package rbacv3

var (
	MetadataSource_name = map[int32]string{
		0: "DYNAMIC",
		1: "ROUTE",
	}
	MetadataSource_value = map[string]int32{
		"DYNAMIC": 0,
		"ROUTE":   1,
	}
)

Enum value maps for MetadataSource.

var (
	RBAC_Action_name = map[int32]string{
		0: "ALLOW",
		1: "DENY",
		2: "LOG",
	}
	RBAC_Action_value = map[string]int32{
		"ALLOW": 0,
		"DENY":  1,
		"LOG":   2,
	}
)

Enum value maps for RBAC_Action.

var (
	RBAC_AuditLoggingOptions_AuditCondition_name = map[int32]string{
		0: "NONE",
		1: "ON_DENY",
		2: "ON_ALLOW",
		3: "ON_DENY_AND_ALLOW",
	}
	RBAC_AuditLoggingOptions_AuditCondition_value = map[string]int32{
		"NONE":              0,
		"ON_DENY":           1,
		"ON_ALLOW":          2,
		"ON_DENY_AND_ALLOW": 3,
	}
)

Enum value maps for RBAC_AuditLoggingOptions_AuditCondition.

var File_envoy_config_rbac_v3_rbac_proto protoreflect.FileDescriptor

Types ¶

type Action ¶

type Action struct {

	// The name indicates the policy name.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The action to take if the matcher matches. Every action either allows or denies a request,
	// and can also carry out action-specific operations.
	//
	// Actions:
	//
	//   - “ALLOW“: If the request gets matched on ALLOW, it is permitted.
	//   - “DENY“: If the request gets matched on DENY, it is not permitted.
	//   - “LOG“: If the request gets matched on LOG, it is permitted. Besides, the
	//     dynamic metadata key “access_log_hint“ under the shared key namespace
	//     “envoy.common“ will be set to the value “true“.
	//   - If the request cannot get matched, it will fallback to “DENY“.
	//
	// Log behavior:
	//
	//	If the RBAC matcher contains at least one LOG action, the dynamic
	//	metadata key ``access_log_hint`` will be set based on if the request
	//	get matched on the LOG action.
	Action RBAC_Action `protobuf:"varint,2,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"`
	// contains filtered or unexported fields
}

Action defines the result of allowance or denial when a request matches the matcher.

func (*Action) Descriptor ¶

func (*Action) Descriptor() ([]byte, []int)

Deprecated: Use Action.ProtoReflect.Descriptor instead.

func (*Action) GetAction ¶

func (x *Action) GetAction() RBAC_Action

func (*Action) GetName ¶

func (x *Action) GetName() string

func (*Action) ProtoMessage ¶

func (*Action) ProtoMessage()

func (*Action) ProtoReflect ¶

func (x *Action) ProtoReflect() protoreflect.Message

func (*Action) Reset ¶

func (x *Action) Reset()

func (*Action) String ¶

func (x *Action) String() string

func (*Action) Validate ¶

func (m *Action) Validate() error

Validate checks the field values on Action with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Action) ValidateAll ¶

func (m *Action) ValidateAll() error

ValidateAll checks the field values on Action with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in ActionMultiError, or nil if none found.

type ActionMultiError ¶

type ActionMultiError []error

ActionMultiError is an error wrapping multiple validation errors returned by Action.ValidateAll() if the designated constraints aren't met.

func (ActionMultiError) AllErrors ¶

func (m ActionMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (ActionMultiError) Error ¶

func (m ActionMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type ActionValidationError ¶

type ActionValidationError struct {
	// contains filtered or unexported fields
}

ActionValidationError is the validation error returned by Action.Validate if the designated constraints aren't met.

func (ActionValidationError) Cause ¶

func (e ActionValidationError) Cause() error

Cause function returns cause value.

func (ActionValidationError) Error ¶

func (e ActionValidationError) Error() string

Error satisfies the builtin error interface

func (ActionValidationError) ErrorName ¶

func (e ActionValidationError) ErrorName() string

ErrorName returns error name.

func (ActionValidationError) Field ¶

func (e ActionValidationError) Field() string

Field function returns field value.

func (ActionValidationError) Key ¶

func (e ActionValidationError) Key() bool

Key function returns key value.

func (ActionValidationError) Reason ¶

func (e ActionValidationError) Reason() string

Reason function returns reason value.

type MetadataSource ¶

type MetadataSource int32

const (
	// Query :ref:`dynamic metadata <well_known_dynamic_metadata>`
	MetadataSource_DYNAMIC MetadataSource = 0
	// Query :ref:`route metadata <envoy_v3_api_field_config.route.v3.Route.metadata>`
	MetadataSource_ROUTE MetadataSource = 1
)

func (MetadataSource) Descriptor ¶

func (MetadataSource) Descriptor() protoreflect.EnumDescriptor

func (MetadataSource) Enum ¶

func (x MetadataSource) Enum() *MetadataSource

func (MetadataSource) EnumDescriptor ¶

func (MetadataSource) EnumDescriptor() ([]byte, []int)

Deprecated: Use MetadataSource.Descriptor instead.

func (MetadataSource) Number ¶

func (x MetadataSource) Number() protoreflect.EnumNumber

func (MetadataSource) String ¶

func (x MetadataSource) String() string

func (MetadataSource) Type ¶

func (MetadataSource) Type() protoreflect.EnumType

type Permission ¶

type Permission struct {

	// Types that are assignable to Rule:
	//
	//	*Permission_AndRules
	//	*Permission_OrRules
	//	*Permission_Any
	//	*Permission_Header
	//	*Permission_UrlPath
	//	*Permission_DestinationIp
	//	*Permission_DestinationPort
	//	*Permission_DestinationPortRange
	//	*Permission_Metadata
	//	*Permission_NotRule
	//	*Permission_RequestedServerName
	//	*Permission_Matcher
	//	*Permission_UriTemplate
	//	*Permission_SourcedMetadata
	Rule isPermission_Rule `protobuf_oneof:"rule"`
	// contains filtered or unexported fields
}

Permission defines an action (or actions) that a principal can take. [#next-free-field: 15]

func (*Permission) Descriptor ¶

func (*Permission) Descriptor() ([]byte, []int)

Deprecated: Use Permission.ProtoReflect.Descriptor instead.

func (*Permission) GetAndRules ¶

func (x *Permission) GetAndRules() *Permission_Set

func (*Permission) GetAny ¶

func (x *Permission) GetAny() bool

func (*Permission) GetDestinationIp ¶

func (x *Permission) GetDestinationIp() *v32.CidrRange

func (*Permission) GetDestinationPort ¶

func (x *Permission) GetDestinationPort() uint32

func (*Permission) GetDestinationPortRange ¶

func (x *Permission) GetDestinationPortRange() *v33.Int32Range

func (*Permission) GetHeader ¶

func (x *Permission) GetHeader() *v31.HeaderMatcher

func (*Permission) GetMatcher ¶

func (x *Permission) GetMatcher() *v32.TypedExtensionConfig

func (*Permission) GetMetadata ¶

func (x *Permission) GetMetadata() *v3.MetadataMatcher

Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.

func (*Permission) GetNotRule ¶

func (x *Permission) GetNotRule() *Permission

func (*Permission) GetOrRules ¶

func (x *Permission) GetOrRules() *Permission_Set

func (*Permission) GetRequestedServerName ¶

func (x *Permission) GetRequestedServerName() *v3.StringMatcher

func (*Permission) GetRule ¶

func (m *Permission) GetRule() isPermission_Rule

func (*Permission) GetSourcedMetadata ¶

func (x *Permission) GetSourcedMetadata() *SourcedMetadata

func (*Permission) GetUriTemplate ¶

func (x *Permission) GetUriTemplate() *v32.TypedExtensionConfig

func (*Permission) GetUrlPath ¶

func (x *Permission) GetUrlPath() *v3.PathMatcher

func (*Permission) ProtoMessage ¶

func (*Permission) ProtoMessage()

func (*Permission) ProtoReflect ¶

func (x *Permission) ProtoReflect() protoreflect.Message

func (*Permission) Reset ¶

func (x *Permission) Reset()

func (*Permission) String ¶

func (x *Permission) String() string

func (*Permission) Validate ¶

func (m *Permission) Validate() error

Validate checks the field values on Permission with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Permission) ValidateAll ¶

func (m *Permission) ValidateAll() error

ValidateAll checks the field values on Permission with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in PermissionMultiError, or nil if none found.

type PermissionMultiError ¶

type PermissionMultiError []error

PermissionMultiError is an error wrapping multiple validation errors returned by Permission.ValidateAll() if the designated constraints aren't met.

func (PermissionMultiError) AllErrors ¶

func (m PermissionMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (PermissionMultiError) Error ¶

func (m PermissionMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type PermissionValidationError ¶

type PermissionValidationError struct {
	// contains filtered or unexported fields
}

PermissionValidationError is the validation error returned by Permission.Validate if the designated constraints aren't met.

func (PermissionValidationError) Cause ¶

func (e PermissionValidationError) Cause() error

Cause function returns cause value.

func (PermissionValidationError) Error ¶

func (e PermissionValidationError) Error() string

Error satisfies the builtin error interface

func (PermissionValidationError) ErrorName ¶

func (e PermissionValidationError) ErrorName() string

ErrorName returns error name.

func (PermissionValidationError) Field ¶

func (e PermissionValidationError) Field() string

Field function returns field value.

func (PermissionValidationError) Key ¶

func (e PermissionValidationError) Key() bool

Key function returns key value.

func (PermissionValidationError) Reason ¶

func (e PermissionValidationError) Reason() string

Reason function returns reason value.

type Permission_AndRules ¶

type Permission_AndRules struct {
	// A set of rules that all must match in order to define the action.
	AndRules *Permission_Set `protobuf:"bytes,1,opt,name=and_rules,json=andRules,proto3,oneof"`
}

type Permission_Any ¶

type Permission_Any struct {
	// When any is set, it matches any action.
	Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
}

type Permission_DestinationIp ¶

type Permission_DestinationIp struct {
	// A CIDR block that describes the destination IP.
	DestinationIp *v32.CidrRange `protobuf:"bytes,5,opt,name=destination_ip,json=destinationIp,proto3,oneof"`
}

type Permission_DestinationPort ¶

type Permission_DestinationPort struct {
	// A port number that describes the destination port connecting to.
	DestinationPort uint32 `protobuf:"varint,6,opt,name=destination_port,json=destinationPort,proto3,oneof"`
}

type Permission_DestinationPortRange ¶

type Permission_DestinationPortRange struct {
	// A port number range that describes a range of destination ports connecting to.
	DestinationPortRange *v33.Int32Range `protobuf:"bytes,11,opt,name=destination_port_range,json=destinationPortRange,proto3,oneof"`
}

type Permission_Header ¶

type Permission_Header struct {
	// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
	// available for HTTP request.
	// Note: the pseudo-header :path includes the query and fragment string. Use the “url_path“
	// field if you want to match the URL path without the query and fragment string.
	Header *v31.HeaderMatcher `protobuf:"bytes,4,opt,name=header,proto3,oneof"`
}

type Permission_Matcher ¶

type Permission_Matcher struct {
	// Extension for configuring custom matchers for RBAC.
	// [#extension-category: envoy.rbac.matchers]
	Matcher *v32.TypedExtensionConfig `protobuf:"bytes,12,opt,name=matcher,proto3,oneof"`
}

type Permission_Metadata ¶

type Permission_Metadata struct {
	// Metadata that describes additional information about the action. This field is deprecated; please use
	// :ref:`sourced_metadata<envoy_v3_api_field_config.rbac.v3.Permission.sourced_metadata>` instead.
	//
	// Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.
	Metadata *v3.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof"`
}

type Permission_NotRule ¶

type Permission_NotRule struct {
	// Negates matching the provided permission. For instance, if the value of
	// “not_rule“ would match, this permission would not match. Conversely, if
	// the value of “not_rule“ would not match, this permission would match.
	NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,proto3,oneof"`
}

type Permission_OrRules ¶

type Permission_OrRules struct {
	// A set of rules where at least one must match in order to define the action.
	OrRules *Permission_Set `protobuf:"bytes,2,opt,name=or_rules,json=orRules,proto3,oneof"`
}

type Permission_RequestedServerName ¶

type Permission_RequestedServerName struct {
	// The request server from the client's connection request. This is
	// typically TLS SNI.
	//
	// .. attention::
	//
	//	The behavior of this field may be affected by how Envoy is configured
	//	as explained below.
	//
	//	* If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
	//	  filter is not added, and if a ``FilterChainMatch`` is not defined for
	//	  the :ref:`server name
	//	  <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
	//	  a TLS connection's requested SNI server name will be treated as if it
	//	  wasn't present.
	//
	//	* A :ref:`listener filter <arch_overview_listener_filters>` may
	//	  overwrite a connection's requested server name within Envoy.
	//
	// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to
	// setup SNI.
	RequestedServerName *v3.StringMatcher `protobuf:"bytes,9,opt,name=requested_server_name,json=requestedServerName,proto3,oneof"`
}

type Permission_Set ¶

type Permission_Set struct {
	Rules []*Permission `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
	// contains filtered or unexported fields
}

Used in the “and_rules“ and “or_rules“ fields in the “rule“ oneof. Depending on the context, each are applied with the associated behavior.

func (*Permission_Set) Descriptor ¶

func (*Permission_Set) Descriptor() ([]byte, []int)

Deprecated: Use Permission_Set.ProtoReflect.Descriptor instead.

func (*Permission_Set) GetRules ¶

func (x *Permission_Set) GetRules() []*Permission

func (*Permission_Set) ProtoMessage ¶

func (*Permission_Set) ProtoMessage()

func (*Permission_Set) ProtoReflect ¶

func (x *Permission_Set) ProtoReflect() protoreflect.Message

func (*Permission_Set) Reset ¶

func (x *Permission_Set) Reset()

func (*Permission_Set) String ¶

func (x *Permission_Set) String() string

func (*Permission_Set) Validate ¶

func (m *Permission_Set) Validate() error

Validate checks the field values on Permission_Set with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Permission_Set) ValidateAll ¶

func (m *Permission_Set) ValidateAll() error

ValidateAll checks the field values on Permission_Set with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in Permission_SetMultiError, or nil if none found.

type Permission_SetMultiError ¶

type Permission_SetMultiError []error

Permission_SetMultiError is an error wrapping multiple validation errors returned by Permission_Set.ValidateAll() if the designated constraints aren't met.

func (Permission_SetMultiError) AllErrors ¶

func (m Permission_SetMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (Permission_SetMultiError) Error ¶

func (m Permission_SetMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type Permission_SetValidationError ¶

type Permission_SetValidationError struct {
	// contains filtered or unexported fields
}

Permission_SetValidationError is the validation error returned by Permission_Set.Validate if the designated constraints aren't met.

func (Permission_SetValidationError) Cause ¶

func (e Permission_SetValidationError) Cause() error

Cause function returns cause value.

func (Permission_SetValidationError) Error ¶

func (e Permission_SetValidationError) Error() string

Error satisfies the builtin error interface

func (Permission_SetValidationError) ErrorName ¶

func (e Permission_SetValidationError) ErrorName() string

ErrorName returns error name.

func (Permission_SetValidationError) Field ¶

func (e Permission_SetValidationError) Field() string

Field function returns field value.

func (Permission_SetValidationError) Key ¶

func (e Permission_SetValidationError) Key() bool

Key function returns key value.

func (Permission_SetValidationError) Reason ¶

func (e Permission_SetValidationError) Reason() string

Reason function returns reason value.

type Permission_SourcedMetadata ¶

type Permission_SourcedMetadata struct {
	// Matches against metadata from either dynamic state or route configuration. Preferred over the
	// “metadata“ field as it provides more flexibility in metadata source selection.
	SourcedMetadata *SourcedMetadata `protobuf:"bytes,14,opt,name=sourced_metadata,json=sourcedMetadata,proto3,oneof"`
}

type Permission_UriTemplate ¶

type Permission_UriTemplate struct {
	// URI template path matching.
	// [#extension-category: envoy.path.match]
	UriTemplate *v32.TypedExtensionConfig `protobuf:"bytes,13,opt,name=uri_template,json=uriTemplate,proto3,oneof"`
}

type Permission_UrlPath ¶

type Permission_UrlPath struct {
	// A URL path on the incoming HTTP request. Only available for HTTP.
	UrlPath *v3.PathMatcher `protobuf:"bytes,10,opt,name=url_path,json=urlPath,proto3,oneof"`
}

type Policy ¶

type Policy struct {

	// Required. The set of permissions that define a role. Each permission is
	// matched with OR semantics. To match all actions for this policy, a single
	// Permission with the “any“ field set to true should be used.
	Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
	// Required. The set of principals that are assigned/denied the role based on
	// “action”. Each principal is matched with OR semantics. To match all
	// downstreams for this policy, a single Principal with the “any“ field set to
	// true should be used.
	Principals []*Principal `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"`
	// An optional symbolic expression specifying an access control
	// :ref:`condition <arch_overview_condition>`. The condition is combined
	// with the permissions and the principals as a clause with AND semantics.
	// Only be used when checked_condition is not used.
	Condition *v1alpha1.Expr `protobuf:"bytes,3,opt,name=condition,proto3" json:"condition,omitempty"`
	// [#not-implemented-hide:]
	// An optional symbolic expression that has been successfully type checked.
	// Only be used when condition is not used.
	CheckedCondition *v1alpha1.CheckedExpr `protobuf:"bytes,4,opt,name=checked_condition,json=checkedCondition,proto3" json:"checked_condition,omitempty"`
	// contains filtered or unexported fields
}

Policy specifies a role and the principals that are assigned/denied the role. A policy matches if and only if at least one of its permissions match the action taking place AND at least one of its principals match the downstream AND the condition is true if specified.

func (*Policy) Descriptor ¶

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetCheckedCondition ¶

func (x *Policy) GetCheckedCondition() *v1alpha1.CheckedExpr

func (*Policy) GetCondition ¶

func (x *Policy) GetCondition() *v1alpha1.Expr

func (*Policy) GetPermissions ¶

func (x *Policy) GetPermissions() []*Permission

func (*Policy) GetPrincipals ¶

func (x *Policy) GetPrincipals() []*Principal

func (*Policy) ProtoMessage ¶

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect ¶

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset ¶

func (x *Policy) Reset()

func (*Policy) String ¶

func (x *Policy) String() string

func (*Policy) Validate ¶

func (m *Policy) Validate() error

Validate checks the field values on Policy with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Policy) ValidateAll ¶

func (m *Policy) ValidateAll() error

ValidateAll checks the field values on Policy with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in PolicyMultiError, or nil if none found.

type PolicyMultiError ¶

type PolicyMultiError []error

PolicyMultiError is an error wrapping multiple validation errors returned by Policy.ValidateAll() if the designated constraints aren't met.

func (PolicyMultiError) AllErrors ¶

func (m PolicyMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (PolicyMultiError) Error ¶

func (m PolicyMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type PolicyValidationError ¶

type PolicyValidationError struct {
	// contains filtered or unexported fields
}

PolicyValidationError is the validation error returned by Policy.Validate if the designated constraints aren't met.

func (PolicyValidationError) Cause ¶

func (e PolicyValidationError) Cause() error

Cause function returns cause value.

func (PolicyValidationError) Error ¶

func (e PolicyValidationError) Error() string

Error satisfies the builtin error interface

func (PolicyValidationError) ErrorName ¶

func (e PolicyValidationError) ErrorName() string

ErrorName returns error name.

func (PolicyValidationError) Field ¶

func (e PolicyValidationError) Field() string

Field function returns field value.

func (PolicyValidationError) Key ¶

func (e PolicyValidationError) Key() bool

Key function returns key value.

func (PolicyValidationError) Reason ¶

func (e PolicyValidationError) Reason() string

Reason function returns reason value.

type Principal ¶

type Principal struct {

	// Types that are assignable to Identifier:
	//
	//	*Principal_AndIds
	//	*Principal_OrIds
	//	*Principal_Any
	//	*Principal_Authenticated_
	//	*Principal_SourceIp
	//	*Principal_DirectRemoteIp
	//	*Principal_RemoteIp
	//	*Principal_Header
	//	*Principal_UrlPath
	//	*Principal_Metadata
	//	*Principal_FilterState
	//	*Principal_NotId
	//	*Principal_SourcedMetadata
	Identifier isPrincipal_Identifier `protobuf_oneof:"identifier"`
	// contains filtered or unexported fields
}

Principal defines an identity or a group of identities for a downstream subject. [#next-free-field: 14]

func (*Principal) Descriptor ¶

func (*Principal) Descriptor() ([]byte, []int)

Deprecated: Use Principal.ProtoReflect.Descriptor instead.

func (*Principal) GetAndIds ¶

func (x *Principal) GetAndIds() *Principal_Set

func (*Principal) GetAny ¶

func (x *Principal) GetAny() bool

func (*Principal) GetAuthenticated ¶

func (x *Principal) GetAuthenticated() *Principal_Authenticated

func (*Principal) GetDirectRemoteIp ¶

func (x *Principal) GetDirectRemoteIp() *v32.CidrRange

func (*Principal) GetFilterState ¶

func (x *Principal) GetFilterState() *v3.FilterStateMatcher

func (*Principal) GetHeader ¶

func (x *Principal) GetHeader() *v31.HeaderMatcher

func (*Principal) GetIdentifier ¶

func (m *Principal) GetIdentifier() isPrincipal_Identifier

func (*Principal) GetMetadata ¶

func (x *Principal) GetMetadata() *v3.MetadataMatcher

Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.

func (*Principal) GetNotId ¶

func (x *Principal) GetNotId() *Principal

func (*Principal) GetOrIds ¶

func (x *Principal) GetOrIds() *Principal_Set

func (*Principal) GetRemoteIp ¶

func (x *Principal) GetRemoteIp() *v32.CidrRange

func (*Principal) GetSourceIp ¶

func (x *Principal) GetSourceIp() *v32.CidrRange

Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.

func (*Principal) GetSourcedMetadata ¶

func (x *Principal) GetSourcedMetadata() *SourcedMetadata

func (*Principal) GetUrlPath ¶

func (x *Principal) GetUrlPath() *v3.PathMatcher

func (*Principal) ProtoMessage ¶

func (*Principal) ProtoMessage()

func (*Principal) ProtoReflect ¶

func (x *Principal) ProtoReflect() protoreflect.Message

func (*Principal) Reset ¶

func (x *Principal) Reset()

func (*Principal) String ¶

func (x *Principal) String() string

func (*Principal) Validate ¶

func (m *Principal) Validate() error

Validate checks the field values on Principal with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Principal) ValidateAll ¶

func (m *Principal) ValidateAll() error

ValidateAll checks the field values on Principal with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in PrincipalMultiError, or nil if none found.

type PrincipalMultiError ¶

type PrincipalMultiError []error

PrincipalMultiError is an error wrapping multiple validation errors returned by Principal.ValidateAll() if the designated constraints aren't met.

func (PrincipalMultiError) AllErrors ¶

func (m PrincipalMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (PrincipalMultiError) Error ¶

func (m PrincipalMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type PrincipalValidationError ¶

type PrincipalValidationError struct {
	// contains filtered or unexported fields
}

PrincipalValidationError is the validation error returned by Principal.Validate if the designated constraints aren't met.

func (PrincipalValidationError) Cause ¶

func (e PrincipalValidationError) Cause() error

Cause function returns cause value.

func (PrincipalValidationError) Error ¶

func (e PrincipalValidationError) Error() string

Error satisfies the builtin error interface

func (PrincipalValidationError) ErrorName ¶

func (e PrincipalValidationError) ErrorName() string

ErrorName returns error name.

func (PrincipalValidationError) Field ¶

func (e PrincipalValidationError) Field() string

Field function returns field value.

func (PrincipalValidationError) Key ¶

func (e PrincipalValidationError) Key() bool

Key function returns key value.

func (PrincipalValidationError) Reason ¶

func (e PrincipalValidationError) Reason() string

Reason function returns reason value.

type Principal_AndIds ¶

type Principal_AndIds struct {
	// A set of identifiers that all must match in order to define the
	// downstream.
	AndIds *Principal_Set `protobuf:"bytes,1,opt,name=and_ids,json=andIds,proto3,oneof"`
}

type Principal_Any ¶

type Principal_Any struct {
	// When any is set, it matches any downstream.
	Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
}

type Principal_Authenticated ¶

type Principal_Authenticated struct {

	// The name of the principal. If set, The URI SAN or DNS SAN in that order
	// is used from the certificate, otherwise the subject field is used. If
	// unset, it applies to any user that is authenticated.
	PrincipalName *v3.StringMatcher `protobuf:"bytes,2,opt,name=principal_name,json=principalName,proto3" json:"principal_name,omitempty"`
	// contains filtered or unexported fields
}

Authentication attributes for a downstream.

func (*Principal_Authenticated) Descriptor ¶

func (*Principal_Authenticated) Descriptor() ([]byte, []int)

Deprecated: Use Principal_Authenticated.ProtoReflect.Descriptor instead.

func (*Principal_Authenticated) GetPrincipalName ¶

func (x *Principal_Authenticated) GetPrincipalName() *v3.StringMatcher

func (*Principal_Authenticated) ProtoMessage ¶

func (*Principal_Authenticated) ProtoMessage()

func (*Principal_Authenticated) ProtoReflect ¶

func (x *Principal_Authenticated) ProtoReflect() protoreflect.Message

func (*Principal_Authenticated) Reset ¶

func (x *Principal_Authenticated) Reset()

func (*Principal_Authenticated) String ¶

func (x *Principal_Authenticated) String() string

func (*Principal_Authenticated) Validate ¶

func (m *Principal_Authenticated) Validate() error

Validate checks the field values on Principal_Authenticated with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Principal_Authenticated) ValidateAll ¶

func (m *Principal_Authenticated) ValidateAll() error

ValidateAll checks the field values on Principal_Authenticated with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in Principal_AuthenticatedMultiError, or nil if none found.

type Principal_AuthenticatedMultiError ¶

type Principal_AuthenticatedMultiError []error

Principal_AuthenticatedMultiError is an error wrapping multiple validation errors returned by Principal_Authenticated.ValidateAll() if the designated constraints aren't met.

func (Principal_AuthenticatedMultiError) AllErrors ¶

func (m Principal_AuthenticatedMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (Principal_AuthenticatedMultiError) Error ¶

func (m Principal_AuthenticatedMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type Principal_AuthenticatedValidationError ¶

type Principal_AuthenticatedValidationError struct {
	// contains filtered or unexported fields
}

Principal_AuthenticatedValidationError is the validation error returned by Principal_Authenticated.Validate if the designated constraints aren't met.

func (Principal_AuthenticatedValidationError) Cause ¶

func (e Principal_AuthenticatedValidationError) Cause() error

Cause function returns cause value.

func (Principal_AuthenticatedValidationError) Error ¶

func (e Principal_AuthenticatedValidationError) Error() string

Error satisfies the builtin error interface

func (Principal_AuthenticatedValidationError) ErrorName ¶

func (e Principal_AuthenticatedValidationError) ErrorName() string

ErrorName returns error name.

func (Principal_AuthenticatedValidationError) Field ¶

func (e Principal_AuthenticatedValidationError) Field() string

Field function returns field value.

func (Principal_AuthenticatedValidationError) Key ¶

func (e Principal_AuthenticatedValidationError) Key() bool

Key function returns key value.

func (Principal_AuthenticatedValidationError) Reason ¶

func (e Principal_AuthenticatedValidationError) Reason() string

Reason function returns reason value.

type Principal_Authenticated_ ¶

type Principal_Authenticated_ struct {
	// Authenticated attributes that identify the downstream.
	Authenticated *Principal_Authenticated `protobuf:"bytes,4,opt,name=authenticated,proto3,oneof"`
}

type Principal_DirectRemoteIp ¶

type Principal_DirectRemoteIp struct {
	// A CIDR block that describes the downstream remote/origin address.
	// Note: This is always the physical peer even if the
	// :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is
	// inferred from for example the x-forwarder-for header, proxy protocol,
	// etc.
	DirectRemoteIp *v32.CidrRange `protobuf:"bytes,10,opt,name=direct_remote_ip,json=directRemoteIp,proto3,oneof"`
}

type Principal_FilterState ¶

type Principal_FilterState struct {
	// Identifies the principal using a filter state object.
	FilterState *v3.FilterStateMatcher `protobuf:"bytes,12,opt,name=filter_state,json=filterState,proto3,oneof"`
}

type Principal_Header ¶

type Principal_Header struct {
	// A header (or pseudo-header such as :path or :method) on the incoming HTTP
	// request. Only available for HTTP request. Note: the pseudo-header :path
	// includes the query and fragment string. Use the “url_path“ field if you
	// want to match the URL path without the query and fragment string.
	Header *v31.HeaderMatcher `protobuf:"bytes,6,opt,name=header,proto3,oneof"`
}

type Principal_Metadata ¶

type Principal_Metadata struct {
	// Metadata that describes additional information about the principal. This field is deprecated; please use
	// :ref:`sourced_metadata<envoy_v3_api_field_config.rbac.v3.Principal.sourced_metadata>` instead.
	//
	// Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.
	Metadata *v3.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof"`
}

type Principal_NotId ¶

type Principal_NotId struct {
	// Negates matching the provided principal. For instance, if the value of
	// “not_id“ would match, this principal would not match. Conversely, if the
	// value of “not_id“ would not match, this principal would match.
	NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,proto3,oneof"`
}

type Principal_OrIds ¶

type Principal_OrIds struct {
	// A set of identifiers at least one must match in order to define the
	// downstream.
	OrIds *Principal_Set `protobuf:"bytes,2,opt,name=or_ids,json=orIds,proto3,oneof"`
}

type Principal_RemoteIp ¶

type Principal_RemoteIp struct {
	// A CIDR block that describes the downstream remote/origin address.
	// Note: This may not be the physical peer and could be different from the
	// :ref:`direct_remote_ip
	// <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the
	// remote ip is inferred from for example the x-forwarder-for header, proxy
	// protocol, etc.
	RemoteIp *v32.CidrRange `protobuf:"bytes,11,opt,name=remote_ip,json=remoteIp,proto3,oneof"`
}

type Principal_Set ¶

type Principal_Set struct {
	Ids []*Principal `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"`
	// contains filtered or unexported fields
}

Used in the “and_ids“ and “or_ids“ fields in the “identifier“ oneof. Depending on the context, each are applied with the associated behavior.

func (*Principal_Set) Descriptor ¶

func (*Principal_Set) Descriptor() ([]byte, []int)

Deprecated: Use Principal_Set.ProtoReflect.Descriptor instead.

func (*Principal_Set) GetIds ¶

func (x *Principal_Set) GetIds() []*Principal

func (*Principal_Set) ProtoMessage ¶

func (*Principal_Set) ProtoMessage()

func (*Principal_Set) ProtoReflect ¶

func (x *Principal_Set) ProtoReflect() protoreflect.Message

func (*Principal_Set) Reset ¶

func (x *Principal_Set) Reset()

func (*Principal_Set) String ¶

func (x *Principal_Set) String() string

func (*Principal_Set) Validate ¶

func (m *Principal_Set) Validate() error

Validate checks the field values on Principal_Set with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*Principal_Set) ValidateAll ¶

func (m *Principal_Set) ValidateAll() error

ValidateAll checks the field values on Principal_Set with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in Principal_SetMultiError, or nil if none found.

type Principal_SetMultiError ¶

type Principal_SetMultiError []error

Principal_SetMultiError is an error wrapping multiple validation errors returned by Principal_Set.ValidateAll() if the designated constraints aren't met.

func (Principal_SetMultiError) AllErrors ¶

func (m Principal_SetMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (Principal_SetMultiError) Error ¶

func (m Principal_SetMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type Principal_SetValidationError ¶

type Principal_SetValidationError struct {
	// contains filtered or unexported fields
}

Principal_SetValidationError is the validation error returned by Principal_Set.Validate if the designated constraints aren't met.

func (Principal_SetValidationError) Cause ¶

func (e Principal_SetValidationError) Cause() error

Cause function returns cause value.

func (Principal_SetValidationError) Error ¶

func (e Principal_SetValidationError) Error() string

Error satisfies the builtin error interface

func (Principal_SetValidationError) ErrorName ¶

func (e Principal_SetValidationError) ErrorName() string

ErrorName returns error name.

func (Principal_SetValidationError) Field ¶

func (e Principal_SetValidationError) Field() string

Field function returns field value.

func (Principal_SetValidationError) Key ¶

func (e Principal_SetValidationError) Key() bool

Key function returns key value.

func (Principal_SetValidationError) Reason ¶

func (e Principal_SetValidationError) Reason() string

Reason function returns reason value.

type Principal_SourceIp ¶

type Principal_SourceIp struct {
	// A CIDR block that describes the downstream IP.
	// This address will honor proxy protocol, but will not honor XFF.
	//
	// This field is deprecated; either use :ref:`remote_ip
	// <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` for the same
	// behavior, or use
	// :ref:`direct_remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`.
	//
	// Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.
	SourceIp *v32.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,proto3,oneof"`
}

type Principal_SourcedMetadata ¶

type Principal_SourcedMetadata struct {
	// Matches against metadata from either dynamic state or route configuration. Preferred over the
	// “metadata“ field as it provides more flexibility in metadata source selection.
	SourcedMetadata *SourcedMetadata `protobuf:"bytes,13,opt,name=sourced_metadata,json=sourcedMetadata,proto3,oneof"`
}

type Principal_UrlPath ¶

type Principal_UrlPath struct {
	// A URL path on the incoming HTTP request. Only available for HTTP.
	UrlPath *v3.PathMatcher `protobuf:"bytes,9,opt,name=url_path,json=urlPath,proto3,oneof"`
}

type RBAC ¶

type RBAC struct {

	// The action to take if a policy matches. Every action either allows or denies a request,
	// and can also carry out action-specific operations.
	//
	// Actions:
	//
	//   - “ALLOW“: Allows the request if and only if there is a policy that matches
	//     the request.
	//   - “DENY“: Allows the request if and only if there are no policies that
	//     match the request.
	//   - “LOG“: Allows all requests. If at least one policy matches, the dynamic
	//     metadata key “access_log_hint“ is set to the value “true“ under the shared
	//     key namespace “envoy.common“. If no policies match, it is set to “false“.
	//     Other actions do not modify this key.
	Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"`
	// Maps from policy name to policy. A match occurs when at least one policy matches the request.
	// The policies are evaluated in lexicographic order of the policy name.
	Policies map[string]*Policy `protobuf:"bytes,2,rep,name=policies,proto3" json:"policies,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
	// Audit logging options that include the condition for audit logging to happen
	// and audit logger configurations.
	//
	// [#not-implemented-hide:]
	AuditLoggingOptions *RBAC_AuditLoggingOptions `protobuf:"bytes,3,opt,name=audit_logging_options,json=auditLoggingOptions,proto3" json:"audit_logging_options,omitempty"`
	// contains filtered or unexported fields
}

Role Based Access Control (RBAC) provides service-level and method-level access control for a service. Requests are allowed or denied based on the “action“ and whether a matching policy is found. For instance, if the action is ALLOW and a matching policy is found the request should be allowed.

RBAC can also be used to make access logging decisions by communicating with access loggers through dynamic metadata. When the action is LOG and at least one policy matches, the “access_log_hint“ value in the shared key namespace 'envoy.common' is set to “true“ indicating the request should be logged.

Here is an example of RBAC configuration. It has two policies:

Service account “cluster.local/ns/default/sa/admin“ has full access to the service, and so does "cluster.local/ns/default/sa/superuser".
Any user can read (“GET“) the service at paths with prefix “/products“, so long as the destination port is either 80 or 443.
.. code-block:: yaml
action: ALLOW policies: "service-admin": permissions:
any: true principals:
authenticated: principal_name: exact: "cluster.local/ns/default/sa/admin"
authenticated: principal_name: exact: "cluster.local/ns/default/sa/superuser" "product-viewer": permissions:
and_rules: rules:
header: name: ":method" string_match: exact: "GET"
url_path: path: { prefix: "/products" }
or_rules: rules:
destination_port: 80
destination_port: 443 principals:
any: true

func (*RBAC) Descriptor ¶

func (*RBAC) Descriptor() ([]byte, []int)

Deprecated: Use RBAC.ProtoReflect.Descriptor instead.

func (*RBAC) GetAction ¶

func (x *RBAC) GetAction() RBAC_Action

func (*RBAC) GetAuditLoggingOptions ¶

func (x *RBAC) GetAuditLoggingOptions() *RBAC_AuditLoggingOptions

func (*RBAC) GetPolicies ¶

func (x *RBAC) GetPolicies() map[string]*Policy

func (*RBAC) ProtoMessage ¶

func (*RBAC) ProtoMessage()

func (*RBAC) ProtoReflect ¶

func (x *RBAC) ProtoReflect() protoreflect.Message

func (*RBAC) Reset ¶

func (x *RBAC) Reset()

func (*RBAC) String ¶

func (x *RBAC) String() string

func (*RBAC) Validate ¶

func (m *RBAC) Validate() error

Validate checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*RBAC) ValidateAll ¶

func (m *RBAC) ValidateAll() error

ValidateAll checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in RBACMultiError, or nil if none found.

type RBACMultiError ¶

type RBACMultiError []error

RBACMultiError is an error wrapping multiple validation errors returned by RBAC.ValidateAll() if the designated constraints aren't met.

func (RBACMultiError) AllErrors ¶

func (m RBACMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (RBACMultiError) Error ¶

func (m RBACMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type RBACValidationError ¶

type RBACValidationError struct {
	// contains filtered or unexported fields
}

RBACValidationError is the validation error returned by RBAC.Validate if the designated constraints aren't met.

func (RBACValidationError) Cause ¶

func (e RBACValidationError) Cause() error

Cause function returns cause value.

func (RBACValidationError) Error ¶

func (e RBACValidationError) Error() string

Error satisfies the builtin error interface

func (RBACValidationError) ErrorName ¶

func (e RBACValidationError) ErrorName() string

ErrorName returns error name.

func (RBACValidationError) Field ¶

func (e RBACValidationError) Field() string

Field function returns field value.

func (RBACValidationError) Key ¶

func (e RBACValidationError) Key() bool

Key function returns key value.

func (RBACValidationError) Reason ¶

func (e RBACValidationError) Reason() string

Reason function returns reason value.

type RBAC_Action ¶

type RBAC_Action int32

Should we do safe-list or block-list style access control?

const (
	// The policies grant access to principals. The rest are denied. This is safe-list style
	// access control. This is the default type.
	RBAC_ALLOW RBAC_Action = 0
	// The policies deny access to principals. The rest are allowed. This is block-list style
	// access control.
	RBAC_DENY RBAC_Action = 1
	// The policies set the “access_log_hint“ dynamic metadata key based on if requests match.
	// All requests are allowed.
	RBAC_LOG RBAC_Action = 2
)

func (RBAC_Action) Descriptor ¶

func (RBAC_Action) Descriptor() protoreflect.EnumDescriptor

func (RBAC_Action) Enum ¶

func (x RBAC_Action) Enum() *RBAC_Action

func (RBAC_Action) EnumDescriptor ¶

func (RBAC_Action) EnumDescriptor() ([]byte, []int)

Deprecated: Use RBAC_Action.Descriptor instead.

func (RBAC_Action) Number ¶

func (x RBAC_Action) Number() protoreflect.EnumNumber

func (RBAC_Action) String ¶

func (x RBAC_Action) String() string

func (RBAC_Action) Type ¶

func (RBAC_Action) Type() protoreflect.EnumType

type RBAC_AuditLoggingOptions ¶

type RBAC_AuditLoggingOptions struct {

	// Condition for the audit logging to happen.
	// If this condition is met, all the audit loggers configured here will be invoked.
	//
	// [#not-implemented-hide:]
	AuditCondition RBAC_AuditLoggingOptions_AuditCondition `protobuf:"varint,1,opt,name=audit_condition,json=auditCondition,proto3,enum=envoy.config.rbac.v3.RBAC_AuditLoggingOptions_AuditCondition" json:"audit_condition,omitempty"`
	// Configurations for RBAC-based authorization audit loggers.
	//
	// [#not-implemented-hide:]
	LoggerConfigs []*RBAC_AuditLoggingOptions_AuditLoggerConfig `protobuf:"bytes,2,rep,name=logger_configs,json=loggerConfigs,proto3" json:"logger_configs,omitempty"`
	// contains filtered or unexported fields
}

func (*RBAC_AuditLoggingOptions) Descriptor ¶

func (*RBAC_AuditLoggingOptions) Descriptor() ([]byte, []int)

Deprecated: Use RBAC_AuditLoggingOptions.ProtoReflect.Descriptor instead.

func (*RBAC_AuditLoggingOptions) GetAuditCondition ¶

func (x *RBAC_AuditLoggingOptions) GetAuditCondition() RBAC_AuditLoggingOptions_AuditCondition

func (*RBAC_AuditLoggingOptions) GetLoggerConfigs ¶

func (x *RBAC_AuditLoggingOptions) GetLoggerConfigs() []*RBAC_AuditLoggingOptions_AuditLoggerConfig

func (*RBAC_AuditLoggingOptions) ProtoMessage ¶

func (*RBAC_AuditLoggingOptions) ProtoMessage()

func (*RBAC_AuditLoggingOptions) ProtoReflect ¶

func (x *RBAC_AuditLoggingOptions) ProtoReflect() protoreflect.Message

func (*RBAC_AuditLoggingOptions) Reset ¶

func (x *RBAC_AuditLoggingOptions) Reset()

func (*RBAC_AuditLoggingOptions) String ¶

func (x *RBAC_AuditLoggingOptions) String() string

func (*RBAC_AuditLoggingOptions) Validate ¶

func (m *RBAC_AuditLoggingOptions) Validate() error

Validate checks the field values on RBAC_AuditLoggingOptions with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*RBAC_AuditLoggingOptions) ValidateAll ¶

func (m *RBAC_AuditLoggingOptions) ValidateAll() error

ValidateAll checks the field values on RBAC_AuditLoggingOptions with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in RBAC_AuditLoggingOptionsMultiError, or nil if none found.

type RBAC_AuditLoggingOptionsMultiError ¶

type RBAC_AuditLoggingOptionsMultiError []error

RBAC_AuditLoggingOptionsMultiError is an error wrapping multiple validation errors returned by RBAC_AuditLoggingOptions.ValidateAll() if the designated constraints aren't met.

func (RBAC_AuditLoggingOptionsMultiError) AllErrors ¶

func (m RBAC_AuditLoggingOptionsMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (RBAC_AuditLoggingOptionsMultiError) Error ¶

func (m RBAC_AuditLoggingOptionsMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type RBAC_AuditLoggingOptionsValidationError ¶

type RBAC_AuditLoggingOptionsValidationError struct {
	// contains filtered or unexported fields
}

RBAC_AuditLoggingOptionsValidationError is the validation error returned by RBAC_AuditLoggingOptions.Validate if the designated constraints aren't met.

func (RBAC_AuditLoggingOptionsValidationError) Cause ¶

func (e RBAC_AuditLoggingOptionsValidationError) Cause() error

Cause function returns cause value.

func (RBAC_AuditLoggingOptionsValidationError) Error ¶

func (e RBAC_AuditLoggingOptionsValidationError) Error() string

Error satisfies the builtin error interface

func (RBAC_AuditLoggingOptionsValidationError) ErrorName ¶

func (e RBAC_AuditLoggingOptionsValidationError) ErrorName() string

ErrorName returns error name.

func (RBAC_AuditLoggingOptionsValidationError) Field ¶

func (e RBAC_AuditLoggingOptionsValidationError) Field() string

Field function returns field value.

func (RBAC_AuditLoggingOptionsValidationError) Key ¶

func (e RBAC_AuditLoggingOptionsValidationError) Key() bool

Key function returns key value.

func (RBAC_AuditLoggingOptionsValidationError) Reason ¶

func (e RBAC_AuditLoggingOptionsValidationError) Reason() string

Reason function returns reason value.

type RBAC_AuditLoggingOptions_AuditCondition ¶

type RBAC_AuditLoggingOptions_AuditCondition int32

Deny and allow here refer to RBAC decisions, not actions.

const (
	// Never audit.
	RBAC_AuditLoggingOptions_NONE RBAC_AuditLoggingOptions_AuditCondition = 0
	// Audit when RBAC denies the request.
	RBAC_AuditLoggingOptions_ON_DENY RBAC_AuditLoggingOptions_AuditCondition = 1
	// Audit when RBAC allows the request.
	RBAC_AuditLoggingOptions_ON_ALLOW RBAC_AuditLoggingOptions_AuditCondition = 2
	// Audit whether RBAC allows or denies the request.
	RBAC_AuditLoggingOptions_ON_DENY_AND_ALLOW RBAC_AuditLoggingOptions_AuditCondition = 3
)

func (RBAC_AuditLoggingOptions_AuditCondition) Descriptor ¶

func (RBAC_AuditLoggingOptions_AuditCondition) Descriptor() protoreflect.EnumDescriptor

func (RBAC_AuditLoggingOptions_AuditCondition) Enum ¶

func (x RBAC_AuditLoggingOptions_AuditCondition) Enum() *RBAC_AuditLoggingOptions_AuditCondition

func (RBAC_AuditLoggingOptions_AuditCondition) EnumDescriptor ¶

func (RBAC_AuditLoggingOptions_AuditCondition) EnumDescriptor() ([]byte, []int)

Deprecated: Use RBAC_AuditLoggingOptions_AuditCondition.Descriptor instead.

func (RBAC_AuditLoggingOptions_AuditCondition) Number ¶

func (x RBAC_AuditLoggingOptions_AuditCondition) Number() protoreflect.EnumNumber

func (RBAC_AuditLoggingOptions_AuditCondition) String ¶

func (x RBAC_AuditLoggingOptions_AuditCondition) String() string

func (RBAC_AuditLoggingOptions_AuditCondition) Type ¶

func (RBAC_AuditLoggingOptions_AuditCondition) Type() protoreflect.EnumType

type RBAC_AuditLoggingOptions_AuditLoggerConfig ¶

type RBAC_AuditLoggingOptions_AuditLoggerConfig struct {

	// Typed logger configuration.
	//
	// [#extension-category: envoy.rbac.audit_loggers]
	AuditLogger *v32.TypedExtensionConfig `protobuf:"bytes,1,opt,name=audit_logger,json=auditLogger,proto3" json:"audit_logger,omitempty"`
	// If true, when the logger is not supported, the data plane will not NACK but simply ignore it.
	IsOptional bool `protobuf:"varint,2,opt,name=is_optional,json=isOptional,proto3" json:"is_optional,omitempty"`
	// contains filtered or unexported fields
}

[#not-implemented-hide:]

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) Descriptor ¶

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) Descriptor() ([]byte, []int)

Deprecated: Use RBAC_AuditLoggingOptions_AuditLoggerConfig.ProtoReflect.Descriptor instead.

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) GetAuditLogger ¶

func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) GetAuditLogger() *v32.TypedExtensionConfig

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) GetIsOptional ¶

func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) GetIsOptional() bool

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) ProtoMessage ¶

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) ProtoMessage()

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) ProtoReflect ¶

func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) ProtoReflect() protoreflect.Message

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) Reset ¶

func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) Reset()

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) String ¶

func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) String() string

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) Validate ¶

func (m *RBAC_AuditLoggingOptions_AuditLoggerConfig) Validate() error

Validate checks the field values on RBAC_AuditLoggingOptions_AuditLoggerConfig with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*RBAC_AuditLoggingOptions_AuditLoggerConfig) ValidateAll ¶

func (m *RBAC_AuditLoggingOptions_AuditLoggerConfig) ValidateAll() error

ValidateAll checks the field values on RBAC_AuditLoggingOptions_AuditLoggerConfig with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError, or nil if none found.

type RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError ¶

type RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError []error

RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError is an error wrapping multiple validation errors returned by RBAC_AuditLoggingOptions_AuditLoggerConfig.ValidateAll() if the designated constraints aren't met.

func (RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError) AllErrors ¶

func (m RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError) Error ¶

func (m RBAC_AuditLoggingOptions_AuditLoggerConfigMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError ¶

type RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError struct {
	// contains filtered or unexported fields
}

RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError is the validation error returned by RBAC_AuditLoggingOptions_AuditLoggerConfig.Validate if the designated constraints aren't met.

func (RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Cause ¶

func (e RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Cause() error

Cause function returns cause value.

func (RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Error ¶

func (e RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Error() string

Error satisfies the builtin error interface

func (RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) ErrorName ¶

func (e RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) ErrorName() string

ErrorName returns error name.

func (RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Field ¶

func (e RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Field() string

Field function returns field value.

func (RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Key ¶

func (e RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Key() bool

Key function returns key value.

func (RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Reason ¶

func (e RBAC_AuditLoggingOptions_AuditLoggerConfigValidationError) Reason() string

Reason function returns reason value.

type SourcedMetadata ¶

type SourcedMetadata struct {

	// Metadata matcher configuration that defines what metadata to match against. This includes the filter name,
	// metadata key path, and expected value.
	MetadataMatcher *v3.MetadataMatcher `protobuf:"bytes,1,opt,name=metadata_matcher,json=metadataMatcher,proto3" json:"metadata_matcher,omitempty"`
	// Specifies which metadata source should be used for matching. If not set,
	// defaults to DYNAMIC (dynamic metadata). Set to ROUTE to match against
	// static metadata configured on the route entry.
	MetadataSource MetadataSource `protobuf:"varint,2,opt,name=metadata_source,json=metadataSource,proto3,enum=envoy.config.rbac.v3.MetadataSource" json:"metadata_source,omitempty"`
	// contains filtered or unexported fields
}

SourcedMetadata enables matching against metadata from different sources in the request processing pipeline. It extends the base MetadataMatcher functionality by allowing specification of where the metadata should be sourced from, rather than only matching against dynamic metadata.

The matcher can be configured to look up metadata from:

* Dynamic metadata: Runtime metadata added by filters during request processing * Route metadata: Static metadata configured on the route entry

func (*SourcedMetadata) Descriptor ¶

func (*SourcedMetadata) Descriptor() ([]byte, []int)

Deprecated: Use SourcedMetadata.ProtoReflect.Descriptor instead.

func (*SourcedMetadata) GetMetadataMatcher ¶

func (x *SourcedMetadata) GetMetadataMatcher() *v3.MetadataMatcher

func (*SourcedMetadata) GetMetadataSource ¶

func (x *SourcedMetadata) GetMetadataSource() MetadataSource

func (*SourcedMetadata) ProtoMessage ¶

func (*SourcedMetadata) ProtoMessage()

func (*SourcedMetadata) ProtoReflect ¶

func (x *SourcedMetadata) ProtoReflect() protoreflect.Message

func (*SourcedMetadata) Reset ¶

func (x *SourcedMetadata) Reset()

func (*SourcedMetadata) String ¶

func (x *SourcedMetadata) String() string

func (*SourcedMetadata) Validate ¶

func (m *SourcedMetadata) Validate() error

Validate checks the field values on SourcedMetadata with the rules defined in the proto definition for this message. If any rules are violated, the first error encountered is returned, or nil if there are no violations.

func (*SourcedMetadata) ValidateAll ¶

func (m *SourcedMetadata) ValidateAll() error

ValidateAll checks the field values on SourcedMetadata with the rules defined in the proto definition for this message. If any rules are violated, the result is a list of violation errors wrapped in SourcedMetadataMultiError, or nil if none found.

type SourcedMetadataMultiError ¶

type SourcedMetadataMultiError []error

SourcedMetadataMultiError is an error wrapping multiple validation errors returned by SourcedMetadata.ValidateAll() if the designated constraints aren't met.

func (SourcedMetadataMultiError) AllErrors ¶

func (m SourcedMetadataMultiError) AllErrors() []error

AllErrors returns a list of validation violation errors.

func (SourcedMetadataMultiError) Error ¶

func (m SourcedMetadataMultiError) Error() string

Error returns a concatenation of all the error messages it wraps.

type SourcedMetadataValidationError ¶

type SourcedMetadataValidationError struct {
	// contains filtered or unexported fields
}

SourcedMetadataValidationError is the validation error returned by SourcedMetadata.Validate if the designated constraints aren't met.

func (SourcedMetadataValidationError) Cause ¶

func (e SourcedMetadataValidationError) Cause() error

Cause function returns cause value.

func (SourcedMetadataValidationError) Error ¶

func (e SourcedMetadataValidationError) Error() string

Error satisfies the builtin error interface

func (SourcedMetadataValidationError) ErrorName ¶

func (e SourcedMetadataValidationError) ErrorName() string

ErrorName returns error name.

func (SourcedMetadataValidationError) Field ¶

func (e SourcedMetadataValidationError) Field() string

Field function returns field value.

func (SourcedMetadataValidationError) Key ¶

func (e SourcedMetadataValidationError) Key() bool

Key function returns key value.

func (SourcedMetadataValidationError) Reason ¶

func (e SourcedMetadataValidationError) Reason() string

Reason function returns reason value.

Source Files ¶

rbac.pb.go rbac.pb.validate.go

Version: v1.32.4 (latest)
Published: Feb 3, 2025
Platform: linux/amd64
Imports: 24 packages
Last checked: 1 day ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples