model

package

v0.0.0-...-12b77bc Latest Latest Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/istio/istio

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func MetadataListValueMatcherForJWTClaims(claims []string, value *matcherpb.ValueMatcher) *matcherpb.MetadataMatcher
func MetadataMatcherForJWTClaims(claims []string, value *matcherpb.StringMatcher, useExtendedJwt bool) *matcherpb.MetadataMatcher
func MetadataStringMatcherForJWTClaim(claim string, m *matcherpb.StringMatcher) *matcherpb.MetadataMatcher
func MetadataValueMatcherForJWTClaim(claim string, m *matcherpb.ValueMatcher) *matcherpb.MetadataMatcher
type Model
- func New(r *authzpb.Rule, useExtendedJwt bool) (*Model, error)
- func (m Model) Generate(forTCP bool, useAuthenticated bool, action rbacpb.RBAC_Action) (*rbacpb.Policy, error)
- func (m *Model) MigrateTrustDomain(tdBundle trustdomain.Bundle)

Constants ¶

View Source

const (
	RBACTCPFilterStatPrefix           = "tcp."
	RBACShadowEngineResult            = "shadow_engine_result"
	RBACShadowEffectivePolicyID       = "shadow_effective_policy_id"
	RBACShadowRulesAllowStatPrefix    = "istio_dry_run_allow_"
	RBACShadowRulesDenyStatPrefix     = "istio_dry_run_deny_"
	RBACExtAuthzShadowRulesStatPrefix = "istio_ext_authz_"
)

Variables ¶

This section is empty.

Functions ¶

func MetadataListValueMatcherForJWTClaims ¶

func MetadataListValueMatcherForJWTClaims(claims []string, value *matcherpb.ValueMatcher) *matcherpb.MetadataMatcher

MetadataValueMatcherForJWTClaims for Envoy JWT

func MetadataMatcherForJWTClaims ¶

func MetadataMatcherForJWTClaims(claims []string, value *matcherpb.StringMatcher, useExtendedJwt bool) *matcherpb.MetadataMatcher

MetadataMatcherForJWTClaims is a convenient method for generating metadata matcher for JWT claims.

func MetadataStringMatcherForJWTClaim ¶

func MetadataStringMatcherForJWTClaim(claim string, m *matcherpb.StringMatcher) *matcherpb.MetadataMatcher

func MetadataValueMatcherForJWTClaim ¶

func MetadataValueMatcherForJWTClaim(claim string, m *matcherpb.ValueMatcher) *matcherpb.MetadataMatcher

Types ¶

type Model ¶

type Model struct {
	// contains filtered or unexported fields
}

Model represents a single rule from an authorization policy. The conditions of the rule are consolidated into permission or principal to align with the Envoy RBAC filter API.

func New ¶

func New(r *authzpb.Rule, useExtendedJwt bool) (*Model, error)

New returns a model representing a single authorization policy.

func (Model) Generate ¶

func (m Model) Generate(forTCP bool, useAuthenticated bool, action rbacpb.RBAC_Action) (*rbacpb.Policy, error)

Generate generates the Envoy RBAC config from the model.

func (*Model) MigrateTrustDomain ¶

func (m *Model) MigrateTrustDomain(tdBundle trustdomain.Bundle)

MigrateTrustDomain replaces the trust domain in source principal based on the trust domain aliases information.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL