Class RBAC.Builder
- java.lang.Object
-
- com.google.protobuf.AbstractMessageLite.Builder
-
- com.google.protobuf.AbstractMessage.Builder<BuilderT>
-
- com.google.protobuf.GeneratedMessage.Builder<RBAC.Builder>
-
- io.envoyproxy.envoy.config.rbac.v3.RBAC.Builder
-
- All Implemented Interfaces:
com.google.protobuf.Message.Builder
,com.google.protobuf.MessageLite.Builder
,com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
,RBACOrBuilder
,java.lang.Cloneable
- Enclosing class:
- RBAC
public static final class RBAC.Builder extends com.google.protobuf.GeneratedMessage.Builder<RBAC.Builder> implements RBACOrBuilder
Role Based Access Control (RBAC) provides service-level and method-level access control for a service. Requests are allowed or denied based on the ``action`` and whether a matching policy is found. For instance, if the action is ALLOW and a matching policy is found the request should be allowed. RBAC can also be used to make access logging decisions by communicating with access loggers through dynamic metadata. When the action is LOG and at least one policy matches, the ``access_log_hint`` value in the shared key namespace 'envoy.common' is set to ``true`` indicating the request should be logged. Here is an example of RBAC configuration. It has two policies: * Service account ``cluster.local/ns/default/sa/admin`` has full access to the service, and so does "cluster.local/ns/default/sa/superuser". * Any user can read (``GET``) the service at paths with prefix ``/products``, so long as the destination port is either 80 or 443. .. code-block:: yaml action: ALLOW policies: "service-admin": permissions: - any: true principals: - authenticated: principal_name: exact: "cluster.local/ns/default/sa/admin" - authenticated: principal_name: exact: "cluster.local/ns/default/sa/superuser" "product-viewer": permissions: - and_rules: rules: - header: name: ":method" string_match: exact: "GET" - url_path: path: { prefix: "/products" } - or_rules: rules: - destination_port: 80 - destination_port: 443 principals: - any: true
Protobuf typeenvoy.config.rbac.v3.RBAC
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
RBAC.Builder.PoliciesConverter
-
Field Summary
Fields Modifier and Type Field Description private int
action_
private RBAC.AuditLoggingOptions
auditLoggingOptions_
private com.google.protobuf.SingleFieldBuilder<RBAC.AuditLoggingOptions,RBAC.AuditLoggingOptions.Builder,RBAC.AuditLoggingOptionsOrBuilder>
auditLoggingOptionsBuilder_
private int
bitField0_
private com.google.protobuf.MapFieldBuilder<java.lang.String,PolicyOrBuilder,Policy,Policy.Builder>
policies_
private static RBAC.Builder.PoliciesConverter
policiesConverter
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description RBAC
build()
RBAC
buildPartial()
private void
buildPartial0(RBAC result)
RBAC.Builder
clear()
RBAC.Builder
clearAction()
The action to take if a policy matches.RBAC.Builder
clearAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.RBAC.Builder
clearPolicies()
boolean
containsPolicies(java.lang.String key)
Maps from policy name to policy.RBAC.Action
getAction()
The action to take if a policy matches.int
getActionValue()
The action to take if a policy matches.RBAC.AuditLoggingOptions
getAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.RBAC.AuditLoggingOptions.Builder
getAuditLoggingOptionsBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.private com.google.protobuf.SingleFieldBuilder<RBAC.AuditLoggingOptions,RBAC.AuditLoggingOptions.Builder,RBAC.AuditLoggingOptionsOrBuilder>
getAuditLoggingOptionsFieldBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.RBAC.AuditLoggingOptionsOrBuilder
getAuditLoggingOptionsOrBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.RBAC
getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor
getDescriptor()
com.google.protobuf.Descriptors.Descriptor
getDescriptorForType()
java.util.Map<java.lang.String,Policy>
getMutablePolicies()
Deprecated.java.util.Map<java.lang.String,Policy>
getPolicies()
Deprecated.int
getPoliciesCount()
Maps from policy name to policy.java.util.Map<java.lang.String,Policy>
getPoliciesMap()
Maps from policy name to policy.Policy
getPoliciesOrDefault(java.lang.String key, Policy defaultValue)
Maps from policy name to policy.Policy
getPoliciesOrThrow(java.lang.String key)
Maps from policy name to policy.boolean
hasAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
internalGetFieldAccessorTable()
protected com.google.protobuf.MapFieldReflectionAccessor
internalGetMapFieldReflection(int number)
protected com.google.protobuf.MapFieldReflectionAccessor
internalGetMutableMapFieldReflection(int number)
private com.google.protobuf.MapFieldBuilder<java.lang.String,PolicyOrBuilder,Policy,Policy.Builder>
internalGetMutablePolicies()
private com.google.protobuf.MapFieldBuilder<java.lang.String,PolicyOrBuilder,Policy,Policy.Builder>
internalGetPolicies()
boolean
isInitialized()
private void
maybeForceBuilderInitialization()
RBAC.Builder
mergeAuditLoggingOptions(RBAC.AuditLoggingOptions value)
Audit logging options that include the condition for audit logging to happen and audit logger configurations.RBAC.Builder
mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
RBAC.Builder
mergeFrom(com.google.protobuf.Message other)
RBAC.Builder
mergeFrom(RBAC other)
RBAC.Builder
putAllPolicies(java.util.Map<java.lang.String,Policy> values)
Maps from policy name to policy.RBAC.Builder
putPolicies(java.lang.String key, Policy value)
Maps from policy name to policy.Policy.Builder
putPoliciesBuilderIfAbsent(java.lang.String key)
Maps from policy name to policy.RBAC.Builder
removePolicies(java.lang.String key)
Maps from policy name to policy.RBAC.Builder
setAction(RBAC.Action value)
The action to take if a policy matches.RBAC.Builder
setActionValue(int value)
The action to take if a policy matches.RBAC.Builder
setAuditLoggingOptions(RBAC.AuditLoggingOptions value)
Audit logging options that include the condition for audit logging to happen and audit logger configurations.RBAC.Builder
setAuditLoggingOptions(RBAC.AuditLoggingOptions.Builder builderForValue)
Audit logging options that include the condition for audit logging to happen and audit logger configurations.-
Methods inherited from class com.google.protobuf.GeneratedMessage.Builder
addRepeatedField, clearField, clearOneof, clone, getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, getUnknownFieldSetBuilder, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, mergeUnknownFields, mergeUnknownLengthDelimitedField, mergeUnknownVarintField, newBuilderForField, onBuilt, onChanged, parseUnknownField, setField, setRepeatedField, setUnknownFields, setUnknownFieldSetBuilder, setUnknownFieldsProto3
-
Methods inherited from class com.google.protobuf.AbstractMessage.Builder
findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString
-
Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder
addAll, addAll, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, newUninitializedMessageException
-
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
-
-
-
Field Detail
-
bitField0_
private int bitField0_
-
action_
private int action_
-
policiesConverter
private static final RBAC.Builder.PoliciesConverter policiesConverter
-
policies_
private com.google.protobuf.MapFieldBuilder<java.lang.String,PolicyOrBuilder,Policy,Policy.Builder> policies_
-
auditLoggingOptions_
private RBAC.AuditLoggingOptions auditLoggingOptions_
-
auditLoggingOptionsBuilder_
private com.google.protobuf.SingleFieldBuilder<RBAC.AuditLoggingOptions,RBAC.AuditLoggingOptions.Builder,RBAC.AuditLoggingOptionsOrBuilder> auditLoggingOptionsBuilder_
-
-
Method Detail
-
getDescriptor
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
-
internalGetMapFieldReflection
protected com.google.protobuf.MapFieldReflectionAccessor internalGetMapFieldReflection(int number)
- Overrides:
internalGetMapFieldReflection
in classcom.google.protobuf.GeneratedMessage.Builder<RBAC.Builder>
-
internalGetMutableMapFieldReflection
protected com.google.protobuf.MapFieldReflectionAccessor internalGetMutableMapFieldReflection(int number)
- Overrides:
internalGetMutableMapFieldReflection
in classcom.google.protobuf.GeneratedMessage.Builder<RBAC.Builder>
-
internalGetFieldAccessorTable
protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
- Specified by:
internalGetFieldAccessorTable
in classcom.google.protobuf.GeneratedMessage.Builder<RBAC.Builder>
-
maybeForceBuilderInitialization
private void maybeForceBuilderInitialization()
-
clear
public RBAC.Builder clear()
- Specified by:
clear
in interfacecom.google.protobuf.Message.Builder
- Specified by:
clear
in interfacecom.google.protobuf.MessageLite.Builder
- Overrides:
clear
in classcom.google.protobuf.GeneratedMessage.Builder<RBAC.Builder>
-
getDescriptorForType
public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
- Specified by:
getDescriptorForType
in interfacecom.google.protobuf.Message.Builder
- Specified by:
getDescriptorForType
in interfacecom.google.protobuf.MessageOrBuilder
- Overrides:
getDescriptorForType
in classcom.google.protobuf.GeneratedMessage.Builder<RBAC.Builder>
-
getDefaultInstanceForType
public RBAC getDefaultInstanceForType()
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageOrBuilder
-
build
public RBAC build()
- Specified by:
build
in interfacecom.google.protobuf.Message.Builder
- Specified by:
build
in interfacecom.google.protobuf.MessageLite.Builder
-
buildPartial
public RBAC buildPartial()
- Specified by:
buildPartial
in interfacecom.google.protobuf.Message.Builder
- Specified by:
buildPartial
in interfacecom.google.protobuf.MessageLite.Builder
-
buildPartial0
private void buildPartial0(RBAC result)
-
mergeFrom
public RBAC.Builder mergeFrom(com.google.protobuf.Message other)
- Specified by:
mergeFrom
in interfacecom.google.protobuf.Message.Builder
- Overrides:
mergeFrom
in classcom.google.protobuf.AbstractMessage.Builder<RBAC.Builder>
-
mergeFrom
public RBAC.Builder mergeFrom(RBAC other)
-
isInitialized
public final boolean isInitialized()
- Specified by:
isInitialized
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Overrides:
isInitialized
in classcom.google.protobuf.GeneratedMessage.Builder<RBAC.Builder>
-
mergeFrom
public RBAC.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Specified by:
mergeFrom
in interfacecom.google.protobuf.Message.Builder
- Specified by:
mergeFrom
in interfacecom.google.protobuf.MessageLite.Builder
- Overrides:
mergeFrom
in classcom.google.protobuf.AbstractMessage.Builder<RBAC.Builder>
- Throws:
java.io.IOException
-
getActionValue
public int getActionValue()
The action to take if a policy matches. Every action either allows or denies a request, and can also carry out action-specific operations. Actions: * ``ALLOW``: Allows the request if and only if there is a policy that matches the request. * ``DENY``: Allows the request if and only if there are no policies that match the request. * ``LOG``: Allows all requests. If at least one policy matches, the dynamic metadata key ``access_log_hint`` is set to the value ``true`` under the shared key namespace ``envoy.common``. If no policies match, it is set to ``false``. Other actions do not modify this key.
.envoy.config.rbac.v3.RBAC.Action action = 1 [(.validate.rules) = { ... }
- Specified by:
getActionValue
in interfaceRBACOrBuilder
- Returns:
- The enum numeric value on the wire for action.
-
setActionValue
public RBAC.Builder setActionValue(int value)
The action to take if a policy matches. Every action either allows or denies a request, and can also carry out action-specific operations. Actions: * ``ALLOW``: Allows the request if and only if there is a policy that matches the request. * ``DENY``: Allows the request if and only if there are no policies that match the request. * ``LOG``: Allows all requests. If at least one policy matches, the dynamic metadata key ``access_log_hint`` is set to the value ``true`` under the shared key namespace ``envoy.common``. If no policies match, it is set to ``false``. Other actions do not modify this key.
.envoy.config.rbac.v3.RBAC.Action action = 1 [(.validate.rules) = { ... }
- Parameters:
value
- The enum numeric value on the wire for action to set.- Returns:
- This builder for chaining.
-
getAction
public RBAC.Action getAction()
The action to take if a policy matches. Every action either allows or denies a request, and can also carry out action-specific operations. Actions: * ``ALLOW``: Allows the request if and only if there is a policy that matches the request. * ``DENY``: Allows the request if and only if there are no policies that match the request. * ``LOG``: Allows all requests. If at least one policy matches, the dynamic metadata key ``access_log_hint`` is set to the value ``true`` under the shared key namespace ``envoy.common``. If no policies match, it is set to ``false``. Other actions do not modify this key.
.envoy.config.rbac.v3.RBAC.Action action = 1 [(.validate.rules) = { ... }
- Specified by:
getAction
in interfaceRBACOrBuilder
- Returns:
- The action.
-
setAction
public RBAC.Builder setAction(RBAC.Action value)
The action to take if a policy matches. Every action either allows or denies a request, and can also carry out action-specific operations. Actions: * ``ALLOW``: Allows the request if and only if there is a policy that matches the request. * ``DENY``: Allows the request if and only if there are no policies that match the request. * ``LOG``: Allows all requests. If at least one policy matches, the dynamic metadata key ``access_log_hint`` is set to the value ``true`` under the shared key namespace ``envoy.common``. If no policies match, it is set to ``false``. Other actions do not modify this key.
.envoy.config.rbac.v3.RBAC.Action action = 1 [(.validate.rules) = { ... }
- Parameters:
value
- The action to set.- Returns:
- This builder for chaining.
-
clearAction
public RBAC.Builder clearAction()
The action to take if a policy matches. Every action either allows or denies a request, and can also carry out action-specific operations. Actions: * ``ALLOW``: Allows the request if and only if there is a policy that matches the request. * ``DENY``: Allows the request if and only if there are no policies that match the request. * ``LOG``: Allows all requests. If at least one policy matches, the dynamic metadata key ``access_log_hint`` is set to the value ``true`` under the shared key namespace ``envoy.common``. If no policies match, it is set to ``false``. Other actions do not modify this key.
.envoy.config.rbac.v3.RBAC.Action action = 1 [(.validate.rules) = { ... }
- Returns:
- This builder for chaining.
-
internalGetPolicies
private com.google.protobuf.MapFieldBuilder<java.lang.String,PolicyOrBuilder,Policy,Policy.Builder> internalGetPolicies()
-
internalGetMutablePolicies
private com.google.protobuf.MapFieldBuilder<java.lang.String,PolicyOrBuilder,Policy,Policy.Builder> internalGetMutablePolicies()
-
getPoliciesCount
public int getPoliciesCount()
Description copied from interface:RBACOrBuilder
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesCount
in interfaceRBACOrBuilder
-
containsPolicies
public boolean containsPolicies(java.lang.String key)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
containsPolicies
in interfaceRBACOrBuilder
-
getPolicies
@Deprecated public java.util.Map<java.lang.String,Policy> getPolicies()
Deprecated.UsegetPoliciesMap()
instead.- Specified by:
getPolicies
in interfaceRBACOrBuilder
-
getPoliciesMap
public java.util.Map<java.lang.String,Policy> getPoliciesMap()
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesMap
in interfaceRBACOrBuilder
-
getPoliciesOrDefault
public Policy getPoliciesOrDefault(java.lang.String key, Policy defaultValue)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesOrDefault
in interfaceRBACOrBuilder
-
getPoliciesOrThrow
public Policy getPoliciesOrThrow(java.lang.String key)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesOrThrow
in interfaceRBACOrBuilder
-
clearPolicies
public RBAC.Builder clearPolicies()
-
removePolicies
public RBAC.Builder removePolicies(java.lang.String key)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
-
getMutablePolicies
@Deprecated public java.util.Map<java.lang.String,Policy> getMutablePolicies()
Deprecated.Use alternate mutation accessors instead.
-
putPolicies
public RBAC.Builder putPolicies(java.lang.String key, Policy value)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
-
putAllPolicies
public RBAC.Builder putAllPolicies(java.util.Map<java.lang.String,Policy> values)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
-
putPoliciesBuilderIfAbsent
public Policy.Builder putPoliciesBuilderIfAbsent(java.lang.String key)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
-
hasAuditLoggingOptions
public boolean hasAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
- Specified by:
hasAuditLoggingOptions
in interfaceRBACOrBuilder
- Returns:
- Whether the auditLoggingOptions field is set.
-
getAuditLoggingOptions
public RBAC.AuditLoggingOptions getAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
- Specified by:
getAuditLoggingOptions
in interfaceRBACOrBuilder
- Returns:
- The auditLoggingOptions.
-
setAuditLoggingOptions
public RBAC.Builder setAuditLoggingOptions(RBAC.AuditLoggingOptions value)
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
-
setAuditLoggingOptions
public RBAC.Builder setAuditLoggingOptions(RBAC.AuditLoggingOptions.Builder builderForValue)
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
-
mergeAuditLoggingOptions
public RBAC.Builder mergeAuditLoggingOptions(RBAC.AuditLoggingOptions value)
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
-
clearAuditLoggingOptions
public RBAC.Builder clearAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
-
getAuditLoggingOptionsBuilder
public RBAC.AuditLoggingOptions.Builder getAuditLoggingOptionsBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
-
getAuditLoggingOptionsOrBuilder
public RBAC.AuditLoggingOptionsOrBuilder getAuditLoggingOptionsOrBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
- Specified by:
getAuditLoggingOptionsOrBuilder
in interfaceRBACOrBuilder
-
getAuditLoggingOptionsFieldBuilder
private com.google.protobuf.SingleFieldBuilder<RBAC.AuditLoggingOptions,RBAC.AuditLoggingOptions.Builder,RBAC.AuditLoggingOptionsOrBuilder> getAuditLoggingOptionsFieldBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
-
-