api: istio.io/api/security/v1beta1 Index | Files

package v1beta1

import "istio.io/api/security/v1beta1"

Index

Package Files

authorization.pb.go authorization_deepcopy.gen.go authorization_json.gen.go

Variables

var (
    ErrInvalidLengthAuthorization = fmt.Errorf("proto: negative length found during unmarshaling")
    ErrIntOverflowAuthorization   = fmt.Errorf("proto: integer overflow")
)
var (
    AuthorizationMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
    AuthorizationUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{}
)

type AuthorizationPolicy Uses

type AuthorizationPolicy struct {
    // Optional. Workload selector decides where to apply the authorization policy.
    // If not set, the authorization policy will be applied to all workloads in the
    // same namespace as the authorization policy.
    Selector *v1beta1.WorkloadSelector `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"`
    // Optional. A list of rules to specify the allowed access to the workload.
    //
    // If not set, access is denied unless explicitly allowed by other authorization policy.
    Rules                []*Rule  `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

AuthorizationPolicy enables access control on workloads.

For example, the following authorization policy denies all requests to workloads in namespace foo.

“`yaml apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata:

name: deny-all
namespace: foo

spec: “`

The following authorization policy allows all requests to workloads in namespace foo.

“`yaml apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata:

name: allow-all
namespace: foo

spec:

rules:
- {}

“`

<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=security.istio.io/v1beta1 +genclient +k8s:deepcopy-gen=true -->

func (*AuthorizationPolicy) DeepCopyInto Uses

func (in *AuthorizationPolicy) DeepCopyInto(out *AuthorizationPolicy)

DeepCopyInto supports using AuthorizationPolicy within kubernetes types, where deepcopy-gen is used.

func (*AuthorizationPolicy) Descriptor Uses

func (*AuthorizationPolicy) Descriptor() ([]byte, []int)

func (*AuthorizationPolicy) GetRules Uses

func (m *AuthorizationPolicy) GetRules() []*Rule

func (*AuthorizationPolicy) GetSelector Uses

func (m *AuthorizationPolicy) GetSelector() *v1beta1.WorkloadSelector

func (*AuthorizationPolicy) Marshal Uses

func (m *AuthorizationPolicy) Marshal() (dAtA []byte, err error)

func (*AuthorizationPolicy) MarshalJSON Uses

func (this *AuthorizationPolicy) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for AuthorizationPolicy

func (*AuthorizationPolicy) MarshalTo Uses

func (m *AuthorizationPolicy) MarshalTo(dAtA []byte) (int, error)

func (*AuthorizationPolicy) MarshalToSizedBuffer Uses

func (m *AuthorizationPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AuthorizationPolicy) ProtoMessage Uses

func (*AuthorizationPolicy) ProtoMessage()

func (*AuthorizationPolicy) Reset Uses

func (m *AuthorizationPolicy) Reset()

func (*AuthorizationPolicy) Size Uses

func (m *AuthorizationPolicy) Size() (n int)

func (*AuthorizationPolicy) String Uses

func (m *AuthorizationPolicy) String() string

func (*AuthorizationPolicy) Unmarshal Uses

func (m *AuthorizationPolicy) Unmarshal(dAtA []byte) error

func (*AuthorizationPolicy) UnmarshalJSON Uses

func (this *AuthorizationPolicy) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for AuthorizationPolicy

func (*AuthorizationPolicy) XXX_DiscardUnknown Uses

func (m *AuthorizationPolicy) XXX_DiscardUnknown()

func (*AuthorizationPolicy) XXX_Marshal Uses

func (m *AuthorizationPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthorizationPolicy) XXX_Merge Uses

func (m *AuthorizationPolicy) XXX_Merge(src proto.Message)

func (*AuthorizationPolicy) XXX_Size Uses

func (m *AuthorizationPolicy) XXX_Size() int

func (*AuthorizationPolicy) XXX_Unmarshal Uses

func (m *AuthorizationPolicy) XXX_Unmarshal(b []byte) error

type Condition Uses

type Condition struct {
    // The name of an Istio attribute.
    // See the [full list of supported attributes](https://istio.io/docs/reference/config/).
    Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
    // The allowed values for the attribute.
    Values               []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Condition specifies additional required attributes.

func (*Condition) Descriptor Uses

func (*Condition) Descriptor() ([]byte, []int)

func (*Condition) GetKey Uses

func (m *Condition) GetKey() string

func (*Condition) GetValues Uses

func (m *Condition) GetValues() []string

func (*Condition) Marshal Uses

func (m *Condition) Marshal() (dAtA []byte, err error)

func (*Condition) MarshalJSON Uses

func (this *Condition) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for Condition

func (*Condition) MarshalTo Uses

func (m *Condition) MarshalTo(dAtA []byte) (int, error)

func (*Condition) MarshalToSizedBuffer Uses

func (m *Condition) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Condition) ProtoMessage Uses

func (*Condition) ProtoMessage()

func (*Condition) Reset Uses

func (m *Condition) Reset()

func (*Condition) Size Uses

func (m *Condition) Size() (n int)

func (*Condition) String Uses

func (m *Condition) String() string

func (*Condition) Unmarshal Uses

func (m *Condition) Unmarshal(dAtA []byte) error

func (*Condition) UnmarshalJSON Uses

func (this *Condition) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for Condition

func (*Condition) XXX_DiscardUnknown Uses

func (m *Condition) XXX_DiscardUnknown()

func (*Condition) XXX_Marshal Uses

func (m *Condition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Condition) XXX_Merge Uses

func (m *Condition) XXX_Merge(src proto.Message)

func (*Condition) XXX_Size Uses

func (m *Condition) XXX_Size() int

func (*Condition) XXX_Unmarshal Uses

func (m *Condition) XXX_Unmarshal(b []byte) error

type Operation Uses

type Operation struct {
    // Optional. A list of hosts, which matches to the "request.host" attribute.
    //
    // If not set, any host is allowed. Must be used only with HTTP.
    Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"`
    // Optional. A list of ports, which matches to the "destination.port" attribute.
    //
    // If not set, any port is allowed.
    Ports []string `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"`
    // Optional. A list of methods, which matches to the "request.method" attribute.
    // For gRPC service, this should be the fully-qualified name in the form of
    // "/package.service/method"
    //
    // If not set, any method is allowed. Must be used only with HTTP or gRPC.
    Methods []string `protobuf:"bytes,3,rep,name=methods,proto3" json:"methods,omitempty"`
    // Optional. A list of paths, which matches to the "request.url_path" attribute.
    //
    // If not set, any path is allowed. Must be used only with HTTP.
    Paths                []string `protobuf:"bytes,4,rep,name=paths,proto3" json:"paths,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Operation specifies the operations of a request.

func (*Operation) Descriptor Uses

func (*Operation) Descriptor() ([]byte, []int)

func (*Operation) GetHosts Uses

func (m *Operation) GetHosts() []string

func (*Operation) GetMethods Uses

func (m *Operation) GetMethods() []string

func (*Operation) GetPaths Uses

func (m *Operation) GetPaths() []string

func (*Operation) GetPorts Uses

func (m *Operation) GetPorts() []string

func (*Operation) Marshal Uses

func (m *Operation) Marshal() (dAtA []byte, err error)

func (*Operation) MarshalJSON Uses

func (this *Operation) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for Operation

func (*Operation) MarshalTo Uses

func (m *Operation) MarshalTo(dAtA []byte) (int, error)

func (*Operation) MarshalToSizedBuffer Uses

func (m *Operation) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Operation) ProtoMessage Uses

func (*Operation) ProtoMessage()

func (*Operation) Reset Uses

func (m *Operation) Reset()

func (*Operation) Size Uses

func (m *Operation) Size() (n int)

func (*Operation) String Uses

func (m *Operation) String() string

func (*Operation) Unmarshal Uses

func (m *Operation) Unmarshal(dAtA []byte) error

func (*Operation) UnmarshalJSON Uses

func (this *Operation) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for Operation

func (*Operation) XXX_DiscardUnknown Uses

func (m *Operation) XXX_DiscardUnknown()

func (*Operation) XXX_Marshal Uses

func (m *Operation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Operation) XXX_Merge Uses

func (m *Operation) XXX_Merge(src proto.Message)

func (*Operation) XXX_Size Uses

func (m *Operation) XXX_Size() int

func (*Operation) XXX_Unmarshal Uses

func (m *Operation) XXX_Unmarshal(b []byte) error

type Rule Uses

type Rule struct {
    // Optional. from specifies the source of a request.
    //
    // If not set, any source is allowed.
    From []*Rule_From `protobuf:"bytes,1,rep,name=from,proto3" json:"from,omitempty"`
    // Optional. to specifies the operation of a request.
    //
    // If not set, any operation is allowed.
    To  []*Rule_To `protobuf:"bytes,2,rep,name=to,proto3" json:"to,omitempty"`
    // Optional. when specifies a list of additional conditions of a request.
    //
    // If not set, any condition is allowed.
    When                 []*Condition `protobuf:"bytes,3,rep,name=when,proto3" json:"when,omitempty"`
    XXX_NoUnkeyedLiteral struct{}     `json:"-"`
    XXX_unrecognized     []byte       `json:"-"`
    XXX_sizecache        int32        `json:"-"`
}

Rule allows access from a list of sources to perform a list of operations when the condition is matched.

Any string field in the rule supports Exact, Prefix, Suffix and Presence match: - Exact match: "abc" will match on value "abc". - Prefix match: "abc*" will match on value "abc" and "abcd". - Suffix match: "*abc" will match on value "abc" and "xabc". - Presence match: "*" will match when value is not empty.

func (*Rule) Descriptor Uses

func (*Rule) Descriptor() ([]byte, []int)

func (*Rule) GetFrom Uses

func (m *Rule) GetFrom() []*Rule_From

func (*Rule) GetTo Uses

func (m *Rule) GetTo() []*Rule_To

func (*Rule) GetWhen Uses

func (m *Rule) GetWhen() []*Condition

func (*Rule) Marshal Uses

func (m *Rule) Marshal() (dAtA []byte, err error)

func (*Rule) MarshalJSON Uses

func (this *Rule) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for Rule

func (*Rule) MarshalTo Uses

func (m *Rule) MarshalTo(dAtA []byte) (int, error)

func (*Rule) MarshalToSizedBuffer Uses

func (m *Rule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Rule) ProtoMessage Uses

func (*Rule) ProtoMessage()

func (*Rule) Reset Uses

func (m *Rule) Reset()

func (*Rule) Size Uses

func (m *Rule) Size() (n int)

func (*Rule) String Uses

func (m *Rule) String() string

func (*Rule) Unmarshal Uses

func (m *Rule) Unmarshal(dAtA []byte) error

func (*Rule) UnmarshalJSON Uses

func (this *Rule) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for Rule

func (*Rule) XXX_DiscardUnknown Uses

func (m *Rule) XXX_DiscardUnknown()

func (*Rule) XXX_Marshal Uses

func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Rule) XXX_Merge Uses

func (m *Rule) XXX_Merge(src proto.Message)

func (*Rule) XXX_Size Uses

func (m *Rule) XXX_Size() int

func (*Rule) XXX_Unmarshal Uses

func (m *Rule) XXX_Unmarshal(b []byte) error

type Rule_From Uses

type Rule_From struct {
    // Source specifies the source of a request.
    Source               *Source  `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

From includes a list or sources.

func (*Rule_From) Descriptor Uses

func (*Rule_From) Descriptor() ([]byte, []int)

func (*Rule_From) GetSource Uses

func (m *Rule_From) GetSource() *Source

func (*Rule_From) Marshal Uses

func (m *Rule_From) Marshal() (dAtA []byte, err error)

func (*Rule_From) MarshalJSON Uses

func (this *Rule_From) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for Rule_From

func (*Rule_From) MarshalTo Uses

func (m *Rule_From) MarshalTo(dAtA []byte) (int, error)

func (*Rule_From) MarshalToSizedBuffer Uses

func (m *Rule_From) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Rule_From) ProtoMessage Uses

func (*Rule_From) ProtoMessage()

func (*Rule_From) Reset Uses

func (m *Rule_From) Reset()

func (*Rule_From) Size Uses

func (m *Rule_From) Size() (n int)

func (*Rule_From) String Uses

func (m *Rule_From) String() string

func (*Rule_From) Unmarshal Uses

func (m *Rule_From) Unmarshal(dAtA []byte) error

func (*Rule_From) UnmarshalJSON Uses

func (this *Rule_From) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for Rule_From

func (*Rule_From) XXX_DiscardUnknown Uses

func (m *Rule_From) XXX_DiscardUnknown()

func (*Rule_From) XXX_Marshal Uses

func (m *Rule_From) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Rule_From) XXX_Merge Uses

func (m *Rule_From) XXX_Merge(src proto.Message)

func (*Rule_From) XXX_Size Uses

func (m *Rule_From) XXX_Size() int

func (*Rule_From) XXX_Unmarshal Uses

func (m *Rule_From) XXX_Unmarshal(b []byte) error

type Rule_To Uses

type Rule_To struct {
    // Operation specifies the operation of a request.
    Operation            *Operation `protobuf:"bytes,1,opt,name=operation,proto3" json:"operation,omitempty"`
    XXX_NoUnkeyedLiteral struct{}   `json:"-"`
    XXX_unrecognized     []byte     `json:"-"`
    XXX_sizecache        int32      `json:"-"`
}

To includes a list or operations.

func (*Rule_To) Descriptor Uses

func (*Rule_To) Descriptor() ([]byte, []int)

func (*Rule_To) GetOperation Uses

func (m *Rule_To) GetOperation() *Operation

func (*Rule_To) Marshal Uses

func (m *Rule_To) Marshal() (dAtA []byte, err error)

func (*Rule_To) MarshalJSON Uses

func (this *Rule_To) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for Rule_To

func (*Rule_To) MarshalTo Uses

func (m *Rule_To) MarshalTo(dAtA []byte) (int, error)

func (*Rule_To) MarshalToSizedBuffer Uses

func (m *Rule_To) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Rule_To) ProtoMessage Uses

func (*Rule_To) ProtoMessage()

func (*Rule_To) Reset Uses

func (m *Rule_To) Reset()

func (*Rule_To) Size Uses

func (m *Rule_To) Size() (n int)

func (*Rule_To) String Uses

func (m *Rule_To) String() string

func (*Rule_To) Unmarshal Uses

func (m *Rule_To) Unmarshal(dAtA []byte) error

func (*Rule_To) UnmarshalJSON Uses

func (this *Rule_To) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for Rule_To

func (*Rule_To) XXX_DiscardUnknown Uses

func (m *Rule_To) XXX_DiscardUnknown()

func (*Rule_To) XXX_Marshal Uses

func (m *Rule_To) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Rule_To) XXX_Merge Uses

func (m *Rule_To) XXX_Merge(src proto.Message)

func (*Rule_To) XXX_Size Uses

func (m *Rule_To) XXX_Size() int

func (*Rule_To) XXX_Unmarshal Uses

func (m *Rule_To) XXX_Unmarshal(b []byte) error

type Source Uses

type Source struct {
    // Optional. A list of source peer identities (i.e. service account), which
    // matches to the "source.principal" attribute.
    //
    // If not set, any principal is allowed.
    Principals []string `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
    // Optional. A list of request identities (i.e. "iss/sub" claims), which
    // matches to the "request.auth.principal" attribute.
    //
    // If not set, any request principal is allowed.
    RequestPrincipals []string `protobuf:"bytes,2,rep,name=request_principals,json=requestPrincipals,proto3" json:"request_principals,omitempty"`
    // Optional. A list of namespaces, which matches to the "source.namespace"
    // attribute.
    //
    // If not set, any namespace is allowed.
    Namespaces []string `protobuf:"bytes,3,rep,name=namespaces,proto3" json:"namespaces,omitempty"`
    // Optional. A list of IP blocks, which matches to the "source.ip" attribute.
    // Single IP (e.g. "1.2.3.4") and CIDR (e.g. "1.2.3.0/24") are supported.
    //
    // If not set, any IP is allowed.
    IpBlocks             []string `protobuf:"bytes,4,rep,name=ip_blocks,json=ipBlocks,proto3" json:"ip_blocks,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Source specifies the source identities of a request.

func (*Source) Descriptor Uses

func (*Source) Descriptor() ([]byte, []int)

func (*Source) GetIpBlocks Uses

func (m *Source) GetIpBlocks() []string

func (*Source) GetNamespaces Uses

func (m *Source) GetNamespaces() []string

func (*Source) GetPrincipals Uses

func (m *Source) GetPrincipals() []string

func (*Source) GetRequestPrincipals Uses

func (m *Source) GetRequestPrincipals() []string

func (*Source) Marshal Uses

func (m *Source) Marshal() (dAtA []byte, err error)

func (*Source) MarshalJSON Uses

func (this *Source) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for Source

func (*Source) MarshalTo Uses

func (m *Source) MarshalTo(dAtA []byte) (int, error)

func (*Source) MarshalToSizedBuffer Uses

func (m *Source) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Source) ProtoMessage Uses

func (*Source) ProtoMessage()

func (*Source) Reset Uses

func (m *Source) Reset()

func (*Source) Size Uses

func (m *Source) Size() (n int)

func (*Source) String Uses

func (m *Source) String() string

func (*Source) Unmarshal Uses

func (m *Source) Unmarshal(dAtA []byte) error

func (*Source) UnmarshalJSON Uses

func (this *Source) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for Source

func (*Source) XXX_DiscardUnknown Uses

func (m *Source) XXX_DiscardUnknown()

func (*Source) XXX_Marshal Uses

func (m *Source) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Source) XXX_Merge Uses

func (m *Source) XXX_Merge(src proto.Message)

func (*Source) XXX_Size Uses

func (m *Source) XXX_Size() int

func (*Source) XXX_Unmarshal Uses

func (m *Source) XXX_Unmarshal(b []byte) error

Package v1beta1 imports 9 packages (graph) and is imported by 13 packages. Updated 2019-11-10. Refresh now. Tools for package owners.