() string
- func (m *RBAC) Validate() error
- func (m *RBAC) ValidateAll() error
- type RBACMultiError
- type RBACValidationError
- type RBAC_EnforcementType
- func (RBAC_EnforcementType) Descriptor() protoreflect.EnumDescriptor
- func (x RBAC_EnforcementType) Enum() *RBAC_EnforcementType
- func (RBAC_EnforcementType) EnumDescriptor() ([]byte, []int)deprecated
- func (x RBAC_EnforcementType) Number() protoreflect.EnumNumber
- func (x RBAC_EnforcementType) String() string
- func (RBAC_EnforcementType) Type() protoreflect.EnumType
Constants ¶
This section is empty.
Variables ¶
var ( RBAC_EnforcementType_name = map[int32]string{ 0: "ONE_TIME_ON_FIRST_BYTE", 1: "CONTINUOUS", } RBAC_EnforcementType_value = map[string]int32{ "ONE_TIME_ON_FIRST_BYTE": 0, "CONTINUOUS": 1, } )
Enum value maps for RBAC_EnforcementType.
var File_envoy_extensions_filters_network_rbac_v3_rbac_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type RBAC ¶
type RBAC struct { // Specify the RBAC rules to be applied globally. // If absent, no enforcing RBAC policy will be applied. // If present and empty, DENY. Rules *v3.RBAC `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"` // Shadow rules are not enforced by the filter but will emit stats and logs // and can be used for rule testing. // If absent, no shadow RBAC policy will be applied. ShadowRules *v3.RBAC `protobuf:"bytes,2,opt,name=shadow_rules,json=shadowRules,proto3" json:"shadow_rules,omitempty"` // If specified, shadow rules will emit stats with the given prefix. // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with // shadow rules. ShadowRulesStatPrefix string `` /* 128-byte string literal not displayed */ // The prefix to use when emitting statistics. StatPrefix string `protobuf:"bytes,3,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"` // RBAC enforcement strategy. By default RBAC will be enforced only once // when the first byte of data arrives from the downstream. When used in // conjunction with filters that emit dynamic metadata after decoding // every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to // CONTINUOUS to enforce RBAC policies on every message boundary. EnforcementType RBAC_EnforcementType `` /* 174-byte string literal not displayed */ // contains filtered or unexported fields }
RBAC network filter config.
Header should not be used in rules/shadow_rules in RBAC network filter as this information is only available in :ref:`RBAC http filter <config_http_filters_rbac>`. [#next-free-field: 6]
func (*RBAC) Descriptor
deprecated
func (*RBAC) GetEnforcementType ¶
func (x *RBAC) GetEnforcementType() RBAC_EnforcementType
func (*RBAC) GetShadowRules ¶
func (*RBAC) GetShadowRulesStatPrefix ¶
func (*RBAC) GetStatPrefix ¶
func (*RBAC) ProtoMessage ¶
func (*RBAC) ProtoMessage()
func (*RBAC) ProtoReflect ¶
func (x *RBAC) ProtoReflect() protoreflect.Message
func (*RBAC) Validate ¶
Validate checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.
func (*RBAC) ValidateAll ¶
ValidateAll checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in RBACMultiError, or nil if none found.
type RBACMultiError ¶
type RBACMultiError []error
RBACMultiError is an error wrapping multiple validation errors returned by RBAC.ValidateAll() if the designated constraints aren't met.
func (RBACMultiError) AllErrors ¶
func (m RBACMultiError) AllErrors() []error
AllErrors returns a list of validation violation errors.
func (RBACMultiError) Error ¶
func (m RBACMultiError) Error() string
Error returns a concatenation of all the error messages it wraps.
type RBACValidationError ¶
type RBACValidationError struct {
// contains filtered or unexported fields
}
RBACValidationError is the validation error returned by RBAC.Validate if the designated constraints aren't met.
func (RBACValidationError) Cause ¶
func (e RBACValidationError) Cause() error
Cause function returns cause value.
func (RBACValidationError) Error ¶
func (e RBACValidationError) Error() string
Error satisfies the builtin error interface
func (RBACValidationError) ErrorName ¶
func (e RBACValidationError) ErrorName() string
ErrorName returns error name.
func (RBACValidationError) Field ¶
func (e RBACValidationError) Field() string
Field function returns field value.
func (RBACValidationError) Key ¶
func (e RBACValidationError) Key() bool
Key function returns key value.
func (RBACValidationError) Reason ¶
func (e RBACValidationError) Reason() string
Reason function returns reason value.
type RBAC_EnforcementType ¶
type RBAC_EnforcementType int32
const ( // Apply RBAC policies when the first byte of data arrives on the connection. RBAC_ONE_TIME_ON_FIRST_BYTE RBAC_EnforcementType = 0 // Continuously apply RBAC policies as data arrives. Use this mode when // using RBAC with message oriented protocols such as Mongo, MySQL, Kafka, // etc. when the protocol decoders emit dynamic metadata such as the // resources being accessed and the operations on the resources. RBAC_CONTINUOUS RBAC_EnforcementType = 1 )
func (RBAC_EnforcementType) Descriptor ¶
func (RBAC_EnforcementType) Descriptor() protoreflect.EnumDescriptor
func (RBAC_EnforcementType) Enum ¶
func (x RBAC_EnforcementType) Enum() *RBAC_EnforcementType
func (RBAC_EnforcementType) EnumDescriptor
deprecated
func (RBAC_EnforcementType) EnumDescriptor() ([]byte, []int)
Deprecated: Use RBAC_EnforcementType.Descriptor instead.
func (RBAC_EnforcementType) Number ¶
func (x RBAC_EnforcementType) Number() protoreflect.EnumNumber
func (RBAC_EnforcementType) String ¶
func (x RBAC_EnforcementType) String() string
func (RBAC_EnforcementType) Type ¶
func (RBAC_EnforcementType) Type() protoreflect.EnumType