v2alpha

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 6, 2018 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidLengthRbac = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowRbac   = fmt.Errorf("proto: integer overflow")
)
View Source 
var RBAC_Action_name = map[int32]string{
	0: "ALLOW",
	1: "DENY",
}
View Source 
var RBAC_Action_value = map[string]int32{
	"ALLOW": 0,
	"DENY":  1,
}

Functions

This section is empty.

Types

type Permission 

type Permission struct {
	// Types that are valid to be assigned to Rule:
	//	*Permission_AndRules
	//	*Permission_OrRules
	//	*Permission_Any
	//	*Permission_Header
	//	*Permission_DestinationIp
	//	*Permission_DestinationPort
	//	*Permission_Metadata
	//	*Permission_NotRule
	//	*Permission_RequestedServerName
	Rule                 isPermission_Rule `protobuf_oneof:"rule"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

Permission defines an action (or actions) that a principal can take.

func (*Permission) Descriptor 

func (*Permission) Descriptor() ([]byte, []int)

func (*Permission) GetAndRules 

func (m *Permission) GetAndRules() *Permission_Set

func (*Permission) GetAny 

func (m *Permission) GetAny() bool

func (*Permission) GetDestinationIp 

func (m *Permission) GetDestinationIp() *core.CidrRange

func (*Permission) GetDestinationPort 

func (m *Permission) GetDestinationPort() uint32

func (*Permission) GetHeader 

func (m *Permission) GetHeader() *route.HeaderMatcher

func (*Permission) GetMetadata 

func (m *Permission) GetMetadata() *matcher.MetadataMatcher

func (*Permission) GetNotRule 

func (m *Permission) GetNotRule() *Permission

func (*Permission) GetOrRules 

func (m *Permission) GetOrRules() *Permission_Set

func (*Permission) GetRequestedServerName added in v0.6.1 

func (m *Permission) GetRequestedServerName() *matcher.StringMatcher

func (*Permission) GetRule 

func (m *Permission) GetRule() isPermission_Rule

func (*Permission) Marshal 

func (m *Permission) Marshal() (dAtA []byte, err error)

func (*Permission) MarshalTo 

func (m *Permission) MarshalTo(dAtA []byte) (int, error)

func (*Permission) ProtoMessage 

func (*Permission) ProtoMessage()

func (*Permission) Reset 

func (m *Permission) Reset()

func (*Permission) Size 

func (m *Permission) Size() (n int)

func (*Permission) String 

func (m *Permission) String() string

func (*Permission) Unmarshal 

func (m *Permission) Unmarshal(dAtA []byte) error

func (*Permission) Validate 

func (m *Permission) Validate() error

Validate checks the field values on Permission with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Permission) XXX_DiscardUnknown 

func (m *Permission) XXX_DiscardUnknown()

func (*Permission) XXX_Marshal 

func (m *Permission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Permission) XXX_Merge 

func (dst *Permission) XXX_Merge(src proto.Message)

func (*Permission) XXX_OneofFuncs 

func (*Permission) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*Permission) XXX_Size 

func (m *Permission) XXX_Size() int

func (*Permission) XXX_Unmarshal 

func (m *Permission) XXX_Unmarshal(b []byte) error

type PermissionValidationError 

type PermissionValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

PermissionValidationError is the validation error returned by Permission.Validate if the designated constraints aren't met.

func (PermissionValidationError) Error 

func (e PermissionValidationError) Error() string

Error satisfies the builtin error interface

type Permission_AndRules 

type Permission_AndRules struct {
	AndRules *Permission_Set `protobuf:"bytes,1,opt,name=and_rules,json=andRules,oneof"`
}

func (*Permission_AndRules) MarshalTo 

func (m *Permission_AndRules) MarshalTo(dAtA []byte) (int, error)

func (*Permission_AndRules) Size 

func (m *Permission_AndRules) Size() (n int)

type Permission_Any 

type Permission_Any struct {
	Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
}

func (*Permission_Any) MarshalTo 

func (m *Permission_Any) MarshalTo(dAtA []byte) (int, error)

func (*Permission_Any) Size 

func (m *Permission_Any) Size() (n int)

type Permission_DestinationIp 

type Permission_DestinationIp struct {
	DestinationIp *core.CidrRange `protobuf:"bytes,5,opt,name=destination_ip,json=destinationIp,oneof"`
}

func (*Permission_DestinationIp) MarshalTo 

func (m *Permission_DestinationIp) MarshalTo(dAtA []byte) (int, error)

func (*Permission_DestinationIp) Size 

func (m *Permission_DestinationIp) Size() (n int)

type Permission_DestinationPort 

type Permission_DestinationPort struct {
	DestinationPort uint32 `protobuf:"varint,6,opt,name=destination_port,json=destinationPort,proto3,oneof"`
}

func (*Permission_DestinationPort) MarshalTo 

func (m *Permission_DestinationPort) MarshalTo(dAtA []byte) (int, error)

func (*Permission_DestinationPort) Size 

func (m *Permission_DestinationPort) Size() (n int)

type Permission_Header 

type Permission_Header struct {
	Header *route.HeaderMatcher `protobuf:"bytes,4,opt,name=header,oneof"`
}

func (*Permission_Header) MarshalTo 

func (m *Permission_Header) MarshalTo(dAtA []byte) (int, error)

func (*Permission_Header) Size 

func (m *Permission_Header) Size() (n int)

type Permission_Metadata 

type Permission_Metadata struct {
	Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,oneof"`
}

func (*Permission_Metadata) MarshalTo 

func (m *Permission_Metadata) MarshalTo(dAtA []byte) (int, error)

func (*Permission_Metadata) Size 

func (m *Permission_Metadata) Size() (n int)

type Permission_NotRule 

type Permission_NotRule struct {
	NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,oneof"`
}

func (*Permission_NotRule) MarshalTo 

func (m *Permission_NotRule) MarshalTo(dAtA []byte) (int, error)

func (*Permission_NotRule) Size 

func (m *Permission_NotRule) Size() (n int)

type Permission_OrRules 

type Permission_OrRules struct {
	OrRules *Permission_Set `protobuf:"bytes,2,opt,name=or_rules,json=orRules,oneof"`
}

func (*Permission_OrRules) MarshalTo 

func (m *Permission_OrRules) MarshalTo(dAtA []byte) (int, error)

func (*Permission_OrRules) Size 

func (m *Permission_OrRules) Size() (n int)

type Permission_RequestedServerName added in v0.6.1 

type Permission_RequestedServerName struct {
	RequestedServerName *matcher.StringMatcher `protobuf:"bytes,9,opt,name=requested_server_name,json=requestedServerName,oneof"`
}

func (*Permission_RequestedServerName) MarshalTo added in v0.6.1 

func (m *Permission_RequestedServerName) MarshalTo(dAtA []byte) (int, error)

func (*Permission_RequestedServerName) Size added in v0.6.1 

func (m *Permission_RequestedServerName) Size() (n int)

type Permission_Set 

type Permission_Set struct {
	Rules                []*Permission `protobuf:"bytes,1,rep,name=rules" json:"rules,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context, each are applied with the associated behavior.

func (*Permission_Set) Descriptor 

func (*Permission_Set) Descriptor() ([]byte, []int)

func (*Permission_Set) GetRules 

func (m *Permission_Set) GetRules() []*Permission

func (*Permission_Set) Marshal 

func (m *Permission_Set) Marshal() (dAtA []byte, err error)

func (*Permission_Set) MarshalTo 

func (m *Permission_Set) MarshalTo(dAtA []byte) (int, error)

func (*Permission_Set) ProtoMessage 

func (*Permission_Set) ProtoMessage()

func (*Permission_Set) Reset 

func (m *Permission_Set) Reset()

func (*Permission_Set) Size 

func (m *Permission_Set) Size() (n int)

func (*Permission_Set) String 

func (m *Permission_Set) String() string

func (*Permission_Set) Unmarshal 

func (m *Permission_Set) Unmarshal(dAtA []byte) error

func (*Permission_Set) Validate 

func (m *Permission_Set) Validate() error

Validate checks the field values on Permission_Set with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Permission_Set) XXX_DiscardUnknown 

func (m *Permission_Set) XXX_DiscardUnknown()

func (*Permission_Set) XXX_Marshal 

func (m *Permission_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Permission_Set) XXX_Merge 

func (dst *Permission_Set) XXX_Merge(src proto.Message)

func (*Permission_Set) XXX_Size 

func (m *Permission_Set) XXX_Size() int

func (*Permission_Set) XXX_Unmarshal 

func (m *Permission_Set) XXX_Unmarshal(b []byte) error

type Permission_SetValidationError 

type Permission_SetValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

Permission_SetValidationError is the validation error returned by Permission_Set.Validate if the designated constraints aren't met.

func (Permission_SetValidationError) Error 

func (e Permission_SetValidationError) Error() string

Error satisfies the builtin error interface

type Policy 

type Policy struct {
	// Required. The set of permissions that define a role. Each permission is matched with OR
	// semantics. To match all actions for this policy, a single Permission with the `any` field set
	// to true should be used.
	Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions" json:"permissions,omitempty"`
	// Required. The set of principals that are assigned/denied the role based on “action”. Each
	// principal is matched with OR semantics. To match all downstreams for this policy, a single
	// Principal with the `any` field set to true should be used.
	Principals           []*Principal `protobuf:"bytes,2,rep,name=principals" json:"principals,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

Policy specifies a role and the principals that are assigned/denied the role. A policy matches if and only if at least one of its permissions match the action taking place AND at least one of its principals match the downstream.

func (*Policy) Descriptor 

func (*Policy) Descriptor() ([]byte, []int)

func (*Policy) GetPermissions 

func (m *Policy) GetPermissions() []*Permission

func (*Policy) GetPrincipals 

func (m *Policy) GetPrincipals() []*Principal

func (*Policy) Marshal 

func (m *Policy) Marshal() (dAtA []byte, err error)

func (*Policy) MarshalTo 

func (m *Policy) MarshalTo(dAtA []byte) (int, error)

func (*Policy) ProtoMessage 

func (*Policy) ProtoMessage()

func (*Policy) Reset 

func (m *Policy) Reset()

func (*Policy) Size 

func (m *Policy) Size() (n int)

func (*Policy) String 

func (m *Policy) String() string

func (*Policy) Unmarshal 

func (m *Policy) Unmarshal(dAtA []byte) error

func (*Policy) Validate 

func (m *Policy) Validate() error

Validate checks the field values on Policy with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Policy) XXX_DiscardUnknown 

func (m *Policy) XXX_DiscardUnknown()

func (*Policy) XXX_Marshal 

func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Policy) XXX_Merge 

func (dst *Policy) XXX_Merge(src proto.Message)

func (*Policy) XXX_Size 

func (m *Policy) XXX_Size() int

func (*Policy) XXX_Unmarshal 

func (m *Policy) XXX_Unmarshal(b []byte) error

type PolicyValidationError 

type PolicyValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

PolicyValidationError is the validation error returned by Policy.Validate if the designated constraints aren't met.

func (PolicyValidationError) Error 

func (e PolicyValidationError) Error() string

Error satisfies the builtin error interface

type Principal 

type Principal struct {
	// Types that are valid to be assigned to Identifier:
	//	*Principal_AndIds
	//	*Principal_OrIds
	//	*Principal_Any
	//	*Principal_Authenticated_
	//	*Principal_SourceIp
	//	*Principal_Header
	//	*Principal_Metadata
	//	*Principal_NotId
	Identifier           isPrincipal_Identifier `protobuf_oneof:"identifier"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

Principal defines an identity or a group of identities for a downstream subject.

func (*Principal) Descriptor 

func (*Principal) Descriptor() ([]byte, []int)

func (*Principal) GetAndIds 

func (m *Principal) GetAndIds() *Principal_Set

func (*Principal) GetAny 

func (m *Principal) GetAny() bool

func (*Principal) GetAuthenticated 

func (m *Principal) GetAuthenticated() *Principal_Authenticated

func (*Principal) GetHeader 

func (m *Principal) GetHeader() *route.HeaderMatcher

func (*Principal) GetIdentifier 

func (m *Principal) GetIdentifier() isPrincipal_Identifier

func (*Principal) GetMetadata 

func (m *Principal) GetMetadata() *matcher.MetadataMatcher

func (*Principal) GetNotId 

func (m *Principal) GetNotId() *Principal

func (*Principal) GetOrIds 

func (m *Principal) GetOrIds() *Principal_Set

func (*Principal) GetSourceIp 

func (m *Principal) GetSourceIp() *core.CidrRange

func (*Principal) Marshal 

func (m *Principal) Marshal() (dAtA []byte, err error)

func (*Principal) MarshalTo 

func (m *Principal) MarshalTo(dAtA []byte) (int, error)

func (*Principal) ProtoMessage 

func (*Principal) ProtoMessage()

func (*Principal) Reset 

func (m *Principal) Reset()

func (*Principal) Size 

func (m *Principal) Size() (n int)

func (*Principal) String 

func (m *Principal) String() string

func (*Principal) Unmarshal 

func (m *Principal) Unmarshal(dAtA []byte) error

func (*Principal) Validate 

func (m *Principal) Validate() error

Validate checks the field values on Principal with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Principal) XXX_DiscardUnknown 

func (m *Principal) XXX_DiscardUnknown()

func (*Principal) XXX_Marshal 

func (m *Principal) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Principal) XXX_Merge 

func (dst *Principal) XXX_Merge(src proto.Message)

func (*Principal) XXX_OneofFuncs 

func (*Principal) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

func (*Principal) XXX_Size 

func (m *Principal) XXX_Size() int

func (*Principal) XXX_Unmarshal 

func (m *Principal) XXX_Unmarshal(b []byte) error

type PrincipalValidationError 

type PrincipalValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

PrincipalValidationError is the validation error returned by Principal.Validate if the designated constraints aren't met.

func (PrincipalValidationError) Error 

func (e PrincipalValidationError) Error() string

Error satisfies the builtin error interface

type Principal_AndIds 

type Principal_AndIds struct {
	AndIds *Principal_Set `protobuf:"bytes,1,opt,name=and_ids,json=andIds,oneof"`
}

func (*Principal_AndIds) MarshalTo 

func (m *Principal_AndIds) MarshalTo(dAtA []byte) (int, error)

func (*Principal_AndIds) Size 

func (m *Principal_AndIds) Size() (n int)

type Principal_Any 

type Principal_Any struct {
	Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
}

func (*Principal_Any) MarshalTo 

func (m *Principal_Any) MarshalTo(dAtA []byte) (int, error)

func (*Principal_Any) Size 

func (m *Principal_Any) Size() (n int)

type Principal_Authenticated 

type Principal_Authenticated struct {
	// The name of the principal. If set, The URI SAN is used from the certificate, otherwise the
	// subject field is used. If unset, it applies to any user that is authenticated.
	PrincipalName        *matcher.StringMatcher `protobuf:"bytes,2,opt,name=principal_name,json=principalName" json:"principal_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

Authentication attributes for a downstream.

func (*Principal_Authenticated) Descriptor 

func (*Principal_Authenticated) Descriptor() ([]byte, []int)

func (*Principal_Authenticated) GetPrincipalName added in v0.6.0 

func (m *Principal_Authenticated) GetPrincipalName() *matcher.StringMatcher

func (*Principal_Authenticated) Marshal 

func (m *Principal_Authenticated) Marshal() (dAtA []byte, err error)

func (*Principal_Authenticated) MarshalTo 

func (m *Principal_Authenticated) MarshalTo(dAtA []byte) (int, error)

func (*Principal_Authenticated) ProtoMessage 

func (*Principal_Authenticated) ProtoMessage()

func (*Principal_Authenticated) Reset 

func (m *Principal_Authenticated) Reset()

func (*Principal_Authenticated) Size 

func (m *Principal_Authenticated) Size() (n int)

func (*Principal_Authenticated) String 

func (m *Principal_Authenticated) String() string

func (*Principal_Authenticated) Unmarshal 

func (m *Principal_Authenticated) Unmarshal(dAtA []byte) error

func (*Principal_Authenticated) Validate 

func (m *Principal_Authenticated) Validate() error

Validate checks the field values on Principal_Authenticated with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Principal_Authenticated) XXX_DiscardUnknown 

func (m *Principal_Authenticated) XXX_DiscardUnknown()

func (*Principal_Authenticated) XXX_Marshal 

func (m *Principal_Authenticated) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Principal_Authenticated) XXX_Merge 

func (dst *Principal_Authenticated) XXX_Merge(src proto.Message)

func (*Principal_Authenticated) XXX_Size 

func (m *Principal_Authenticated) XXX_Size() int

func (*Principal_Authenticated) XXX_Unmarshal 

func (m *Principal_Authenticated) XXX_Unmarshal(b []byte) error

type Principal_AuthenticatedValidationError 

type Principal_AuthenticatedValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

Principal_AuthenticatedValidationError is the validation error returned by Principal_Authenticated.Validate if the designated constraints aren't met.

func (Principal_AuthenticatedValidationError) Error 

func (e Principal_AuthenticatedValidationError) Error() string

Error satisfies the builtin error interface

type Principal_Authenticated_ 

type Principal_Authenticated_ struct {
	Authenticated *Principal_Authenticated `protobuf:"bytes,4,opt,name=authenticated,oneof"`
}

func (*Principal_Authenticated_) MarshalTo 

func (m *Principal_Authenticated_) MarshalTo(dAtA []byte) (int, error)

func (*Principal_Authenticated_) Size 

func (m *Principal_Authenticated_) Size() (n int)

type Principal_Header 

type Principal_Header struct {
	Header *route.HeaderMatcher `protobuf:"bytes,6,opt,name=header,oneof"`
}

func (*Principal_Header) MarshalTo 

func (m *Principal_Header) MarshalTo(dAtA []byte) (int, error)

func (*Principal_Header) Size 

func (m *Principal_Header) Size() (n int)

type Principal_Metadata 

type Principal_Metadata struct {
	Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,oneof"`
}

func (*Principal_Metadata) MarshalTo 

func (m *Principal_Metadata) MarshalTo(dAtA []byte) (int, error)

func (*Principal_Metadata) Size 

func (m *Principal_Metadata) Size() (n int)

type Principal_NotId 

type Principal_NotId struct {
	NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,oneof"`
}

func (*Principal_NotId) MarshalTo 

func (m *Principal_NotId) MarshalTo(dAtA []byte) (int, error)

func (*Principal_NotId) Size 

func (m *Principal_NotId) Size() (n int)

type Principal_OrIds 

type Principal_OrIds struct {
	OrIds *Principal_Set `protobuf:"bytes,2,opt,name=or_ids,json=orIds,oneof"`
}

func (*Principal_OrIds) MarshalTo 

func (m *Principal_OrIds) MarshalTo(dAtA []byte) (int, error)

func (*Principal_OrIds) Size 

func (m *Principal_OrIds) Size() (n int)

type Principal_Set 

type Principal_Set struct {
	Ids                  []*Principal `protobuf:"bytes,1,rep,name=ids" json:"ids,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. Depending on the context, each are applied with the associated behavior.

func (*Principal_Set) Descriptor 

func (*Principal_Set) Descriptor() ([]byte, []int)

func (*Principal_Set) GetIds 

func (m *Principal_Set) GetIds() []*Principal

func (*Principal_Set) Marshal 

func (m *Principal_Set) Marshal() (dAtA []byte, err error)

func (*Principal_Set) MarshalTo 

func (m *Principal_Set) MarshalTo(dAtA []byte) (int, error)

func (*Principal_Set) ProtoMessage 

func (*Principal_Set) ProtoMessage()

func (*Principal_Set) Reset 

func (m *Principal_Set) Reset()

func (*Principal_Set) Size 

func (m *Principal_Set) Size() (n int)

func (*Principal_Set) String 

func (m *Principal_Set) String() string

func (*Principal_Set) Unmarshal 

func (m *Principal_Set) Unmarshal(dAtA []byte) error

func (*Principal_Set) Validate 

func (m *Principal_Set) Validate() error

Validate checks the field values on Principal_Set with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*Principal_Set) XXX_DiscardUnknown 

func (m *Principal_Set) XXX_DiscardUnknown()

func (*Principal_Set) XXX_Marshal 

func (m *Principal_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Principal_Set) XXX_Merge 

func (dst *Principal_Set) XXX_Merge(src proto.Message)

func (*Principal_Set) XXX_Size 

func (m *Principal_Set) XXX_Size() int

func (*Principal_Set) XXX_Unmarshal 

func (m *Principal_Set) XXX_Unmarshal(b []byte) error

type Principal_SetValidationError 

type Principal_SetValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

Principal_SetValidationError is the validation error returned by Principal_Set.Validate if the designated constraints aren't met.

func (Principal_SetValidationError) Error 

func (e Principal_SetValidationError) Error() string

Error satisfies the builtin error interface

type Principal_SourceIp 

type Principal_SourceIp struct {
	SourceIp *core.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,oneof"`
}

func (*Principal_SourceIp) MarshalTo 

func (m *Principal_SourceIp) MarshalTo(dAtA []byte) (int, error)

func (*Principal_SourceIp) Size 

func (m *Principal_SourceIp) Size() (n int)

type RBAC 

type RBAC struct {
	// The action to take if a policy matches. The request is allowed if and only if:
	//
	//   * `action` is "ALLOWED" and at least one policy matches
	//   * `action` is "DENY" and none of the policies match
	Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v2alpha.RBAC_Action" json:"action,omitempty"`
	// Maps from policy name to policy. A match occurs when at least one policy matches the request.
	Policies             map[string]*Policy `` /* 143-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

Role Based Access Control (RBAC) provides service-level and method-level access control for a service. RBAC policies are additive. The policies are examined in order. A request is allowed once a matching policy is found (suppose the `action` is ALLOW).

Here is an example of RBAC configuration. It has two policies:

  • Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so does "cluster.local/ns/default/sa/superuser".

  • Any user can read ("GET") the service at paths with prefix "/products", so long as the destination port is either 80 or 443.

    .. code-block:: yaml

    action: ALLOW policies: "service-admin": permissions:

  • any: true principals:

  • authenticated: principal_name: exact: "cluster.local/ns/default/sa/admin"

  • authenticated: principal_name: exact: "cluster.local/ns/default/sa/superuser" "product-viewer": permissions:

  • and_rules: rules:

  • header: { name: ":method", exact_match: "GET" }

  • header: { name: ":path", regex_match: "/products(/.*)?" }

  • or_rules: rules:

  • destination_port: 80

  • destination_port: 443 principals:

  • any: true

func (*RBAC) Descriptor 

func (*RBAC) Descriptor() ([]byte, []int)

func (*RBAC) GetAction 

func (m *RBAC) GetAction() RBAC_Action

func (*RBAC) GetPolicies 

func (m *RBAC) GetPolicies() map[string]*Policy

func (*RBAC) Marshal 

func (m *RBAC) Marshal() (dAtA []byte, err error)

func (*RBAC) MarshalTo 

func (m *RBAC) MarshalTo(dAtA []byte) (int, error)

func (*RBAC) ProtoMessage 

func (*RBAC) ProtoMessage()

func (*RBAC) Reset 

func (m *RBAC) Reset()

func (*RBAC) Size 

func (m *RBAC) Size() (n int)

func (*RBAC) String 

func (m *RBAC) String() string

func (*RBAC) Unmarshal 

func (m *RBAC) Unmarshal(dAtA []byte) error

func (*RBAC) Validate 

func (m *RBAC) Validate() error

Validate checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.

func (*RBAC) XXX_DiscardUnknown 

func (m *RBAC) XXX_DiscardUnknown()

func (*RBAC) XXX_Marshal 

func (m *RBAC) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RBAC) XXX_Merge 

func (dst *RBAC) XXX_Merge(src proto.Message)

func (*RBAC) XXX_Size 

func (m *RBAC) XXX_Size() int

func (*RBAC) XXX_Unmarshal 

func (m *RBAC) XXX_Unmarshal(b []byte) error

type RBACValidationError 

type RBACValidationError struct {
	Field  string
	Reason string
	Cause  error
	Key    bool
}

RBACValidationError is the validation error returned by RBAC.Validate if the designated constraints aren't met.

func (RBACValidationError) Error 

func (e RBACValidationError) Error() string

Error satisfies the builtin error interface

type RBAC_Action 

type RBAC_Action int32

Should we do safe-list or block-list style access control? 

const (
	// The policies grant access to principals. The rest is denied. This is safe-list style
	// access control. This is the default type.
	RBAC_ALLOW RBAC_Action = 0
	// The policies deny access to principals. The rest is allowed. This is block-list style
	// access control.
	RBAC_DENY RBAC_Action = 1
)

func (RBAC_Action) EnumDescriptor 

func (RBAC_Action) EnumDescriptor() ([]byte, []int)

func (RBAC_Action) String 

func (x RBAC_Action) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.