istio: istio.io/istio/pilot/pkg/networking/plugin/authz Index | Files

package authz

import "istio.io/istio/pilot/pkg/networking/plugin/authz"

Package authz converts Istio RBAC (role-based-access-control) policies (ServiceRole and ServiceRoleBinding) to the Envoy RBAC filter config to enforce access control to the service co-located with Envoy. The generation is controlled by ClusterRbacConfig (a singleton custom resource with cluster scope). User could disable this plugin by either deleting the ClusterRbacConfig or set the ClusterRbacConfig.mode to OFF. Note: ClusterRbacConfig is not created with istio installation which means this plugin doesn't generate any RBAC config by default.

Index

Package Files

authorization.go

func NewPlugin Uses

func NewPlugin() plugin.Plugin

NewPlugin returns an instance of the authorization plugin

type Plugin Uses

type Plugin struct{}

Plugin implements Istio Authorization

func (Plugin) OnInboundCluster Uses

func (Plugin) OnInboundCluster(in *plugin.InputParams, cluster *xdsapi.Cluster)

OnInboundCluster implements the Plugin interface method.

func (Plugin) OnInboundFilterChains Uses

func (Plugin) OnInboundFilterChains(in *plugin.InputParams) []plugin.FilterChain

OnInboundFilterChains is called whenever a plugin needs to setup the filter chains, including relevant filter chain configuration.

func (Plugin) OnInboundListener Uses

func (Plugin) OnInboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnInboundListener is called whenever a new listener is added to the LDS output for a given service Can be used to add additional filters (e.g., mixer filter) or add more stuff to the HTTP connection manager on the inbound path

func (Plugin) OnInboundPassthrough Uses

func (Plugin) OnInboundPassthrough(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnInboundPassthrough is called whenever a new passthrough filter chain is added to the LDS output.

func (Plugin) OnInboundRouteConfiguration Uses

func (Plugin) OnInboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnInboundRouteConfiguration implements the Plugin interface method.

func (Plugin) OnOutboundCluster Uses

func (Plugin) OnOutboundCluster(in *plugin.InputParams, cluster *xdsapi.Cluster)

OnOutboundCluster implements the Plugin interface method.

func (Plugin) OnOutboundListener Uses

func (Plugin) OnOutboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnOutboundListener is called whenever a new outbound listener is added to the LDS output for a given service Can be used to add additional filters on the outbound path

func (Plugin) OnOutboundRouteConfiguration Uses

func (Plugin) OnOutboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnOutboundRouteConfiguration implements the Plugin interface method.

func (Plugin) OnVirtualListener Uses

func (Plugin) OnVirtualListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnVirtualListener implements the Plugin interface method.

Package authz imports 8 packages (graph) and is imported by 2 packages. Updated 2019-11-13. Refresh now. Tools for package owners.