rbac

Documentation

Overview

Package rbac implements Envoy XDS RBAC policies.

Index

• func GetAuthenticatedPrincipal(principalName string) *xds_rbac.Principal
• func GetDestinationPortPermission(port uint32) *xds_rbac.Permission
• type Policy
  • func (p *Policy) Generate() (*xds_rbac.Policy, error)
• type Rule
• type RuleAttribute
• type RulesList

Functions

func GetAuthenticatedPrincipal

func GetAuthenticatedPrincipal(principalName string) *xds_rbac.Principal

GetAuthenticatedPrincipal returns an authenticated RBAC principal object for the given principal

func GetDestinationPortPermission

func GetDestinationPortPermission(port uint32) *xds_rbac.Permission

GetDestinationPortPermission returns an RBAC permission for the given destination port

Types

type Policy

type Policy struct {
	Permissions []RulesList
	Principals  []RulesList
}

Policy is a type used to represent an RBAC policy with rules corresponding to Principals and their associated Permissions

func (*Policy) Generate

func (p *Policy) Generate() (*xds_rbac.Policy, error)

Generate constructs an RBAC policy for the policy object on which this method is called

type Rule

type Rule struct {
	Attribute RuleAttribute
	Value     string
}

Rule is a type that can represent a policy's Permission and Principal rules

type RuleAttribute

type RuleAttribute string

RuleAttribute is the key used for the name of an attribute in a policy Rule

const (
	// DestinationPort is the key used for the destination port as a permission in a policy Rule
	DestinationPort RuleAttribute = "destinationPort"
)

Supported attributes for an RBAC permission

const (
	// DownstreamAuthPrincipal is the key used for the name of the downstream principal in a policy Rule
	DownstreamAuthPrincipal RuleAttribute = "downstreamAuthPrincipal"
)

Supported attributes for an RBAC principal

type RulesList

type RulesList struct {
	AndRules []Rule
	OrRules  []Rule
}

RulesList is a list of Rule types represented using AND or OR semantics