rbacv3

package
v1.36.11-2026011520535... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: unknown License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_envoy_extensions_filters_http_rbac_v3_rbac_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type RBAC 

type RBAC struct {

	// The primary RBAC policy which will be applied globally, to all the incoming requests.
	//
	// * If absent, no RBAC enforcement occurs.
	// * If set but empty, all requests are denied.
	//
	// .. note::
	//
	//	When both “rules“ and “matcher“ are configured, “rules“ will be ignored.
	Rules *v3.RBAC `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"`
	// If specified, rules will emit stats with the given prefix.
	// This is useful for distinguishing metrics when multiple RBAC filters are configured.
	RulesStatPrefix string `protobuf:"bytes,6,opt,name=rules_stat_prefix,json=rulesStatPrefix,proto3" json:"rules_stat_prefix,omitempty"`
	// Match tree for evaluating RBAC actions on incoming requests. Requests not matching any matcher will be denied.
	//
	// * If absent, no RBAC enforcement occurs.
	// * If set but empty, all requests are denied.
	Matcher *v31.Matcher `protobuf:"bytes,4,opt,name=matcher,proto3" json:"matcher,omitempty"`
	// Shadow policy for testing RBAC rules without enforcing them. These rules generate stats and logs but do not deny
	// requests. If absent, no shadow RBAC policy will be applied.
	//
	// .. note::
	//
	//	When both “shadow_rules“ and “shadow_matcher“ are configured, “shadow_rules“ will be ignored.
	ShadowRules *v3.RBAC `protobuf:"bytes,2,opt,name=shadow_rules,json=shadowRules,proto3" json:"shadow_rules,omitempty"`
	// If absent, no shadow matcher will be applied.
	// Match tree for testing RBAC rules through stats and logs without enforcing them.
	// If absent, no shadow matching occurs.
	ShadowMatcher *v31.Matcher `protobuf:"bytes,5,opt,name=shadow_matcher,json=shadowMatcher,proto3" json:"shadow_matcher,omitempty"`
	// If specified, shadow rules will emit stats with the given prefix.
	// This is useful for distinguishing metrics when multiple RBAC filters use shadow rules.
	ShadowRulesStatPrefix string `` /* 128-byte string literal not displayed */
	// If “track_per_rule_stats“ is “true“, counters will be published for each rule and shadow rule.
	TrackPerRuleStats bool `protobuf:"varint,7,opt,name=track_per_rule_stats,json=trackPerRuleStats,proto3" json:"track_per_rule_stats,omitempty"`
	// contains filtered or unexported fields
}

RBAC filter config. [#next-free-field: 8]

func (*RBAC) ClearMatcher 

func (x *RBAC) ClearMatcher()

func (*RBAC) ClearRules 

func (x *RBAC) ClearRules()

func (*RBAC) ClearShadowMatcher 

func (x *RBAC) ClearShadowMatcher()

func (*RBAC) ClearShadowRules 

func (x *RBAC) ClearShadowRules()

func (*RBAC) GetMatcher 

func (x *RBAC) GetMatcher() *v31.Matcher

func (*RBAC) GetRules 

func (x *RBAC) GetRules() *v3.RBAC

func (*RBAC) GetRulesStatPrefix 

func (x *RBAC) GetRulesStatPrefix() string

func (*RBAC) GetShadowMatcher 

func (x *RBAC) GetShadowMatcher() *v31.Matcher

func (*RBAC) GetShadowRules 

func (x *RBAC) GetShadowRules() *v3.RBAC

func (*RBAC) GetShadowRulesStatPrefix 

func (x *RBAC) GetShadowRulesStatPrefix() string

func (*RBAC) GetTrackPerRuleStats 

func (x *RBAC) GetTrackPerRuleStats() bool

func (*RBAC) HasMatcher 

func (x *RBAC) HasMatcher() bool

func (*RBAC) HasRules 

func (x *RBAC) HasRules() bool

func (*RBAC) HasShadowMatcher 

func (x *RBAC) HasShadowMatcher() bool

func (*RBAC) HasShadowRules 

func (x *RBAC) HasShadowRules() bool

func (*RBAC) ProtoMessage 

func (*RBAC) ProtoMessage()

func (*RBAC) ProtoReflect 

func (x *RBAC) ProtoReflect() protoreflect.Message

func (*RBAC) Reset 

func (x *RBAC) Reset()

func (*RBAC) SetMatcher 

func (x *RBAC) SetMatcher(v *v31.Matcher)

func (*RBAC) SetRules 

func (x *RBAC) SetRules(v *v3.RBAC)

func (*RBAC) SetRulesStatPrefix 

func (x *RBAC) SetRulesStatPrefix(v string)

func (*RBAC) SetShadowMatcher 

func (x *RBAC) SetShadowMatcher(v *v31.Matcher)

func (*RBAC) SetShadowRules 

func (x *RBAC) SetShadowRules(v *v3.RBAC)

func (*RBAC) SetShadowRulesStatPrefix 

func (x *RBAC) SetShadowRulesStatPrefix(v string)

func (*RBAC) SetTrackPerRuleStats 

func (x *RBAC) SetTrackPerRuleStats(v bool)

func (*RBAC) String 

func (x *RBAC) String() string

type RBACPerRoute 

type RBACPerRoute struct {

	// Per-route specific RBAC configuration that overrides the global RBAC configuration.
	// If absent, RBAC policy will be disabled for this route.
	Rbac *RBAC `protobuf:"bytes,2,opt,name=rbac,proto3" json:"rbac,omitempty"`
	// contains filtered or unexported fields
}

func (*RBACPerRoute) ClearRbac 

func (x *RBACPerRoute) ClearRbac()

func (*RBACPerRoute) GetRbac 

func (x *RBACPerRoute) GetRbac() *RBAC

func (*RBACPerRoute) HasRbac 

func (x *RBACPerRoute) HasRbac() bool

func (*RBACPerRoute) ProtoMessage 

func (*RBACPerRoute) ProtoMessage()

func (*RBACPerRoute) ProtoReflect 

func (x *RBACPerRoute) ProtoReflect() protoreflect.Message

func (*RBACPerRoute) Reset 

func (x *RBACPerRoute) Reset()

func (*RBACPerRoute) SetRbac 

func (x *RBACPerRoute) SetRbac(v *RBAC)

func (*RBACPerRoute) String 

func (x *RBACPerRoute) String() string

type RBACPerRoute_builder 

type RBACPerRoute_builder struct {

	// Per-route specific RBAC configuration that overrides the global RBAC configuration.
	// If absent, RBAC policy will be disabled for this route.
	Rbac *RBAC
	// contains filtered or unexported fields
}

func (RBACPerRoute_builder) Build 

func (b0 RBACPerRoute_builder) Build() *RBACPerRoute

type RBAC_builder 

type RBAC_builder struct {

	// The primary RBAC policy which will be applied globally, to all the incoming requests.
	//
	// * If absent, no RBAC enforcement occurs.
	// * If set but empty, all requests are denied.
	//
	// .. note::
	//
	//	When both “rules“ and “matcher“ are configured, “rules“ will be ignored.
	Rules *v3.RBAC
	// If specified, rules will emit stats with the given prefix.
	// This is useful for distinguishing metrics when multiple RBAC filters are configured.
	RulesStatPrefix string
	// Match tree for evaluating RBAC actions on incoming requests. Requests not matching any matcher will be denied.
	//
	// * If absent, no RBAC enforcement occurs.
	// * If set but empty, all requests are denied.
	Matcher *v31.Matcher
	// Shadow policy for testing RBAC rules without enforcing them. These rules generate stats and logs but do not deny
	// requests. If absent, no shadow RBAC policy will be applied.
	//
	// .. note::
	//
	//	When both “shadow_rules“ and “shadow_matcher“ are configured, “shadow_rules“ will be ignored.
	ShadowRules *v3.RBAC
	// If absent, no shadow matcher will be applied.
	// Match tree for testing RBAC rules through stats and logs without enforcing them.
	// If absent, no shadow matching occurs.
	ShadowMatcher *v31.Matcher
	// If specified, shadow rules will emit stats with the given prefix.
	// This is useful for distinguishing metrics when multiple RBAC filters use shadow rules.
	ShadowRulesStatPrefix string
	// If “track_per_rule_stats“ is “true“, counters will be published for each rule and shadow rule.
	TrackPerRuleStats bool
	// contains filtered or unexported fields
}

func (RBAC_builder) Build 

func (b0 RBAC_builder) Build() *RBAC

Source Files

  • rbac.pb.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.