Package io.envoyproxy.envoy.extensions.filters.network.rbac.v3

Interface RBACOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
RBAC, RBAC.Builder
public interface RBACOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Summary

    Modifier and Type
    Method
    Description
    com.google.protobuf.Duration
    getDelayDeny()
    Delay the specified duration before closing the connection when the policy evaluation result is ``DENY``.
    com.google.protobuf.DurationOrBuilder
    getDelayDenyOrBuilder()
    Delay the specified duration before closing the connection when the policy evaluation result is ``DENY``.
    RBAC.EnforcementType
    getEnforcementType()
    RBAC enforcement strategy.
    int
    getEnforcementTypeValue()
    RBAC enforcement strategy.
    Matcher
    getMatcher()
    The match tree to use when resolving RBAC action for incoming connections.
    MatcherOrBuilder
    getMatcherOrBuilder()
    The match tree to use when resolving RBAC action for incoming connections.
    RBAC
    getRules()
    Specify the RBAC rules to be applied globally.
    RBACOrBuilder
    getRulesOrBuilder()
    Specify the RBAC rules to be applied globally.
    Matcher
    getShadowMatcher()
    The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
    MatcherOrBuilder
    getShadowMatcherOrBuilder()
    The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
    RBAC
    getShadowRules()
    Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.
    RBACOrBuilder
    getShadowRulesOrBuilder()
    Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.
    String
    getShadowRulesStatPrefix()
    If specified, shadow rules will emit stats with the given prefix.
    com.google.protobuf.ByteString
    getShadowRulesStatPrefixBytes()
    If specified, shadow rules will emit stats with the given prefix.
    String
    getStatPrefix()
    The prefix to use when emitting statistics.
    com.google.protobuf.ByteString
    getStatPrefixBytes()
    The prefix to use when emitting statistics.
    boolean
    hasDelayDeny()
    Delay the specified duration before closing the connection when the policy evaluation result is ``DENY``.
    boolean
    hasMatcher()
    The match tree to use when resolving RBAC action for incoming connections.
    boolean
    hasRules()
    Specify the RBAC rules to be applied globally.
    boolean
    hasShadowMatcher()
    The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
    boolean
    hasShadowRules()
    Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Method Details

    • hasRules

      boolean hasRules()
       Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
      .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the rules field is set.

    • getRules

      RBAC getRules()
       Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
      .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The rules.

    • getRulesOrBuilder

      RBACOrBuilder getRulesOrBuilder()
       Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
      .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }

    • hasMatcher

      boolean hasMatcher()
       The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
      .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the matcher field is set.

    • getMatcher

      Matcher getMatcher()
       The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
      .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The matcher.

    • getMatcherOrBuilder

      MatcherOrBuilder getMatcherOrBuilder()
       The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
      .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }

    • hasShadowRules

      boolean hasShadowRules()
       Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
      .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the shadowRules field is set.

    • getShadowRules

      RBAC getShadowRules()
       Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
      .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The shadowRules.

    • getShadowRulesOrBuilder

      RBACOrBuilder getShadowRulesOrBuilder()
       Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
      .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }

    • hasShadowMatcher

      boolean hasShadowMatcher()
       The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
      .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      Whether the shadowMatcher field is set.

    • getShadowMatcher

      Matcher getShadowMatcher()
       The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
      .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }
      Returns:
      The shadowMatcher.

    • getShadowMatcherOrBuilder

      MatcherOrBuilder getShadowMatcherOrBuilder()
       The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
      .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }

    • getShadowRulesStatPrefix

      String getShadowRulesStatPrefix()
       If specified, shadow rules will emit stats with the given prefix.
 This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
 shadow rules.
      string shadow_rules_stat_prefix = 5;
      Returns:
      The shadowRulesStatPrefix.

    • getShadowRulesStatPrefixBytes

      com.google.protobuf.ByteString getShadowRulesStatPrefixBytes()
       If specified, shadow rules will emit stats with the given prefix.
 This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
 shadow rules.
      string shadow_rules_stat_prefix = 5;
      Returns:
      The bytes for shadowRulesStatPrefix.

    • getStatPrefix

      String getStatPrefix()
       The prefix to use when emitting statistics.
      string stat_prefix = 3 [(.validate.rules) = { ... }
      Returns:
      The statPrefix.

    • getStatPrefixBytes

      com.google.protobuf.ByteString getStatPrefixBytes()
       The prefix to use when emitting statistics.
      string stat_prefix = 3 [(.validate.rules) = { ... }
      Returns:
      The bytes for statPrefix.

    • getEnforcementTypeValue

      int getEnforcementTypeValue()
       RBAC enforcement strategy. By default RBAC will be enforced only once
 when the first byte of data arrives from the downstream. When used in
 conjunction with filters that emit dynamic metadata after decoding
 every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
 CONTINUOUS to enforce RBAC policies on every message boundary.
      .envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType enforcement_type = 4;
      Returns:
      The enum numeric value on the wire for enforcementType.

    • getEnforcementType

      RBAC.EnforcementType getEnforcementType()
       RBAC enforcement strategy. By default RBAC will be enforced only once
 when the first byte of data arrives from the downstream. When used in
 conjunction with filters that emit dynamic metadata after decoding
 every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
 CONTINUOUS to enforce RBAC policies on every message boundary.
      .envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType enforcement_type = 4;
      Returns:
      The enforcementType.

    • hasDelayDeny

      boolean hasDelayDeny()
       Delay the specified duration before closing the connection when the policy evaluation
 result is ``DENY``. If this is not present, the connection will be closed immediately.
 This is useful to provide a better protection for Envoy against clients that retries
 aggressively when the connection is rejected by the RBAC filter.
      .google.protobuf.Duration delay_deny = 8;
      Returns:
      Whether the delayDeny field is set.

    • getDelayDeny

      com.google.protobuf.Duration getDelayDeny()
       Delay the specified duration before closing the connection when the policy evaluation
 result is ``DENY``. If this is not present, the connection will be closed immediately.
 This is useful to provide a better protection for Envoy against clients that retries
 aggressively when the connection is rejected by the RBAC filter.
      .google.protobuf.Duration delay_deny = 8;
      Returns:
      The delayDeny.

    • getDelayDenyOrBuilder

      com.google.protobuf.DurationOrBuilder getDelayDenyOrBuilder()
       Delay the specified duration before closing the connection when the policy evaluation
 result is ``DENY``. If this is not present, the connection will be closed immediately.
 This is useful to provide a better protection for Envoy against clients that retries
 aggressively when the connection is rejected by the RBAC filter.
      .google.protobuf.Duration delay_deny = 8;