dlp

package
v1.19.0-beta2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: Apache-2.0 Imports: 23 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	FilterConfig_EnableFor_name = map[int32]string{
		0: "RESPONSE_BODY",
		1: "ACCESS_LOGS",
		2: "ALL",
	}
	FilterConfig_EnableFor_value = map[string]int32{
		"RESPONSE_BODY": 0,
		"ACCESS_LOGS":   1,
		"ALL":           2,
	}
)

Enum value maps for FilterConfig_EnableFor.

View Source
var (
	Config_EnableFor_name = map[int32]string{
		0: "RESPONSE_BODY",
		1: "ACCESS_LOGS",
		2: "ALL",
	}
	Config_EnableFor_value = map[string]int32{
		"RESPONSE_BODY": 0,
		"ACCESS_LOGS":   1,
		"ALL":           2,
	}
)

Enum value maps for Config_EnableFor.

View Source
var (
	Action_ActionType_name = map[int32]string{
		0:  "CUSTOM",
		1:  "SSN",
		2:  "MASTERCARD",
		3:  "VISA",
		4:  "AMEX",
		5:  "DISCOVER",
		6:  "JCB",
		7:  "DINERS_CLUB",
		8:  "CREDIT_CARD_TRACKERS",
		9:  "ALL_CREDIT_CARDS",
		10: "KEYVALUE",
		11: "ALL_CREDIT_CARDS_COMBINED",
	}
	Action_ActionType_value = map[string]int32{
		"CUSTOM":                    0,
		"SSN":                       1,
		"MASTERCARD":                2,
		"VISA":                      3,
		"AMEX":                      4,
		"DISCOVER":                  5,
		"JCB":                       6,
		"DINERS_CLUB":               7,
		"CREDIT_CARD_TRACKERS":      8,
		"ALL_CREDIT_CARDS":          9,
		"KEYVALUE":                  10,
		"ALL_CREDIT_CARDS_COMBINED": 11,
	}
)

Enum value maps for Action_ActionType.

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_dlp_dlp_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Action

type Action struct {

	// The action type to implement.
	ActionType Action_ActionType `` /* 140-byte string literal not displayed */
	// The custom user action to be applied.
	// This field will only be used if the custom action type is specified above.
	CustomAction *CustomAction `protobuf:"bytes,2,opt,name=custom_action,json=customAction,proto3" json:"custom_action,omitempty"`
	// The key/value action to be applied.
	// This field will only be used if the KEYVALUE action type is specified above
	// will only affect access logs and response headers, not response bodies
	KeyValueAction *KeyValueAction `protobuf:"bytes,4,opt,name=key_value_action,json=keyValueAction,proto3" json:"key_value_action,omitempty"`
	// Shadow represents whether the action should be taken, or just recorded.
	Shadow bool `protobuf:"varint,3,opt,name=shadow,proto3" json:"shadow,omitempty"`
	// contains filtered or unexported fields
}

A single action meant to mask sensitive data. The action type represents a set of pre configured actions, as well as the ability to create custom actions. These actions can also be shadowed, a shadowed action will be recorded in the statistics, and debug logs, but not actually committed in the response body.

To use a pre-made action simply set the action type to anything other than `CUSTOM`

``` yaml actionType: VISA ```

To create a custom action set the custom action field. The default enum value is custom, so that can be left empty.

``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

func (*Action) Clone added in v1.8.24

func (m *Action) Clone() proto.Message

Clone function

func (*Action) Descriptor deprecated

func (*Action) Descriptor() ([]byte, []int)

Deprecated: Use Action.ProtoReflect.Descriptor instead.

func (*Action) Equal

func (m *Action) Equal(that interface{}) bool

Equal function

func (*Action) GetActionType

func (x *Action) GetActionType() Action_ActionType

func (*Action) GetCustomAction

func (x *Action) GetCustomAction() *CustomAction

func (*Action) GetKeyValueAction added in v1.9.25

func (x *Action) GetKeyValueAction() *KeyValueAction

func (*Action) GetShadow

func (x *Action) GetShadow() bool

func (*Action) Hash deprecated added in v1.2.13

func (m *Action) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Action) HashUnique added in v1.18.0

func (m *Action) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Action) ProtoMessage

func (*Action) ProtoMessage()

func (*Action) ProtoReflect added in v1.6.0

func (x *Action) ProtoReflect() protoreflect.Message

func (*Action) Reset

func (x *Action) Reset()

func (*Action) String

func (x *Action) String() string

type Action_ActionType

type Action_ActionType int32

The following pre-made action types map to subgroup 1 of the listed regex patterns:

SSN: - '(?:^|\D)([0-9]{9})(?:\D|$)' - '(?:^|\D)([0-9]{3}\-[0-9]{2}\-[0-9]{4})(?:\D|$)' - '(?:^|\D)([0-9]{3}\ [0-9]{2}\ [0-9]{4})(?:\D|$)'

MASTERCARD: - '(?:^|\D)(5[1-5][0-9]{2}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'

VISA: - '(?:^|\D)(4[0-9]{3}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'

AMEX: - '(?:^|\D)((?:34|37)[0-9]{2}(?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{5})(?:\D|$)'

DISCOVER: - '(?:^|\D)(6011(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)'

JCB: - '(?:^|\D)(3[0-9]{3}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4}(?:\ |\-|)[0-9]{4})(?:\D|$)' - '(?:^|\D)((?:2131|1800)[0-9]{11})(?:\D|$)'

DINERS_CLUB: - '(?:^|\D)(30[0-5][0-9](?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{4})(?:\D|$)' - '(?:^|\D)((?:36|38)[0-9]{2}(?:\ |\-|)[0-9]{6}(?:\ |\-|)[0-9]{4})(?:\D|$)'

CREDIT_CARD_TRACKERS: - '([1-9][0-9]{2}\-[0-9]{2}\-[0-9]{4}\^\d)' - '(?:^|\D)(\%?[Bb]\d{13,19}\^[\-\/\.\w\s]{2,26}\^[0-9][0-9][01][0-9][0-9]{3})' - '(?:^|\D)(\;\d{13,19}\=(?:\d{3}|)(?:\d{4}|\=))'

ALL_CREDIT_CARDS: - (All credit card related regexes from above)

ALL_CREDIT_CARDS_COMBINED: - Same as ALL_CREDIT_CARDS but using a single action instead of multiple which should be marginally faster

const (
	Action_CUSTOM                    Action_ActionType = 0
	Action_SSN                       Action_ActionType = 1
	Action_MASTERCARD                Action_ActionType = 2
	Action_VISA                      Action_ActionType = 3
	Action_AMEX                      Action_ActionType = 4
	Action_DISCOVER                  Action_ActionType = 5
	Action_JCB                       Action_ActionType = 6
	Action_DINERS_CLUB               Action_ActionType = 7
	Action_CREDIT_CARD_TRACKERS      Action_ActionType = 8
	Action_ALL_CREDIT_CARDS          Action_ActionType = 9
	Action_KEYVALUE                  Action_ActionType = 10
	Action_ALL_CREDIT_CARDS_COMBINED Action_ActionType = 11
)

func (Action_ActionType) Descriptor added in v1.6.0

func (Action_ActionType) Enum added in v1.6.0

func (Action_ActionType) EnumDescriptor deprecated

func (Action_ActionType) EnumDescriptor() ([]byte, []int)

Deprecated: Use Action_ActionType.Descriptor instead.

func (Action_ActionType) Number added in v1.6.0

func (Action_ActionType) String

func (x Action_ActionType) String() string

func (Action_ActionType) Type added in v1.6.0

type Config

type Config struct {

	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions []*Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	// Whether responses, access logs, or both should be masked by the applied actions.
	// If not defined, masking will only be enabled for responses bodies.
	EnabledFor Config_EnableFor `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

Route/Vhost level config for dlp filter

If a config is present on the route or vhost level it will completely overwrite the listener level config.

func (*Config) Clone added in v1.8.24

func (m *Config) Clone() proto.Message

Clone function

func (*Config) Descriptor deprecated

func (*Config) Descriptor() ([]byte, []int)

Deprecated: Use Config.ProtoReflect.Descriptor instead.

func (*Config) Equal

func (m *Config) Equal(that interface{}) bool

Equal function

func (*Config) GetActions

func (x *Config) GetActions() []*Action

func (*Config) GetEnabledFor added in v1.7.7

func (x *Config) GetEnabledFor() Config_EnableFor

func (*Config) Hash deprecated added in v1.2.13

func (m *Config) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Config) HashUnique added in v1.18.0

func (m *Config) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Config) ProtoMessage

func (*Config) ProtoMessage()

func (*Config) ProtoReflect added in v1.6.0

func (x *Config) ProtoReflect() protoreflect.Message

func (*Config) Reset

func (x *Config) Reset()

func (*Config) String

func (x *Config) String() string

type Config_EnableFor added in v1.7.7

type Config_EnableFor int32
const (
	// Only enable DLP masking of response bodies. Defaults to this value.
	Config_RESPONSE_BODY Config_EnableFor = 0
	// Only enable DLP masking of access logs.
	Config_ACCESS_LOGS Config_EnableFor = 1
	// Enable DLP masking for both responses and access logs.
	Config_ALL Config_EnableFor = 2
)

func (Config_EnableFor) Descriptor added in v1.7.7

func (Config_EnableFor) Enum added in v1.7.7

func (Config_EnableFor) EnumDescriptor deprecated added in v1.7.7

func (Config_EnableFor) EnumDescriptor() ([]byte, []int)

Deprecated: Use Config_EnableFor.Descriptor instead.

func (Config_EnableFor) Number added in v1.7.7

func (Config_EnableFor) String added in v1.7.7

func (x Config_EnableFor) String() string

func (Config_EnableFor) Type added in v1.7.7

type CustomAction

type CustomAction struct {

	// The name of the custom action.
	// This name is used for logging and debugging purposes.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The list of regex strings which will be applied in order.
	//
	// Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/dlp/dlp.proto.
	Regex []string `protobuf:"bytes,2,rep,name=regex,proto3" json:"regex,omitempty"`
	// The masking character for the sensitive data.
	// default value: X
	MaskChar string `protobuf:"bytes,3,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"`
	// The percent of the string which will be masked by the mask_char
	// default value: 75%
	// rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/
	Percent *_type.Percent `protobuf:"bytes,4,opt,name=percent,proto3" json:"percent,omitempty"`
	// List of regexes to apply to the response body to match data which should be
	// masked. They will be applied iteratively in the order which they are
	// specified. If this field and `regex` are both provided, all the regexes will
	// be applied iteratively in the order provided, starting with the ones from `regex`
	RegexActions []*transformation_ee.RegexAction `protobuf:"bytes,5,rep,name=regex_actions,json=regexActions,proto3" json:"regex_actions,omitempty"`
	// contains filtered or unexported fields
}

A user defined custom action to carry out on the response body.

The list of regex strings are applied in order. So for instance, if there is a response body with the content: `hello world`

And there is a custom action ``` yaml customAction: name: test regex: - "hello" - "world" maskChar: Y percent: 60 ```

the result would be: `YYYlo YYYld`

If the mask_char, and percent were left to default, the result would be: `XXXXo XXXXd`

func (*CustomAction) Clone added in v1.8.24

func (m *CustomAction) Clone() proto.Message

Clone function

func (*CustomAction) Descriptor deprecated

func (*CustomAction) Descriptor() ([]byte, []int)

Deprecated: Use CustomAction.ProtoReflect.Descriptor instead.

func (*CustomAction) Equal

func (m *CustomAction) Equal(that interface{}) bool

Equal function

func (*CustomAction) GetMaskChar

func (x *CustomAction) GetMaskChar() string

func (*CustomAction) GetName

func (x *CustomAction) GetName() string

func (*CustomAction) GetPercent

func (x *CustomAction) GetPercent() *_type.Percent

func (*CustomAction) GetRegex deprecated

func (x *CustomAction) GetRegex() []string

Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/dlp/dlp.proto.

func (*CustomAction) GetRegexActions added in v1.8.14

func (x *CustomAction) GetRegexActions() []*transformation_ee.RegexAction

func (*CustomAction) Hash deprecated added in v1.2.13

func (m *CustomAction) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*CustomAction) HashUnique added in v1.18.0

func (m *CustomAction) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*CustomAction) ProtoMessage

func (*CustomAction) ProtoMessage()

func (*CustomAction) ProtoReflect added in v1.6.0

func (x *CustomAction) ProtoReflect() protoreflect.Message

func (*CustomAction) Reset

func (x *CustomAction) Reset()

func (*CustomAction) String

func (x *CustomAction) String() string

type DlpRule

type DlpRule struct {

	// Matcher by which to determine if the given transformation should be applied
	// if omitted, will it match all (i.e., default to / prefix matcher)
	Matcher *matchers.Matcher `protobuf:"bytes,1,opt,name=matcher,proto3" json:"matcher,omitempty"`
	// List of data loss prevention actions to be applied.
	// These actions will be applied in order, one at a time.
	Actions []*Action `protobuf:"bytes,2,rep,name=actions,proto3" json:"actions,omitempty"`
	// contains filtered or unexported fields
}

Rule which applies a given set of actions to a matching route. The route matching functions exactly the same as the envoy routes in the virtual host.

func (*DlpRule) Clone added in v1.8.24

func (m *DlpRule) Clone() proto.Message

Clone function

func (*DlpRule) Descriptor deprecated

func (*DlpRule) Descriptor() ([]byte, []int)

Deprecated: Use DlpRule.ProtoReflect.Descriptor instead.

func (*DlpRule) Equal

func (m *DlpRule) Equal(that interface{}) bool

Equal function

func (*DlpRule) GetActions

func (x *DlpRule) GetActions() []*Action

func (*DlpRule) GetMatcher

func (x *DlpRule) GetMatcher() *matchers.Matcher

func (*DlpRule) Hash deprecated added in v1.2.13

func (m *DlpRule) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*DlpRule) HashUnique added in v1.18.0

func (m *DlpRule) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*DlpRule) ProtoMessage

func (*DlpRule) ProtoMessage()

func (*DlpRule) ProtoReflect added in v1.6.0

func (x *DlpRule) ProtoReflect() protoreflect.Message

func (*DlpRule) Reset

func (x *DlpRule) Reset()

func (*DlpRule) String

func (x *DlpRule) String() string

type FilterConfig

type FilterConfig struct {

	// The list of transformation, matcher pairs.
	// The first rule which matches will be applied.
	DlpRules []*DlpRule `protobuf:"bytes,1,rep,name=dlp_rules,json=dlpRules,proto3" json:"dlp_rules,omitempty"`
	// Whether responses, access logs, or both should be masked by the applied actions.
	// If not defined, masking will only be enabled for responses bodies.
	EnabledFor FilterConfig_EnableFor `` /* 145-byte string literal not displayed */
	// contains filtered or unexported fields
}

Listener level config for dlp filter

func (*FilterConfig) Clone added in v1.8.24

func (m *FilterConfig) Clone() proto.Message

Clone function

func (*FilterConfig) Descriptor deprecated

func (*FilterConfig) Descriptor() ([]byte, []int)

Deprecated: Use FilterConfig.ProtoReflect.Descriptor instead.

func (*FilterConfig) Equal

func (m *FilterConfig) Equal(that interface{}) bool

Equal function

func (*FilterConfig) GetDlpRules

func (x *FilterConfig) GetDlpRules() []*DlpRule

func (*FilterConfig) GetEnabledFor added in v1.7.7

func (x *FilterConfig) GetEnabledFor() FilterConfig_EnableFor

func (*FilterConfig) Hash deprecated added in v1.2.13

func (m *FilterConfig) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*FilterConfig) HashUnique added in v1.18.0

func (m *FilterConfig) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*FilterConfig) ProtoMessage

func (*FilterConfig) ProtoMessage()

func (*FilterConfig) ProtoReflect added in v1.6.0

func (x *FilterConfig) ProtoReflect() protoreflect.Message

func (*FilterConfig) Reset

func (x *FilterConfig) Reset()

func (*FilterConfig) String

func (x *FilterConfig) String() string

type FilterConfig_EnableFor added in v1.7.7

type FilterConfig_EnableFor int32
const (
	// Only enable DLP masking of response bodies. Defaults to this value.
	FilterConfig_RESPONSE_BODY FilterConfig_EnableFor = 0
	// Only enable DLP masking of access logs.
	FilterConfig_ACCESS_LOGS FilterConfig_EnableFor = 1
	// Enable DLP masking for both responses and access logs.
	FilterConfig_ALL FilterConfig_EnableFor = 2
)

func (FilterConfig_EnableFor) Descriptor added in v1.7.7

func (FilterConfig_EnableFor) Enum added in v1.7.7

func (FilterConfig_EnableFor) EnumDescriptor deprecated added in v1.7.7

func (FilterConfig_EnableFor) EnumDescriptor() ([]byte, []int)

Deprecated: Use FilterConfig_EnableFor.Descriptor instead.

func (FilterConfig_EnableFor) Number added in v1.7.7

func (FilterConfig_EnableFor) String added in v1.7.7

func (x FilterConfig_EnableFor) String() string

func (FilterConfig_EnableFor) Type added in v1.7.7

type KeyValueAction added in v1.9.25

type KeyValueAction struct {

	// The name of the key/value action.
	// This name is used for logging and debugging purposes.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The masking character for the sensitive data.
	// default value: X
	MaskChar string `protobuf:"bytes,2,opt,name=mask_char,json=maskChar,proto3" json:"mask_char,omitempty"`
	// The percent of the string which will be masked by the mask_char
	// default value: 75%
	// rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/
	Percent *_type.Percent `protobuf:"bytes,3,opt,name=percent,proto3" json:"percent,omitempty"`
	// The key for which corresponding header names/dynamic metadata values should be censored
	// Must be specified
	KeyToMask string `protobuf:"bytes,4,opt,name=key_to_mask,json=keyToMask,proto3" json:"key_to_mask,omitempty"`
	// contains filtered or unexported fields
}

func (*KeyValueAction) Clone added in v1.9.25

func (m *KeyValueAction) Clone() proto.Message

Clone function

func (*KeyValueAction) Descriptor deprecated added in v1.9.25

func (*KeyValueAction) Descriptor() ([]byte, []int)

Deprecated: Use KeyValueAction.ProtoReflect.Descriptor instead.

func (*KeyValueAction) Equal added in v1.9.25

func (m *KeyValueAction) Equal(that interface{}) bool

Equal function

func (*KeyValueAction) GetKeyToMask added in v1.9.25

func (x *KeyValueAction) GetKeyToMask() string

func (*KeyValueAction) GetMaskChar added in v1.9.25

func (x *KeyValueAction) GetMaskChar() string

func (*KeyValueAction) GetName added in v1.9.25

func (x *KeyValueAction) GetName() string

func (*KeyValueAction) GetPercent added in v1.9.25

func (x *KeyValueAction) GetPercent() *_type.Percent

func (*KeyValueAction) Hash deprecated added in v1.9.25

func (m *KeyValueAction) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*KeyValueAction) HashUnique added in v1.18.0

func (m *KeyValueAction) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*KeyValueAction) ProtoMessage added in v1.9.25

func (*KeyValueAction) ProtoMessage()

func (*KeyValueAction) ProtoReflect added in v1.9.25

func (x *KeyValueAction) ProtoReflect() protoreflect.Message

func (*KeyValueAction) Reset added in v1.9.25

func (x *KeyValueAction) Reset()

func (*KeyValueAction) String added in v1.9.25

func (x *KeyValueAction) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL