Documentation
¶
Index ¶
- Variables
- type RBAC
- func (x *RBAC) ClearDelayDeny()
- func (x *RBAC) ClearMatcher()
- func (x *RBAC) ClearRules()
- func (x *RBAC) ClearShadowMatcher()
- func (x *RBAC) ClearShadowRules()
- func (x *RBAC) GetDelayDeny() *durationpb.Duration
- func (x *RBAC) GetEnforcementType() RBAC_EnforcementType
- func (x *RBAC) GetMatcher() *v31.Matcher
- func (x *RBAC) GetRules() *v3.RBAC
- func (x *RBAC) GetShadowMatcher() *v31.Matcher
- func (x *RBAC) GetShadowRules() *v3.RBAC
- func (x *RBAC) GetShadowRulesStatPrefix() string
- func (x *RBAC) GetStatPrefix() string
- func (x *RBAC) HasDelayDeny() bool
- func (x *RBAC) HasMatcher() bool
- func (x *RBAC) HasRules() bool
- func (x *RBAC) HasShadowMatcher() bool
- func (x *RBAC) HasShadowRules() bool
- func (*RBAC) ProtoMessage()
- func (x *RBAC) ProtoReflect() protoreflect.Message
- func (x *RBAC) Reset()
- func (x *RBAC) SetDelayDeny(v *durationpb.Duration)
- func (x *RBAC) SetEnforcementType(v RBAC_EnforcementType)
- func (x *RBAC) SetMatcher(v *v31.Matcher)
- func (x *RBAC) SetRules(v *v3.RBAC)
- func (x *RBAC) SetShadowMatcher(v *v31.Matcher)
- func (x *RBAC) SetShadowRules(v *v3.RBAC)
- func (x *RBAC) SetShadowRulesStatPrefix(v string)
- func (x *RBAC) SetStatPrefix(v string)
- func (x *RBAC) String() string
- type RBAC_EnforcementType
- type RBAC_builder
Constants ¶
This section is empty.
Variables ¶
View Source
var ( RBAC_EnforcementType_name = map[int32]string{ 0: "ONE_TIME_ON_FIRST_BYTE", 1: "CONTINUOUS", } RBAC_EnforcementType_value = map[string]int32{ "ONE_TIME_ON_FIRST_BYTE": 0, "CONTINUOUS": 1, } )
Enum value maps for RBAC_EnforcementType.
View Source
var File_envoy_extensions_filters_network_rbac_v3_rbac_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type RBAC ¶
type RBAC struct {
// Specify the RBAC rules to be applied globally.
// If absent, no enforcing RBAC policy will be applied.
// If present and empty, DENY.
// If both rules and matcher are configured, rules will be ignored.
Rules *v3.RBAC `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"`
// The match tree to use when resolving RBAC action for incoming connections. Connections do
// not match any matcher will be denied.
// If absent, no enforcing RBAC matcher will be applied.
// If present and empty, deny all connections.
Matcher *v31.Matcher `protobuf:"bytes,6,opt,name=matcher,proto3" json:"matcher,omitempty"`
// Shadow rules are not enforced by the filter but will emit stats and logs
// and can be used for rule testing.
// If absent, no shadow RBAC policy will be applied.
// If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
ShadowRules *v3.RBAC `protobuf:"bytes,2,opt,name=shadow_rules,json=shadowRules,proto3" json:"shadow_rules,omitempty"`
// The match tree to use for emitting stats and logs which can be used for rule testing for
// incoming connections.
// If absent, no shadow matcher will be applied.
ShadowMatcher *v31.Matcher `protobuf:"bytes,7,opt,name=shadow_matcher,json=shadowMatcher,proto3" json:"shadow_matcher,omitempty"`
// If specified, shadow rules will emit stats with the given prefix.
// This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
// shadow rules.
ShadowRulesStatPrefix string `` /* 128-byte string literal not displayed */
// The prefix to use when emitting statistics.
StatPrefix string `protobuf:"bytes,3,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
// RBAC enforcement strategy. By default RBAC will be enforced only once
// when the first byte of data arrives from the downstream. When used in
// conjunction with filters that emit dynamic metadata after decoding
// every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
// CONTINUOUS to enforce RBAC policies on every message boundary.
EnforcementType RBAC_EnforcementType `` /* 174-byte string literal not displayed */
// Delay the specified duration before closing the connection when the policy evaluation
// result is “DENY“. If this is not present, the connection will be closed immediately.
// This is useful to provide a better protection for Envoy against clients that retries
// aggressively when the connection is rejected by the RBAC filter.
DelayDeny *durationpb.Duration `protobuf:"bytes,8,opt,name=delay_deny,json=delayDeny,proto3" json:"delay_deny,omitempty"`
// contains filtered or unexported fields
}
RBAC network filter config.
Header should not be used in rules/shadow_rules in RBAC network filter as this information is only available in :ref:`RBAC http filter <config_http_filters_rbac>`. [#next-free-field: 9]
func (*RBAC) GetDelayDeny ¶
func (x *RBAC) GetDelayDeny() *durationpb.Duration
func (*RBAC) GetEnforcementType ¶
func (x *RBAC) GetEnforcementType() RBAC_EnforcementType
func (*RBAC) ProtoReflect ¶
func (x *RBAC) ProtoReflect() protoreflect.Message
func (*RBAC) SetDelayDeny ¶
func (x *RBAC) SetDelayDeny(v *durationpb.Duration)
func (*RBAC) SetEnforcementType ¶
func (x *RBAC) SetEnforcementType(v RBAC_EnforcementType)
type RBAC_EnforcementType ¶
type RBAC_EnforcementType int32
const ( // Apply RBAC policies when the first byte of data arrives on the connection. RBAC_ONE_TIME_ON_FIRST_BYTE RBAC_EnforcementType = 0 // Continuously apply RBAC policies as data arrives. Use this mode when // using RBAC with message oriented protocols such as Mongo, MySQL, Kafka, // etc. when the protocol decoders emit dynamic metadata such as the // resources being accessed and the operations on the resources. RBAC_CONTINUOUS RBAC_EnforcementType = 1 )
func (RBAC_EnforcementType) Descriptor ¶
func (RBAC_EnforcementType) Descriptor() protoreflect.EnumDescriptor
func (RBAC_EnforcementType) Enum ¶
func (x RBAC_EnforcementType) Enum() *RBAC_EnforcementType
func (RBAC_EnforcementType) Number ¶
func (x RBAC_EnforcementType) Number() protoreflect.EnumNumber
func (RBAC_EnforcementType) String ¶
func (x RBAC_EnforcementType) String() string
func (RBAC_EnforcementType) Type ¶
func (RBAC_EnforcementType) Type() protoreflect.EnumType
type RBAC_builder ¶
type RBAC_builder struct {
// Specify the RBAC rules to be applied globally.
// If absent, no enforcing RBAC policy will be applied.
// If present and empty, DENY.
// If both rules and matcher are configured, rules will be ignored.
Rules *v3.RBAC
// The match tree to use when resolving RBAC action for incoming connections. Connections do
// not match any matcher will be denied.
// If absent, no enforcing RBAC matcher will be applied.
// If present and empty, deny all connections.
Matcher *v31.Matcher
// Shadow rules are not enforced by the filter but will emit stats and logs
// and can be used for rule testing.
// If absent, no shadow RBAC policy will be applied.
// If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
ShadowRules *v3.RBAC
// The match tree to use for emitting stats and logs which can be used for rule testing for
// incoming connections.
// If absent, no shadow matcher will be applied.
ShadowMatcher *v31.Matcher
// If specified, shadow rules will emit stats with the given prefix.
// This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
// shadow rules.
ShadowRulesStatPrefix string
// The prefix to use when emitting statistics.
StatPrefix string
// RBAC enforcement strategy. By default RBAC will be enforced only once
// when the first byte of data arrives from the downstream. When used in
// conjunction with filters that emit dynamic metadata after decoding
// every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
// CONTINUOUS to enforce RBAC policies on every message boundary.
EnforcementType RBAC_EnforcementType
// Delay the specified duration before closing the connection when the policy evaluation
// result is “DENY“. If this is not present, the connection will be closed immediately.
// This is useful to provide a better protection for Envoy against clients that retries
// aggressively when the connection is rejected by the RBAC filter.
DelayDeny *durationpb.Duration
// contains filtered or unexported fields
}
func (RBAC_builder) Build ¶
func (b0 RBAC_builder) Build() *RBAC
Source Files
¶
- rbac.pb.go
Click to show internal directories.
Click to hide internal directories.