Interface RBACOrBuilder
- All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
- All Known Implementing Classes:
RBAC
,RBAC.Builder
public interface RBACOrBuilder
extends com.google.protobuf.MessageOrBuilder
-
Method Summary
Modifier and TypeMethodDescriptionThe match tree to use when resolving RBAC action for incoming requests.The match tree to use when resolving RBAC action for incoming requests.getRules()
Specify the RBAC rules to be applied globally.Specify the RBAC rules to be applied globally.If specified, rules will emit stats with the given prefix.com.google.protobuf.ByteString
If specified, rules will emit stats with the given prefix.The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests.The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests.Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing.Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing.If specified, shadow rules will emit stats with the given prefix.com.google.protobuf.ByteString
If specified, shadow rules will emit stats with the given prefix.boolean
If track_per_rule_stats is true, counters will be published for each rule and shadow rule.boolean
The match tree to use when resolving RBAC action for incoming requests.boolean
hasRules()
Specify the RBAC rules to be applied globally.boolean
The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests.boolean
Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing.Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder
isInitialized
Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
-
Method Details
-
hasRules
boolean hasRules()Specify the RBAC rules to be applied globally. If absent, no enforcing RBAC policy will be applied. If present and empty, DENY. If both rules and matcher are configured, rules will be ignored.
.envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- Whether the rules field is set.
-
getRules
RBAC getRules()Specify the RBAC rules to be applied globally. If absent, no enforcing RBAC policy will be applied. If present and empty, DENY. If both rules and matcher are configured, rules will be ignored.
.envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- The rules.
-
getRulesOrBuilder
RBACOrBuilder getRulesOrBuilder()Specify the RBAC rules to be applied globally. If absent, no enforcing RBAC policy will be applied. If present and empty, DENY. If both rules and matcher are configured, rules will be ignored.
.envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
-
getRulesStatPrefix
String getRulesStatPrefix()If specified, rules will emit stats with the given prefix. This is useful to distinguish the stat when there are more than 1 RBAC filter configured with rules.
string rules_stat_prefix = 6;
- Returns:
- The rulesStatPrefix.
-
getRulesStatPrefixBytes
com.google.protobuf.ByteString getRulesStatPrefixBytes()If specified, rules will emit stats with the given prefix. This is useful to distinguish the stat when there are more than 1 RBAC filter configured with rules.
string rules_stat_prefix = 6;
- Returns:
- The bytes for rulesStatPrefix.
-
hasMatcher
boolean hasMatcher()The match tree to use when resolving RBAC action for incoming requests. Requests do not match any matcher will be denied. If absent, no enforcing RBAC matcher will be applied. If present and empty, deny all requests.
.xds.type.matcher.v3.Matcher matcher = 4 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- Whether the matcher field is set.
-
getMatcher
Matcher getMatcher()The match tree to use when resolving RBAC action for incoming requests. Requests do not match any matcher will be denied. If absent, no enforcing RBAC matcher will be applied. If present and empty, deny all requests.
.xds.type.matcher.v3.Matcher matcher = 4 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- The matcher.
-
getMatcherOrBuilder
MatcherOrBuilder getMatcherOrBuilder()The match tree to use when resolving RBAC action for incoming requests. Requests do not match any matcher will be denied. If absent, no enforcing RBAC matcher will be applied. If present and empty, deny all requests.
.xds.type.matcher.v3.Matcher matcher = 4 [(.udpa.annotations.field_migrate) = { ... }
-
hasShadowRules
boolean hasShadowRules()Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing. If absent, no shadow RBAC policy will be applied. If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
.envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- Whether the shadowRules field is set.
-
getShadowRules
RBAC getShadowRules()Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing. If absent, no shadow RBAC policy will be applied. If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
.envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- The shadowRules.
-
getShadowRulesOrBuilder
RBACOrBuilder getShadowRulesOrBuilder()Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing. If absent, no shadow RBAC policy will be applied. If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
.envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
-
hasShadowMatcher
boolean hasShadowMatcher()The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests. If absent, no shadow matcher will be applied.
.xds.type.matcher.v3.Matcher shadow_matcher = 5 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- Whether the shadowMatcher field is set.
-
getShadowMatcher
Matcher getShadowMatcher()The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests. If absent, no shadow matcher will be applied.
.xds.type.matcher.v3.Matcher shadow_matcher = 5 [(.udpa.annotations.field_migrate) = { ... }
- Returns:
- The shadowMatcher.
-
getShadowMatcherOrBuilder
MatcherOrBuilder getShadowMatcherOrBuilder()The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests. If absent, no shadow matcher will be applied.
.xds.type.matcher.v3.Matcher shadow_matcher = 5 [(.udpa.annotations.field_migrate) = { ... }
-
getShadowRulesStatPrefix
String getShadowRulesStatPrefix()If specified, shadow rules will emit stats with the given prefix. This is useful to distinguish the stat when there are more than 1 RBAC filter configured with shadow rules.
string shadow_rules_stat_prefix = 3;
- Returns:
- The shadowRulesStatPrefix.
-
getShadowRulesStatPrefixBytes
com.google.protobuf.ByteString getShadowRulesStatPrefixBytes()If specified, shadow rules will emit stats with the given prefix. This is useful to distinguish the stat when there are more than 1 RBAC filter configured with shadow rules.
string shadow_rules_stat_prefix = 3;
- Returns:
- The bytes for shadowRulesStatPrefix.
-
getTrackPerRuleStats
boolean getTrackPerRuleStats()If track_per_rule_stats is true, counters will be published for each rule and shadow rule.
bool track_per_rule_stats = 7;
- Returns:
- The trackPerRuleStats.
-