Documentation ¶
Index ¶
- Variables
- type Permission
- func (*Permission) Descriptor() ([]byte, []int)
- func (m *Permission) GetAndRules() *Permission_Set
- func (m *Permission) GetAny() bool
- func (m *Permission) GetDestinationIp() *core.CidrRange
- func (m *Permission) GetDestinationPort() uint32
- func (m *Permission) GetHeader() *route.HeaderMatcher
- func (m *Permission) GetMetadata() *matcher.MetadataMatcher
- func (m *Permission) GetNotRule() *Permission
- func (m *Permission) GetOrRules() *Permission_Set
- func (m *Permission) GetRule() isPermission_Rule
- func (m *Permission) Marshal() (dAtA []byte, err error)
- func (m *Permission) MarshalTo(dAtA []byte) (int, error)
- func (*Permission) ProtoMessage()
- func (m *Permission) Reset()
- func (m *Permission) Size() (n int)
- func (m *Permission) String() string
- func (m *Permission) Unmarshal(dAtA []byte) error
- func (m *Permission) Validate() error
- func (m *Permission) XXX_DiscardUnknown()
- func (m *Permission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Permission) XXX_Merge(src proto.Message)
- func (*Permission) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *Permission) XXX_Size() int
- func (m *Permission) XXX_Unmarshal(b []byte) error
- type PermissionValidationError
- type Permission_AndRules
- type Permission_Any
- type Permission_DestinationIp
- type Permission_DestinationPort
- type Permission_Header
- type Permission_Metadata
- type Permission_NotRule
- type Permission_OrRules
- type Permission_Set
- func (*Permission_Set) Descriptor() ([]byte, []int)
- func (m *Permission_Set) GetRules() []*Permission
- func (m *Permission_Set) Marshal() (dAtA []byte, err error)
- func (m *Permission_Set) MarshalTo(dAtA []byte) (int, error)
- func (*Permission_Set) ProtoMessage()
- func (m *Permission_Set) Reset()
- func (m *Permission_Set) Size() (n int)
- func (m *Permission_Set) String() string
- func (m *Permission_Set) Unmarshal(dAtA []byte) error
- func (m *Permission_Set) Validate() error
- func (m *Permission_Set) XXX_DiscardUnknown()
- func (m *Permission_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Permission_Set) XXX_Merge(src proto.Message)
- func (m *Permission_Set) XXX_Size() int
- func (m *Permission_Set) XXX_Unmarshal(b []byte) error
- type Permission_SetValidationError
- type Policy
- func (*Policy) Descriptor() ([]byte, []int)
- func (m *Policy) GetPermissions() []*Permission
- func (m *Policy) GetPrincipals() []*Principal
- func (m *Policy) Marshal() (dAtA []byte, err error)
- func (m *Policy) MarshalTo(dAtA []byte) (int, error)
- func (*Policy) ProtoMessage()
- func (m *Policy) Reset()
- func (m *Policy) Size() (n int)
- func (m *Policy) String() string
- func (m *Policy) Unmarshal(dAtA []byte) error
- func (m *Policy) Validate() error
- func (m *Policy) XXX_DiscardUnknown()
- func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Policy) XXX_Merge(src proto.Message)
- func (m *Policy) XXX_Size() int
- func (m *Policy) XXX_Unmarshal(b []byte) error
- type PolicyValidationError
- type Principal
- func (*Principal) Descriptor() ([]byte, []int)
- func (m *Principal) GetAndIds() *Principal_Set
- func (m *Principal) GetAny() bool
- func (m *Principal) GetAuthenticated() *Principal_Authenticated
- func (m *Principal) GetHeader() *route.HeaderMatcher
- func (m *Principal) GetIdentifier() isPrincipal_Identifier
- func (m *Principal) GetMetadata() *matcher.MetadataMatcher
- func (m *Principal) GetNotId() *Principal
- func (m *Principal) GetOrIds() *Principal_Set
- func (m *Principal) GetSourceIp() *core.CidrRange
- func (m *Principal) Marshal() (dAtA []byte, err error)
- func (m *Principal) MarshalTo(dAtA []byte) (int, error)
- func (*Principal) ProtoMessage()
- func (m *Principal) Reset()
- func (m *Principal) Size() (n int)
- func (m *Principal) String() string
- func (m *Principal) Unmarshal(dAtA []byte) error
- func (m *Principal) Validate() error
- func (m *Principal) XXX_DiscardUnknown()
- func (m *Principal) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Principal) XXX_Merge(src proto.Message)
- func (*Principal) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- func (m *Principal) XXX_Size() int
- func (m *Principal) XXX_Unmarshal(b []byte) error
- type PrincipalValidationError
- type Principal_AndIds
- type Principal_Any
- type Principal_Authenticated
- func (*Principal_Authenticated) Descriptor() ([]byte, []int)
- func (m *Principal_Authenticated) GetName() string
- func (m *Principal_Authenticated) Marshal() (dAtA []byte, err error)
- func (m *Principal_Authenticated) MarshalTo(dAtA []byte) (int, error)
- func (*Principal_Authenticated) ProtoMessage()
- func (m *Principal_Authenticated) Reset()
- func (m *Principal_Authenticated) Size() (n int)
- func (m *Principal_Authenticated) String() string
- func (m *Principal_Authenticated) Unmarshal(dAtA []byte) error
- func (m *Principal_Authenticated) Validate() error
- func (m *Principal_Authenticated) XXX_DiscardUnknown()
- func (m *Principal_Authenticated) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Principal_Authenticated) XXX_Merge(src proto.Message)
- func (m *Principal_Authenticated) XXX_Size() int
- func (m *Principal_Authenticated) XXX_Unmarshal(b []byte) error
- type Principal_AuthenticatedValidationError
- type Principal_Authenticated_
- type Principal_Header
- type Principal_Metadata
- type Principal_NotId
- type Principal_OrIds
- type Principal_Set
- func (*Principal_Set) Descriptor() ([]byte, []int)
- func (m *Principal_Set) GetIds() []*Principal
- func (m *Principal_Set) Marshal() (dAtA []byte, err error)
- func (m *Principal_Set) MarshalTo(dAtA []byte) (int, error)
- func (*Principal_Set) ProtoMessage()
- func (m *Principal_Set) Reset()
- func (m *Principal_Set) Size() (n int)
- func (m *Principal_Set) String() string
- func (m *Principal_Set) Unmarshal(dAtA []byte) error
- func (m *Principal_Set) Validate() error
- func (m *Principal_Set) XXX_DiscardUnknown()
- func (m *Principal_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Principal_Set) XXX_Merge(src proto.Message)
- func (m *Principal_Set) XXX_Size() int
- func (m *Principal_Set) XXX_Unmarshal(b []byte) error
- type Principal_SetValidationError
- type Principal_SourceIp
- type RBAC
- func (*RBAC) Descriptor() ([]byte, []int)
- func (m *RBAC) GetAction() RBAC_Action
- func (m *RBAC) GetPolicies() map[string]*Policy
- func (m *RBAC) Marshal() (dAtA []byte, err error)
- func (m *RBAC) MarshalTo(dAtA []byte) (int, error)
- func (*RBAC) ProtoMessage()
- func (m *RBAC) Reset()
- func (m *RBAC) Size() (n int)
- func (m *RBAC) String() string
- func (m *RBAC) Unmarshal(dAtA []byte) error
- func (m *RBAC) Validate() error
- func (m *RBAC) XXX_DiscardUnknown()
- func (m *RBAC) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *RBAC) XXX_Merge(src proto.Message)
- func (m *RBAC) XXX_Size() int
- func (m *RBAC) XXX_Unmarshal(b []byte) error
- type RBACValidationError
- type RBAC_Action
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthRbac = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowRbac = fmt.Errorf("proto: integer overflow") )
var RBAC_Action_name = map[int32]string{
0: "ALLOW",
1: "DENY",
}
var RBAC_Action_value = map[string]int32{
"ALLOW": 0,
"DENY": 1,
}
Functions ¶
This section is empty.
Types ¶
type Permission ¶
type Permission struct { // Types that are valid to be assigned to Rule: // *Permission_AndRules // *Permission_OrRules // *Permission_Any // *Permission_Header // *Permission_DestinationIp // *Permission_DestinationPort // *Permission_Metadata // *Permission_NotRule Rule isPermission_Rule `protobuf_oneof:"rule"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Permission defines an action (or actions) that a principal can take.
func (*Permission) Descriptor ¶
func (*Permission) Descriptor() ([]byte, []int)
func (*Permission) GetAndRules ¶
func (m *Permission) GetAndRules() *Permission_Set
func (*Permission) GetAny ¶
func (m *Permission) GetAny() bool
func (*Permission) GetDestinationIp ¶
func (m *Permission) GetDestinationIp() *core.CidrRange
func (*Permission) GetDestinationPort ¶
func (m *Permission) GetDestinationPort() uint32
func (*Permission) GetHeader ¶
func (m *Permission) GetHeader() *route.HeaderMatcher
func (*Permission) GetMetadata ¶
func (m *Permission) GetMetadata() *matcher.MetadataMatcher
func (*Permission) GetNotRule ¶
func (m *Permission) GetNotRule() *Permission
func (*Permission) GetOrRules ¶
func (m *Permission) GetOrRules() *Permission_Set
func (*Permission) GetRule ¶
func (m *Permission) GetRule() isPermission_Rule
func (*Permission) Marshal ¶
func (m *Permission) Marshal() (dAtA []byte, err error)
func (*Permission) ProtoMessage ¶
func (*Permission) ProtoMessage()
func (*Permission) Reset ¶
func (m *Permission) Reset()
func (*Permission) Size ¶
func (m *Permission) Size() (n int)
func (*Permission) String ¶
func (m *Permission) String() string
func (*Permission) Unmarshal ¶
func (m *Permission) Unmarshal(dAtA []byte) error
func (*Permission) Validate ¶
func (m *Permission) Validate() error
Validate checks the field values on Permission with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Permission) XXX_DiscardUnknown ¶
func (m *Permission) XXX_DiscardUnknown()
func (*Permission) XXX_Marshal ¶
func (m *Permission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Permission) XXX_Merge ¶
func (dst *Permission) XXX_Merge(src proto.Message)
func (*Permission) XXX_OneofFuncs ¶
func (*Permission) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*Permission) XXX_Size ¶
func (m *Permission) XXX_Size() int
func (*Permission) XXX_Unmarshal ¶
func (m *Permission) XXX_Unmarshal(b []byte) error
type PermissionValidationError ¶
PermissionValidationError is the validation error returned by Permission.Validate if the designated constraints aren't met.
func (PermissionValidationError) Error ¶
func (e PermissionValidationError) Error() string
Error satisfies the builtin error interface
type Permission_AndRules ¶
type Permission_AndRules struct {
AndRules *Permission_Set `protobuf:"bytes,1,opt,name=and_rules,json=andRules,oneof"`
}
func (*Permission_AndRules) MarshalTo ¶
func (m *Permission_AndRules) MarshalTo(dAtA []byte) (int, error)
func (*Permission_AndRules) Size ¶
func (m *Permission_AndRules) Size() (n int)
type Permission_Any ¶
type Permission_Any struct {
Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
}
func (*Permission_Any) Size ¶
func (m *Permission_Any) Size() (n int)
type Permission_DestinationIp ¶
type Permission_DestinationIp struct {
DestinationIp *core.CidrRange `protobuf:"bytes,5,opt,name=destination_ip,json=destinationIp,oneof"`
}
func (*Permission_DestinationIp) MarshalTo ¶
func (m *Permission_DestinationIp) MarshalTo(dAtA []byte) (int, error)
func (*Permission_DestinationIp) Size ¶
func (m *Permission_DestinationIp) Size() (n int)
type Permission_DestinationPort ¶
type Permission_DestinationPort struct {
DestinationPort uint32 `protobuf:"varint,6,opt,name=destination_port,json=destinationPort,proto3,oneof"`
}
func (*Permission_DestinationPort) MarshalTo ¶
func (m *Permission_DestinationPort) MarshalTo(dAtA []byte) (int, error)
func (*Permission_DestinationPort) Size ¶
func (m *Permission_DestinationPort) Size() (n int)
type Permission_Header ¶
type Permission_Header struct {
Header *route.HeaderMatcher `protobuf:"bytes,4,opt,name=header,oneof"`
}
func (*Permission_Header) MarshalTo ¶
func (m *Permission_Header) MarshalTo(dAtA []byte) (int, error)
func (*Permission_Header) Size ¶
func (m *Permission_Header) Size() (n int)
type Permission_Metadata ¶
type Permission_Metadata struct {
Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,oneof"`
}
func (*Permission_Metadata) MarshalTo ¶
func (m *Permission_Metadata) MarshalTo(dAtA []byte) (int, error)
func (*Permission_Metadata) Size ¶
func (m *Permission_Metadata) Size() (n int)
type Permission_NotRule ¶
type Permission_NotRule struct {
NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,oneof"`
}
func (*Permission_NotRule) MarshalTo ¶
func (m *Permission_NotRule) MarshalTo(dAtA []byte) (int, error)
func (*Permission_NotRule) Size ¶
func (m *Permission_NotRule) Size() (n int)
type Permission_OrRules ¶
type Permission_OrRules struct {
OrRules *Permission_Set `protobuf:"bytes,2,opt,name=or_rules,json=orRules,oneof"`
}
func (*Permission_OrRules) MarshalTo ¶
func (m *Permission_OrRules) MarshalTo(dAtA []byte) (int, error)
func (*Permission_OrRules) Size ¶
func (m *Permission_OrRules) Size() (n int)
type Permission_Set ¶
type Permission_Set struct { Rules []*Permission `protobuf:"bytes,1,rep,name=rules" json:"rules,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context, each are applied with the associated behavior.
func (*Permission_Set) Descriptor ¶
func (*Permission_Set) Descriptor() ([]byte, []int)
func (*Permission_Set) GetRules ¶
func (m *Permission_Set) GetRules() []*Permission
func (*Permission_Set) Marshal ¶
func (m *Permission_Set) Marshal() (dAtA []byte, err error)
func (*Permission_Set) ProtoMessage ¶
func (*Permission_Set) ProtoMessage()
func (*Permission_Set) Reset ¶
func (m *Permission_Set) Reset()
func (*Permission_Set) Size ¶
func (m *Permission_Set) Size() (n int)
func (*Permission_Set) String ¶
func (m *Permission_Set) String() string
func (*Permission_Set) Unmarshal ¶
func (m *Permission_Set) Unmarshal(dAtA []byte) error
func (*Permission_Set) Validate ¶
func (m *Permission_Set) Validate() error
Validate checks the field values on Permission_Set with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Permission_Set) XXX_DiscardUnknown ¶
func (m *Permission_Set) XXX_DiscardUnknown()
func (*Permission_Set) XXX_Marshal ¶
func (m *Permission_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Permission_Set) XXX_Merge ¶
func (dst *Permission_Set) XXX_Merge(src proto.Message)
func (*Permission_Set) XXX_Size ¶
func (m *Permission_Set) XXX_Size() int
func (*Permission_Set) XXX_Unmarshal ¶
func (m *Permission_Set) XXX_Unmarshal(b []byte) error
type Permission_SetValidationError ¶
Permission_SetValidationError is the validation error returned by Permission_Set.Validate if the designated constraints aren't met.
func (Permission_SetValidationError) Error ¶
func (e Permission_SetValidationError) Error() string
Error satisfies the builtin error interface
type Policy ¶
type Policy struct { // Required. The set of permissions that define a role. Each permission is matched with OR // semantics. To match all actions for this policy, a single Permission with the `any` field set // to true should be used. Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions" json:"permissions,omitempty"` // Required. The set of principals that are assigned/denied the role based on “action”. Each // principal is matched with OR semantics. To match all downstreams for this policy, a single // Principal with the `any` field set to true should be used. Principals []*Principal `protobuf:"bytes,2,rep,name=principals" json:"principals,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Policy specifies a role and the principals that are assigned/denied the role. A policy matches if and only if at least one of its permissions match the action taking place AND at least one of its principals match the downstream.
func (*Policy) Descriptor ¶
func (*Policy) GetPermissions ¶
func (m *Policy) GetPermissions() []*Permission
func (*Policy) GetPrincipals ¶
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) Validate ¶
Validate checks the field values on Policy with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Policy) XXX_DiscardUnknown ¶
func (m *Policy) XXX_DiscardUnknown()
func (*Policy) XXX_Marshal ¶
func (*Policy) XXX_Unmarshal ¶
type PolicyValidationError ¶
PolicyValidationError is the validation error returned by Policy.Validate if the designated constraints aren't met.
func (PolicyValidationError) Error ¶
func (e PolicyValidationError) Error() string
Error satisfies the builtin error interface
type Principal ¶
type Principal struct { // Types that are valid to be assigned to Identifier: // *Principal_AndIds // *Principal_OrIds // *Principal_Any // *Principal_Authenticated_ // *Principal_SourceIp // *Principal_Header // *Principal_Metadata // *Principal_NotId Identifier isPrincipal_Identifier `protobuf_oneof:"identifier"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Principal defines an identity or a group of identities for a downstream subject.
func (*Principal) Descriptor ¶
func (*Principal) GetAndIds ¶
func (m *Principal) GetAndIds() *Principal_Set
func (*Principal) GetAuthenticated ¶
func (m *Principal) GetAuthenticated() *Principal_Authenticated
func (*Principal) GetHeader ¶
func (m *Principal) GetHeader() *route.HeaderMatcher
func (*Principal) GetIdentifier ¶
func (m *Principal) GetIdentifier() isPrincipal_Identifier
func (*Principal) GetMetadata ¶
func (m *Principal) GetMetadata() *matcher.MetadataMatcher
func (*Principal) GetOrIds ¶
func (m *Principal) GetOrIds() *Principal_Set
func (*Principal) GetSourceIp ¶
func (*Principal) ProtoMessage ¶
func (*Principal) ProtoMessage()
func (*Principal) Validate ¶
Validate checks the field values on Principal with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Principal) XXX_DiscardUnknown ¶
func (m *Principal) XXX_DiscardUnknown()
func (*Principal) XXX_Marshal ¶
func (*Principal) XXX_OneofFuncs ¶
func (*Principal) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})
XXX_OneofFuncs is for the internal use of the proto package.
func (*Principal) XXX_Unmarshal ¶
type PrincipalValidationError ¶
PrincipalValidationError is the validation error returned by Principal.Validate if the designated constraints aren't met.
func (PrincipalValidationError) Error ¶
func (e PrincipalValidationError) Error() string
Error satisfies the builtin error interface
type Principal_AndIds ¶
type Principal_AndIds struct {
AndIds *Principal_Set `protobuf:"bytes,1,opt,name=and_ids,json=andIds,oneof"`
}
func (*Principal_AndIds) Size ¶
func (m *Principal_AndIds) Size() (n int)
type Principal_Any ¶
type Principal_Any struct {
Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
}
func (*Principal_Any) Size ¶
func (m *Principal_Any) Size() (n int)
type Principal_Authenticated ¶
type Principal_Authenticated struct { // The name of the principal. If set, the URI SAN is used from the certificate, otherwise the // subject field is used. If unset, it applies to any user that is authenticated. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Authentication attributes for a downstream.
func (*Principal_Authenticated) Descriptor ¶
func (*Principal_Authenticated) Descriptor() ([]byte, []int)
func (*Principal_Authenticated) GetName ¶
func (m *Principal_Authenticated) GetName() string
func (*Principal_Authenticated) Marshal ¶
func (m *Principal_Authenticated) Marshal() (dAtA []byte, err error)
func (*Principal_Authenticated) MarshalTo ¶
func (m *Principal_Authenticated) MarshalTo(dAtA []byte) (int, error)
func (*Principal_Authenticated) ProtoMessage ¶
func (*Principal_Authenticated) ProtoMessage()
func (*Principal_Authenticated) Reset ¶
func (m *Principal_Authenticated) Reset()
func (*Principal_Authenticated) Size ¶
func (m *Principal_Authenticated) Size() (n int)
func (*Principal_Authenticated) String ¶
func (m *Principal_Authenticated) String() string
func (*Principal_Authenticated) Unmarshal ¶
func (m *Principal_Authenticated) Unmarshal(dAtA []byte) error
func (*Principal_Authenticated) Validate ¶
func (m *Principal_Authenticated) Validate() error
Validate checks the field values on Principal_Authenticated with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Principal_Authenticated) XXX_DiscardUnknown ¶
func (m *Principal_Authenticated) XXX_DiscardUnknown()
func (*Principal_Authenticated) XXX_Marshal ¶
func (m *Principal_Authenticated) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Principal_Authenticated) XXX_Merge ¶
func (dst *Principal_Authenticated) XXX_Merge(src proto.Message)
func (*Principal_Authenticated) XXX_Size ¶
func (m *Principal_Authenticated) XXX_Size() int
func (*Principal_Authenticated) XXX_Unmarshal ¶
func (m *Principal_Authenticated) XXX_Unmarshal(b []byte) error
type Principal_AuthenticatedValidationError ¶
type Principal_AuthenticatedValidationError struct { Field string Reason string Cause error Key bool }
Principal_AuthenticatedValidationError is the validation error returned by Principal_Authenticated.Validate if the designated constraints aren't met.
func (Principal_AuthenticatedValidationError) Error ¶
func (e Principal_AuthenticatedValidationError) Error() string
Error satisfies the builtin error interface
type Principal_Authenticated_ ¶
type Principal_Authenticated_ struct {
Authenticated *Principal_Authenticated `protobuf:"bytes,4,opt,name=authenticated,oneof"`
}
func (*Principal_Authenticated_) MarshalTo ¶
func (m *Principal_Authenticated_) MarshalTo(dAtA []byte) (int, error)
func (*Principal_Authenticated_) Size ¶
func (m *Principal_Authenticated_) Size() (n int)
type Principal_Header ¶
type Principal_Header struct {
Header *route.HeaderMatcher `protobuf:"bytes,6,opt,name=header,oneof"`
}
func (*Principal_Header) Size ¶
func (m *Principal_Header) Size() (n int)
type Principal_Metadata ¶
type Principal_Metadata struct {
Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,oneof"`
}
func (*Principal_Metadata) MarshalTo ¶
func (m *Principal_Metadata) MarshalTo(dAtA []byte) (int, error)
func (*Principal_Metadata) Size ¶
func (m *Principal_Metadata) Size() (n int)
type Principal_NotId ¶
type Principal_NotId struct {
NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,oneof"`
}
func (*Principal_NotId) Size ¶
func (m *Principal_NotId) Size() (n int)
type Principal_OrIds ¶
type Principal_OrIds struct {
OrIds *Principal_Set `protobuf:"bytes,2,opt,name=or_ids,json=orIds,oneof"`
}
func (*Principal_OrIds) Size ¶
func (m *Principal_OrIds) Size() (n int)
type Principal_Set ¶
type Principal_Set struct { Ids []*Principal `protobuf:"bytes,1,rep,name=ids" json:"ids,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. Depending on the context, each are applied with the associated behavior.
func (*Principal_Set) Descriptor ¶
func (*Principal_Set) Descriptor() ([]byte, []int)
func (*Principal_Set) GetIds ¶
func (m *Principal_Set) GetIds() []*Principal
func (*Principal_Set) Marshal ¶
func (m *Principal_Set) Marshal() (dAtA []byte, err error)
func (*Principal_Set) ProtoMessage ¶
func (*Principal_Set) ProtoMessage()
func (*Principal_Set) Reset ¶
func (m *Principal_Set) Reset()
func (*Principal_Set) Size ¶
func (m *Principal_Set) Size() (n int)
func (*Principal_Set) String ¶
func (m *Principal_Set) String() string
func (*Principal_Set) Unmarshal ¶
func (m *Principal_Set) Unmarshal(dAtA []byte) error
func (*Principal_Set) Validate ¶
func (m *Principal_Set) Validate() error
Validate checks the field values on Principal_Set with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*Principal_Set) XXX_DiscardUnknown ¶
func (m *Principal_Set) XXX_DiscardUnknown()
func (*Principal_Set) XXX_Marshal ¶
func (m *Principal_Set) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Principal_Set) XXX_Merge ¶
func (dst *Principal_Set) XXX_Merge(src proto.Message)
func (*Principal_Set) XXX_Size ¶
func (m *Principal_Set) XXX_Size() int
func (*Principal_Set) XXX_Unmarshal ¶
func (m *Principal_Set) XXX_Unmarshal(b []byte) error
type Principal_SetValidationError ¶
Principal_SetValidationError is the validation error returned by Principal_Set.Validate if the designated constraints aren't met.
func (Principal_SetValidationError) Error ¶
func (e Principal_SetValidationError) Error() string
Error satisfies the builtin error interface
type Principal_SourceIp ¶
type Principal_SourceIp struct {
SourceIp *core.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,oneof"`
}
func (*Principal_SourceIp) MarshalTo ¶
func (m *Principal_SourceIp) MarshalTo(dAtA []byte) (int, error)
func (*Principal_SourceIp) Size ¶
func (m *Principal_SourceIp) Size() (n int)
type RBAC ¶
type RBAC struct { // The action to take if a policy matches. The request is allowed if and only if: // // * `action` is "ALLOWED" and at least one policy matches // * `action` is "DENY" and none of the policies match Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v2alpha.RBAC_Action" json:"action,omitempty"` // Maps from policy name to policy. A match occurs when at least one policy matches the request. Policies map[string]*Policy `` /* 143-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Role Based Access Control (RBAC) provides service-level and method-level access control for a service. RBAC policies are additive. The policies are examined in order. A request is allowed once a matching policy is found (suppose the `action` is ALLOW).
Here is an example of RBAC configuration. It has two policies:
- Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so does "cluster.local/ns/default/sa/superuser".
Any user can read ("GET") the service at paths with prefix "/products", so long as the destination port is either 80 or 443.
.. code-block:: yaml
action: ALLOW policies: "service-admin": permissions:
any: true principals:
authenticated: { name: "cluster.local/ns/default/sa/admin" }
authenticated: { name: "cluster.local/ns/default/sa/superuser" } "product-viewer": permissions:
and_rules: rules:
header: { name: ":method", exact_match: "GET" }
header: { name: ":path", regex_match: "/products(/.*)?" }
or_rules: rules:
destination_port: 80
destination_port: 443 principals:
any: true
func (*RBAC) Descriptor ¶
func (*RBAC) GetAction ¶
func (m *RBAC) GetAction() RBAC_Action
func (*RBAC) GetPolicies ¶
func (*RBAC) ProtoMessage ¶
func (*RBAC) ProtoMessage()
func (*RBAC) Validate ¶
Validate checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
func (*RBAC) XXX_DiscardUnknown ¶
func (m *RBAC) XXX_DiscardUnknown()
func (*RBAC) XXX_Unmarshal ¶
type RBACValidationError ¶
RBACValidationError is the validation error returned by RBAC.Validate if the designated constraints aren't met.
func (RBACValidationError) Error ¶
func (e RBACValidationError) Error() string
Error satisfies the builtin error interface
type RBAC_Action ¶
type RBAC_Action int32
Should we do safe-list or block-list style access control?
const ( // The policies grant access to principals. The rest is denied. This is safe-list style // access control. This is the default type. RBAC_ALLOW RBAC_Action = 0 // The policies deny access to principals. The rest is allowed. This is block-list style // access control. RBAC_DENY RBAC_Action = 1 )
func (RBAC_Action) EnumDescriptor ¶
func (RBAC_Action) EnumDescriptor() ([]byte, []int)
func (RBAC_Action) String ¶
func (x RBAC_Action) String() string