Package io.envoyproxy.envoy.config.rbac.v3

Interface PrincipalOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
Principal, Principal.Builder
public interface PrincipalOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Details

    • hasAndIds

      boolean hasAndIds()
       A set of identifiers that all must match in order to define the downstream.
      .envoy.config.rbac.v3.Principal.Set and_ids = 1;
      Returns:
      Whether the andIds field is set.

    • getAndIds

      Principal.Set getAndIds()
       A set of identifiers that all must match in order to define the downstream.
      .envoy.config.rbac.v3.Principal.Set and_ids = 1;
      Returns:
      The andIds.

    • getAndIdsOrBuilder

      Principal.SetOrBuilder getAndIdsOrBuilder()
       A set of identifiers that all must match in order to define the downstream.
      .envoy.config.rbac.v3.Principal.Set and_ids = 1;

    • hasOrIds

      boolean hasOrIds()
       A set of identifiers at least one must match in order to define the downstream.
      .envoy.config.rbac.v3.Principal.Set or_ids = 2;
      Returns:
      Whether the orIds field is set.

    • getOrIds

      Principal.Set getOrIds()
       A set of identifiers at least one must match in order to define the downstream.
      .envoy.config.rbac.v3.Principal.Set or_ids = 2;
      Returns:
      The orIds.

    • getOrIdsOrBuilder

      Principal.SetOrBuilder getOrIdsOrBuilder()
       A set of identifiers at least one must match in order to define the downstream.
      .envoy.config.rbac.v3.Principal.Set or_ids = 2;

    • hasAny

      boolean hasAny()
       When any is set, it matches any downstream.
      bool any = 3 [(.validate.rules) = { ... }
      Returns:
      Whether the any field is set.

    • getAny

      boolean getAny()
       When any is set, it matches any downstream.
      bool any = 3 [(.validate.rules) = { ... }
      Returns:
      The any.

    • hasAuthenticated

      boolean hasAuthenticated()
       Authenticated attributes that identify the downstream.
 It is recommended to NOT use this field, but instead use
 :ref:`MTlsAuthenticated <envoy_v3_api_msg_extensions.rbac.principals.mtls_authenticated.v3.Config>`,
 configured via :ref:`custom <envoy_v3_api_field_config.rbac.v3.Principal.custom>`,
 which should be used for most use cases due to its improved security.
      .envoy.config.rbac.v3.Principal.Authenticated authenticated = 4;
      Returns:
      Whether the authenticated field is set.

    • getAuthenticated

      Principal.Authenticated getAuthenticated()
       Authenticated attributes that identify the downstream.
 It is recommended to NOT use this field, but instead use
 :ref:`MTlsAuthenticated <envoy_v3_api_msg_extensions.rbac.principals.mtls_authenticated.v3.Config>`,
 configured via :ref:`custom <envoy_v3_api_field_config.rbac.v3.Principal.custom>`,
 which should be used for most use cases due to its improved security.
      .envoy.config.rbac.v3.Principal.Authenticated authenticated = 4;
      Returns:
      The authenticated.

    • getAuthenticatedOrBuilder

      Principal.AuthenticatedOrBuilder getAuthenticatedOrBuilder()
       Authenticated attributes that identify the downstream.
 It is recommended to NOT use this field, but instead use
 :ref:`MTlsAuthenticated <envoy_v3_api_msg_extensions.rbac.principals.mtls_authenticated.v3.Config>`,
 configured via :ref:`custom <envoy_v3_api_field_config.rbac.v3.Principal.custom>`,
 which should be used for most use cases due to its improved security.
      .envoy.config.rbac.v3.Principal.Authenticated authenticated = 4;

    • hasSourceIp

      @Deprecated boolean hasSourceIp()
      Deprecated.
      envoy.config.rbac.v3.Principal.source_ip is deprecated. See envoy/config/rbac/v3/rbac.proto;l=386
       A CIDR block that describes the downstream IP.
 This address will honor proxy protocol, but will not honor XFF.

 This field is deprecated; either use :ref:`remote_ip
 <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` for the same
 behavior, or use
 :ref:`direct_remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`.
      .envoy.config.core.v3.CidrRange source_ip = 5 [deprecated = true, (.envoy.annotations.deprecated_at_minor_version) = "3.0"];
      Returns:
      Whether the sourceIp field is set.

    • getSourceIp

      @Deprecated CidrRange getSourceIp()
      Deprecated.
      envoy.config.rbac.v3.Principal.source_ip is deprecated. See envoy/config/rbac/v3/rbac.proto;l=386
       A CIDR block that describes the downstream IP.
 This address will honor proxy protocol, but will not honor XFF.

 This field is deprecated; either use :ref:`remote_ip
 <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` for the same
 behavior, or use
 :ref:`direct_remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`.
      .envoy.config.core.v3.CidrRange source_ip = 5 [deprecated = true, (.envoy.annotations.deprecated_at_minor_version) = "3.0"];
      Returns:
      The sourceIp.

    • getSourceIpOrBuilder

      @Deprecated CidrRangeOrBuilder getSourceIpOrBuilder()
      Deprecated.
       A CIDR block that describes the downstream IP.
 This address will honor proxy protocol, but will not honor XFF.

 This field is deprecated; either use :ref:`remote_ip
 <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` for the same
 behavior, or use
 :ref:`direct_remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`.
      .envoy.config.core.v3.CidrRange source_ip = 5 [deprecated = true, (.envoy.annotations.deprecated_at_minor_version) = "3.0"];

    • hasDirectRemoteIp

      boolean hasDirectRemoteIp()
       A CIDR block that describes the downstream remote/origin address.

 .. note::

   This is always the physical peer even if the
   :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is inferred from the
   x-forwarder-for header, the proxy protocol, etc.
      .envoy.config.core.v3.CidrRange direct_remote_ip = 10;
      Returns:
      Whether the directRemoteIp field is set.

    • getDirectRemoteIp

      CidrRange getDirectRemoteIp()
       A CIDR block that describes the downstream remote/origin address.

 .. note::

   This is always the physical peer even if the
   :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is inferred from the
   x-forwarder-for header, the proxy protocol, etc.
      .envoy.config.core.v3.CidrRange direct_remote_ip = 10;
      Returns:
      The directRemoteIp.

    • getDirectRemoteIpOrBuilder

      CidrRangeOrBuilder getDirectRemoteIpOrBuilder()
       A CIDR block that describes the downstream remote/origin address.

 .. note::

   This is always the physical peer even if the
   :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is inferred from the
   x-forwarder-for header, the proxy protocol, etc.
      .envoy.config.core.v3.CidrRange direct_remote_ip = 10;

    • hasRemoteIp

      boolean hasRemoteIp()
       A CIDR block that describes the downstream remote/origin address.

 .. note::

   This may not be the physical peer and could be different from the :ref:`direct_remote_ip
   <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the remote ip is inferred from
   the x-forwarder-for header, the proxy protocol, etc.
      .envoy.config.core.v3.CidrRange remote_ip = 11;
      Returns:
      Whether the remoteIp field is set.

    • getRemoteIp

      CidrRange getRemoteIp()
       A CIDR block that describes the downstream remote/origin address.

 .. note::

   This may not be the physical peer and could be different from the :ref:`direct_remote_ip
   <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the remote ip is inferred from
   the x-forwarder-for header, the proxy protocol, etc.
      .envoy.config.core.v3.CidrRange remote_ip = 11;
      Returns:
      The remoteIp.

    • getRemoteIpOrBuilder

      CidrRangeOrBuilder getRemoteIpOrBuilder()
       A CIDR block that describes the downstream remote/origin address.

 .. note::

   This may not be the physical peer and could be different from the :ref:`direct_remote_ip
   <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the remote ip is inferred from
   the x-forwarder-for header, the proxy protocol, etc.
      .envoy.config.core.v3.CidrRange remote_ip = 11;

    • hasHeader

      boolean hasHeader()
       A header (or pseudo-header such as ``:path`` or ``:method``) on the incoming HTTP request. Only available
 for HTTP request.

 .. note::

   The pseudo-header ``:path`` includes the query and fragment string. Use the ``url_path`` field if you
   want to match the URL path without the query and fragment string.
      .envoy.config.route.v3.HeaderMatcher header = 6;
      Returns:
      Whether the header field is set.

    • getHeader

      HeaderMatcher getHeader()
       A header (or pseudo-header such as ``:path`` or ``:method``) on the incoming HTTP request. Only available
 for HTTP request.

 .. note::

   The pseudo-header ``:path`` includes the query and fragment string. Use the ``url_path`` field if you
   want to match the URL path without the query and fragment string.
      .envoy.config.route.v3.HeaderMatcher header = 6;
      Returns:
      The header.

    • getHeaderOrBuilder

      HeaderMatcherOrBuilder getHeaderOrBuilder()
       A header (or pseudo-header such as ``:path`` or ``:method``) on the incoming HTTP request. Only available
 for HTTP request.

 .. note::

   The pseudo-header ``:path`` includes the query and fragment string. Use the ``url_path`` field if you
   want to match the URL path without the query and fragment string.
      .envoy.config.route.v3.HeaderMatcher header = 6;

    • hasUrlPath

      boolean hasUrlPath()
       A URL path on the incoming HTTP request. Only available for HTTP.
      .envoy.type.matcher.v3.PathMatcher url_path = 9;
      Returns:
      Whether the urlPath field is set.

    • getUrlPath

      PathMatcher getUrlPath()
       A URL path on the incoming HTTP request. Only available for HTTP.
      .envoy.type.matcher.v3.PathMatcher url_path = 9;
      Returns:
      The urlPath.

    • getUrlPathOrBuilder

      PathMatcherOrBuilder getUrlPathOrBuilder()
       A URL path on the incoming HTTP request. Only available for HTTP.
      .envoy.type.matcher.v3.PathMatcher url_path = 9;

    • hasMetadata

      @Deprecated boolean hasMetadata()
      Deprecated.
      envoy.config.rbac.v3.Principal.metadata is deprecated. See envoy/config/rbac/v3/rbac.proto;l=424
       Metadata that describes additional information about the principal. This field is deprecated; please use
 :ref:`sourced_metadata<envoy_v3_api_field_config.rbac.v3.Principal.sourced_metadata>` instead.
      .envoy.type.matcher.v3.MetadataMatcher metadata = 7 [deprecated = true, (.envoy.annotations.deprecated_at_minor_version) = "3.0"];
      Returns:
      Whether the metadata field is set.

    • getMetadata

      @Deprecated MetadataMatcher getMetadata()
      Deprecated.
      envoy.config.rbac.v3.Principal.metadata is deprecated. See envoy/config/rbac/v3/rbac.proto;l=424
       Metadata that describes additional information about the principal. This field is deprecated; please use
 :ref:`sourced_metadata<envoy_v3_api_field_config.rbac.v3.Principal.sourced_metadata>` instead.
      .envoy.type.matcher.v3.MetadataMatcher metadata = 7 [deprecated = true, (.envoy.annotations.deprecated_at_minor_version) = "3.0"];
      Returns:
      The metadata.

    • getMetadataOrBuilder

      @Deprecated MetadataMatcherOrBuilder getMetadataOrBuilder()
      Deprecated.
       Metadata that describes additional information about the principal. This field is deprecated; please use
 :ref:`sourced_metadata<envoy_v3_api_field_config.rbac.v3.Principal.sourced_metadata>` instead.
      .envoy.type.matcher.v3.MetadataMatcher metadata = 7 [deprecated = true, (.envoy.annotations.deprecated_at_minor_version) = "3.0"];

    • hasFilterState

      boolean hasFilterState()
       Identifies the principal using a filter state object.
      .envoy.type.matcher.v3.FilterStateMatcher filter_state = 12;
      Returns:
      Whether the filterState field is set.

    • getFilterState

      FilterStateMatcher getFilterState()
       Identifies the principal using a filter state object.
      .envoy.type.matcher.v3.FilterStateMatcher filter_state = 12;
      Returns:
      The filterState.

    • getFilterStateOrBuilder

      FilterStateMatcherOrBuilder getFilterStateOrBuilder()
       Identifies the principal using a filter state object.
      .envoy.type.matcher.v3.FilterStateMatcher filter_state = 12;

    • hasNotId

      boolean hasNotId()
       Negates matching the provided principal. For instance, if the value of
 ``not_id`` would match, this principal would not match. Conversely, if the
 value of ``not_id`` would not match, this principal would match.
      .envoy.config.rbac.v3.Principal not_id = 8;
      Returns:
      Whether the notId field is set.

    • getNotId

      Principal getNotId()
       Negates matching the provided principal. For instance, if the value of
 ``not_id`` would match, this principal would not match. Conversely, if the
 value of ``not_id`` would not match, this principal would match.
      .envoy.config.rbac.v3.Principal not_id = 8;
      Returns:
      The notId.

    • getNotIdOrBuilder

      PrincipalOrBuilder getNotIdOrBuilder()
       Negates matching the provided principal. For instance, if the value of
 ``not_id`` would match, this principal would not match. Conversely, if the
 value of ``not_id`` would not match, this principal would match.
      .envoy.config.rbac.v3.Principal not_id = 8;

    • hasSourcedMetadata

      boolean hasSourcedMetadata()
       Matches against metadata from either dynamic state or route configuration. Preferred over the
 ``metadata`` field as it provides more flexibility in metadata source selection.
      .envoy.config.rbac.v3.SourcedMetadata sourced_metadata = 13;
      Returns:
      Whether the sourcedMetadata field is set.

    • getSourcedMetadata

      SourcedMetadata getSourcedMetadata()
       Matches against metadata from either dynamic state or route configuration. Preferred over the
 ``metadata`` field as it provides more flexibility in metadata source selection.
      .envoy.config.rbac.v3.SourcedMetadata sourced_metadata = 13;
      Returns:
      The sourcedMetadata.

    • getSourcedMetadataOrBuilder

      SourcedMetadataOrBuilder getSourcedMetadataOrBuilder()
       Matches against metadata from either dynamic state or route configuration. Preferred over the
 ``metadata`` field as it provides more flexibility in metadata source selection.
      .envoy.config.rbac.v3.SourcedMetadata sourced_metadata = 13;

    • hasCustom

      boolean hasCustom()
       Extension for configuring custom principals for RBAC.
 [#extension-category: envoy.rbac.principals]
      .envoy.config.core.v3.TypedExtensionConfig custom = 14;
      Returns:
      Whether the custom field is set.

    • getCustom

      TypedExtensionConfig getCustom()
       Extension for configuring custom principals for RBAC.
 [#extension-category: envoy.rbac.principals]
      .envoy.config.core.v3.TypedExtensionConfig custom = 14;
      Returns:
      The custom.

    • getCustomOrBuilder

      TypedExtensionConfigOrBuilder getCustomOrBuilder()
       Extension for configuring custom principals for RBAC.
 [#extension-category: envoy.rbac.principals]
      .envoy.config.core.v3.TypedExtensionConfig custom = 14;

    • getIdentifierCase

      Principal.IdentifierCase getIdentifierCase()