rbac

package
v1.4.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 2, 2021 License: Apache-2.0 Imports: 12 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ExtensionSettings

type ExtensionSettings struct {
	// Disable RBAC checks on this resource (default false). This is useful to allow access to static resources/login page without RBAC checks.
	// If provided on a route, all route settings override any vhost settings
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	// Named policies to apply.
	Policies             map[string]*Policy `` /* 157-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

RBAC settings for Virtual Hosts and Routes

func (*ExtensionSettings) Descriptor

func (*ExtensionSettings) Descriptor() ([]byte, []int)

func (*ExtensionSettings) Equal

func (this *ExtensionSettings) Equal(that interface{}) bool

func (*ExtensionSettings) GetDisable

func (m *ExtensionSettings) GetDisable() bool

func (*ExtensionSettings) GetPolicies

func (m *ExtensionSettings) GetPolicies() map[string]*Policy

func (*ExtensionSettings) Hash added in v1.2.13

func (m *ExtensionSettings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ExtensionSettings) ProtoMessage

func (*ExtensionSettings) ProtoMessage()

func (*ExtensionSettings) Reset

func (m *ExtensionSettings) Reset()

func (*ExtensionSettings) String

func (m *ExtensionSettings) String() string

func (*ExtensionSettings) XXX_DiscardUnknown

func (m *ExtensionSettings) XXX_DiscardUnknown()

func (*ExtensionSettings) XXX_Marshal

func (m *ExtensionSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ExtensionSettings) XXX_Merge

func (m *ExtensionSettings) XXX_Merge(src proto.Message)

func (*ExtensionSettings) XXX_Size

func (m *ExtensionSettings) XXX_Size() int

func (*ExtensionSettings) XXX_Unmarshal

func (m *ExtensionSettings) XXX_Unmarshal(b []byte) error

type JWTPrincipal

type JWTPrincipal struct {
	// Set of claims that make up this principal. Commonly, the 'iss' and 'sub' or 'email' claims are used.
	// all claims must be present on the JWT.
	Claims map[string]string `` /* 153-byte string literal not displayed */
	// Verify that the JWT came from a specific provider. This usually can be left empty
	// and a provider will be chosen automatically.
	Provider             string   `protobuf:"bytes,2,opt,name=provider,proto3" json:"provider,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

A JWT principal. To use this, JWT option MUST be enabled.

func (*JWTPrincipal) Descriptor

func (*JWTPrincipal) Descriptor() ([]byte, []int)

func (*JWTPrincipal) Equal

func (this *JWTPrincipal) Equal(that interface{}) bool

func (*JWTPrincipal) GetClaims

func (m *JWTPrincipal) GetClaims() map[string]string

func (*JWTPrincipal) GetProvider

func (m *JWTPrincipal) GetProvider() string

func (*JWTPrincipal) Hash added in v1.2.13

func (m *JWTPrincipal) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*JWTPrincipal) ProtoMessage

func (*JWTPrincipal) ProtoMessage()

func (*JWTPrincipal) Reset

func (m *JWTPrincipal) Reset()

func (*JWTPrincipal) String

func (m *JWTPrincipal) String() string

func (*JWTPrincipal) XXX_DiscardUnknown

func (m *JWTPrincipal) XXX_DiscardUnknown()

func (*JWTPrincipal) XXX_Marshal

func (m *JWTPrincipal) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*JWTPrincipal) XXX_Merge

func (m *JWTPrincipal) XXX_Merge(src proto.Message)

func (*JWTPrincipal) XXX_Size

func (m *JWTPrincipal) XXX_Size() int

func (*JWTPrincipal) XXX_Unmarshal

func (m *JWTPrincipal) XXX_Unmarshal(b []byte) error

type Permissions

type Permissions struct {
	// Paths that have this prefix will be allowed.
	PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"`
	// What http methods (GET, POST, ...) are allowed.
	Methods              []string `protobuf:"bytes,2,rep,name=methods,proto3" json:"methods,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.

func (*Permissions) Descriptor

func (*Permissions) Descriptor() ([]byte, []int)

func (*Permissions) Equal

func (this *Permissions) Equal(that interface{}) bool

func (*Permissions) GetMethods

func (m *Permissions) GetMethods() []string

func (*Permissions) GetPathPrefix

func (m *Permissions) GetPathPrefix() string

func (*Permissions) Hash added in v1.2.13

func (m *Permissions) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Permissions) ProtoMessage

func (*Permissions) ProtoMessage()

func (*Permissions) Reset

func (m *Permissions) Reset()

func (*Permissions) String

func (m *Permissions) String() string

func (*Permissions) XXX_DiscardUnknown

func (m *Permissions) XXX_DiscardUnknown()

func (*Permissions) XXX_Marshal

func (m *Permissions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Permissions) XXX_Merge

func (m *Permissions) XXX_Merge(src proto.Message)

func (*Permissions) XXX_Size

func (m *Permissions) XXX_Size() int

func (*Permissions) XXX_Unmarshal

func (m *Permissions) XXX_Unmarshal(b []byte) error

type Policy

type Policy struct {
	// Principals in this policy.
	Principals []*Principal `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
	// Permissions granted to the principals.
	Permissions          *Permissions `protobuf:"bytes,2,opt,name=permissions,proto3" json:"permissions,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

func (*Policy) Descriptor

func (*Policy) Descriptor() ([]byte, []int)

func (*Policy) Equal

func (this *Policy) Equal(that interface{}) bool

func (*Policy) GetPermissions

func (m *Policy) GetPermissions() *Permissions

func (*Policy) GetPrincipals

func (m *Policy) GetPrincipals() []*Principal

func (*Policy) Hash added in v1.2.13

func (m *Policy) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Policy) ProtoMessage

func (*Policy) ProtoMessage()

func (*Policy) Reset

func (m *Policy) Reset()

func (*Policy) String

func (m *Policy) String() string

func (*Policy) XXX_DiscardUnknown

func (m *Policy) XXX_DiscardUnknown()

func (*Policy) XXX_Marshal

func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Policy) XXX_Merge

func (m *Policy) XXX_Merge(src proto.Message)

func (*Policy) XXX_Size

func (m *Policy) XXX_Size() int

func (*Policy) XXX_Unmarshal

func (m *Policy) XXX_Unmarshal(b []byte) error

type Principal

type Principal struct {
	JwtPrincipal         *JWTPrincipal `protobuf:"bytes,1,opt,name=jwt_principal,json=jwtPrincipal,proto3" json:"jwt_principal,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

An RBAC principal - the identity entity (usually a user or a service account).

func (*Principal) Descriptor

func (*Principal) Descriptor() ([]byte, []int)

func (*Principal) Equal

func (this *Principal) Equal(that interface{}) bool

func (*Principal) GetJwtPrincipal

func (m *Principal) GetJwtPrincipal() *JWTPrincipal

func (*Principal) Hash added in v1.2.13

func (m *Principal) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Principal) ProtoMessage

func (*Principal) ProtoMessage()

func (*Principal) Reset

func (m *Principal) Reset()

func (*Principal) String

func (m *Principal) String() string

func (*Principal) XXX_DiscardUnknown

func (m *Principal) XXX_DiscardUnknown()

func (*Principal) XXX_Marshal

func (m *Principal) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Principal) XXX_Merge

func (m *Principal) XXX_Merge(src proto.Message)

func (*Principal) XXX_Size

func (m *Principal) XXX_Size() int

func (*Principal) XXX_Unmarshal

func (m *Principal) XXX_Unmarshal(b []byte) error

type Settings

type Settings struct {
	// Require RBAC for all virtual hosts. A vhost without an RBAC policy set will fallback to a deny-all policy.
	RequireRbac          bool     `protobuf:"varint,1,opt,name=require_rbac,json=requireRbac,proto3" json:"require_rbac,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Global RBAC settings

func (*Settings) Descriptor

func (*Settings) Descriptor() ([]byte, []int)

func (*Settings) Equal

func (this *Settings) Equal(that interface{}) bool

func (*Settings) GetRequireRbac

func (m *Settings) GetRequireRbac() bool

func (*Settings) Hash added in v1.2.13

func (m *Settings) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Settings) ProtoMessage

func (*Settings) ProtoMessage()

func (*Settings) Reset

func (m *Settings) Reset()

func (*Settings) String

func (m *Settings) String() string

func (*Settings) XXX_DiscardUnknown

func (m *Settings) XXX_DiscardUnknown()

func (*Settings) XXX_Marshal

func (m *Settings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Settings) XXX_Merge

func (m *Settings) XXX_Merge(src proto.Message)

func (*Settings) XXX_Size

func (m *Settings) XXX_Size() int

func (*Settings) XXX_Unmarshal

func (m *Settings) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL