RBAC.Builder (api 0.1.28 API)

java.lang.Object
- com.google.protobuf.AbstractMessageLite.Builder
- - com.google.protobuf.AbstractMessage.Builder<BuilderType>
  - - com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>
    - - io.envoyproxy.envoy.config.rbac.v4alpha.RBAC.Builder

All Implemented Interfaces:: com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, RBACOrBuilder, Cloneable

Enclosing class:: RBAC

public static final class RBAC.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>
implements RBACOrBuilder

 Role Based Access Control (RBAC) provides service-level and method-level access control for a
 service. RBAC policies are additive. The policies are examined in order. Requests are allowed
 or denied based on the `action` and whether a matching policy is found. For instance, if the
 action is ALLOW and a matching policy is found the request should be allowed.
 RBAC can also be used to make access logging decisions by communicating with access loggers
 through dynamic metadata. When the action is LOG and at least one policy matches, the
 `access_log_hint` value in the shared key namespace 'envoy.common' is set to `true` indicating
 the request should be logged.
 Here is an example of RBAC configuration. It has two policies:
 * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
   does "cluster.local/ns/default/sa/superuser".
 * Any user can read ("GET") the service at paths with prefix "/products", so long as the
   destination port is either 80 or 443.
  .. code-block:: yaml
   action: ALLOW
   policies:
     "service-admin":
       permissions:
         - any: true
       principals:
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/admin"
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/superuser"
     "product-viewer":
       permissions:
           - and_rules:
               rules:
                 - header: { name: ":method", exact_match: "GET" }
                 - url_path:
                     path: { prefix: "/products" }
                 - or_rules:
                     rules:
                       - destination_port: 80
                       - destination_port: 443
       principals:
         - any: true

Protobuf type envoy.config.rbac.v4alpha.RBAC

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`RBAC.Builder`	`addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)`
`RBAC`	`build()`
`RBAC`	`buildPartial()`
`RBAC.Builder`	`clear()`
`RBAC.Builder`	`clearAction()` The action to take if a policy matches.
`RBAC.Builder`	`clearField(com.google.protobuf.Descriptors.FieldDescriptor field)`
`RBAC.Builder`	`clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)`
`RBAC.Builder`	`clearPolicies()`
`RBAC.Builder`	`clone()`
`boolean`	`containsPolicies(String key)` Maps from policy name to policy.
`RBAC.Action`	`getAction()` The action to take if a policy matches.
`int`	`getActionValue()` The action to take if a policy matches.
`RBAC`	`getDefaultInstanceForType()`
`static com.google.protobuf.Descriptors.Descriptor`	`getDescriptor()`
`com.google.protobuf.Descriptors.Descriptor`	`getDescriptorForType()`
`Map<String,Policy>`	`getMutablePolicies()` Deprecated.
`Map<String,Policy>`	`getPolicies()` Deprecated.
`int`	`getPoliciesCount()` Maps from policy name to policy.
`Map<String,Policy>`	`getPoliciesMap()` Maps from policy name to policy.
`Policy`	`getPoliciesOrDefault(String key, Policy defaultValue)` Maps from policy name to policy.
`Policy`	`getPoliciesOrThrow(String key)` Maps from policy name to policy.
`protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable`	`internalGetFieldAccessorTable()`
`protected com.google.protobuf.MapField`	`internalGetMapField(int number)`
`protected com.google.protobuf.MapField`	`internalGetMutableMapField(int number)`
`boolean`	`isInitialized()`
`RBAC.Builder`	`mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)`
`RBAC.Builder`	`mergeFrom(com.google.protobuf.Message other)`
`RBAC.Builder`	`mergeFrom(RBAC other)`
`RBAC.Builder`	`mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)`
`RBAC.Builder`	`putAllPolicies(Map<String,Policy> values)` Maps from policy name to policy.
`RBAC.Builder`	`putPolicies(String key, Policy value)` Maps from policy name to policy.
`RBAC.Builder`	`removePolicies(String key)` Maps from policy name to policy.
`RBAC.Builder`	`setAction(RBAC.Action value)` The action to take if a policy matches.
`RBAC.Builder`	`setActionValue(int value)` The action to take if a policy matches.
`RBAC.Builder`	`setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)`
`RBAC.Builder`	`setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)`
`RBAC.Builder`	`setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)`

Methods inherited from class com.google.protobuf.GeneratedMessageV3.Builder
getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, isClean, markClean, newBuilderForField, onBuilt, onChanged, setUnknownFieldsProto3

Methods inherited from class com.google.protobuf.AbstractMessage.Builder
findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder
addAll, addAll, mergeFrom, newUninitializedMessageException

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite.Builder
mergeFrom

Method Detail

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetMapField
```
protected com.google.protobuf.MapField internalGetMapField(int number)
```
Overrides:

internalGetMapField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

internalGetMutableMapField
```
protected com.google.protobuf.MapField internalGetMutableMapField(int number)
```
Overrides:

internalGetMutableMapField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

internalGetFieldAccessorTable
```
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
```
Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

clear
```
public RBAC.Builder clear()
```
Specified by:

clear in interface com.google.protobuf.Message.Builder

Specified by:

clear in interface com.google.protobuf.MessageLite.Builder

Overrides:

clear in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

getDescriptorForType
```
public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
```
Specified by:

getDescriptorForType in interface com.google.protobuf.Message.Builder

Specified by:

getDescriptorForType in interface com.google.protobuf.MessageOrBuilder

Overrides:

getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

getDefaultInstanceForType
```
public RBAC getDefaultInstanceForType()
```
Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

build
```
public RBAC build()
```
Specified by:

build in interface com.google.protobuf.Message.Builder

Specified by:

build in interface com.google.protobuf.MessageLite.Builder

buildPartial
```
public RBAC buildPartial()
```
Specified by:

buildPartial in interface com.google.protobuf.Message.Builder

Specified by:

buildPartial in interface com.google.protobuf.MessageLite.Builder

clone
```
public RBAC.Builder clone()
```
Specified by:

clone in interface com.google.protobuf.Message.Builder

Specified by:

clone in interface com.google.protobuf.MessageLite.Builder

Overrides:

clone in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

setField

public RBAC.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field,
                             Object value)

Specified by:: setField in interface com.google.protobuf.Message.Builder
Overrides:: setField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

clearField
```
public RBAC.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
```
Specified by:

clearField in interface com.google.protobuf.Message.Builder

Overrides:

clearField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

clearOneof
```
public RBAC.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
```
Specified by:

clearOneof in interface com.google.protobuf.Message.Builder

Overrides:

clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

setRepeatedField

public RBAC.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                     int index,
                                     Object value)

Specified by:: setRepeatedField in interface com.google.protobuf.Message.Builder
Overrides:: setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

addRepeatedField

public RBAC.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                     Object value)

Specified by:: addRepeatedField in interface com.google.protobuf.Message.Builder
Overrides:: addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

mergeFrom
```
public RBAC.Builder mergeFrom(com.google.protobuf.Message other)
```
Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<RBAC.Builder>

mergeFrom

public RBAC.Builder mergeFrom(RBAC other)

isInitialized
```
public final boolean isInitialized()
```
Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<RBAC.Builder>

mergeFrom
```
public RBAC.Builder mergeFrom(com.google.protobuf.CodedInputStream input,
                              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                       throws IOException
```
Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Specified by:

mergeFrom in interface com.google.protobuf.MessageLite.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<RBAC.Builder>

Throws:

IOException

getActionValue

public int getActionValue()

 The action to take if a policy matches. Every action either allows or denies a request,
 and can also carry out action-specific operations.
 Actions:
  * ALLOW: Allows the request if and only if there is a policy that matches
    the request.
  * DENY: Allows the request if and only if there are no policies that
    match the request.
  * LOG: Allows all requests. If at least one policy matches, the dynamic
    metadata key `access_log_hint` is set to the value `true` under the shared
    key namespace 'envoy.common'. If no policies match, it is set to `false`.
    Other actions do not modify this key.

.envoy.config.rbac.v4alpha.RBAC.Action action = 1 [(.validate.rules) = { ... }

Specified by:: getActionValue in interface RBACOrBuilder

setActionValue

public RBAC.Builder setActionValue(int value)

 The action to take if a policy matches. Every action either allows or denies a request,
 and can also carry out action-specific operations.
 Actions:
  * ALLOW: Allows the request if and only if there is a policy that matches
    the request.
  * DENY: Allows the request if and only if there are no policies that
    match the request.
  * LOG: Allows all requests. If at least one policy matches, the dynamic
    metadata key `access_log_hint` is set to the value `true` under the shared
    key namespace 'envoy.common'. If no policies match, it is set to `false`.
    Other actions do not modify this key.

.envoy.config.rbac.v4alpha.RBAC.Action action = 1 [(.validate.rules) = { ... }

getAction

public RBAC.Action getAction()

 The action to take if a policy matches. Every action either allows or denies a request,
 and can also carry out action-specific operations.
 Actions:
  * ALLOW: Allows the request if and only if there is a policy that matches
    the request.
  * DENY: Allows the request if and only if there are no policies that
    match the request.
  * LOG: Allows all requests. If at least one policy matches, the dynamic
    metadata key `access_log_hint` is set to the value `true` under the shared
    key namespace 'envoy.common'. If no policies match, it is set to `false`.
    Other actions do not modify this key.

.envoy.config.rbac.v4alpha.RBAC.Action action = 1 [(.validate.rules) = { ... }

Specified by:: getAction in interface RBACOrBuilder

setAction

public RBAC.Builder setAction(RBAC.Action value)

 The action to take if a policy matches. Every action either allows or denies a request,
 and can also carry out action-specific operations.
 Actions:
  * ALLOW: Allows the request if and only if there is a policy that matches
    the request.
  * DENY: Allows the request if and only if there are no policies that
    match the request.
  * LOG: Allows all requests. If at least one policy matches, the dynamic
    metadata key `access_log_hint` is set to the value `true` under the shared
    key namespace 'envoy.common'. If no policies match, it is set to `false`.
    Other actions do not modify this key.

.envoy.config.rbac.v4alpha.RBAC.Action action = 1 [(.validate.rules) = { ... }

clearAction

public RBAC.Builder clearAction()

 The action to take if a policy matches. Every action either allows or denies a request,
 and can also carry out action-specific operations.
 Actions:
  * ALLOW: Allows the request if and only if there is a policy that matches
    the request.
  * DENY: Allows the request if and only if there are no policies that
    match the request.
  * LOG: Allows all requests. If at least one policy matches, the dynamic
    metadata key `access_log_hint` is set to the value `true` under the shared
    key namespace 'envoy.common'. If no policies match, it is set to `false`.
    Other actions do not modify this key.

.envoy.config.rbac.v4alpha.RBAC.Action action = 1 [(.validate.rules) = { ... }

getPoliciesCount
```
public int getPoliciesCount()
```
Description copied from interface: RBACOrBuilder
```
 Maps from policy name to policy. A match occurs when at least one policy matches the request.
 
```
map<string, .envoy.config.rbac.v4alpha.Policy> policies = 2;
Specified by:

getPoliciesCount in interface RBACOrBuilder