Documentation ¶
Index ¶
- Variables
- type RBAC
- func (*RBAC) Descriptor() ([]byte, []int)deprecated
- func (x *RBAC) GetEnforcementType() RBAC_EnforcementType
- func (x *RBAC) GetRules() *v2.RBAC
- func (x *RBAC) GetShadowRules() *v2.RBAC
- func (x *RBAC) GetStatPrefix() string
- func (*RBAC) ProtoMessage()
- func (x *RBAC) ProtoReflect() protoreflect.Message
- func (x *RBAC) Reset()
- func (x *RBAC) String() string
- type RBAC_EnforcementType
- func (RBAC_EnforcementType) Descriptor() protoreflect.EnumDescriptor
- func (x RBAC_EnforcementType) Enum() *RBAC_EnforcementType
- func (RBAC_EnforcementType) EnumDescriptor() ([]byte, []int)deprecated
- func (x RBAC_EnforcementType) Number() protoreflect.EnumNumber
- func (x RBAC_EnforcementType) String() string
- func (RBAC_EnforcementType) Type() protoreflect.EnumType
Constants ¶
This section is empty.
Variables ¶
View Source
var ( RBAC_EnforcementType_name = map[int32]string{ 0: "ONE_TIME_ON_FIRST_BYTE", 1: "CONTINUOUS", } RBAC_EnforcementType_value = map[string]int32{ "ONE_TIME_ON_FIRST_BYTE": 0, "CONTINUOUS": 1, } )
Enum value maps for RBAC_EnforcementType.
View Source
var File_envoy_config_filter_network_rbac_v2_rbac_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type RBAC ¶
type RBAC struct { // Specify the RBAC rules to be applied globally. // If absent, no enforcing RBAC policy will be applied. Rules *v2.RBAC `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"` // Shadow rules are not enforced by the filter but will emit stats and logs // and can be used for rule testing. // If absent, no shadow RBAC policy will be applied. ShadowRules *v2.RBAC `protobuf:"bytes,2,opt,name=shadow_rules,json=shadowRules,proto3" json:"shadow_rules,omitempty"` // The prefix to use when emitting statistics. StatPrefix string `protobuf:"bytes,3,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"` // RBAC enforcement strategy. By default RBAC will be enforced only once // when the first byte of data arrives from the downstream. When used in // conjunction with filters that emit dynamic metadata after decoding // every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to // CONTINUOUS to enforce RBAC policies on every message boundary. EnforcementType RBAC_EnforcementType `` /* 169-byte string literal not displayed */ // contains filtered or unexported fields }
RBAC network filter config.
Header should not be used in rules/shadow_rules in RBAC network filter as this information is only available in :ref:`RBAC http filter <config_http_filters_rbac>`.
func (*RBAC) GetEnforcementType ¶
func (x *RBAC) GetEnforcementType() RBAC_EnforcementType
func (*RBAC) ProtoReflect ¶
func (x *RBAC) ProtoReflect() protoreflect.Message
type RBAC_EnforcementType ¶
type RBAC_EnforcementType int32
const ( // Apply RBAC policies when the first byte of data arrives on the connection. RBAC_ONE_TIME_ON_FIRST_BYTE RBAC_EnforcementType = 0 // Continuously apply RBAC policies as data arrives. Use this mode when // using RBAC with message oriented protocols such as Mongo, MySQL, Kafka, // etc. when the protocol decoders emit dynamic metadata such as the // resources being accessed and the operations on the resources. RBAC_CONTINUOUS RBAC_EnforcementType = 1 )
func (RBAC_EnforcementType) Descriptor ¶
func (RBAC_EnforcementType) Descriptor() protoreflect.EnumDescriptor
func (RBAC_EnforcementType) Enum ¶
func (x RBAC_EnforcementType) Enum() *RBAC_EnforcementType
func (RBAC_EnforcementType) EnumDescriptor
deprecated
func (RBAC_EnforcementType) EnumDescriptor() ([]byte, []int)
Deprecated: Use RBAC_EnforcementType.Descriptor instead.
func (RBAC_EnforcementType) Number ¶
func (x RBAC_EnforcementType) Number() protoreflect.EnumNumber
func (RBAC_EnforcementType) String ¶
func (x RBAC_EnforcementType) String() string
func (RBAC_EnforcementType) Type ¶
func (RBAC_EnforcementType) Type() protoreflect.EnumType
Click to show internal directories.
Click to hide internal directories.