rbac

package
v0.20.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2019 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config deprecated

type Config struct {
	// Named policies to apply.
	Policies             map[string]*Policy `` /* 157-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

TODO(kdorosh) remove once we stop supporting opaque RBAC config

Deprecated: Do not use.

func (*Config) Descriptor

func (*Config) Descriptor() ([]byte, []int)

func (*Config) Equal

func (this *Config) Equal(that interface{}) bool

func (*Config) GetPolicies

func (m *Config) GetPolicies() map[string]*Policy

func (*Config) ProtoMessage

func (*Config) ProtoMessage()

func (*Config) Reset

func (m *Config) Reset()

func (*Config) String

func (m *Config) String() string

func (*Config) XXX_DiscardUnknown

func (m *Config) XXX_DiscardUnknown()

func (*Config) XXX_Marshal

func (m *Config) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Config) XXX_Merge

func (m *Config) XXX_Merge(src proto.Message)

func (*Config) XXX_Size

func (m *Config) XXX_Size() int

func (*Config) XXX_Unmarshal

func (m *Config) XXX_Unmarshal(b []byte) error

type ExtensionSettings added in v0.20.2

type ExtensionSettings struct {
	// Disable RBAC checks on this resource (default false). This is useful to allow access to static resources/login page without RBAC checks.
	// If provided on a route, all route settings override any vhost settings
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	// Named policies to apply.
	Policies             map[string]*Policy `` /* 157-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

func (*ExtensionSettings) Descriptor added in v0.20.2

func (*ExtensionSettings) Descriptor() ([]byte, []int)

func (*ExtensionSettings) Equal added in v0.20.2

func (this *ExtensionSettings) Equal(that interface{}) bool

func (*ExtensionSettings) GetDisable added in v0.20.2

func (m *ExtensionSettings) GetDisable() bool

func (*ExtensionSettings) GetPolicies added in v0.20.2

func (m *ExtensionSettings) GetPolicies() map[string]*Policy

func (*ExtensionSettings) ProtoMessage added in v0.20.2

func (*ExtensionSettings) ProtoMessage()

func (*ExtensionSettings) Reset added in v0.20.2

func (m *ExtensionSettings) Reset()

func (*ExtensionSettings) String added in v0.20.2

func (m *ExtensionSettings) String() string

func (*ExtensionSettings) XXX_DiscardUnknown added in v0.20.2

func (m *ExtensionSettings) XXX_DiscardUnknown()

func (*ExtensionSettings) XXX_Marshal added in v0.20.2

func (m *ExtensionSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtensionSettings) XXX_Merge added in v0.20.2

func (m *ExtensionSettings) XXX_Merge(src proto.Message)

func (*ExtensionSettings) XXX_Size added in v0.20.2

func (m *ExtensionSettings) XXX_Size() int

func (*ExtensionSettings) XXX_Unmarshal added in v0.20.2

func (m *ExtensionSettings) XXX_Unmarshal(b []byte) error

type JWTPrincipal

type JWTPrincipal struct {
	// Set of claims that make up this principal. Commonly, the 'iss' and 'sub' or 'email' claims are used.
	// all claims must be present on the JWT.
	Claims map[string]string `` /* 153-byte string literal not displayed */
	// Verify that the JWT came from a specific provider. This usually can be left empty
	// and a provider will be chosen automatically.
	Provider             string   `protobuf:"bytes,2,opt,name=provider,proto3" json:"provider,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

A JWT principal. To use this, JWT plugin MUST be enabled.

func (*JWTPrincipal) Descriptor

func (*JWTPrincipal) Descriptor() ([]byte, []int)

func (*JWTPrincipal) Equal

func (this *JWTPrincipal) Equal(that interface{}) bool

func (*JWTPrincipal) GetClaims

func (m *JWTPrincipal) GetClaims() map[string]string

func (*JWTPrincipal) GetProvider

func (m *JWTPrincipal) GetProvider() string

func (*JWTPrincipal) ProtoMessage

func (*JWTPrincipal) ProtoMessage()

func (*JWTPrincipal) Reset

func (m *JWTPrincipal) Reset()

func (*JWTPrincipal) String

func (m *JWTPrincipal) String() string

func (*JWTPrincipal) XXX_DiscardUnknown

func (m *JWTPrincipal) XXX_DiscardUnknown()

func (*JWTPrincipal) XXX_Marshal

func (m *JWTPrincipal) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JWTPrincipal) XXX_Merge

func (m *JWTPrincipal) XXX_Merge(src proto.Message)

func (*JWTPrincipal) XXX_Size

func (m *JWTPrincipal) XXX_Size() int

func (*JWTPrincipal) XXX_Unmarshal

func (m *JWTPrincipal) XXX_Unmarshal(b []byte) error

type Permissions

type Permissions struct {
	// Paths that have this prefix will be allowed.
	PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	// What http methods (GET, POST, ...) are allowed.
	Methods              []string `protobuf:"bytes,2,rep,name=methods,proto3" json:"methods,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.

func (*Permissions) Descriptor

func (*Permissions) Descriptor() ([]byte, []int)

func (*Permissions) Equal

func (this *Permissions) Equal(that interface{}) bool

func (*Permissions) GetMethods

func (m *Permissions) GetMethods() []string

func (*Permissions) GetPathPrefix

func (m *Permissions) GetPathPrefix() string

func (*Permissions) ProtoMessage

func (*Permissions) ProtoMessage()

func (*Permissions) Reset

func (m *Permissions) Reset()

func (*Permissions) String

func (m *Permissions) String() string

func (*Permissions) XXX_DiscardUnknown

func (m *Permissions) XXX_DiscardUnknown()

func (*Permissions) XXX_Marshal

func (m *Permissions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Permissions) XXX_Merge

func (m *Permissions) XXX_Merge(src proto.Message)

func (*Permissions) XXX_Size

func (m *Permissions) XXX_Size() int

func (*Permissions) XXX_Unmarshal

func (m *Permissions) XXX_Unmarshal(b []byte) error

type Policy

type Policy struct {
	// Principals in this policy.
	Principals []*Principal `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
	// Permissions granted to the principals.
	Permissions          *Permissions `protobuf:"bytes,2,opt,name=permissions,proto3" json:"permissions,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

func (*Policy) Descriptor

func (*Policy) Descriptor() ([]byte, []int)

func (*Policy) Equal

func (this *Policy) Equal(that interface{}) bool

func (*Policy) GetPermissions

func (m *Policy) GetPermissions() *Permissions

func (*Policy) GetPrincipals

func (m *Policy) GetPrincipals() []*Principal

func (*Policy) ProtoMessage

func (*Policy) ProtoMessage()

func (*Policy) Reset

func (m *Policy) Reset()

func (*Policy) String

func (m *Policy) String() string

func (*Policy) XXX_DiscardUnknown

func (m *Policy) XXX_DiscardUnknown()

func (*Policy) XXX_Marshal

func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Policy) XXX_Merge

func (m *Policy) XXX_Merge(src proto.Message)

func (*Policy) XXX_Size

func (m *Policy) XXX_Size() int

func (*Policy) XXX_Unmarshal

func (m *Policy) XXX_Unmarshal(b []byte) error

type Principal

type Principal struct {
	JwtPrincipal         *JWTPrincipal `protobuf:"bytes,1,opt,name=jwt_principal,json=jwtPrincipal,proto3" json:"jwt_principal,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

An RBAC principal - the identity entity (usually a user or a service account).

func (*Principal) Descriptor

func (*Principal) Descriptor() ([]byte, []int)

func (*Principal) Equal

func (this *Principal) Equal(that interface{}) bool

func (*Principal) GetJwtPrincipal

func (m *Principal) GetJwtPrincipal() *JWTPrincipal

func (*Principal) ProtoMessage

func (*Principal) ProtoMessage()

func (*Principal) Reset

func (m *Principal) Reset()

func (*Principal) String

func (m *Principal) String() string

func (*Principal) XXX_DiscardUnknown

func (m *Principal) XXX_DiscardUnknown()

func (*Principal) XXX_Marshal

func (m *Principal) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Principal) XXX_Merge

func (m *Principal) XXX_Merge(src proto.Message)

func (*Principal) XXX_Size

func (m *Principal) XXX_Size() int

func (*Principal) XXX_Unmarshal

func (m *Principal) XXX_Unmarshal(b []byte) error

type RouteExtension deprecated

type RouteExtension struct {
	// Types that are valid to be assigned to Route:
	//	*RouteExtension_Disable
	//	*RouteExtension_Config
	Route                isRouteExtension_Route `protobuf_oneof:"route"`
	XXX_NoUnkeyedLiteral struct{}               `json:"-"`
	XXX_unrecognized     []byte                 `json:"-"`
	XXX_sizecache        int32                  `json:"-"`
}

TODO(kdorosh) remove once we stop supporting opaque RBAC config

Deprecated: Do not use.

func (*RouteExtension) Descriptor

func (*RouteExtension) Descriptor() ([]byte, []int)

func (*RouteExtension) Equal

func (this *RouteExtension) Equal(that interface{}) bool

func (*RouteExtension) GetConfig

func (m *RouteExtension) GetConfig() *Config

func (*RouteExtension) GetDisable

func (m *RouteExtension) GetDisable() bool

func (*RouteExtension) GetRoute

func (m *RouteExtension) GetRoute() isRouteExtension_Route

func (*RouteExtension) ProtoMessage

func (*RouteExtension) ProtoMessage()

func (*RouteExtension) Reset

func (m *RouteExtension) Reset()

func (*RouteExtension) String

func (m *RouteExtension) String() string

func (*RouteExtension) XXX_DiscardUnknown

func (m *RouteExtension) XXX_DiscardUnknown()

func (*RouteExtension) XXX_Marshal

func (m *RouteExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RouteExtension) XXX_Merge

func (m *RouteExtension) XXX_Merge(src proto.Message)

func (*RouteExtension) XXX_OneofWrappers

func (*RouteExtension) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*RouteExtension) XXX_Size

func (m *RouteExtension) XXX_Size() int

func (*RouteExtension) XXX_Unmarshal

func (m *RouteExtension) XXX_Unmarshal(b []byte) error

type RouteExtension_Config

type RouteExtension_Config struct {
	Config *Config `protobuf:"bytes,2,opt,name=config,proto3,oneof" json:"config,omitempty"`
}

func (*RouteExtension_Config) Equal

func (this *RouteExtension_Config) Equal(that interface{}) bool

type RouteExtension_Disable

type RouteExtension_Disable struct {
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3,oneof" json:"disable,omitempty"`
}

func (*RouteExtension_Disable) Equal

func (this *RouteExtension_Disable) Equal(that interface{}) bool

type Settings

type Settings struct {
	// Require RBAC for all virtual hosts. A vhost without an RBAC policy set will fallback to a deny-all policy.
	RequireRbac          bool     `protobuf:"varint,1,opt,name=require_rbac,json=requireRbac,proto3" json:"require_rbac,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Settings) Descriptor

func (*Settings) Descriptor() ([]byte, []int)

func (*Settings) Equal

func (this *Settings) Equal(that interface{}) bool

func (*Settings) GetRequireRbac

func (m *Settings) GetRequireRbac() bool

func (*Settings) ProtoMessage

func (*Settings) ProtoMessage()

func (*Settings) Reset

func (m *Settings) Reset()

func (*Settings) String

func (m *Settings) String() string

func (*Settings) XXX_DiscardUnknown

func (m *Settings) XXX_DiscardUnknown()

func (*Settings) XXX_Marshal

func (m *Settings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Settings) XXX_Merge

func (m *Settings) XXX_Merge(src proto.Message)

func (*Settings) XXX_Size

func (m *Settings) XXX_Size() int

func (*Settings) XXX_Unmarshal

func (m *Settings) XXX_Unmarshal(b []byte) error

type VhostExtension deprecated

type VhostExtension struct {
	Config               *Config  `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TODO(kdorosh) remove once we stop supporting opaque RBAC config

Deprecated: Do not use.

func (*VhostExtension) Descriptor

func (*VhostExtension) Descriptor() ([]byte, []int)

func (*VhostExtension) Equal

func (this *VhostExtension) Equal(that interface{}) bool

func (*VhostExtension) GetConfig

func (m *VhostExtension) GetConfig() *Config

func (*VhostExtension) ProtoMessage

func (*VhostExtension) ProtoMessage()

func (*VhostExtension) Reset

func (m *VhostExtension) Reset()

func (*VhostExtension) String

func (m *VhostExtension) String() string

func (*VhostExtension) XXX_DiscardUnknown

func (m *VhostExtension) XXX_DiscardUnknown()

func (*VhostExtension) XXX_Marshal

func (m *VhostExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VhostExtension) XXX_Merge

func (m *VhostExtension) XXX_Merge(src proto.Message)

func (*VhostExtension) XXX_Size

func (m *VhostExtension) XXX_Size() int

func (*VhostExtension) XXX_Unmarshal

func (m *VhostExtension) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL