Documentation ¶
Index ¶
- Variables
- type ExtensionSettings
- func (*ExtensionSettings) Descriptor() ([]byte, []int)deprecated
- func (m *ExtensionSettings) Equal(that interface{}) bool
- func (x *ExtensionSettings) GetDisable() bool
- func (x *ExtensionSettings) GetPolicies() map[string]*Policy
- func (m *ExtensionSettings) Hash(hasher hash.Hash64) (uint64, error)
- func (*ExtensionSettings) ProtoMessage()
- func (x *ExtensionSettings) ProtoReflect() protoreflect.Message
- func (x *ExtensionSettings) Reset()
- func (x *ExtensionSettings) String() string
- type JWTPrincipal
- func (*JWTPrincipal) Descriptor() ([]byte, []int)deprecated
- func (m *JWTPrincipal) Equal(that interface{}) bool
- func (x *JWTPrincipal) GetClaims() map[string]string
- func (x *JWTPrincipal) GetMatcher() JWTPrincipal_ClaimMatcher
- func (x *JWTPrincipal) GetProvider() string
- func (m *JWTPrincipal) Hash(hasher hash.Hash64) (uint64, error)
- func (*JWTPrincipal) ProtoMessage()
- func (x *JWTPrincipal) ProtoReflect() protoreflect.Message
- func (x *JWTPrincipal) Reset()
- func (x *JWTPrincipal) String() string
- type JWTPrincipal_ClaimMatcher
- func (JWTPrincipal_ClaimMatcher) Descriptor() protoreflect.EnumDescriptor
- func (x JWTPrincipal_ClaimMatcher) Enum() *JWTPrincipal_ClaimMatcher
- func (JWTPrincipal_ClaimMatcher) EnumDescriptor() ([]byte, []int)deprecated
- func (x JWTPrincipal_ClaimMatcher) Number() protoreflect.EnumNumber
- func (x JWTPrincipal_ClaimMatcher) String() string
- func (JWTPrincipal_ClaimMatcher) Type() protoreflect.EnumType
- type Permissions
- func (*Permissions) Descriptor() ([]byte, []int)deprecated
- func (m *Permissions) Equal(that interface{}) bool
- func (x *Permissions) GetMethods() []string
- func (x *Permissions) GetPathPrefix() string
- func (m *Permissions) Hash(hasher hash.Hash64) (uint64, error)
- func (*Permissions) ProtoMessage()
- func (x *Permissions) ProtoReflect() protoreflect.Message
- func (x *Permissions) Reset()
- func (x *Permissions) String() string
- type Policy
- func (*Policy) Descriptor() ([]byte, []int)deprecated
- func (m *Policy) Equal(that interface{}) bool
- func (x *Policy) GetNestedClaimDelimiter() string
- func (x *Policy) GetPermissions() *Permissions
- func (x *Policy) GetPrincipals() []*Principal
- func (m *Policy) Hash(hasher hash.Hash64) (uint64, error)
- func (*Policy) ProtoMessage()
- func (x *Policy) ProtoReflect() protoreflect.Message
- func (x *Policy) Reset()
- func (x *Policy) String() string
- type Principal
- func (*Principal) Descriptor() ([]byte, []int)deprecated
- func (m *Principal) Equal(that interface{}) bool
- func (x *Principal) GetJwtPrincipal() *JWTPrincipal
- func (m *Principal) Hash(hasher hash.Hash64) (uint64, error)
- func (*Principal) ProtoMessage()
- func (x *Principal) ProtoReflect() protoreflect.Message
- func (x *Principal) Reset()
- func (x *Principal) String() string
- type Settings
- func (*Settings) Descriptor() ([]byte, []int)deprecated
- func (m *Settings) Equal(that interface{}) bool
- func (x *Settings) GetRequireRbac() bool
- func (m *Settings) Hash(hasher hash.Hash64) (uint64, error)
- func (*Settings) ProtoMessage()
- func (x *Settings) ProtoReflect() protoreflect.Message
- func (x *Settings) Reset()
- func (x *Settings) String() string
Constants ¶
This section is empty.
Variables ¶
var ( JWTPrincipal_ClaimMatcher_name = map[int32]string{ 0: "EXACT_STRING", 1: "BOOLEAN", 2: "LIST_CONTAINS", } JWTPrincipal_ClaimMatcher_value = map[string]int32{ "EXACT_STRING": 0, "BOOLEAN": 1, "LIST_CONTAINS": 2, } )
Enum value maps for JWTPrincipal_ClaimMatcher.
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_rbac_rbac_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type ExtensionSettings ¶
type ExtensionSettings struct { // Disable RBAC checks on this resource (default false). This is useful to allow access to static resources/login page without RBAC checks. // If provided on a route, all route settings override any vhost settings Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"` // Named policies to apply. Policies map[string]*Policy `` /* 157-byte string literal not displayed */ // contains filtered or unexported fields }
RBAC settings for Virtual Hosts and Routes
func (*ExtensionSettings) Descriptor
deprecated
func (*ExtensionSettings) Descriptor() ([]byte, []int)
Deprecated: Use ExtensionSettings.ProtoReflect.Descriptor instead.
func (*ExtensionSettings) Equal ¶
func (m *ExtensionSettings) Equal(that interface{}) bool
Equal function
func (*ExtensionSettings) GetDisable ¶
func (x *ExtensionSettings) GetDisable() bool
func (*ExtensionSettings) GetPolicies ¶
func (x *ExtensionSettings) GetPolicies() map[string]*Policy
func (*ExtensionSettings) Hash ¶ added in v1.2.13
func (m *ExtensionSettings) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*ExtensionSettings) ProtoMessage ¶
func (*ExtensionSettings) ProtoMessage()
func (*ExtensionSettings) ProtoReflect ¶ added in v1.6.0
func (x *ExtensionSettings) ProtoReflect() protoreflect.Message
func (*ExtensionSettings) Reset ¶
func (x *ExtensionSettings) Reset()
func (*ExtensionSettings) String ¶
func (x *ExtensionSettings) String() string
type JWTPrincipal ¶
type JWTPrincipal struct { // Set of claims that make up this principal. Commonly, the 'iss' and 'sub' or 'email' claims are used. // If you specify the path for a nested claim, such as 'parent.child.foo', you must also specify // a non-empty string value for the `nested_claim_delimiter` field in the Policy. Claims map[string]string `` /* 153-byte string literal not displayed */ // Verify that the JWT came from a specific provider. This usually can be left empty // and a provider will be chosen automatically. Provider string `protobuf:"bytes,2,opt,name=provider,proto3" json:"provider,omitempty"` // The matcher to use when evaluating this principal. By default, exact string comparison (EXACT_STRING) is used. Matcher JWTPrincipal_ClaimMatcher `protobuf:"varint,3,opt,name=matcher,proto3,enum=rbac.options.gloo.solo.io.JWTPrincipal_ClaimMatcher" json:"matcher,omitempty"` // contains filtered or unexported fields }
A JWT principal. To use this, JWT option MUST be enabled.
func (*JWTPrincipal) Descriptor
deprecated
func (*JWTPrincipal) Descriptor() ([]byte, []int)
Deprecated: Use JWTPrincipal.ProtoReflect.Descriptor instead.
func (*JWTPrincipal) GetClaims ¶
func (x *JWTPrincipal) GetClaims() map[string]string
func (*JWTPrincipal) GetMatcher ¶ added in v1.9.0
func (x *JWTPrincipal) GetMatcher() JWTPrincipal_ClaimMatcher
func (*JWTPrincipal) GetProvider ¶
func (x *JWTPrincipal) GetProvider() string
func (*JWTPrincipal) Hash ¶ added in v1.2.13
func (m *JWTPrincipal) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*JWTPrincipal) ProtoMessage ¶
func (*JWTPrincipal) ProtoMessage()
func (*JWTPrincipal) ProtoReflect ¶ added in v1.6.0
func (x *JWTPrincipal) ProtoReflect() protoreflect.Message
func (*JWTPrincipal) Reset ¶
func (x *JWTPrincipal) Reset()
func (*JWTPrincipal) String ¶
func (x *JWTPrincipal) String() string
type JWTPrincipal_ClaimMatcher ¶ added in v1.9.0
type JWTPrincipal_ClaimMatcher int32
Used to specify how claims should be matched to the value.
const ( // The JWT claim value is a string that exactly matches the value. JWTPrincipal_EXACT_STRING JWTPrincipal_ClaimMatcher = 0 // The JWT claim value is a boolean that matches the value. JWTPrincipal_BOOLEAN JWTPrincipal_ClaimMatcher = 1 // The JWT claim value is a list that contains a string that exactly matches the value. JWTPrincipal_LIST_CONTAINS JWTPrincipal_ClaimMatcher = 2 )
func (JWTPrincipal_ClaimMatcher) Descriptor ¶ added in v1.9.0
func (JWTPrincipal_ClaimMatcher) Descriptor() protoreflect.EnumDescriptor
func (JWTPrincipal_ClaimMatcher) Enum ¶ added in v1.9.0
func (x JWTPrincipal_ClaimMatcher) Enum() *JWTPrincipal_ClaimMatcher
func (JWTPrincipal_ClaimMatcher) EnumDescriptor
deprecated
added in
v1.9.0
func (JWTPrincipal_ClaimMatcher) EnumDescriptor() ([]byte, []int)
Deprecated: Use JWTPrincipal_ClaimMatcher.Descriptor instead.
func (JWTPrincipal_ClaimMatcher) Number ¶ added in v1.9.0
func (x JWTPrincipal_ClaimMatcher) Number() protoreflect.EnumNumber
func (JWTPrincipal_ClaimMatcher) String ¶ added in v1.9.0
func (x JWTPrincipal_ClaimMatcher) String() string
func (JWTPrincipal_ClaimMatcher) Type ¶ added in v1.9.0
func (JWTPrincipal_ClaimMatcher) Type() protoreflect.EnumType
type Permissions ¶
type Permissions struct { // Paths that have this prefix will be allowed. PathPrefix string `protobuf:"bytes,1,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` // What http methods (GET, POST, ...) are allowed. Methods []string `protobuf:"bytes,2,rep,name=methods,proto3" json:"methods,omitempty"` // contains filtered or unexported fields }
What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.
func (*Permissions) Descriptor
deprecated
func (*Permissions) Descriptor() ([]byte, []int)
Deprecated: Use Permissions.ProtoReflect.Descriptor instead.
func (*Permissions) GetMethods ¶
func (x *Permissions) GetMethods() []string
func (*Permissions) GetPathPrefix ¶
func (x *Permissions) GetPathPrefix() string
func (*Permissions) Hash ¶ added in v1.2.13
func (m *Permissions) Hash(hasher hash.Hash64) (uint64, error)
Hash function
func (*Permissions) ProtoMessage ¶
func (*Permissions) ProtoMessage()
func (*Permissions) ProtoReflect ¶ added in v1.6.0
func (x *Permissions) ProtoReflect() protoreflect.Message
func (*Permissions) Reset ¶
func (x *Permissions) Reset()
func (*Permissions) String ¶
func (x *Permissions) String() string
type Policy ¶
type Policy struct { // Principals in this policy. Principals []*Principal `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"` // Permissions granted to the principals. Permissions *Permissions `protobuf:"bytes,2,opt,name=permissions,proto3" json:"permissions,omitempty"` // The delimiter to use when specifying nested claim names within principals. // Default is an empty string, which disables nested claim functionality. // This is commonly set to `.`, allowing for nested claim names of the form // `parent.child.grandchild` NestedClaimDelimiter string `protobuf:"bytes,3,opt,name=nested_claim_delimiter,json=nestedClaimDelimiter,proto3" json:"nested_claim_delimiter,omitempty"` // contains filtered or unexported fields }
func (*Policy) Descriptor
deprecated
func (*Policy) GetNestedClaimDelimiter ¶ added in v1.9.0
func (*Policy) GetPermissions ¶
func (x *Policy) GetPermissions() *Permissions
func (*Policy) GetPrincipals ¶
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect ¶ added in v1.6.0
func (x *Policy) ProtoReflect() protoreflect.Message
type Principal ¶
type Principal struct { JwtPrincipal *JWTPrincipal `protobuf:"bytes,1,opt,name=jwt_principal,json=jwtPrincipal,proto3" json:"jwt_principal,omitempty"` // contains filtered or unexported fields }
An RBAC principal - the identity entity (usually a user or a service account).
func (*Principal) Descriptor
deprecated
func (*Principal) GetJwtPrincipal ¶
func (x *Principal) GetJwtPrincipal() *JWTPrincipal
func (*Principal) ProtoMessage ¶
func (*Principal) ProtoMessage()
func (*Principal) ProtoReflect ¶ added in v1.6.0
func (x *Principal) ProtoReflect() protoreflect.Message
type Settings ¶
type Settings struct { // Require RBAC for all virtual hosts. A vhost without an RBAC policy set will fallback to a deny-all policy. RequireRbac bool `protobuf:"varint,1,opt,name=require_rbac,json=requireRbac,proto3" json:"require_rbac,omitempty"` // contains filtered or unexported fields }
Global RBAC settings
func (*Settings) Descriptor
deprecated
func (*Settings) GetRequireRbac ¶
func (*Settings) ProtoMessage ¶
func (*Settings) ProtoMessage()
func (*Settings) ProtoReflect ¶ added in v1.6.0
func (x *Settings) ProtoReflect() protoreflect.Message