Documentation ¶
Index ¶
- Variables
- type Action
- func (m *Action) Clone() proto.Message
- func (*Action) Descriptor() ([]byte, []int)deprecated
- func (m *Action) Equal(that interface{}) bool
- func (x *Action) GetActionType() Action_ActionType
- func (x *Action) GetCustomAction() *CustomAction
- func (x *Action) GetKeyValueAction() *KeyValueAction
- func (x *Action) GetShadow() bool
- func (m *Action) Hash(hasher hash.Hash64) (uint64, error)
- func (*Action) ProtoMessage()
- func (x *Action) ProtoReflect() protoreflect.Message
- func (x *Action) Reset()
- func (x *Action) String() string
- type Action_ActionType
- func (Action_ActionType) Descriptor() protoreflect.EnumDescriptor
- func (x Action_ActionType) Enum() *Action_ActionType
- func (Action_ActionType) EnumDescriptor() ([]byte, []int)deprecated
- func (x Action_ActionType) Number() protoreflect.EnumNumber
- func (x Action_ActionType) String() string
- func (Action_ActionType) Type() protoreflect.EnumType
- type Config
- func (m *Config) Clone() proto.Message
- func (*Config) Descriptor() ([]byte, []int)deprecated
- func (m *Config) Equal(that interface{}) bool
- func (x *Config) GetActions() []*Action
- func (x *Config) GetEnabledFor() Config_EnableFor
- func (m *Config) Hash(hasher hash.Hash64) (uint64, error)
- func (*Config) ProtoMessage()
- func (x *Config) ProtoReflect() protoreflect.Message
- func (x *Config) Reset()
- func (x *Config) String() string
- type Config_EnableFor
- func (Config_EnableFor) Descriptor() protoreflect.EnumDescriptor
- func (x Config_EnableFor) Enum() *Config_EnableFor
- func (Config_EnableFor) EnumDescriptor() ([]byte, []int)deprecated
- func (x Config_EnableFor) Number() protoreflect.EnumNumber
- func (x Config_EnableFor) String() string
- func (Config_EnableFor) Type() protoreflect.EnumType
- type CustomAction
- func (m *CustomAction) Clone() proto.Message
- func (*CustomAction) Descriptor() ([]byte, []int)deprecated
- func (m *CustomAction) Equal(that interface{}) bool
- func (x *CustomAction) GetMaskChar() string
- func (x *CustomAction) GetName() string
- func (x *CustomAction) GetPercent() *_type.Percent
- func (x *CustomAction) GetRegex() []stringdeprecated
- func (x *CustomAction) GetRegexActions() []*transformation_ee.RegexAction
- func (m *CustomAction) Hash(hasher hash.Hash64) (uint64, error)
- func (*CustomAction) ProtoMessage()
- func (x *CustomAction) ProtoReflect() protoreflect.Message
- func (x *CustomAction) Reset()
- func (x *CustomAction) String() string
- type DlpRule
- func (m *DlpRule) Clone() proto.Message
- func (*DlpRule) Descriptor() ([]byte, []int)deprecated
- func (m *DlpRule) Equal(that interface{}) bool
- func (x *DlpRule) GetActions() []*Action
- func (x *DlpRule) GetMatcher() *matchers.Matcher
- func (m *DlpRule) Hash(hasher hash.Hash64) (uint64, error)
- func (*DlpRule) ProtoMessage()
- func (x *DlpRule) ProtoReflect() protoreflect.Message
- func (x *DlpRule) Reset()
- func (x *DlpRule) String() string
- type FilterConfig
- func (m *FilterConfig) Clone() proto.Message
- func (*FilterConfig) Descriptor() ([]byte, []int)deprecated
- func (m *FilterConfig) Equal(that interface{}) bool
- func (x *FilterConfig) GetDlpRules() []*DlpRule
- func (x *FilterConfig) GetEnabledFor() FilterConfig_EnableFor
- func (m *FilterConfig) Hash(hasher hash.Hash64) (uint64, error)
- func (*FilterConfig) ProtoMessage()
- func (x *FilterConfig) ProtoReflect() protoreflect.Message
- func (x *FilterConfig) Reset()
- func (x *FilterConfig) String() string
- type FilterConfig_EnableFor
- func (FilterConfig_EnableFor) Descriptor() protoreflect.EnumDescriptor
- func (x FilterConfig_EnableFor) Enum() *FilterConfig_EnableFor
- func (FilterConfig_EnableFor) EnumDescriptor() ([]byte, []int)deprecated
- func (x FilterConfig_EnableFor) Number() protoreflect.EnumNumber
- func (x FilterConfig_EnableFor) String() string
- func (FilterConfig_EnableFor) Type() protoreflect.EnumType
- type KeyValueAction
- func (m *KeyValueAction) Clone() proto.Message
- func (*KeyValueAction) Descriptor() ([]byte, []int)deprecated
- func (m *KeyValueAction) Equal(that interface{}) bool
- func (x *KeyValueAction) GetKeyToMask() string
- func (x *KeyValueAction) GetMaskChar() string
- func (x *KeyValueAction) GetName() string
- func (x *KeyValueAction) GetPercent() *_type.Percent
- func (m *KeyValueAction) Hash(hasher hash.Hash64) (uint64, error)
- func (*KeyValueAction) ProtoMessage()
- func (x *KeyValueAction) ProtoReflect() protoreflect.Message
- func (x *KeyValueAction) Reset()
- func (x *KeyValueAction) String() string
Constants ¶
This section is empty.
Variables ¶
var ( FilterConfig_EnableFor_name = map[int32]string{ 0: "RESPONSE_BODY", 1: "ACCESS_LOGS", 2: "ALL", } FilterConfig_EnableFor_value = map[string]int32{ "RESPONSE_BODY": 0, "ACCESS_LOGS": 1, "ALL": 2, } )
Enum value maps for FilterConfig_EnableFor.
var ( Config_EnableFor_name = map[int32]string{ 0: "RESPONSE_BODY", 1: "ACCESS_LOGS", 2: "ALL", } Config_EnableFor_value = map[string]int32{ "RESPONSE_BODY": 0, "ACCESS_LOGS": 1, "ALL": 2, } )
Enum value maps for Config_EnableFor.
var ( Action_ActionType_name = map[int32]string{ 0: "CUSTOM", 1: "SSN", 2: "MASTERCARD", 3: "VISA", 4: "AMEX", 5: "DISCOVER", 6: "JCB", 7: "DINERS_CLUB", 8: "CREDIT_CARD_TRACKERS", 9: "ALL_CREDIT_CARDS", 10: "KEYVALUE", } Action_ActionType_value = map[string]int32{ "CUSTOM": 0, "SSN": 1, "MASTERCARD": 2, "VISA": 3, "AMEX": 4, "DISCOVER": 5, "JCB": 6, "DINERS_CLUB": 7, "CREDIT_CARD_TRACKERS": 8, "ALL_CREDIT_CARDS": 9, "KEYVALUE": 10, } )
Enum value maps for Action_ActionType.
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_dlp_dlp_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action struct { // The action type to implement. ActionType Action_ActionType `` /* 140-byte string literal not displayed */ // The custom user action to be applied. // This field will only be used if the custom action type is specified above. CustomAction *CustomAction `protobuf:"bytes,2,opt,name=custom_action,json=customAction,proto3" json:"custom_action,omitempty"` // The key/value action to be applied. // This field will only be used if the KEYVALUE action type is specified above // will only affect access logs and response headers, not response bodies KeyValueAction *KeyValueAction `protobuf:"bytes,4,opt,name=key_value_action,json=keyValueAction,proto3" json:"key_value_action,omitempty"` // Shadow represents whether the action should be taken, or just recorded. Shadow bool `protobuf:"varint,3,opt,name=shadow,proto3" json:"shadow,omitempty"` // contains filtered or unexported fields }
A single action meant to mask sensitive data. The action type represents a set of pre configured actions, as well as the ability to create custom actions. These actions can also be shadowed, a shadowed action will be recorded in the statistics, and debug logs, but not actually committed in the response body.
To use a pre-made action simply set the action type to anything other than `CUSTOM`
``` yaml actionType: VISA ```
To create a custom action set the custom action field. The default enum value is custom, so that can be left empty.
``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```
func (*Action) Descriptor
deprecated
func (*Action) GetActionType ¶
func (x *Action) GetActionType() Action_ActionType
func (*Action) GetCustomAction ¶
func (x *Action) GetCustomAction() *CustomAction
func (*Action) GetKeyValueAction ¶ added in v1.9.25
func (x *Action) GetKeyValueAction() *KeyValueAction
func (*Action) ProtoMessage ¶
func (*Action) ProtoMessage()
func (*Action) ProtoReflect ¶ added in v1.6.0
func (x *Action) ProtoReflect() protoreflect.Message
type Action_ActionType ¶
type Action_ActionType int32
The following pre-made action types map to subgroup 1 of the listed regex patterns:
SSN: - '(?:^|\D)([0-9]{9})(?:\D|$)' - '(?:^|\D)([0-9]{3}\-[0-9]{2}\-[0-9]{4})(?:\D|$)' - '(?:^|\D)([0-9]{3}\ [0-9]{2}\ [0-9]{4})(?:\D|$)'
MASTERCARD: - '(?:^|\D)(5[1-5][0-9]{2}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'
VISA: - '(?:^|\D)(4[0-9]{3}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'
AMEX: - '(?:^|\D)((?:34|37)[0-9]{2}(?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{5})(?:\D|$)'
DISCOVER: - '(?:^|\D)(6011(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'
JCB: - '(?:^|\D)(3[0-9]{3}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)' - '(?:^|\D)((?:2131|1800)[0-9]{11})(?:\D|$)'
DINERS_CLUB: - '(?:^|\D)(30[0-5][0-9](?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{4})(?:\D|$)' - '(?:^|\D)((?:36|38)[0-9]{2}(?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{4})(?:\D|$)'
CREDIT_CARD_TRACKERS: - '([1-9][0-9]{2}\-[0-9]{2}\-[0-9]{4}\^\d)' - '(?:^|\D)(\%?[Bb]\d{13,19}\^[\-\/\.\w\s]{2,26}\^[0-9][0-9][01][0-9][0-9]{3})' - '(?:^|\D)(\;\d{13,19}\=(?:\d{3}|)(?:\d{4}|\=))'
ALL_CREDIT_CARDS: - (All credit card related regexes from above)
const ( Action_CUSTOM Action_ActionType = 0 Action_SSN Action_ActionType = 1 Action_MASTERCARD Action_ActionType = 2 Action_VISA Action_ActionType = 3 Action_AMEX Action_ActionType = 4 Action_DISCOVER Action_ActionType = 5 Action_JCB Action_ActionType = 6 Action_DINERS_CLUB Action_ActionType = 7 Action_CREDIT_CARD_TRACKERS Action_ActionType = 8 Action_ALL_CREDIT_CARDS Action_ActionType = 9 Action_KEYVALUE Action_ActionType = 10 )
func (Action_ActionType) Descriptor ¶ added in v1.6.0
func (Action_ActionType) Descriptor() protoreflect.EnumDescriptor
func (Action_ActionType) Enum ¶ added in v1.6.0
func (x Action_ActionType) Enum() *Action_ActionType
func (Action_ActionType) EnumDescriptor
deprecated
func (Action_ActionType) EnumDescriptor() ([]byte, []int)
Deprecated: Use Action_ActionType.Descriptor instead.
func (Action_ActionType) Number ¶ added in v1.6.0
func (x Action_ActionType) Number() protoreflect.EnumNumber
func (Action_ActionType) String ¶
func (x Action_ActionType) String() string
func (Action_ActionType) Type ¶ added in v1.6.0
func (Action_ActionType) Type() protoreflect.EnumType
type Config ¶
type Config struct { // List of data loss prevention actions to be applied. // These actions will be applied in order, one at a time. Actions []*Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"` // Whether responses, access logs, or both should be masked by the applied actions. // If not defined, masking will only be enabled for responses bodies. EnabledFor Config_EnableFor `` /* 139-byte string literal not displayed */ // contains filtered or unexported fields }
Route/Vhost level config for dlp filter
If a config is present on the route or vhost level it will completely overwrite the listener level config.
func (*Config) Descriptor
deprecated
func (*Config) GetActions ¶
func (*Config) GetEnabledFor ¶ added in v1.7.7
func (x *Config) GetEnabledFor() Config_EnableFor
func (*Config) ProtoMessage ¶
func (*Config) ProtoMessage()
func (*Config) ProtoReflect ¶ added in v1.6.0
func (x *Config) ProtoReflect() protoreflect.Message
type Config_EnableFor ¶ added in v1.7.7
type Config_EnableFor int32
const ( // Only enable DLP masking of response bodies. Defaults to this value. Config_RESPONSE_BODY Config_EnableFor = 0 // Only enable DLP masking of access logs. Config_ACCESS_LOGS Config_EnableFor = 1 // Enable DLP masking for both responses and access logs. Config_ALL Config_EnableFor = 2 )
func (Config_EnableFor) Descriptor ¶ added in v1.7.7
func (Config_EnableFor) Descriptor() protoreflect.EnumDescriptor
func (Config_EnableFor) Enum ¶ added in v1.7.7
func (x Config_EnableFor) Enum() *Config_EnableFor
func (Config_EnableFor) EnumDescriptor
deprecated
added in
v1.7.7
func (Config_EnableFor) EnumDescriptor() ([]byte, []int)
Deprecated: Use Config_EnableFor.Descriptor instead.
func (Config_EnableFor) Number ¶ added in v1.7.7
func (x Config_EnableFor) Number() protoreflect.EnumNumber
func (Config_EnableFor) String ¶ added in v1.7.7
func (x Config_EnableFor) String() string
func (Config_EnableFor) Type ¶ added in v1.7.7
func (Config_EnableFor) Type() protoreflect.EnumType
type CustomAction ¶
type CustomAction struct { // The name of the custom action. // This name is used for logging and debugging purposes. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The list of regex strings which will be applied in order. // // Deprecated: Do not use. Regex []string `protobuf:"bytes,2,rep,name=regex,proto3" json:"regex,omitempty"` // The masking character for the sensitive data. // default value: X MaskChar string `protobuf:"bytes,3,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"` // The percent of the string which will be masked by the mask_char // default value: 75% // rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/ Percent *_type.Percent `protobuf:"bytes,4,opt,name=percent,proto3" json:"percent,omitempty"` // List of regexes to apply to the response body to match data which should be // masked. They will be applied iteratively in the order which they are // specified. If this field and `regex` are both provided, all the regexes will // be applied iteratively in the order provided, starting with the ones from `regex` RegexActions []*transformation_ee.RegexAction `protobuf:"bytes,5,rep,name=regex_actions,json=regexActions,proto3" json:"regex_actions,omitempty"` // contains filtered or unexported fields }
A user defined custom action to carry out on the response body.
The list of regex strings are applied in order. So for instance, if there is a response body with the content: `hello world`
And there is a custom action ``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```
the result would be: `YYYlo YYYld`
If the mask_char, and percent were left to default, the result would be: `XXXXo XXXXd`
func (*CustomAction) Clone ¶ added in v1.8.24
func (m *CustomAction) Clone() proto.Message
Clone function
func (*CustomAction) Descriptor
deprecated
func (*CustomAction) Descriptor() ([]byte, []int)
Deprecated: Use CustomAction.ProtoReflect.Descriptor instead.
func (*CustomAction) GetMaskChar ¶
func (x *CustomAction) GetMaskChar() string
func (*CustomAction) GetName ¶
func (x *CustomAction) GetName() string
func (*CustomAction) GetPercent ¶
func (x *CustomAction) GetPercent() *_type.Percent
func (*CustomAction) GetRegex
deprecated
func (x *CustomAction) GetRegex() []string
Deprecated: Do not use.
func (*CustomAction) GetRegexActions ¶ added in v1.8.14
func (x *CustomAction) GetRegexActions() []*transformation_ee.RegexAction
func (*CustomAction) Hash ¶ added in v1.2.13
func (m *CustomAction) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*CustomAction) ProtoMessage ¶
func (*CustomAction) ProtoMessage()
func (*CustomAction) ProtoReflect ¶ added in v1.6.0
func (x *CustomAction) ProtoReflect() protoreflect.Message
func (*CustomAction) Reset ¶
func (x *CustomAction) Reset()
func (*CustomAction) String ¶
func (x *CustomAction) String() string
type DlpRule ¶
type DlpRule struct { // Matcher by which to determine if the given transformation should be applied // if omitted, will it match all (i.e., default to / prefix matcher) Matcher *matchers.Matcher `protobuf:"bytes,1,opt,name=matcher,proto3" json:"matcher,omitempty"` // List of data loss prevention actions to be applied. // These actions will be applied in order, one at a time. Actions []*Action `protobuf:"bytes,2,rep,name=actions,proto3" json:"actions,omitempty"` // contains filtered or unexported fields }
Rule which applies a given set of actions to a matching route. The route matching functions exactly the same as the envoy routes in the virtual host.
func (*DlpRule) Descriptor
deprecated
func (*DlpRule) GetActions ¶
func (*DlpRule) GetMatcher ¶
func (*DlpRule) ProtoMessage ¶
func (*DlpRule) ProtoMessage()
func (*DlpRule) ProtoReflect ¶ added in v1.6.0
func (x *DlpRule) ProtoReflect() protoreflect.Message
type FilterConfig ¶
type FilterConfig struct { // The list of transformation, matcher pairs. // The first rule which matches will be applied. DlpRules []*DlpRule `protobuf:"bytes,1,rep,name=dlp_rules,json=dlpRules,proto3" json:"dlp_rules,omitempty"` // Whether responses, access logs, or both should be masked by the applied actions. // If not defined, masking will only be enabled for responses bodies. EnabledFor FilterConfig_EnableFor `` /* 145-byte string literal not displayed */ // contains filtered or unexported fields }
Listener level config for dlp filter
func (*FilterConfig) Clone ¶ added in v1.8.24
func (m *FilterConfig) Clone() proto.Message
Clone function
func (*FilterConfig) Descriptor
deprecated
func (*FilterConfig) Descriptor() ([]byte, []int)
Deprecated: Use FilterConfig.ProtoReflect.Descriptor instead.
func (*FilterConfig) GetDlpRules ¶
func (x *FilterConfig) GetDlpRules() []*DlpRule
func (*FilterConfig) GetEnabledFor ¶ added in v1.7.7
func (x *FilterConfig) GetEnabledFor() FilterConfig_EnableFor
func (*FilterConfig) Hash ¶ added in v1.2.13
func (m *FilterConfig) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*FilterConfig) ProtoMessage ¶
func (*FilterConfig) ProtoMessage()
func (*FilterConfig) ProtoReflect ¶ added in v1.6.0
func (x *FilterConfig) ProtoReflect() protoreflect.Message
func (*FilterConfig) Reset ¶
func (x *FilterConfig) Reset()
func (*FilterConfig) String ¶
func (x *FilterConfig) String() string
type FilterConfig_EnableFor ¶ added in v1.7.7
type FilterConfig_EnableFor int32
const ( // Only enable DLP masking of response bodies. Defaults to this value. FilterConfig_RESPONSE_BODY FilterConfig_EnableFor = 0 // Only enable DLP masking of access logs. FilterConfig_ACCESS_LOGS FilterConfig_EnableFor = 1 // Enable DLP masking for both responses and access logs. FilterConfig_ALL FilterConfig_EnableFor = 2 )
func (FilterConfig_EnableFor) Descriptor ¶ added in v1.7.7
func (FilterConfig_EnableFor) Descriptor() protoreflect.EnumDescriptor
func (FilterConfig_EnableFor) Enum ¶ added in v1.7.7
func (x FilterConfig_EnableFor) Enum() *FilterConfig_EnableFor
func (FilterConfig_EnableFor) EnumDescriptor
deprecated
added in
v1.7.7
func (FilterConfig_EnableFor) EnumDescriptor() ([]byte, []int)
Deprecated: Use FilterConfig_EnableFor.Descriptor instead.
func (FilterConfig_EnableFor) Number ¶ added in v1.7.7
func (x FilterConfig_EnableFor) Number() protoreflect.EnumNumber
func (FilterConfig_EnableFor) String ¶ added in v1.7.7
func (x FilterConfig_EnableFor) String() string
func (FilterConfig_EnableFor) Type ¶ added in v1.7.7
func (FilterConfig_EnableFor) Type() protoreflect.EnumType
type KeyValueAction ¶ added in v1.9.25
type KeyValueAction struct { // The name of the key/value action. // This name is used for logging and debugging purposes. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The masking character for the sensitive data. // default value: X MaskChar string `protobuf:"bytes,2,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"` // The percent of the string which will be masked by the mask_char // default value: 75% // rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/ Percent *_type.Percent `protobuf:"bytes,3,opt,name=percent,proto3" json:"percent,omitempty"` // The key for which corresponding header names/dynamic metadata values should be censored // Must be specified KeyToMask string `protobuf:"bytes,4,opt,name=key_to_mask,json=keyToMask,proto3" json:"key_to_mask,omitempty"` // contains filtered or unexported fields }
func (*KeyValueAction) Clone ¶ added in v1.9.25
func (m *KeyValueAction) Clone() proto.Message
Clone function
func (*KeyValueAction) Descriptor
deprecated
added in
v1.9.25
func (*KeyValueAction) Descriptor() ([]byte, []int)
Deprecated: Use KeyValueAction.ProtoReflect.Descriptor instead.
func (*KeyValueAction) Equal ¶ added in v1.9.25
func (m *KeyValueAction) Equal(that interface{}) bool
Equal function
func (*KeyValueAction) GetKeyToMask ¶ added in v1.9.25
func (x *KeyValueAction) GetKeyToMask() string
func (*KeyValueAction) GetMaskChar ¶ added in v1.9.25
func (x *KeyValueAction) GetMaskChar() string
func (*KeyValueAction) GetName ¶ added in v1.9.25
func (x *KeyValueAction) GetName() string
func (*KeyValueAction) GetPercent ¶ added in v1.9.25
func (x *KeyValueAction) GetPercent() *_type.Percent
func (*KeyValueAction) Hash ¶ added in v1.9.25
func (m *KeyValueAction) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*KeyValueAction) ProtoMessage ¶ added in v1.9.25
func (*KeyValueAction) ProtoMessage()
func (*KeyValueAction) ProtoReflect ¶ added in v1.9.25
func (x *KeyValueAction) ProtoReflect() protoreflect.Message
func (*KeyValueAction) Reset ¶ added in v1.9.25
func (x *KeyValueAction) Reset()
func (*KeyValueAction) String ¶ added in v1.9.25
func (x *KeyValueAction) String() string