rbac

package
v1.19.0-beta1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 6, 2024 License: Apache-2.0 Imports: 19 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	JWTPrincipal_ClaimMatcher_name = map[int32]string{
		0: "EXACT_STRING",
		1: "BOOLEAN",
		2: "LIST_CONTAINS",
	}
	JWTPrincipal_ClaimMatcher_value = map[string]int32{
		"EXACT_STRING":  0,
		"BOOLEAN":       1,
		"LIST_CONTAINS": 2,
	}
)

Enum value maps for JWTPrincipal_ClaimMatcher.

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_rbac_rbac_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ExtensionSettings

type ExtensionSettings struct {

	// Disable RBAC checks on this resource (default false). This is useful to allow access to static resources/login page without RBAC checks.
	// If provided on a route, all route settings override any vhost settings
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	// Named policies to apply.
	Policies map[string]*Policy `` /* 157-byte string literal not displayed */
	// contains filtered or unexported fields
}

RBAC settings for Virtual Hosts and Routes

func (*ExtensionSettings) Clone added in v1.8.24

func (m *ExtensionSettings) Clone() proto.Message

Clone function

func (*ExtensionSettings) Descriptor deprecated

func (*ExtensionSettings) Descriptor() ([]byte, []int)

Deprecated: Use ExtensionSettings.ProtoReflect.Descriptor instead.

func (*ExtensionSettings) Equal

func (m *ExtensionSettings) Equal(that interface{}) bool

Equal function

func (*ExtensionSettings) GetDisable

func (x *ExtensionSettings) GetDisable() bool

func (*ExtensionSettings) GetPolicies

func (x *ExtensionSettings) GetPolicies() map[string]*Policy

func (*ExtensionSettings) Hash deprecated added in v1.2.13

func (m *ExtensionSettings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*ExtensionSettings) HashUnique added in v1.18.0

func (m *ExtensionSettings) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*ExtensionSettings) ProtoMessage

func (*ExtensionSettings) ProtoMessage()

func (*ExtensionSettings) ProtoReflect added in v1.6.0

func (x *ExtensionSettings) ProtoReflect() protoreflect.Message

func (*ExtensionSettings) Reset

func (x *ExtensionSettings) Reset()

func (*ExtensionSettings) String

func (x *ExtensionSettings) String() string

type JWTPrincipal

type JWTPrincipal struct {

	// Set of claims that make up this principal. Commonly, the 'iss' and 'sub' or 'email' claims are used.
	// If you specify the path for a nested claim, such as 'parent.child.foo', you must also specify
	// a non-empty string value for the `nested_claim_delimiter` field in the Policy.
	Claims map[string]string `` /* 153-byte string literal not displayed */
	// Verify that the JWT came from a specific provider. This usually can be left empty
	// and a provider will be chosen automatically.
	Provider string `protobuf:"bytes,2,opt,name=provider,proto3" json:"provider,omitempty"`
	// The matcher to use when evaluating this principal. By default, exact string comparison (EXACT_STRING) is used.
	Matcher JWTPrincipal_ClaimMatcher `protobuf:"varint,3,opt,name=matcher,proto3,enum=rbac.options.gloo.solo.io.JWTPrincipal_ClaimMatcher" json:"matcher,omitempty"`
	// contains filtered or unexported fields
}

A JWT principal. To use this, JWT option MUST be enabled.

func (*JWTPrincipal) Clone added in v1.8.24

func (m *JWTPrincipal) Clone() proto.Message

Clone function

func (*JWTPrincipal) Descriptor deprecated

func (*JWTPrincipal) Descriptor() ([]byte, []int)

Deprecated: Use JWTPrincipal.ProtoReflect.Descriptor instead.

func (*JWTPrincipal) Equal

func (m *JWTPrincipal) Equal(that interface{}) bool

Equal function

func (*JWTPrincipal) GetClaims

func (x *JWTPrincipal) GetClaims() map[string]string

func (*JWTPrincipal) GetMatcher added in v1.9.0

func (x *JWTPrincipal) GetMatcher() JWTPrincipal_ClaimMatcher

func (*JWTPrincipal) GetProvider

func (x *JWTPrincipal) GetProvider() string

func (*JWTPrincipal) Hash deprecated added in v1.2.13

func (m *JWTPrincipal) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*JWTPrincipal) HashUnique added in v1.18.0

func (m *JWTPrincipal) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*JWTPrincipal) ProtoMessage

func (*JWTPrincipal) ProtoMessage()

func (*JWTPrincipal) ProtoReflect added in v1.6.0

func (x *JWTPrincipal) ProtoReflect() protoreflect.Message

func (*JWTPrincipal) Reset

func (x *JWTPrincipal) Reset()

func (*JWTPrincipal) String

func (x *JWTPrincipal) String() string

type JWTPrincipal_ClaimMatcher added in v1.9.0

type JWTPrincipal_ClaimMatcher int32

Used to specify how claims should be matched to the value.

const (
	// The JWT claim value is a string that exactly matches the value.
	JWTPrincipal_EXACT_STRING JWTPrincipal_ClaimMatcher = 0
	// The JWT claim value is a boolean that matches the value.
	JWTPrincipal_BOOLEAN JWTPrincipal_ClaimMatcher = 1
	// The JWT claim value is a list that contains a string that exactly matches the value.
	JWTPrincipal_LIST_CONTAINS JWTPrincipal_ClaimMatcher = 2
)

func (JWTPrincipal_ClaimMatcher) Descriptor added in v1.9.0

func (JWTPrincipal_ClaimMatcher) Enum added in v1.9.0

func (JWTPrincipal_ClaimMatcher) EnumDescriptor deprecated added in v1.9.0

func (JWTPrincipal_ClaimMatcher) EnumDescriptor() ([]byte, []int)

Deprecated: Use JWTPrincipal_ClaimMatcher.Descriptor instead.

func (JWTPrincipal_ClaimMatcher) Number added in v1.9.0

func (JWTPrincipal_ClaimMatcher) String added in v1.9.0

func (x JWTPrincipal_ClaimMatcher) String() string

func (JWTPrincipal_ClaimMatcher) Type added in v1.9.0

type Permissions

type Permissions struct {

	// Paths that have this prefix will be allowed.
	PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	// What http methods (GET, POST, ...) are allowed.
	Methods []string `protobuf:"bytes,2,rep,name=methods,proto3" json:"methods,omitempty"`
	// contains filtered or unexported fields
}

What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.

func (*Permissions) Clone added in v1.8.24

func (m *Permissions) Clone() proto.Message

Clone function

func (*Permissions) Descriptor deprecated

func (*Permissions) Descriptor() ([]byte, []int)

Deprecated: Use Permissions.ProtoReflect.Descriptor instead.

func (*Permissions) Equal

func (m *Permissions) Equal(that interface{}) bool

Equal function

func (*Permissions) GetMethods

func (x *Permissions) GetMethods() []string

func (*Permissions) GetPathPrefix

func (x *Permissions) GetPathPrefix() string

func (*Permissions) Hash deprecated added in v1.2.13

func (m *Permissions) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Permissions) HashUnique added in v1.18.0

func (m *Permissions) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Permissions) ProtoMessage

func (*Permissions) ProtoMessage()

func (*Permissions) ProtoReflect added in v1.6.0

func (x *Permissions) ProtoReflect() protoreflect.Message

func (*Permissions) Reset

func (x *Permissions) Reset()

func (*Permissions) String

func (x *Permissions) String() string

type Policy

type Policy struct {

	// Principals in this policy.
	Principals []*Principal `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
	// Permissions granted to the principals.
	Permissions *Permissions `protobuf:"bytes,2,opt,name=permissions,proto3" json:"permissions,omitempty"`
	// The delimiter to use when specifying nested claim names within principals.
	// Default is an empty string, which disables nested claim functionality.
	// This is commonly set to `.`, allowing for nested claim names of the form
	// `parent.child.grandchild`
	NestedClaimDelimiter string `protobuf:"bytes,3,opt,name=nested_claim_delimiter,json=nestedClaimDelimiter,proto3" json:"nested_claim_delimiter,omitempty"`
	// contains filtered or unexported fields
}

func (*Policy) Clone added in v1.8.24

func (m *Policy) Clone() proto.Message

Clone function

func (*Policy) Descriptor deprecated

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) Equal

func (m *Policy) Equal(that interface{}) bool

Equal function

func (*Policy) GetNestedClaimDelimiter added in v1.9.0

func (x *Policy) GetNestedClaimDelimiter() string

func (*Policy) GetPermissions

func (x *Policy) GetPermissions() *Permissions

func (*Policy) GetPrincipals

func (x *Policy) GetPrincipals() []*Principal

func (*Policy) Hash deprecated added in v1.2.13

func (m *Policy) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Policy) HashUnique added in v1.18.0

func (m *Policy) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Policy) ProtoMessage

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect added in v1.6.0

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset

func (x *Policy) Reset()

func (*Policy) String

func (x *Policy) String() string

type Principal

type Principal struct {
	JwtPrincipal *JWTPrincipal `protobuf:"bytes,1,opt,name=jwt_principal,json=jwtPrincipal,proto3" json:"jwt_principal,omitempty"`
	// contains filtered or unexported fields
}

An RBAC principal - the identity entity (usually a user or a service account).

func (*Principal) Clone added in v1.8.24

func (m *Principal) Clone() proto.Message

Clone function

func (*Principal) Descriptor deprecated

func (*Principal) Descriptor() ([]byte, []int)

Deprecated: Use Principal.ProtoReflect.Descriptor instead.

func (*Principal) Equal

func (m *Principal) Equal(that interface{}) bool

Equal function

func (*Principal) GetJwtPrincipal

func (x *Principal) GetJwtPrincipal() *JWTPrincipal

func (*Principal) Hash deprecated added in v1.2.13

func (m *Principal) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Principal) HashUnique added in v1.18.0

func (m *Principal) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Principal) ProtoMessage

func (*Principal) ProtoMessage()

func (*Principal) ProtoReflect added in v1.6.0

func (x *Principal) ProtoReflect() protoreflect.Message

func (*Principal) Reset

func (x *Principal) Reset()

func (*Principal) String

func (x *Principal) String() string

type Settings

type Settings struct {

	// Require RBAC for all virtual hosts. A vhost without an RBAC policy set will fallback to a deny-all policy.
	RequireRbac bool `protobuf:"varint,1,opt,name=require_rbac,json=requireRbac,proto3" json:"require_rbac,omitempty"`
	// contains filtered or unexported fields
}

Global RBAC settings

func (*Settings) Clone added in v1.8.24

func (m *Settings) Clone() proto.Message

Clone function

func (*Settings) Descriptor deprecated

func (*Settings) Descriptor() ([]byte, []int)

Deprecated: Use Settings.ProtoReflect.Descriptor instead.

func (*Settings) Equal

func (m *Settings) Equal(that interface{}) bool

Equal function

func (*Settings) GetRequireRbac

func (x *Settings) GetRequireRbac() bool

func (*Settings) Hash deprecated added in v1.2.13

func (m *Settings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Settings) HashUnique added in v1.18.0

func (m *Settings) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Settings) ProtoMessage

func (*Settings) ProtoMessage()

func (*Settings) ProtoReflect added in v1.6.0

func (x *Settings) ProtoReflect() protoreflect.Message

func (*Settings) Reset

func (x *Settings) Reset()

func (*Settings) String

func (x *Settings) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL