import "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3"
rbac.pb.go rbac.pb.validate.go
var (
RBAC_EnforcementType_name = map[int32]string{
0: "ONE_TIME_ON_FIRST_BYTE",
1: "CONTINUOUS",
}
RBAC_EnforcementType_value = map[string]int32{
"ONE_TIME_ON_FIRST_BYTE": 0,
"CONTINUOUS": 1,
}
)Enum value maps for RBAC_EnforcementType.
var File_envoy_extensions_filters_network_rbac_v3_rbac_proto protoreflect.FileDescriptor
type RBAC struct {
// Specify the RBAC rules to be applied globally.
// If absent, no enforcing RBAC policy will be applied.
Rules *v3.RBAC `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"`
// Shadow rules are not enforced by the filter but will emit stats and logs
// and can be used for rule testing.
// If absent, no shadow RBAC policy will be applied.
ShadowRules *v3.RBAC `protobuf:"bytes,2,opt,name=shadow_rules,json=shadowRules,proto3" json:"shadow_rules,omitempty"`
// The prefix to use when emitting statistics.
StatPrefix string `protobuf:"bytes,3,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
// RBAC enforcement strategy. By default RBAC will be enforced only once
// when the first byte of data arrives from the downstream. When used in
// conjunction with filters that emit dynamic metadata after decoding
// every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to
// CONTINUOUS to enforce RBAC policies on every message boundary.
EnforcementType RBAC_EnforcementType `protobuf:"varint,4,opt,name=enforcement_type,json=enforcementType,proto3,enum=envoy.extensions.filters.network.rbac.v3.RBAC_EnforcementType" json:"enforcement_type,omitempty"`
// contains filtered or unexported fields
}RBAC network filter config.
Header should not be used in rules/shadow_rules in RBAC network filter as this information is only available in :ref:`RBAC http filter <config_http_filters_rbac>`.
Deprecated: Use RBAC.ProtoReflect.Descriptor instead.
func (x *RBAC) GetEnforcementType() RBAC_EnforcementType
func (x *RBAC) ProtoReflect() protoreflect.Message
Validate checks the field values on RBAC with the rules defined in the proto definition for this message. If any rules are violated, an error is returned.
type RBACValidationError struct {
// contains filtered or unexported fields
}RBACValidationError is the validation error returned by RBAC.Validate if the designated constraints aren't met.
func (e RBACValidationError) Cause() error
Cause function returns cause value.
func (e RBACValidationError) Error() string
Error satisfies the builtin error interface
func (e RBACValidationError) ErrorName() string
ErrorName returns error name.
func (e RBACValidationError) Field() string
Field function returns field value.
func (e RBACValidationError) Key() bool
Key function returns key value.
func (e RBACValidationError) Reason() string
Reason function returns reason value.
const (
// Apply RBAC policies when the first byte of data arrives on the connection.
RBAC_ONE_TIME_ON_FIRST_BYTE RBAC_EnforcementType = 0
// Continuously apply RBAC policies as data arrives. Use this mode when
// using RBAC with message oriented protocols such as Mongo, MySQL, Kafka,
// etc. when the protocol decoders emit dynamic metadata such as the
// resources being accessed and the operations on the resources.
RBAC_CONTINUOUS RBAC_EnforcementType = 1
)func (RBAC_EnforcementType) Descriptor() protoreflect.EnumDescriptor
func (x RBAC_EnforcementType) Enum() *RBAC_EnforcementType
func (RBAC_EnforcementType) EnumDescriptor() ([]byte, []int)
Deprecated: Use RBAC_EnforcementType.Descriptor instead.
func (x RBAC_EnforcementType) Number() protoreflect.EnumNumber
func (x RBAC_EnforcementType) String() string
func (RBAC_EnforcementType) Type() protoreflect.EnumType
Package envoy_extensions_filters_network_rbac_v3 imports 19 packages (graph) and is imported by 11 packages. Updated 2021-01-08. Refresh now. Tools for package owners.