Class RBAC
- java.lang.Object
-
- com.google.protobuf.AbstractMessageLite
-
- com.google.protobuf.AbstractMessage
-
- com.google.protobuf.GeneratedMessage
-
- io.envoyproxy.envoy.config.rbac.v3.RBAC
-
- All Implemented Interfaces:
com.google.protobuf.Message
,com.google.protobuf.MessageLite
,com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
,RBACOrBuilder
,java.io.Serializable
public final class RBAC extends com.google.protobuf.GeneratedMessage implements RBACOrBuilder
Role Based Access Control (RBAC) provides service-level and method-level access control for a service. Requests are allowed or denied based on the ``action`` and whether a matching policy is found. For instance, if the action is ALLOW and a matching policy is found the request should be allowed. RBAC can also be used to make access logging decisions by communicating with access loggers through dynamic metadata. When the action is LOG and at least one policy matches, the ``access_log_hint`` value in the shared key namespace 'envoy.common' is set to ``true`` indicating the request should be logged. Here is an example of RBAC configuration. It has two policies: * Service account ``cluster.local/ns/default/sa/admin`` has full access to the service, and so does "cluster.local/ns/default/sa/superuser". * Any user can read (``GET``) the service at paths with prefix ``/products``, so long as the destination port is either 80 or 443. .. code-block:: yaml action: ALLOW policies: "service-admin": permissions: - any: true principals: - authenticated: principal_name: exact: "cluster.local/ns/default/sa/admin" - authenticated: principal_name: exact: "cluster.local/ns/default/sa/superuser" "product-viewer": permissions: - and_rules: rules: - header: name: ":method" string_match: exact: "GET" - url_path: path: { prefix: "/products" } - or_rules: rules: - destination_port: 80 - destination_port: 443 principals: - any: true
Protobuf typeenvoy.config.rbac.v3.RBAC
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
RBAC.Action
Should we do safe-list or block-list style access control?static class
RBAC.AuditLoggingOptions
Protobuf typeenvoy.config.rbac.v3.RBAC.AuditLoggingOptions
static interface
RBAC.AuditLoggingOptionsOrBuilder
static class
RBAC.Builder
Role Based Access Control (RBAC) provides service-level and method-level access control for a service.private static class
RBAC.PoliciesDefaultEntryHolder
-
Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessage
com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>,BuilderT extends com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT,BuilderT>>, com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.FieldAccessorTable, com.google.protobuf.GeneratedMessage.GeneratedExtension<ContainingT extends com.google.protobuf.Message,T extends java.lang.Object>, com.google.protobuf.GeneratedMessage.UnusedPrivateParameter
-
-
Field Summary
Fields Modifier and Type Field Description private int
action_
static int
ACTION_FIELD_NUMBER
static int
AUDIT_LOGGING_OPTIONS_FIELD_NUMBER
private RBAC.AuditLoggingOptions
auditLoggingOptions_
private int
bitField0_
private static RBAC
DEFAULT_INSTANCE
private byte
memoizedIsInitialized
private static com.google.protobuf.Parser<RBAC>
PARSER
private com.google.protobuf.MapField<java.lang.String,Policy>
policies_
static int
POLICIES_FIELD_NUMBER
private static long
serialVersionUID
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description boolean
containsPolicies(java.lang.String key)
Maps from policy name to policy.boolean
equals(java.lang.Object obj)
RBAC.Action
getAction()
The action to take if a policy matches.int
getActionValue()
The action to take if a policy matches.RBAC.AuditLoggingOptions
getAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.RBAC.AuditLoggingOptionsOrBuilder
getAuditLoggingOptionsOrBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.static RBAC
getDefaultInstance()
RBAC
getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor
getDescriptor()
com.google.protobuf.Parser<RBAC>
getParserForType()
java.util.Map<java.lang.String,Policy>
getPolicies()
Deprecated.int
getPoliciesCount()
Maps from policy name to policy.java.util.Map<java.lang.String,Policy>
getPoliciesMap()
Maps from policy name to policy.Policy
getPoliciesOrDefault(java.lang.String key, Policy defaultValue)
Maps from policy name to policy.Policy
getPoliciesOrThrow(java.lang.String key)
Maps from policy name to policy.int
getSerializedSize()
boolean
hasAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations.int
hashCode()
protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
internalGetFieldAccessorTable()
protected com.google.protobuf.MapFieldReflectionAccessor
internalGetMapFieldReflection(int number)
private com.google.protobuf.MapField<java.lang.String,Policy>
internalGetPolicies()
boolean
isInitialized()
static RBAC.Builder
newBuilder()
static RBAC.Builder
newBuilder(RBAC prototype)
RBAC.Builder
newBuilderForType()
protected RBAC.Builder
newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
static RBAC
parseDelimitedFrom(java.io.InputStream input)
static RBAC
parseDelimitedFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC
parseFrom(byte[] data)
static RBAC
parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC
parseFrom(com.google.protobuf.ByteString data)
static RBAC
parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC
parseFrom(com.google.protobuf.CodedInputStream input)
static RBAC
parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC
parseFrom(java.io.InputStream input)
static RBAC
parseFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC
parseFrom(java.nio.ByteBuffer data)
static RBAC
parseFrom(java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static com.google.protobuf.Parser<RBAC>
parser()
RBAC.Builder
toBuilder()
void
writeTo(com.google.protobuf.CodedOutputStream output)
-
Methods inherited from class com.google.protobuf.GeneratedMessage
canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, isStringEmpty, makeMutableCopy, makeMutableCopy, mergeFromAndMakeImmutableInternal, newFileScopedGeneratedExtension, newInstance, newMessageScopedGeneratedExtension, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag
-
Methods inherited from class com.google.protobuf.AbstractMessage
findInitializationErrors, getInitializationErrorString, hashFields, toString
-
Methods inherited from class com.google.protobuf.AbstractMessageLite
addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
bitField0_
private int bitField0_
-
ACTION_FIELD_NUMBER
public static final int ACTION_FIELD_NUMBER
- See Also:
- Constant Field Values
-
action_
private int action_
-
POLICIES_FIELD_NUMBER
public static final int POLICIES_FIELD_NUMBER
- See Also:
- Constant Field Values
-
policies_
private com.google.protobuf.MapField<java.lang.String,Policy> policies_
-
AUDIT_LOGGING_OPTIONS_FIELD_NUMBER
public static final int AUDIT_LOGGING_OPTIONS_FIELD_NUMBER
- See Also:
- Constant Field Values
-
auditLoggingOptions_
private RBAC.AuditLoggingOptions auditLoggingOptions_
-
memoizedIsInitialized
private byte memoizedIsInitialized
-
DEFAULT_INSTANCE
private static final RBAC DEFAULT_INSTANCE
-
PARSER
private static final com.google.protobuf.Parser<RBAC> PARSER
-
-
Method Detail
-
getDescriptor
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
-
internalGetMapFieldReflection
protected com.google.protobuf.MapFieldReflectionAccessor internalGetMapFieldReflection(int number)
- Overrides:
internalGetMapFieldReflection
in classcom.google.protobuf.GeneratedMessage
-
internalGetFieldAccessorTable
protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
- Specified by:
internalGetFieldAccessorTable
in classcom.google.protobuf.GeneratedMessage
-
getActionValue
public int getActionValue()
The action to take if a policy matches. Every action either allows or denies a request, and can also carry out action-specific operations. Actions: * ``ALLOW``: Allows the request if and only if there is a policy that matches the request. * ``DENY``: Allows the request if and only if there are no policies that match the request. * ``LOG``: Allows all requests. If at least one policy matches, the dynamic metadata key ``access_log_hint`` is set to the value ``true`` under the shared key namespace ``envoy.common``. If no policies match, it is set to ``false``. Other actions do not modify this key.
.envoy.config.rbac.v3.RBAC.Action action = 1 [(.validate.rules) = { ... }
- Specified by:
getActionValue
in interfaceRBACOrBuilder
- Returns:
- The enum numeric value on the wire for action.
-
getAction
public RBAC.Action getAction()
The action to take if a policy matches. Every action either allows or denies a request, and can also carry out action-specific operations. Actions: * ``ALLOW``: Allows the request if and only if there is a policy that matches the request. * ``DENY``: Allows the request if and only if there are no policies that match the request. * ``LOG``: Allows all requests. If at least one policy matches, the dynamic metadata key ``access_log_hint`` is set to the value ``true`` under the shared key namespace ``envoy.common``. If no policies match, it is set to ``false``. Other actions do not modify this key.
.envoy.config.rbac.v3.RBAC.Action action = 1 [(.validate.rules) = { ... }
- Specified by:
getAction
in interfaceRBACOrBuilder
- Returns:
- The action.
-
internalGetPolicies
private com.google.protobuf.MapField<java.lang.String,Policy> internalGetPolicies()
-
getPoliciesCount
public int getPoliciesCount()
Description copied from interface:RBACOrBuilder
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesCount
in interfaceRBACOrBuilder
-
containsPolicies
public boolean containsPolicies(java.lang.String key)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
containsPolicies
in interfaceRBACOrBuilder
-
getPolicies
@Deprecated public java.util.Map<java.lang.String,Policy> getPolicies()
Deprecated.UsegetPoliciesMap()
instead.- Specified by:
getPolicies
in interfaceRBACOrBuilder
-
getPoliciesMap
public java.util.Map<java.lang.String,Policy> getPoliciesMap()
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesMap
in interfaceRBACOrBuilder
-
getPoliciesOrDefault
public Policy getPoliciesOrDefault(java.lang.String key, Policy defaultValue)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesOrDefault
in interfaceRBACOrBuilder
-
getPoliciesOrThrow
public Policy getPoliciesOrThrow(java.lang.String key)
Maps from policy name to policy. A match occurs when at least one policy matches the request. The policies are evaluated in lexicographic order of the policy name.
map<string, .envoy.config.rbac.v3.Policy> policies = 2;
- Specified by:
getPoliciesOrThrow
in interfaceRBACOrBuilder
-
hasAuditLoggingOptions
public boolean hasAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
- Specified by:
hasAuditLoggingOptions
in interfaceRBACOrBuilder
- Returns:
- Whether the auditLoggingOptions field is set.
-
getAuditLoggingOptions
public RBAC.AuditLoggingOptions getAuditLoggingOptions()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
- Specified by:
getAuditLoggingOptions
in interfaceRBACOrBuilder
- Returns:
- The auditLoggingOptions.
-
getAuditLoggingOptionsOrBuilder
public RBAC.AuditLoggingOptionsOrBuilder getAuditLoggingOptionsOrBuilder()
Audit logging options that include the condition for audit logging to happen and audit logger configurations. [#not-implemented-hide:]
.envoy.config.rbac.v3.RBAC.AuditLoggingOptions audit_logging_options = 3;
- Specified by:
getAuditLoggingOptionsOrBuilder
in interfaceRBACOrBuilder
-
isInitialized
public final boolean isInitialized()
- Specified by:
isInitialized
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Overrides:
isInitialized
in classcom.google.protobuf.GeneratedMessage
-
writeTo
public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException
- Specified by:
writeTo
in interfacecom.google.protobuf.MessageLite
- Overrides:
writeTo
in classcom.google.protobuf.GeneratedMessage
- Throws:
java.io.IOException
-
getSerializedSize
public int getSerializedSize()
- Specified by:
getSerializedSize
in interfacecom.google.protobuf.MessageLite
- Overrides:
getSerializedSize
in classcom.google.protobuf.GeneratedMessage
-
equals
public boolean equals(java.lang.Object obj)
- Specified by:
equals
in interfacecom.google.protobuf.Message
- Overrides:
equals
in classcom.google.protobuf.AbstractMessage
-
hashCode
public int hashCode()
- Specified by:
hashCode
in interfacecom.google.protobuf.Message
- Overrides:
hashCode
in classcom.google.protobuf.AbstractMessage
-
parseFrom
public static RBAC parseFrom(java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static RBAC parseFrom(java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static RBAC parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static RBAC parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static RBAC parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static RBAC parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static RBAC parseFrom(java.io.InputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
parseFrom
public static RBAC parseFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Throws:
java.io.IOException
-
parseDelimitedFrom
public static RBAC parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
parseDelimitedFrom
public static RBAC parseDelimitedFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Throws:
java.io.IOException
-
parseFrom
public static RBAC parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
parseFrom
public static RBAC parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Throws:
java.io.IOException
-
newBuilderForType
public RBAC.Builder newBuilderForType()
- Specified by:
newBuilderForType
in interfacecom.google.protobuf.Message
- Specified by:
newBuilderForType
in interfacecom.google.protobuf.MessageLite
-
newBuilder
public static RBAC.Builder newBuilder()
-
newBuilder
public static RBAC.Builder newBuilder(RBAC prototype)
-
toBuilder
public RBAC.Builder toBuilder()
- Specified by:
toBuilder
in interfacecom.google.protobuf.Message
- Specified by:
toBuilder
in interfacecom.google.protobuf.MessageLite
-
newBuilderForType
protected RBAC.Builder newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
- Overrides:
newBuilderForType
in classcom.google.protobuf.AbstractMessage
-
getDefaultInstance
public static RBAC getDefaultInstance()
-
parser
public static com.google.protobuf.Parser<RBAC> parser()
-
getParserForType
public com.google.protobuf.Parser<RBAC> getParserForType()
- Specified by:
getParserForType
in interfacecom.google.protobuf.Message
- Specified by:
getParserForType
in interfacecom.google.protobuf.MessageLite
- Overrides:
getParserForType
in classcom.google.protobuf.GeneratedMessage
-
getDefaultInstanceForType
public RBAC getDefaultInstanceForType()
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageOrBuilder
-
-