rbac

package
v0.11.2-merged-prereqs Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 18, 2024 License: Apache-2.0 Imports: 18 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	JWTPrincipal_ClaimMatcher_name = map[int32]string{
		0: "EXACT_STRING",
		1: "BOOLEAN",
		2: "LIST_CONTAINS",
	}
	JWTPrincipal_ClaimMatcher_value = map[string]int32{
		"EXACT_STRING":  0,
		"BOOLEAN":       1,
		"LIST_CONTAINS": 2,
	}
)

Enum value maps for JWTPrincipal_ClaimMatcher.

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_rbac_rbac_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ExtensionSettings

type ExtensionSettings struct {

	// Disable RBAC checks on this resource (default false). This is useful to allow access to static resources/login page without RBAC checks.
	// If provided on a route, all route settings override any vhost settings
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	// Named policies to apply.
	Policies map[string]*Policy `` /* 157-byte string literal not displayed */
	// contains filtered or unexported fields
}

RBAC settings for Virtual Hosts and Routes

func (*ExtensionSettings) Clone added in v1.8.24

func (m *ExtensionSettings) Clone() proto.Message

Clone function

func (*ExtensionSettings) Descriptor deprecated

func (*ExtensionSettings) Descriptor() ([]byte, []int)

Deprecated: Use ExtensionSettings.ProtoReflect.Descriptor instead.

func (*ExtensionSettings) Equal

func (m *ExtensionSettings) Equal(that interface{}) bool

Equal function

func (*ExtensionSettings) GetDisable

func (x *ExtensionSettings) GetDisable() bool

func (*ExtensionSettings) GetPolicies

func (x *ExtensionSettings) GetPolicies() map[string]*Policy

func (*ExtensionSettings) Hash added in v1.2.13

func (m *ExtensionSettings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtensionSettings) ProtoMessage

func (*ExtensionSettings) ProtoMessage()

func (*ExtensionSettings) ProtoReflect added in v1.6.0

func (x *ExtensionSettings) ProtoReflect() protoreflect.Message

func (*ExtensionSettings) Reset

func (x *ExtensionSettings) Reset()

func (*ExtensionSettings) String

func (x *ExtensionSettings) String() string

type JWTPrincipal

type JWTPrincipal struct {

	// Set of claims that make up this principal. Commonly, the 'iss' and 'sub' or 'email' claims are used.
	// If you specify the path for a nested claim, such as 'parent.child.foo', you must also specify
	// a non-empty string value for the `nested_claim_delimiter` field in the Policy.
	Claims map[string]string `` /* 153-byte string literal not displayed */
	// Verify that the JWT came from a specific provider. This usually can be left empty
	// and a provider will be chosen automatically.
	Provider string `protobuf:"bytes,2,opt,name=provider,proto3" json:"provider,omitempty"`
	// The matcher to use when evaluating this principal. By default, exact string comparison (EXACT_STRING) is used.
	Matcher JWTPrincipal_ClaimMatcher `protobuf:"varint,3,opt,name=matcher,proto3,enum=rbac.options.gloo.solo.io.JWTPrincipal_ClaimMatcher" json:"matcher,omitempty"`
	// contains filtered or unexported fields
}

A JWT principal. To use this, JWT option MUST be enabled.

func (*JWTPrincipal) Clone added in v1.8.24

func (m *JWTPrincipal) Clone() proto.Message

Clone function

func (*JWTPrincipal) Descriptor deprecated

func (*JWTPrincipal) Descriptor() ([]byte, []int)

Deprecated: Use JWTPrincipal.ProtoReflect.Descriptor instead.

func (*JWTPrincipal) Equal

func (m *JWTPrincipal) Equal(that interface{}) bool

Equal function

func (*JWTPrincipal) GetClaims

func (x *JWTPrincipal) GetClaims() map[string]string

func (*JWTPrincipal) GetMatcher added in v1.9.0

func (x *JWTPrincipal) GetMatcher() JWTPrincipal_ClaimMatcher

func (*JWTPrincipal) GetProvider

func (x *JWTPrincipal) GetProvider() string

func (*JWTPrincipal) Hash added in v1.2.13

func (m *JWTPrincipal) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*JWTPrincipal) ProtoMessage

func (*JWTPrincipal) ProtoMessage()

func (*JWTPrincipal) ProtoReflect added in v1.6.0

func (x *JWTPrincipal) ProtoReflect() protoreflect.Message

func (*JWTPrincipal) Reset

func (x *JWTPrincipal) Reset()

func (*JWTPrincipal) String

func (x *JWTPrincipal) String() string

type JWTPrincipal_ClaimMatcher added in v1.9.0

type JWTPrincipal_ClaimMatcher int32

Used to specify how claims should be matched to the value.

const (
	// The JWT claim value is a string that exactly matches the value.
	JWTPrincipal_EXACT_STRING JWTPrincipal_ClaimMatcher = 0
	// The JWT claim value is a boolean that matches the value.
	JWTPrincipal_BOOLEAN JWTPrincipal_ClaimMatcher = 1
	// The JWT claim value is a list that contains a string that exactly matches the value.
	JWTPrincipal_LIST_CONTAINS JWTPrincipal_ClaimMatcher = 2
)

func (JWTPrincipal_ClaimMatcher) Descriptor added in v1.9.0

func (JWTPrincipal_ClaimMatcher) Enum added in v1.9.0

func (JWTPrincipal_ClaimMatcher) EnumDescriptor deprecated added in v1.9.0

func (JWTPrincipal_ClaimMatcher) EnumDescriptor() ([]byte, []int)

Deprecated: Use JWTPrincipal_ClaimMatcher.Descriptor instead.

func (JWTPrincipal_ClaimMatcher) Number added in v1.9.0

func (JWTPrincipal_ClaimMatcher) String added in v1.9.0

func (x JWTPrincipal_ClaimMatcher) String() string

func (JWTPrincipal_ClaimMatcher) Type added in v1.9.0

type Permissions

type Permissions struct {

	// Paths that have this prefix will be allowed.
	PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	// What http methods (GET, POST, ...) are allowed.
	Methods []string `protobuf:"bytes,2,rep,name=methods,proto3" json:"methods,omitempty"`
	// contains filtered or unexported fields
}

What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.

func (*Permissions) Clone added in v1.8.24

func (m *Permissions) Clone() proto.Message

Clone function

func (*Permissions) Descriptor deprecated

func (*Permissions) Descriptor() ([]byte, []int)

Deprecated: Use Permissions.ProtoReflect.Descriptor instead.

func (*Permissions) Equal

func (m *Permissions) Equal(that interface{}) bool

Equal function

func (*Permissions) GetMethods

func (x *Permissions) GetMethods() []string

func (*Permissions) GetPathPrefix

func (x *Permissions) GetPathPrefix() string

func (*Permissions) Hash added in v1.2.13

func (m *Permissions) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Permissions) ProtoMessage

func (*Permissions) ProtoMessage()

func (*Permissions) ProtoReflect added in v1.6.0

func (x *Permissions) ProtoReflect() protoreflect.Message

func (*Permissions) Reset

func (x *Permissions) Reset()

func (*Permissions) String

func (x *Permissions) String() string

type Policy

type Policy struct {

	// Principals in this policy.
	Principals []*Principal `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
	// Permissions granted to the principals.
	Permissions *Permissions `protobuf:"bytes,2,opt,name=permissions,proto3" json:"permissions,omitempty"`
	// The delimiter to use when specifying nested claim names within principals.
	// Default is an empty string, which disables nested claim functionality.
	// This is commonly set to `.`, allowing for nested claim names of the form
	// `parent.child.grandchild`
	NestedClaimDelimiter string `protobuf:"bytes,3,opt,name=nested_claim_delimiter,json=nestedClaimDelimiter,proto3" json:"nested_claim_delimiter,omitempty"`
	// contains filtered or unexported fields
}

func (*Policy) Clone added in v1.8.24

func (m *Policy) Clone() proto.Message

Clone function

func (*Policy) Descriptor deprecated

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) Equal

func (m *Policy) Equal(that interface{}) bool

Equal function

func (*Policy) GetNestedClaimDelimiter added in v1.9.0

func (x *Policy) GetNestedClaimDelimiter() string

func (*Policy) GetPermissions

func (x *Policy) GetPermissions() *Permissions

func (*Policy) GetPrincipals

func (x *Policy) GetPrincipals() []*Principal

func (*Policy) Hash added in v1.2.13

func (m *Policy) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Policy) ProtoMessage

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect added in v1.6.0

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset

func (x *Policy) Reset()

func (*Policy) String

func (x *Policy) String() string

type Principal

type Principal struct {
	JwtPrincipal *JWTPrincipal `protobuf:"bytes,1,opt,name=jwt_principal,json=jwtPrincipal,proto3" json:"jwt_principal,omitempty"`
	// contains filtered or unexported fields
}

An RBAC principal - the identity entity (usually a user or a service account).

func (*Principal) Clone added in v1.8.24

func (m *Principal) Clone() proto.Message

Clone function

func (*Principal) Descriptor deprecated

func (*Principal) Descriptor() ([]byte, []int)

Deprecated: Use Principal.ProtoReflect.Descriptor instead.

func (*Principal) Equal

func (m *Principal) Equal(that interface{}) bool

Equal function

func (*Principal) GetJwtPrincipal

func (x *Principal) GetJwtPrincipal() *JWTPrincipal

func (*Principal) Hash added in v1.2.13

func (m *Principal) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Principal) ProtoMessage

func (*Principal) ProtoMessage()

func (*Principal) ProtoReflect added in v1.6.0

func (x *Principal) ProtoReflect() protoreflect.Message

func (*Principal) Reset

func (x *Principal) Reset()

func (*Principal) String

func (x *Principal) String() string

type Settings

type Settings struct {

	// Require RBAC for all virtual hosts. A vhost without an RBAC policy set will fallback to a deny-all policy.
	RequireRbac bool `protobuf:"varint,1,opt,name=require_rbac,json=requireRbac,proto3" json:"require_rbac,omitempty"`
	// contains filtered or unexported fields
}

Global RBAC settings

func (*Settings) Clone added in v1.8.24

func (m *Settings) Clone() proto.Message

Clone function

func (*Settings) Descriptor deprecated

func (*Settings) Descriptor() ([]byte, []int)

Deprecated: Use Settings.ProtoReflect.Descriptor instead.

func (*Settings) Equal

func (m *Settings) Equal(that interface{}) bool

Equal function

func (*Settings) GetRequireRbac

func (x *Settings) GetRequireRbac() bool

func (*Settings) Hash added in v1.2.13

func (m *Settings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Settings) ProtoMessage

func (*Settings) ProtoMessage()

func (*Settings) ProtoReflect added in v1.6.0

func (x *Settings) ProtoReflect() protoreflect.Message

func (*Settings) Reset

func (x *Settings) Reset()

func (*Settings) String

func (x *Settings) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL