Interface RBACOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
RBAC, RBAC.Builder

public interface RBACOrBuilder extends com.google.protobuf.MessageOrBuilder
  • Method Summary

    Modifier and Type
    Method
    Description
    The match tree to use when resolving RBAC action for incoming requests.
    The match tree to use when resolving RBAC action for incoming requests.
    Specify the RBAC rules to be applied globally.
    Specify the RBAC rules to be applied globally.
    If specified, rules will emit stats with the given prefix.
    com.google.protobuf.ByteString
    If specified, rules will emit stats with the given prefix.
    The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests.
    The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests.
    Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing.
    Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing.
    If specified, shadow rules will emit stats with the given prefix.
    com.google.protobuf.ByteString
    If specified, shadow rules will emit stats with the given prefix.
    boolean
    If track_per_rule_stats is true, counters will be published for each rule and shadow rule.
    boolean
    The match tree to use when resolving RBAC action for incoming requests.
    boolean
    Specify the RBAC rules to be applied globally.
    boolean
    The match tree to use for emitting stats and logs which can be used for rule testing for incoming requests.
    boolean
    Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
  • Method Details

    • hasRules

      boolean hasRules()
       Specify the RBAC rules to be applied globally.
       If absent, no enforcing RBAC policy will be applied.
       If present and empty, DENY.
       If both rules and matcher are configured, rules will be ignored.
       
      .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the rules field is set.
    • getRules

      RBAC getRules()
       Specify the RBAC rules to be applied globally.
       If absent, no enforcing RBAC policy will be applied.
       If present and empty, DENY.
       If both rules and matcher are configured, rules will be ignored.
       
      .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The rules.
    • getRulesOrBuilder

      RBACOrBuilder getRulesOrBuilder()
       Specify the RBAC rules to be applied globally.
       If absent, no enforcing RBAC policy will be applied.
       If present and empty, DENY.
       If both rules and matcher are configured, rules will be ignored.
       
      .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
    • getRulesStatPrefix

      String getRulesStatPrefix()
       If specified, rules will emit stats with the given prefix.
       This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
       rules.
       
      string rules_stat_prefix = 6;
      Returns:
      The rulesStatPrefix.
    • getRulesStatPrefixBytes

      com.google.protobuf.ByteString getRulesStatPrefixBytes()
       If specified, rules will emit stats with the given prefix.
       This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
       rules.
       
      string rules_stat_prefix = 6;
      Returns:
      The bytes for rulesStatPrefix.
    • hasMatcher

      boolean hasMatcher()
       The match tree to use when resolving RBAC action for incoming requests. Requests do not
       match any matcher will be denied.
       If absent, no enforcing RBAC matcher will be applied.
       If present and empty, deny all requests.
       
      .xds.type.matcher.v3.Matcher matcher = 4 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the matcher field is set.
    • getMatcher

      Matcher getMatcher()
       The match tree to use when resolving RBAC action for incoming requests. Requests do not
       match any matcher will be denied.
       If absent, no enforcing RBAC matcher will be applied.
       If present and empty, deny all requests.
       
      .xds.type.matcher.v3.Matcher matcher = 4 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The matcher.
    • getMatcherOrBuilder

      MatcherOrBuilder getMatcherOrBuilder()
       The match tree to use when resolving RBAC action for incoming requests. Requests do not
       match any matcher will be denied.
       If absent, no enforcing RBAC matcher will be applied.
       If present and empty, deny all requests.
       
      .xds.type.matcher.v3.Matcher matcher = 4 [(.udpa.annotations.field_migrate) = { ... }
    • hasShadowRules

      boolean hasShadowRules()
       Shadow rules are not enforced by the filter (i.e., returning a 403)
       but will emit stats and logs and can be used for rule testing.
       If absent, no shadow RBAC policy will be applied.
       If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
       
      .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the shadowRules field is set.
    • getShadowRules

      RBAC getShadowRules()
       Shadow rules are not enforced by the filter (i.e., returning a 403)
       but will emit stats and logs and can be used for rule testing.
       If absent, no shadow RBAC policy will be applied.
       If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
       
      .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The shadowRules.
    • getShadowRulesOrBuilder

      RBACOrBuilder getShadowRulesOrBuilder()
       Shadow rules are not enforced by the filter (i.e., returning a 403)
       but will emit stats and logs and can be used for rule testing.
       If absent, no shadow RBAC policy will be applied.
       If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
       
      .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
    • hasShadowMatcher

      boolean hasShadowMatcher()
       The match tree to use for emitting stats and logs which can be used for rule testing for
       incoming requests.
       If absent, no shadow matcher will be applied.
       
      .xds.type.matcher.v3.Matcher shadow_matcher = 5 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the shadowMatcher field is set.
    • getShadowMatcher

      Matcher getShadowMatcher()
       The match tree to use for emitting stats and logs which can be used for rule testing for
       incoming requests.
       If absent, no shadow matcher will be applied.
       
      .xds.type.matcher.v3.Matcher shadow_matcher = 5 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The shadowMatcher.
    • getShadowMatcherOrBuilder

      MatcherOrBuilder getShadowMatcherOrBuilder()
       The match tree to use for emitting stats and logs which can be used for rule testing for
       incoming requests.
       If absent, no shadow matcher will be applied.
       
      .xds.type.matcher.v3.Matcher shadow_matcher = 5 [(.udpa.annotations.field_migrate) = { ... }
    • getShadowRulesStatPrefix

      String getShadowRulesStatPrefix()
       If specified, shadow rules will emit stats with the given prefix.
       This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
       shadow rules.
       
      string shadow_rules_stat_prefix = 3;
      Returns:
      The shadowRulesStatPrefix.
    • getShadowRulesStatPrefixBytes

      com.google.protobuf.ByteString getShadowRulesStatPrefixBytes()
       If specified, shadow rules will emit stats with the given prefix.
       This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
       shadow rules.
       
      string shadow_rules_stat_prefix = 3;
      Returns:
      The bytes for shadowRulesStatPrefix.
    • getTrackPerRuleStats

      boolean getTrackPerRuleStats()
       If track_per_rule_stats is true, counters will be published for each rule and shadow rule.
       
      bool track_per_rule_stats = 7;
      Returns:
      The trackPerRuleStats.