Package io.envoyproxy.envoy.extensions.filters.network.rbac.v3

Interface RBACOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    RBAC, RBAC.Builder
    public interface RBACOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      RBAC.EnforcementType getEnforcementType()
      RBAC enforcement strategy.
      int getEnforcementTypeValue()
      RBAC enforcement strategy.
      Matcher getMatcher()
      The match tree to use when resolving RBAC action for incoming connections.
      MatcherOrBuilder getMatcherOrBuilder()
      The match tree to use when resolving RBAC action for incoming connections.
      RBAC getRules()
      Specify the RBAC rules to be applied globally.
      RBACOrBuilder getRulesOrBuilder()
      Specify the RBAC rules to be applied globally.
      Matcher getShadowMatcher()
      The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
      MatcherOrBuilder getShadowMatcherOrBuilder()
      The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
      RBAC getShadowRules()
      Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.
      RBACOrBuilder getShadowRulesOrBuilder()
      Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.
      String getShadowRulesStatPrefix()
      If specified, shadow rules will emit stats with the given prefix.
      com.google.protobuf.ByteString getShadowRulesStatPrefixBytes()
      If specified, shadow rules will emit stats with the given prefix.
      String getStatPrefix()
      The prefix to use when emitting statistics.
      com.google.protobuf.ByteString getStatPrefixBytes()
      The prefix to use when emitting statistics.
      boolean hasMatcher()
      The match tree to use when resolving RBAC action for incoming connections.
      boolean hasRules()
      Specify the RBAC rules to be applied globally.
      boolean hasShadowMatcher()
      The match tree to use for emitting stats and logs which can be used for rule testing for incoming connections.
      boolean hasShadowRules()
      Shadow rules are not enforced by the filter but will emit stats and logs and can be used for rule testing.

      • Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

        isInitialized

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

    • Method Detail

      • hasRules

        boolean hasRules()
         Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
        .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        Whether the rules field is set.

      • getRules

        RBAC getRules()
         Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
        .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        The rules.

      • getRulesOrBuilder

        RBACOrBuilder getRulesOrBuilder()
         Specify the RBAC rules to be applied globally.
 If absent, no enforcing RBAC policy will be applied.
 If present and empty, DENY.
 If both rules and matcher are configured, rules will be ignored.
        .envoy.config.rbac.v3.RBAC rules = 1 [(.udpa.annotations.field_migrate) = { ... }

      • hasMatcher

        boolean hasMatcher()
         The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
        .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        Whether the matcher field is set.

      • getMatcher

        Matcher getMatcher()
         The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
        .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        The matcher.

      • getMatcherOrBuilder

        MatcherOrBuilder getMatcherOrBuilder()
         The match tree to use when resolving RBAC action for incoming connections. Connections do
 not match any matcher will be denied.
 If absent, no enforcing RBAC matcher will be applied.
 If present and empty, deny all connections.
        .xds.type.matcher.v3.Matcher matcher = 6 [(.udpa.annotations.field_migrate) = { ... }

      • hasShadowRules

        boolean hasShadowRules()
         Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
        .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        Whether the shadowRules field is set.

      • getShadowRules

        RBAC getShadowRules()
         Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
        .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        The shadowRules.

      • getShadowRulesOrBuilder

        RBACOrBuilder getShadowRulesOrBuilder()
         Shadow rules are not enforced by the filter but will emit stats and logs
 and can be used for rule testing.
 If absent, no shadow RBAC policy will be applied.
 If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
        .envoy.config.rbac.v3.RBAC shadow_rules = 2 [(.udpa.annotations.field_migrate) = { ... }

      • hasShadowMatcher

        boolean hasShadowMatcher()
         The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
        .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        Whether the shadowMatcher field is set.

      • getShadowMatcher

        Matcher getShadowMatcher()
         The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
        .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }
        Returns:
        The shadowMatcher.

      • getShadowMatcherOrBuilder

        MatcherOrBuilder getShadowMatcherOrBuilder()
         The match tree to use for emitting stats and logs which can be used for rule testing for
 incoming connections.
 If absent, no shadow matcher will be applied.
        .xds.type.matcher.v3.Matcher shadow_matcher = 7 [(.udpa.annotations.field_migrate) = { ... }

      • getShadowRulesStatPrefix

        String getShadowRulesStatPrefix()
         If specified, shadow rules will emit stats with the given prefix.
 This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
 shadow rules.
        string shadow_rules_stat_prefix = 5;
        Returns:
        The shadowRulesStatPrefix.

      • getShadowRulesStatPrefixBytes

        com.google.protobuf.ByteString getShadowRulesStatPrefixBytes()
         If specified, shadow rules will emit stats with the given prefix.
 This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
 shadow rules.
        string shadow_rules_stat_prefix = 5;
        Returns:
        The bytes for shadowRulesStatPrefix.

      • getStatPrefix

        String getStatPrefix()
         The prefix to use when emitting statistics.
        string stat_prefix = 3 [(.validate.rules) = { ... }
        Returns:
        The statPrefix.

      • getStatPrefixBytes

        com.google.protobuf.ByteString getStatPrefixBytes()
         The prefix to use when emitting statistics.
        string stat_prefix = 3 [(.validate.rules) = { ... }
        Returns:
        The bytes for statPrefix.

      • getEnforcementTypeValue

        int getEnforcementTypeValue()
         RBAC enforcement strategy. By default RBAC will be enforced only once
 when the first byte of data arrives from the downstream. When used in
 conjunction with filters that emit dynamic metadata after decoding
 every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
 CONTINUOUS to enforce RBAC policies on every message boundary.
        .envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType enforcement_type = 4;
        Returns:
        The enum numeric value on the wire for enforcementType.

      • getEnforcementType

        RBAC.EnforcementType getEnforcementType()
         RBAC enforcement strategy. By default RBAC will be enforced only once
 when the first byte of data arrives from the downstream. When used in
 conjunction with filters that emit dynamic metadata after decoding
 every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
 CONTINUOUS to enforce RBAC policies on every message boundary.
        .envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType enforcement_type = 4;
        Returns:
        The enforcementType.