Package io.envoyproxy.envoy.config.rbac.v2

Class RBAC.Builder

java.lang.Object

com.google.protobuf.AbstractMessageLite.Builder

com.google.protobuf.AbstractMessage.Builder<BuilderT>

com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

io.envoyproxy.envoy.config.rbac.v2.RBAC.Builder

All Implemented Interfaces:

com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, RBACOrBuilder, Cloneable

Enclosing class:

RBAC

public static final class RBAC.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>
implements RBACOrBuilder

 Role Based Access Control (RBAC) provides service-level and method-level access control for a
 service. RBAC policies are additive. The policies are examined in order. A request is allowed
 once a matching policy is found (suppose the `action` is ALLOW).

 Here is an example of RBAC configuration. It has two policies:

 * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
   does "cluster.local/ns/default/sa/superuser".

 * Any user can read ("GET") the service at paths with prefix "/products", so long as the
   destination port is either 80 or 443.

  .. code-block:: yaml

   action: ALLOW
   policies:
     "service-admin":
       permissions:
         - any: true
       principals:
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/admin"
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/superuser"
     "product-viewer":
       permissions:
           - and_rules:
               rules:
                 - header: { name: ":method", exact_match: "GET" }
                 - url_path:
                     path: { prefix: "/products" }
                 - or_rules:
                     rules:
                       - destination_port: 80
                       - destination_port: 443
       principals:
         - any: true
 

Protobuf type envoy.config.rbac.v2.RBAC

Method Summary

Modifier and Type	Method	Description
RBAC.Builder	addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
RBAC	build()
RBAC	buildPartial()
RBAC.Builder	clear()
RBAC.Builder	clearAction()	The action to take if a policy matches.
RBAC.Builder	clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
RBAC.Builder	clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
RBAC.Builder	clearPolicies()
RBAC.Builder	clone()
boolean	containsPolicies(String key)	Maps from policy name to policy.
RBAC.Action	getAction()	The action to take if a policy matches.
int	getActionValue()	The action to take if a policy matches.
RBAC	getDefaultInstanceForType()
static final com.google.protobuf.Descriptors.Descriptor	getDescriptor()
com.google.protobuf.Descriptors.Descriptor	getDescriptorForType()
Map<String,Policy>	getMutablePolicies()	Deprecated.
Map<String,Policy>	getPolicies()	Deprecated.
int	getPoliciesCount()	Maps from policy name to policy.
Map<String,Policy>	getPoliciesMap()	Maps from policy name to policy.
Policy	getPoliciesOrDefault(String key, Policy defaultValue)	Maps from policy name to policy.
Policy	getPoliciesOrThrow(String key)	Maps from policy name to policy.
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
protected com.google.protobuf.MapFieldReflectionAccessor	internalGetMapFieldReflection(int number)
protected com.google.protobuf.MapFieldReflectionAccessor	internalGetMutableMapFieldReflection(int number)
final boolean	isInitialized()
RBAC.Builder	mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
RBAC.Builder	mergeFrom(com.google.protobuf.Message other)
RBAC.Builder	mergeFrom(RBAC other)
final RBAC.Builder	mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
RBAC.Builder	putAllPolicies(Map<String,Policy> values)	Maps from policy name to policy.
RBAC.Builder	putPolicies(String key, Policy value)	Maps from policy name to policy.
Policy.Builder	putPoliciesBuilderIfAbsent(String key)	Maps from policy name to policy.
RBAC.Builder	removePolicies(String key)	Maps from policy name to policy.
RBAC.Builder	setAction(RBAC.Action value)	The action to take if a policy matches.
RBAC.Builder	setActionValue(int value)	The action to take if a policy matches.
RBAC.Builder	setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
RBAC.Builder	setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
final RBAC.Builder	setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Methods inherited from class com.google.protobuf.GeneratedMessageV3.Builder

getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, getUnknownFieldSetBuilder, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, mergeUnknownLengthDelimitedField, mergeUnknownVarintField, newBuilderForField, onBuilt, onChanged, parseUnknownField, setUnknownFieldSetBuilder, setUnknownFieldsProto3

Methods inherited from class com.google.protobuf.AbstractMessage.Builder

findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder

addAll, addAll, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, newUninitializedMessageException

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.Message.Builder

mergeDelimitedFrom, mergeDelimitedFrom

Methods inherited from interface com.google.protobuf.MessageLite.Builder

mergeFrom

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Method Details

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetMapFieldReflection

protected com.google.protobuf.MapFieldReflectionAccessor internalGetMapFieldReflection(int number)

Overrides:

internalGetMapFieldReflection in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

internalGetMutableMapFieldReflection

protected com.google.protobuf.MapFieldReflectionAccessor internalGetMutableMapFieldReflection(int number)

Overrides:

internalGetMutableMapFieldReflection in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

clear

public RBAC.Builder clear()

Specified by:

clear in interface com.google.protobuf.Message.Builder

Specified by:

clear in interface com.google.protobuf.MessageLite.Builder

Overrides:

clear in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

getDescriptorForType

public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()

Specified by:

getDescriptorForType in interface com.google.protobuf.Message.Builder

Specified by:

getDescriptorForType in interface com.google.protobuf.MessageOrBuilder

Overrides:

getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

getDefaultInstanceForType

public RBAC getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

build

public RBAC build()

Specified by:

build in interface com.google.protobuf.Message.Builder

Specified by:

build in interface com.google.protobuf.MessageLite.Builder

buildPartial

public RBAC buildPartial()

Specified by:

buildPartial in interface com.google.protobuf.Message.Builder

Specified by:

buildPartial in interface com.google.protobuf.MessageLite.Builder

clone

public RBAC.Builder clone()

Specified by:

clone in interface com.google.protobuf.Message.Builder

Specified by:

clone in interface com.google.protobuf.MessageLite.Builder

Overrides:

clone in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

setField

public RBAC.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field,
 Object value)

Specified by:

setField in interface com.google.protobuf.Message.Builder

Overrides:

setField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

clearField

public RBAC.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)

Specified by:

clearField in interface com.google.protobuf.Message.Builder

Overrides:

clearField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

clearOneof

public RBAC.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)

Specified by:

clearOneof in interface com.google.protobuf.Message.Builder

Overrides:

clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

setRepeatedField

public RBAC.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
 int index,
 Object value)

Specified by:

setRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

addRepeatedField

public RBAC.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
 Object value)

Specified by:

addRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

mergeFrom

public RBAC.Builder mergeFrom(com.google.protobuf.Message other)

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<RBAC.Builder>

mergeFrom

public RBAC.Builder mergeFrom(RBAC other)

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

mergeFrom

public RBAC.Builder mergeFrom(com.google.protobuf.CodedInputStream input,
 com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                       throws IOException

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Specified by:

mergeFrom in interface com.google.protobuf.MessageLite.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<RBAC.Builder>

Throws:

IOException

getActionValue

public int getActionValue()

 The action to take if a policy matches. The request is allowed if and only if:

   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
 

.envoy.config.rbac.v2.RBAC.Action action = 1;

Specified by:

getActionValue in interface RBACOrBuilder

Returns:

The enum numeric value on the wire for action.

setActionValue

public RBAC.Builder setActionValue(int value)

 The action to take if a policy matches. The request is allowed if and only if:

   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
 

.envoy.config.rbac.v2.RBAC.Action action = 1;

Parameters:

value - The enum numeric value on the wire for action to set.

Returns:

This builder for chaining.

getAction

public RBAC.Action getAction()

 The action to take if a policy matches. The request is allowed if and only if:

   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
 

.envoy.config.rbac.v2.RBAC.Action action = 1;

Specified by:

getAction in interface RBACOrBuilder

Returns:

The action.

setAction

public RBAC.Builder setAction(RBAC.Action value)

 The action to take if a policy matches. The request is allowed if and only if:

   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
 

.envoy.config.rbac.v2.RBAC.Action action = 1;

Parameters:

value - The action to set.

Returns:

This builder for chaining.

clearAction

public RBAC.Builder clearAction()

 The action to take if a policy matches. The request is allowed if and only if:

   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
 

.envoy.config.rbac.v2.RBAC.Action action = 1;

Returns:

This builder for chaining.

getPoliciesCount

public int getPoliciesCount()

Description copied from interface: RBACOrBuilder

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesCount in interface RBACOrBuilder

containsPolicies

public boolean containsPolicies(String key)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

containsPolicies in interface RBACOrBuilder

getPolicies

@Deprecated
public Map<String,Policy> getPolicies()

Deprecated.

Use getPoliciesMap() instead.

Specified by:

getPolicies in interface RBACOrBuilder

getPoliciesMap

public Map<String,Policy> getPoliciesMap()

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesMap in interface RBACOrBuilder

getPoliciesOrDefault

public Policy getPoliciesOrDefault(String key,
 Policy defaultValue)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesOrDefault in interface RBACOrBuilder

getPoliciesOrThrow

public Policy getPoliciesOrThrow(String key)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesOrThrow in interface RBACOrBuilder

clearPolicies

public RBAC.Builder clearPolicies()

removePolicies

public RBAC.Builder removePolicies(String key)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

getMutablePolicies

@Deprecated
public Map<String,Policy> getMutablePolicies()

Deprecated.

Use alternate mutation accessors instead.

putPolicies

public RBAC.Builder putPolicies(String key,
 Policy value)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

putAllPolicies

public RBAC.Builder putAllPolicies(Map<String,Policy> values)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

putPoliciesBuilderIfAbsent

public Policy.Builder putPoliciesBuilderIfAbsent(String key)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

setUnknownFields

public final RBAC.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

setUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

mergeUnknownFields

public final RBAC.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

mergeUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>