common

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 1, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */

Index

Constants

View Source 
const (
	PseudoHeaderMethod    = ":method"
	PseudoHeaderPath      = ":path" // indicate method name in rpc protocol
	PseudoHeaderScheme    = ":scheme"
	PseudoHeaderAuthority = ":authority"
)

Variables

This section is empty.

Functions

func ParseRbacFilterConfig 

func ParseRbacFilterConfig(cfg map[string]interface{}) (*v2.RBACConfig, error)

parse rbac filter config to v2.RBAC struct

Types

type DefaultUrlPathMatcher 

type DefaultUrlPathMatcher struct {
	Matcher StringMatcher
}

func (*DefaultUrlPathMatcher) Equal 

func (matcher *DefaultUrlPathMatcher) Equal(targetValue string) bool

type ExactStringMatcher 

type ExactStringMatcher struct {
	ExactMatch string
}

StringMatcher_Exact

func (*ExactStringMatcher) Equal 

func (matcher *ExactStringMatcher) Equal(targetValue string) bool

type HeaderMatcher 

type HeaderMatcher interface {
	Equal(string) bool
	// contains filtered or unexported methods
}

HeaderMatcher

func NewHeaderMatcher 

func NewHeaderMatcher(header *envoy_config_route_v3.HeaderMatcher) (HeaderMatcher, error)

type HeaderMatcherPresentMatch 

type HeaderMatcherPresentMatch struct {
	PresentMatch bool
}

HeaderMatcher_PresentMatch

func (*HeaderMatcherPresentMatch) Equal 

func (matcher *HeaderMatcherPresentMatch) Equal(targetValue string) bool

type HeaderMatcherRangeMatch 

type HeaderMatcherRangeMatch struct {
	Start int64 // inclusive
	End   int64 // exclusive
}

HeaderMatcher_RangeMatch

func (*HeaderMatcherRangeMatch) Equal 

func (matcher *HeaderMatcherRangeMatch) Equal(targetValue string) bool

type InheritPermission 

type InheritPermission interface {

	// A policy matches if and only if at least one of InheritPermission.Match return true
	// AND at least one of InheritPrincipal.Match return true
	Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool
	// contains filtered or unexported methods
}

func NewInheritPermission 

func NewInheritPermission(permission *envoy_config_rabc_v3.Permission) (InheritPermission, error)

Receive the v2alpha.Permission input and convert it to mosn rbac permission

type InheritPolicy 

type InheritPolicy struct {
	// The set of permissions that define a role.
	// Each permission is matched with OR semantics.
	// To match all actions for this policy, a single Permission with the `any` field set to true should be used.
	InheritPermissions []InheritPermission
	// The set of principals that are assigned/denied the role based on “action”.
	// Each principal is matched with OR semantics.
	// To match all downstreams for this policy, a single Principal with the `any` field set to true should be used.
	InheritPrincipals []InheritPrincipal
}

func NewInheritPolicy 

func NewInheritPolicy(policy *envoy_config_rabc_v3.Policy) (*InheritPolicy, error)

Receive the v2alpha.Policy input and convert it to mosn rbac policy

func (*InheritPolicy) Match 

func (inheritPolicy *InheritPolicy) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

A policy matches if and only if at least one of its permissions match the action taking place AND at least one of its principals match the downstream.

type InheritPrincipal 

type InheritPrincipal interface {

	// A policy matches if and only if at least one of InheritPermission.Match return true
	// AND at least one of InheritPrincipal.Match return true
	Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool
	// contains filtered or unexported methods
}

func NewInheritPrincipal 

func NewInheritPrincipal(principal *envoy_config_rabc_v3.Principal) (InheritPrincipal, error)

Receive the v2alpha.Principal input and convert it to mosn rbac principal

type PermissionAndRules 

type PermissionAndRules struct {
	AndRules []InheritPermission
}

Permission_AndRules

func NewPermissionAndRules 

func NewPermissionAndRules(permission *envoy_config_rabc_v3.Permission_AndRules) (*PermissionAndRules, error)

func (*PermissionAndRules) Match 

func (permission *PermissionAndRules) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PermissionAny 

type PermissionAny struct {
	Any bool
}

Permission_Any

func NewPermissionAny 

func NewPermissionAny(permission *envoy_config_rabc_v3.Permission_Any) (*PermissionAny, error)

func (*PermissionAny) Match 

func (permission *PermissionAny) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PermissionDestinationIp 

type PermissionDestinationIp struct {
	CidrRange *net.IPNet
}

Permission_DestinationIp

func NewPermissionDestinationIp 

func NewPermissionDestinationIp(permission *envoy_config_rabc_v3.Permission_DestinationIp) (*PermissionDestinationIp, error)

func (*PermissionDestinationIp) Match 

func (permission *PermissionDestinationIp) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PermissionDestinationPort 

type PermissionDestinationPort struct {
	DestinationPort uint32
}

Permission_DestinationPort

func NewPermissionDestinationPort 

func NewPermissionDestinationPort(permission *envoy_config_rabc_v3.Permission_DestinationPort) (*PermissionDestinationPort, error)

func (*PermissionDestinationPort) Match 

func (permission *PermissionDestinationPort) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PermissionHeader 

type PermissionHeader struct {
	Target      string
	Matcher     HeaderMatcher
	InvertMatch bool
}

Permission_Header

func NewPermissionHeader 

func NewPermissionHeader(permission *envoy_config_rabc_v3.Permission_Header) (*PermissionHeader, error)

func (*PermissionHeader) Match 

func (permission *PermissionHeader) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PermissionNotRule 

type PermissionNotRule struct {
	NotRule InheritPermission
}

Permission_NotRule

func NewPermissionNotRule 

func NewPermissionNotRule(permission *envoy_config_rabc_v3.Permission_NotRule) (*PermissionNotRule, error)

func (*PermissionNotRule) Match 

func (permission *PermissionNotRule) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PermissionOrRules 

type PermissionOrRules struct {
	OrRules []InheritPermission
}

Permission_OrRules

func NewPermissionOrRules 

func NewPermissionOrRules(permission *envoy_config_rabc_v3.Permission_OrRules) (*PermissionOrRules, error)

func (*PermissionOrRules) Match 

func (permission *PermissionOrRules) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PermissionUrlPath 

type PermissionUrlPath struct {
	Matcher UrlPathMatcher
}

Permission_NotRule

func NewPermissionUrlPath 

func NewPermissionUrlPath(permission *envoy_config_rabc_v3.Permission_UrlPath) (*PermissionUrlPath, error)

func (*PermissionUrlPath) Match 

func (permission *PermissionUrlPath) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrefixStringMatcher 

type PrefixStringMatcher struct {
	PrefixMatch string
}

StringMatcher_Prefix

func (*PrefixStringMatcher) Equal 

func (matcher *PrefixStringMatcher) Equal(targetValue string) bool

type PrincipalAndIds 

type PrincipalAndIds struct {
	AndIds []InheritPrincipal
}

Principal_AndIds

func NewPrincipalAndIds 

func NewPrincipalAndIds(principal *envoy_config_rabc_v3.Principal_AndIds) (*PrincipalAndIds, error)

func (*PrincipalAndIds) Match 

func (principal *PrincipalAndIds) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalAny 

type PrincipalAny struct {
	Any bool
}

Principal_Any

func NewPrincipalAny 

func NewPrincipalAny(principal *envoy_config_rabc_v3.Principal_Any) (*PrincipalAny, error)

func (*PrincipalAny) Match 

func (principal *PrincipalAny) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalDirectRemoteIp 

type PrincipalDirectRemoteIp struct {
	CidrRange *net.IPNet
}

Principal_DirectRemoteIp

func NewPrincipalDirectRemoteIp 

func NewPrincipalDirectRemoteIp(principal *envoy_config_rabc_v3.Principal_DirectRemoteIp) (*PrincipalDirectRemoteIp, error)

func (*PrincipalDirectRemoteIp) Match 

func (principal *PrincipalDirectRemoteIp) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalHeader 

type PrincipalHeader struct {
	Target      string
	Matcher     HeaderMatcher
	InvertMatch bool
}

Principal_Header

func NewPrincipalHeader 

func NewPrincipalHeader(principal *envoy_config_rabc_v3.Principal_Header) (*PrincipalHeader, error)

func (*PrincipalHeader) Match 

func (principal *PrincipalHeader) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalMetadata 

type PrincipalMetadata struct {
	Filter  string
	Path    string
	Matcher StringMatcher
}

Principal_Metadata

func NewPrincipalMetadata 

func NewPrincipalMetadata(principal *envoy_config_rabc_v3.Principal_Metadata) (*PrincipalMetadata, error)

func (*PrincipalMetadata) Match 

func (principal *PrincipalMetadata) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalNotId 

type PrincipalNotId struct {
	NotId InheritPrincipal
}

Principal_NotId

func NewPrincipalNotId 

func NewPrincipalNotId(principal *envoy_config_rabc_v3.Principal_NotId) (*PrincipalNotId, error)

func (*PrincipalNotId) Match 

func (principal *PrincipalNotId) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalOrIds 

type PrincipalOrIds struct {
	OrIds []InheritPrincipal
}

Principal_OrIds

func NewPrincipalOrIds 

func NewPrincipalOrIds(principal *envoy_config_rabc_v3.Principal_OrIds) (*PrincipalOrIds, error)

func (*PrincipalOrIds) Match 

func (principal *PrincipalOrIds) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalRemoteIp 

type PrincipalRemoteIp struct {
	CidrRange *net.IPNet
}

Principal_DirectRemoteIp

func NewPrincipalRemoteIp 

func NewPrincipalRemoteIp(principal *envoy_config_rabc_v3.Principal_RemoteIp) (*PrincipalRemoteIp, error)

func (*PrincipalRemoteIp) Match 

func (principal *PrincipalRemoteIp) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type PrincipalSourceIp 

type PrincipalSourceIp struct {
	CidrRange *net.IPNet
}

Principal_SourceIp

func NewPrincipalSourceIp 

func NewPrincipalSourceIp(principal *envoy_config_rabc_v3.Principal_SourceIp) (*PrincipalSourceIp, error)

func (*PrincipalSourceIp) Match 

func (principal *PrincipalSourceIp) Match(cb api.StreamReceiverFilterHandler, headers api.HeaderMap) bool

type RegexStringMatcher 

type RegexStringMatcher struct {
	RegexMatch *regexp.Regexp
}

StringMatcher_Regex

func (*RegexStringMatcher) Equal 

func (matcher *RegexStringMatcher) Equal(targetValue string) bool

type RoleBasedAccessControlEngine 

type RoleBasedAccessControlEngine struct {
	// The request is allowed if and only if:
	//   * `action` is "ALLOWED" and at least one policy matches
	//   * `action` is "DENY" and none of the policies match
	// default is ALLOWED
	Action envoy_config_rabc_v3.RBAC_Action
	// Maps from policy name to policy. A match occurs when at least one policy matches the request.
	InheritPolicies map[string]*InheritPolicy
}

func NewRoleBasedAccessControlEngine 

func NewRoleBasedAccessControlEngine(rbacConfig *envoy_config_rabc_v3.RBAC) (*RoleBasedAccessControlEngine, error)

Receive the v2alpha.RBAC input and convert it to mosn rbac engine

func (*RoleBasedAccessControlEngine) Allowed 

func (engine *RoleBasedAccessControlEngine) Allowed(cb api.StreamReceiverFilterHandler, ctx context.Context, headers api.HeaderMap) (allowed bool, matchPolicyName string)

echo request will be handled in `Allowed` function

func (*RoleBasedAccessControlEngine) GetPoliciesSize 

func (engine *RoleBasedAccessControlEngine) GetPoliciesSize() int

type StringMatcher 

type StringMatcher interface {
	//	*StringMatcher_Exact (supported)
	//	*StringMatcher_Prefix (supported)
	//	*StringMatcher_Suffix (supported)
	//	*StringMatcher_SafeRegex
	// TODO:
	//	*StringMatcher_HiddenEnvoyDeprecatedRegex
	//	*StringMatcher_Contains
	Equal(string) bool
}

StringMatcher

func NewStringMatcher 

func NewStringMatcher(match *envoy_type_matcher_v3.StringMatcher) (StringMatcher, error)

type SuffixStringMatcher 

type SuffixStringMatcher struct {
	SuffixMatch string
}

StringMatcher_Suffix

func (*SuffixStringMatcher) Equal 

func (matcher *SuffixStringMatcher) Equal(targetValue string) bool

type UrlPathMatcher 

type UrlPathMatcher interface {
	Equal(string) bool
	// contains filtered or unexported methods
}

UrlPathMatcher

func NewUrlPathMatcher 

func NewUrlPathMatcher(urlPath *envoy_type_matcher_v3.PathMatcher) (UrlPathMatcher, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.