Documentation
¶
Index ¶
- Variables
- type Action
- type Address
- type Authorization
- func (*Authorization) Descriptor() ([]byte, []int)deprecated
- func (x *Authorization) GetAction() Action
- func (x *Authorization) GetName() string
- func (x *Authorization) GetNamespace() string
- func (x *Authorization) GetRules() []*Rule
- func (x *Authorization) GetScope() Scope
- func (*Authorization) ProtoMessage()
- func (x *Authorization) ProtoReflect() protoreflect.Message
- func (x *Authorization) Reset()
- func (x *Authorization) ResourceName() string
- func (x *Authorization) String() string
- type Clause
- type Match
- func (*Match) Descriptor() ([]byte, []int)deprecated
- func (x *Match) GetDestinationIps() []*Address
- func (x *Match) GetDestinationPorts() []uint32
- func (x *Match) GetNamespaces() []*StringMatch
- func (x *Match) GetNotDestinationIps() []*Address
- func (x *Match) GetNotDestinationPorts() []uint32
- func (x *Match) GetNotNamespaces() []*StringMatch
- func (x *Match) GetNotPrincipals() []*StringMatch
- func (x *Match) GetNotSourceIps() []*Address
- func (x *Match) GetPrincipals() []*StringMatch
- func (x *Match) GetSourceIps() []*Address
- func (*Match) ProtoMessage()
- func (x *Match) ProtoReflect() protoreflect.Message
- func (x *Match) Reset()
- func (x *Match) String() string
- type Rule
- type Scope
- type StringMatch
- func (*StringMatch) Descriptor() ([]byte, []int)deprecated
- func (x *StringMatch) GetExact() string
- func (m *StringMatch) GetMatchType() isStringMatch_MatchType
- func (x *StringMatch) GetPrefix() string
- func (x *StringMatch) GetSuffix() string
- func (*StringMatch) ProtoMessage()
- func (x *StringMatch) ProtoReflect() protoreflect.Message
- func (x *StringMatch) Reset()
- func (x *StringMatch) String() string
- type StringMatch_Exact
- type StringMatch_Prefix
- type StringMatch_Suffix
Constants ¶
This section is empty.
Variables ¶
View Source
var ( Scope_name = map[int32]string{ 0: "GLOBAL", 1: "NAMESPACE", 2: "WORKLOAD_SELECTOR", } Scope_value = map[string]int32{ "GLOBAL": 0, "NAMESPACE": 1, "WORKLOAD_SELECTOR": 2, } )
Enum value maps for Scope.
View Source
var ( Action_name = map[int32]string{ 0: "ALLOW", 1: "DENY", } Action_value = map[string]int32{ "ALLOW": 0, "DENY": 1, } )
Enum value maps for Action.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action int32
func (Action) Descriptor ¶
func (Action) Descriptor() protoreflect.EnumDescriptor
func (Action) EnumDescriptor
deprecated
func (Action) Number ¶
func (x Action) Number() protoreflect.EnumNumber
func (Action) Type ¶
func (Action) Type() protoreflect.EnumType
type Address ¶
type Address struct {
Address []byte `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
Length uint32 `protobuf:"varint,2,opt,name=length,proto3" json:"length,omitempty"`
// contains filtered or unexported fields
}
func (*Address) Descriptor
deprecated
func (*Address) GetAddress ¶
func (*Address) ProtoMessage ¶
func (*Address) ProtoMessage()
func (*Address) ProtoReflect ¶
func (x *Address) ProtoReflect() protoreflect.Message
type Authorization ¶
type Authorization struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
// Determine the scope of this RBAC policy.
// If set to NAMESPACE, the 'namespace' field value will be used.
Scope Scope `protobuf:"varint,3,opt,name=scope,proto3,enum=istio.security.Scope" json:"scope,omitempty"`
// The action to take if the request is matched with the rules.
// Default is ALLOW if not specified.
Action Action `protobuf:"varint,4,opt,name=action,proto3,enum=istio.security.Action" json:"action,omitempty"`
// Set of RBAC policy rules each containing its cluases (To, From, When).
// If at least one of the rules is matched the policy action will
// take place.
// Rules are OR-ed.
Rules []*Rule `protobuf:"bytes,5,rep,name=rules,proto3" json:"rules,omitempty"`
// contains filtered or unexported fields
}
func (*Authorization) Descriptor
deprecated
func (*Authorization) Descriptor() ([]byte, []int)
Deprecated: Use Authorization.ProtoReflect.Descriptor instead.
func (*Authorization) GetAction ¶
func (x *Authorization) GetAction() Action
func (*Authorization) GetName ¶
func (x *Authorization) GetName() string
func (*Authorization) GetNamespace ¶
func (x *Authorization) GetNamespace() string
func (*Authorization) GetRules ¶
func (x *Authorization) GetRules() []*Rule
func (*Authorization) GetScope ¶
func (x *Authorization) GetScope() Scope
func (*Authorization) ProtoMessage ¶
func (*Authorization) ProtoMessage()
func (*Authorization) ProtoReflect ¶
func (x *Authorization) ProtoReflect() protoreflect.Message
func (*Authorization) Reset ¶
func (x *Authorization) Reset()
func (*Authorization) ResourceName ¶
func (x *Authorization) ResourceName() string
ResourceName returns the unique key of Workload.
func (*Authorization) String ¶
func (x *Authorization) String() string
type Clause ¶
type Clause struct {
// The logical behavior between the matches (if there are more than one)
// MatchBehavior match_behavior = 1;
// Matches are OR-ed
// Match is a generic form of the authz policy's expressions contained in To, From and When.
Matches []*Match `protobuf:"bytes,2,rep,name=matches,proto3" json:"matches,omitempty"`
// contains filtered or unexported fields
}
func (*Clause) Descriptor
deprecated
func (*Clause) GetMatches ¶
func (*Clause) ProtoMessage ¶
func (*Clause) ProtoMessage()
func (*Clause) ProtoReflect ¶
func (x *Clause) ProtoReflect() protoreflect.Message
type Match ¶
type Match struct {
Namespaces []*StringMatch `protobuf:"bytes,1,rep,name=namespaces,proto3" json:"namespaces,omitempty"`
NotNamespaces []*StringMatch `protobuf:"bytes,2,rep,name=not_namespaces,json=notNamespaces,proto3" json:"not_namespaces,omitempty"`
Principals []*StringMatch `protobuf:"bytes,3,rep,name=principals,proto3" json:"principals,omitempty"`
NotPrincipals []*StringMatch `protobuf:"bytes,4,rep,name=not_principals,json=notPrincipals,proto3" json:"not_principals,omitempty"`
SourceIps []*Address `protobuf:"bytes,5,rep,name=source_ips,json=sourceIps,proto3" json:"source_ips,omitempty"`
NotSourceIps []*Address `protobuf:"bytes,6,rep,name=not_source_ips,json=notSourceIps,proto3" json:"not_source_ips,omitempty"`
DestinationIps []*Address `protobuf:"bytes,7,rep,name=destination_ips,json=destinationIps,proto3" json:"destination_ips,omitempty"`
NotDestinationIps []*Address `protobuf:"bytes,8,rep,name=not_destination_ips,json=notDestinationIps,proto3" json:"not_destination_ips,omitempty"`
DestinationPorts []uint32 `protobuf:"varint,9,rep,packed,name=destination_ports,json=destinationPorts,proto3" json:"destination_ports,omitempty"`
NotDestinationPorts []uint32 `` /* 129-byte string literal not displayed */
// contains filtered or unexported fields
}
func (*Match) Descriptor
deprecated
func (*Match) GetDestinationIps ¶
func (*Match) GetDestinationPorts ¶
func (*Match) GetNamespaces ¶
func (x *Match) GetNamespaces() []*StringMatch
func (*Match) GetNotDestinationIps ¶
func (*Match) GetNotDestinationPorts ¶
func (*Match) GetNotNamespaces ¶
func (x *Match) GetNotNamespaces() []*StringMatch
func (*Match) GetNotPrincipals ¶
func (x *Match) GetNotPrincipals() []*StringMatch
func (*Match) GetNotSourceIps ¶
func (*Match) GetPrincipals ¶
func (x *Match) GetPrincipals() []*StringMatch
func (*Match) GetSourceIps ¶
func (*Match) ProtoMessage ¶
func (*Match) ProtoMessage()
func (*Match) ProtoReflect ¶
func (x *Match) ProtoReflect() protoreflect.Message
type Rule ¶
type Rule struct {
// Clauses are AND-ed
// This is a generic form of the authz policy's to, from and when
Clauses []*Clause `protobuf:"bytes,1,rep,name=clauses,proto3" json:"clauses,omitempty"`
// contains filtered or unexported fields
}
func (*Rule) Descriptor
deprecated
func (*Rule) GetClauses ¶
func (*Rule) ProtoMessage ¶
func (*Rule) ProtoMessage()
func (*Rule) ProtoReflect ¶
func (x *Rule) ProtoReflect() protoreflect.Message
type Scope ¶
type Scope int32
const ( // ALL means that the authorization policy will be applied to all workloads // in the mesh (any namespace). Scope_GLOBAL Scope = 0 // NAMESPACE means that the policy will only be applied to workloads in a // specific namespace. Scope_NAMESPACE Scope = 1 // WORKLOAD_SELECTOR means that the policy will only be applied to specific // workloads that were selected by their labels. Scope_WORKLOAD_SELECTOR Scope = 2 )
func (Scope) Descriptor ¶
func (Scope) Descriptor() protoreflect.EnumDescriptor
func (Scope) EnumDescriptor
deprecated
func (Scope) Number ¶
func (x Scope) Number() protoreflect.EnumNumber
func (Scope) Type ¶
func (Scope) Type() protoreflect.EnumType
type StringMatch ¶
type StringMatch struct {
// Types that are assignable to MatchType:
//
// *StringMatch_Exact
// *StringMatch_Prefix
// *StringMatch_Suffix
MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"`
// contains filtered or unexported fields
}
func (*StringMatch) Descriptor
deprecated
func (*StringMatch) Descriptor() ([]byte, []int)
Deprecated: Use StringMatch.ProtoReflect.Descriptor instead.
func (*StringMatch) GetExact ¶
func (x *StringMatch) GetExact() string
func (*StringMatch) GetMatchType ¶
func (m *StringMatch) GetMatchType() isStringMatch_MatchType
func (*StringMatch) GetPrefix ¶
func (x *StringMatch) GetPrefix() string
func (*StringMatch) GetSuffix ¶
func (x *StringMatch) GetSuffix() string
func (*StringMatch) ProtoMessage ¶
func (*StringMatch) ProtoMessage()
func (*StringMatch) ProtoReflect ¶
func (x *StringMatch) ProtoReflect() protoreflect.Message
func (*StringMatch) Reset ¶
func (x *StringMatch) Reset()
func (*StringMatch) String ¶
func (x *StringMatch) String() string
type StringMatch_Exact ¶
type StringMatch_Exact struct {
// exact string match
Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
}
type StringMatch_Prefix ¶
type StringMatch_Prefix struct {
// prefix-based match
Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
}
type StringMatch_Suffix ¶
type StringMatch_Suffix struct {
// suffix-based match
Suffix string `protobuf:"bytes,3,opt,name=suffix,proto3,oneof"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.