io.envoyproxy.envoy.config.rbac.v2

Class RBAC

java.lang.Object

com.google.protobuf.AbstractMessageLite

com.google.protobuf.AbstractMessage

com.google.protobuf.GeneratedMessageV3

io.envoyproxy.envoy.config.rbac.v2.RBAC

All Implemented Interfaces:

com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, RBACOrBuilder, Serializable

public final class RBAC
extends com.google.protobuf.GeneratedMessageV3
implements RBACOrBuilder

 Role Based Access Control (RBAC) provides service-level and method-level access control for a
 service. RBAC policies are additive. The policies are examined in order. A request is allowed
 once a matching policy is found (suppose the `action` is ALLOW).
 Here is an example of RBAC configuration. It has two policies:
 * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
   does "cluster.local/ns/default/sa/superuser".
 * Any user can read ("GET") the service at paths with prefix "/products", so long as the
   destination port is either 80 or 443.
  .. code-block:: yaml
   action: ALLOW
   policies:
     "service-admin":
       permissions:
         - any: true
       principals:
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/admin"
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/superuser"
     "product-viewer":
       permissions:
           - and_rules:
               rules:
                 - header: { name: ":method", exact_match: "GET" }
                 - url_path:
                     path: { prefix: "/products" }
                 - or_rules:
                     rules:
                       - destination_port: 80
                       - destination_port: 443
       principals:
         - any: true
 

Protobuf type envoy.config.rbac.v2.RBAC

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	RBAC.Action Should we do safe-list or block-list style access control?
static class	RBAC.Builder Role Based Access Control (RBAC) provides service-level and method-level access control for a service.

Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

Field Summary

Fields

Modifier and Type	Field and Description
static int	ACTION_FIELD_NUMBER
static int	POLICIES_FIELD_NUMBER

Fields inherited from class com.google.protobuf.GeneratedMessageV3

alwaysUseFieldBuilders, unknownFields

Fields inherited from class com.google.protobuf.AbstractMessage

memoizedSize

Fields inherited from class com.google.protobuf.AbstractMessageLite

memoizedHashCode

Method Summary

Modifier and Type	Method and Description
boolean	containsPolicies(String key) Maps from policy name to policy.
boolean	equals(Object obj)
RBAC.Action	getAction() The action to take if a policy matches.
int	getActionValue() The action to take if a policy matches.
static RBAC	getDefaultInstance()
RBAC	getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor	getDescriptor()
com.google.protobuf.Parser<RBAC>	getParserForType()
Map<String,Policy>	getPolicies() Deprecated.
int	getPoliciesCount() Maps from policy name to policy.
Map<String,Policy>	getPoliciesMap() Maps from policy name to policy.
Policy	getPoliciesOrDefault(String key, Policy defaultValue) Maps from policy name to policy.
Policy	getPoliciesOrThrow(String key) Maps from policy name to policy.
int	getSerializedSize()
com.google.protobuf.UnknownFieldSet	getUnknownFields()
int	hashCode()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
protected com.google.protobuf.MapField	internalGetMapField(int number)
boolean	isInitialized()
static RBAC.Builder	newBuilder()
static RBAC.Builder	newBuilder(RBAC prototype)
RBAC.Builder	newBuilderForType()
protected RBAC.Builder	newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
protected Object	newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
static RBAC	parseDelimitedFrom(InputStream input)
static RBAC	parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC	parseFrom(byte[] data)
static RBAC	parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC	parseFrom(ByteBuffer data)
static RBAC	parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC	parseFrom(com.google.protobuf.ByteString data)
static RBAC	parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC	parseFrom(com.google.protobuf.CodedInputStream input)
static RBAC	parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static RBAC	parseFrom(InputStream input)
static RBAC	parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static com.google.protobuf.Parser<RBAC>	parser()
RBAC.Builder	toBuilder()
void	writeTo(com.google.protobuf.CodedOutputStream output)

Methods inherited from class com.google.protobuf.GeneratedMessageV3

canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, makeExtensionsImmutable, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

Methods inherited from class com.google.protobuf.AbstractMessage

findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite

addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite

toByteArray, toByteString, writeDelimitedTo, writeTo

Field Detail

ACTION_FIELD_NUMBER

public static final int ACTION_FIELD_NUMBER

See Also:

Constant Field Values

POLICIES_FIELD_NUMBER

public static final int POLICIES_FIELD_NUMBER

See Also:

Constant Field Values

Method Detail

newInstance

protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)

Overrides:

newInstance in class com.google.protobuf.GeneratedMessageV3

getUnknownFields

public final com.google.protobuf.UnknownFieldSet getUnknownFields()

Specified by:

getUnknownFields in interface com.google.protobuf.MessageOrBuilder

Overrides:

getUnknownFields in class com.google.protobuf.GeneratedMessageV3

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetMapField

protected com.google.protobuf.MapField internalGetMapField(int number)

Overrides:

internalGetMapField in class com.google.protobuf.GeneratedMessageV3

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

getActionValue

public int getActionValue()

 The action to take if a policy matches. The request is allowed if and only if:
   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
 

.envoy.config.rbac.v2.RBAC.Action action = 1;

Specified by:

getActionValue in interface RBACOrBuilder

getAction

public RBAC.Action getAction()

 The action to take if a policy matches. The request is allowed if and only if:
   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
 

.envoy.config.rbac.v2.RBAC.Action action = 1;

Specified by:

getAction in interface RBACOrBuilder

getPoliciesCount

public int getPoliciesCount()

Description copied from interface: RBACOrBuilder

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesCount in interface RBACOrBuilder

containsPolicies

public boolean containsPolicies(String key)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

containsPolicies in interface RBACOrBuilder

getPolicies

@Deprecated
public Map<String,Policy> getPolicies()

Deprecated.

Use getPoliciesMap() instead.

Specified by:

getPolicies in interface RBACOrBuilder

getPoliciesMap

public Map<String,Policy> getPoliciesMap()

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesMap in interface RBACOrBuilder

getPoliciesOrDefault

public Policy getPoliciesOrDefault(String key,
                                   Policy defaultValue)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesOrDefault in interface RBACOrBuilder

getPoliciesOrThrow

public Policy getPoliciesOrThrow(String key)

 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 

map<string, .envoy.config.rbac.v2.Policy> policies = 2;

Specified by:

getPoliciesOrThrow in interface RBACOrBuilder

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3

writeTo

public void writeTo(com.google.protobuf.CodedOutputStream output)
             throws IOException

Specified by:

writeTo in interface com.google.protobuf.MessageLite

Overrides:

writeTo in class com.google.protobuf.GeneratedMessageV3

Throws:

IOException

getSerializedSize

public int getSerializedSize()

Specified by:

getSerializedSize in interface com.google.protobuf.MessageLite

Overrides:

getSerializedSize in class com.google.protobuf.GeneratedMessageV3

equals

public boolean equals(Object obj)

Specified by:

equals in interface com.google.protobuf.Message

Overrides:

equals in class com.google.protobuf.AbstractMessage

hashCode

public int hashCode()

Specified by:

hashCode in interface com.google.protobuf.Message

Overrides:

hashCode in class com.google.protobuf.AbstractMessage

parseFrom

public static RBAC parseFrom(ByteBuffer data)
                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static RBAC parseFrom(ByteBuffer data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static RBAC parseFrom(com.google.protobuf.ByteString data)
                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static RBAC parseFrom(com.google.protobuf.ByteString data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static RBAC parseFrom(byte[] data)
                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static RBAC parseFrom(byte[] data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static RBAC parseFrom(InputStream input)
                      throws IOException

Throws:

IOException

parseFrom

public static RBAC parseFrom(InputStream input,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws IOException

Throws:

IOException

parseDelimitedFrom

public static RBAC parseDelimitedFrom(InputStream input)
                               throws IOException

Throws:

IOException

parseDelimitedFrom

public static RBAC parseDelimitedFrom(InputStream input,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws IOException

Throws:

IOException

parseFrom

public static RBAC parseFrom(com.google.protobuf.CodedInputStream input)
                      throws IOException

Throws:

IOException

parseFrom

public static RBAC parseFrom(com.google.protobuf.CodedInputStream input,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws IOException

Throws:

IOException

newBuilderForType

public RBAC.Builder newBuilderForType()

Specified by:

newBuilderForType in interface com.google.protobuf.Message

Specified by:

newBuilderForType in interface com.google.protobuf.MessageLite

newBuilder

public static RBAC.Builder newBuilder()

newBuilder

public static RBAC.Builder newBuilder(RBAC prototype)

toBuilder

public RBAC.Builder toBuilder()

Specified by:

toBuilder in interface com.google.protobuf.Message

Specified by:

toBuilder in interface com.google.protobuf.MessageLite

newBuilderForType

protected RBAC.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)

Specified by:

newBuilderForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstance

public static RBAC getDefaultInstance()

parser

public static com.google.protobuf.Parser<RBAC> parser()

getParserForType

public com.google.protobuf.Parser<RBAC> getParserForType()

Specified by:

getParserForType in interface com.google.protobuf.Message

Specified by:

getParserForType in interface com.google.protobuf.MessageLite

Overrides:

getParserForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstanceForType

public RBAC getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder