Package io.envoyproxy.envoy.extensions.filters.network.rbac.v3

Class RBAC

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, RBACOrBuilder, Serializable
    public final class RBAC
extends com.google.protobuf.GeneratedMessageV3
implements RBACOrBuilder
     RBAC network filter config.
 Header should not be used in rules/shadow_rules in RBAC network filter as
 this information is only available in :ref:`RBAC http filter <config_http_filters_rbac>`.
 [#next-free-field: 8]
    Protobuf type envoy.extensions.filters.network.rbac.v3.RBAC
    See Also:
    Serialized Form

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  RBAC.Builder
      RBAC network filter config.
      static class  RBAC.EnforcementType
      Protobuf enum envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType

      • Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

        com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,​BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,​BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

      • Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

        com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean equals​(Object obj)  
      static RBAC getDefaultInstance()  
      RBAC getDefaultInstanceForType()  
      static com.google.protobuf.Descriptors.Descriptor getDescriptor()  
      RBAC.EnforcementType getEnforcementType()
      RBAC enforcement strategy.
      int getEnforcementTypeValue()
      RBAC enforcement strategy.
      Matcher getMatcher()
      The match tree to use when resolving RBAC action for incoming connections.
      MatcherOrBuilder getMatcherOrBuilder()
      The match tree to use when resolving RBAC action for incoming connections.
      com.google.protobuf.Parser<RBAC> getParserForType()  
      RBAC getRules()
      Specify the RBAC rules to be applied globally.
      RBACOrBuilder getRulesOrBuilder()
      Specify the RBAC rules to be applied globally.
      int getSerializedSize()  
      Matcher getShadowMatcher()
      The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
      MatcherOrBuilder getShadowMatcherOrBuilder()
      The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
      RBAC getShadowRules()
      Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.
      RBACOrBuilder getShadowRulesOrBuilder()
      Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.
      String getShadowRulesStatPrefix()
      If specified, shadow rules will emit stats with the given prefix.
      com.google.protobuf.ByteString getShadowRulesStatPrefixBytes()
      If specified, shadow rules will emit stats with the given prefix.
      String getStatPrefix()
      The prefix to use when emitting statistics.
      com.google.protobuf.ByteString getStatPrefixBytes()
      The prefix to use when emitting statistics.
      com.google.protobuf.UnknownFieldSet getUnknownFields()  
      int hashCode()  
      boolean hasMatcher()
      The match tree to use when resolving RBAC action for incoming connections.
      boolean hasRules()
      Specify the RBAC rules to be applied globally.
      boolean hasShadowMatcher()
      The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
      boolean hasShadowRules()
      Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.
      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()  
      boolean isInitialized()  
      static RBAC.Builder newBuilder()  
      static RBAC.Builder newBuilder​(RBAC prototype)  
      RBAC.Builder newBuilderForType()  
      protected RBAC.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)  
      protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)  
      static RBAC parseDelimitedFrom​(InputStream input)  
      static RBAC parseDelimitedFrom​(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(byte[] data)  
      static RBAC parseFrom​(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(com.google.protobuf.ByteString data)  
      static RBAC parseFrom​(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(com.google.protobuf.CodedInputStream input)  
      static RBAC parseFrom​(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(InputStream input)  
      static RBAC parseFrom​(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(ByteBuffer data)  
      static RBAC parseFrom​(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static com.google.protobuf.Parser<RBAC> parser()  
      RBAC.Builder toBuilder()  
      void writeTo​(com.google.protobuf.CodedOutputStream output)  

      • Methods inherited from class com.google.protobuf.GeneratedMessageV3

        canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, internalGetMapField, isStringEmpty, makeExtensionsImmutable, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

      • Methods inherited from class com.google.protobuf.AbstractMessage

        findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

      • Methods inherited from class com.google.protobuf.AbstractMessageLite

        addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

      • Methods inherited from interface com.google.protobuf.MessageLite

        toByteArray, toByteString, writeDelimitedTo, writeTo

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof

    • Field Detail

      • SHADOW_RULES_FIELD_NUMBER

        public static final int SHADOW_RULES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SHADOW_MATCHER_FIELD_NUMBER

        public static final int SHADOW_MATCHER_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SHADOW_RULES_STAT_PREFIX_FIELD_NUMBER

        public static final int SHADOW_RULES_STAT_PREFIX_FIELD_NUMBER
        See Also:
        Constant Field Values

      • STAT_PREFIX_FIELD_NUMBER

        public static final int STAT_PREFIX_FIELD_NUMBER
        See Also:
        Constant Field Values

      • ENFORCEMENT_TYPE_FIELD_NUMBER

        public static final int ENFORCEMENT_TYPE_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getUnknownFields

        public final com.google.protobuf.UnknownFieldSet getUnknownFields()
        Specified by:
        getUnknownFields in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getUnknownFields in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • hasRules

        public boolean hasRules()
         Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
        .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        hasRules in interface RBACOrBuilder
        Returns:
        Whether the rules field is set.

      • getRules

        public RBAC getRules()
         Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
        .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getRules in interface RBACOrBuilder
        Returns:
        The rules.

      • getRulesOrBuilder

        public RBACOrBuilder getRulesOrBuilder()
         Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
        .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getRulesOrBuilder in interface RBACOrBuilder

      • hasMatcher

        public boolean hasMatcher()
         The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
        .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        hasMatcher in interface RBACOrBuilder
        Returns:
        Whether the matcher field is set.

      • getMatcher

        public Matcher getMatcher()
         The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
        .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getMatcher in interface RBACOrBuilder
        Returns:
        The matcher.

      • getMatcherOrBuilder

        public MatcherOrBuilder getMatcherOrBuilder()
         The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
        .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getMatcherOrBuilder in interface RBACOrBuilder

      • hasShadowRules

        public boolean hasShadowRules()
         Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
        .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        hasShadowRules in interface RBACOrBuilder
        Returns:
        Whether the shadowRules field is set.

      • getShadowRules

        public RBAC getShadowRules()
         Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
        .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getShadowRules in interface RBACOrBuilder
        Returns:
        The shadowRules.

      • getShadowRulesOrBuilder

        public RBACOrBuilder getShadowRulesOrBuilder()
         Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
        .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getShadowRulesOrBuilder in interface RBACOrBuilder

      • hasShadowMatcher

        public boolean hasShadowMatcher()
         The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
        .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        hasShadowMatcher in interface RBACOrBuilder
        Returns:
        Whether the shadowMatcher field is set.

      • getShadowMatcher

        public Matcher getShadowMatcher()
         The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
        .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getShadowMatcher in interface RBACOrBuilder
        Returns:
        The shadowMatcher.

      • getShadowMatcherOrBuilder

        public MatcherOrBuilder getShadowMatcherOrBuilder()
         The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
        .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }
        Specified by:
        getShadowMatcherOrBuilder in interface RBACOrBuilder

      • getShadowRulesStatPrefix

        public String getShadowRulesStatPrefix()
         If specified, shadow rules will emit stats with the given prefix.
 This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
 shadow rules.
        string shadow_rules_stat_prefix = 5;
        Specified by:
        getShadowRulesStatPrefix in interface RBACOrBuilder
        Returns:
        The shadowRulesStatPrefix.

      • getShadowRulesStatPrefixBytes

        public com.google.protobuf.ByteString getShadowRulesStatPrefixBytes()
         If specified, shadow rules will emit stats with the given prefix.
 This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
 shadow rules.
        string shadow_rules_stat_prefix = 5;
        Specified by:
        getShadowRulesStatPrefixBytes in interface RBACOrBuilder
        Returns:
        The bytes for shadowRulesStatPrefix.

      • getStatPrefix

        public String getStatPrefix()
         The prefix to use when emitting statistics.
        string stat_prefix = 3 [(.validate.rules) = { ... }
        Specified by:
        getStatPrefix in interface RBACOrBuilder
        Returns:
        The statPrefix.

      • getStatPrefixBytes

        public com.google.protobuf.ByteString getStatPrefixBytes()
         The prefix to use when emitting statistics.
        string stat_prefix = 3 [(.validate.rules) = { ... }
        Specified by:
        getStatPrefixBytes in interface RBACOrBuilder
        Returns:
        The bytes for statPrefix.

      • getEnforcementTypeValue

        public int getEnforcementTypeValue()
         RBAC enforcement strategy. By default RBAC will be enforced only once
 when the first byte of data arrives from the downstream. When used in
 conjunction with filters that emit dynamic metadata after decoding
 every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
 CONTINUOUS to enforce RBAC policies on every message boundary.
        .envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType enforcement_type = 4;
        Specified by:
        getEnforcementTypeValue in interface RBACOrBuilder
        Returns:
        The enum numeric value on the wire for enforcementType.

      • getEnforcementType

        public RBAC.EnforcementType getEnforcementType()
         RBAC enforcement strategy. By default RBAC will be enforced only once
 when the first byte of data arrives from the downstream. When used in
 conjunction with filters that emit dynamic metadata after decoding
 every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
 CONTINUOUS to enforce RBAC policies on every message boundary.
        .envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType enforcement_type = 4;
        Specified by:
        getEnforcementType in interface RBACOrBuilder
        Returns:
        The enforcementType.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static RBAC parseFrom​(ByteBuffer data)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(ByteBuffer data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(com.google.protobuf.ByteString data)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(com.google.protobuf.ByteString data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(byte[] data)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(byte[] data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(com.google.protobuf.CodedInputStream input,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws IOException
        Throws:
        IOException

      • newBuilderForType

        public RBAC.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public RBAC.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected RBAC.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstance

        public static RBAC getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<RBAC> parser()

      • getParserForType

        public com.google.protobuf.Parser<RBAC> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public RBAC getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder