Package io.envoyproxy.envoy.config.rbac.v2

Class RBAC

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, RBACOrBuilder, java.io.Serializable
    public final class RBAC
extends com.google.protobuf.GeneratedMessageV3
implements RBACOrBuilder
     Role Based Access Control (RBAC) provides service-level and method-level access control for a
 service. RBAC policies are additive. The policies are examined in order. A request is allowed
 once a matching policy is found (suppose the `action` is ALLOW).
 Here is an example of RBAC configuration. It has two policies:
 * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
   does "cluster.local/ns/default/sa/superuser".
 * Any user can read ("GET") the service at paths with prefix "/products", so long as the
   destination port is either 80 or 443.
  .. code-block:: yaml
   action: ALLOW
   policies:
     "service-admin":
       permissions:
         - any: true
       principals:
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/admin"
         - authenticated:
             principal_name:
               exact: "cluster.local/ns/default/sa/superuser"
     "product-viewer":
       permissions:
           - and_rules:
               rules:
                 - header: { name: ":method", exact_match: "GET" }
                 - url_path:
                     path: { prefix: "/products" }
                 - or_rules:
                     rules:
                       - destination_port: 80
                       - destination_port: 443
       principals:
         - any: true
    Protobuf type envoy.config.rbac.v2.RBAC
    See Also:
    Serialized Form

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  RBAC.Action
      Should we do safe-list or block-list style access control?
      static class  RBAC.Builder
      Role Based Access Control (RBAC) provides service-level and method-level access control for a service.

      • Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

        com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,​BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,​BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

      • Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

        com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int ACTION_FIELD_NUMBER  
      static int POLICIES_FIELD_NUMBER  

      • Fields inherited from class com.google.protobuf.GeneratedMessageV3

        alwaysUseFieldBuilders, unknownFields

      • Fields inherited from class com.google.protobuf.AbstractMessage

        memoizedSize

      • Fields inherited from class com.google.protobuf.AbstractMessageLite

        memoizedHashCode

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      boolean containsPolicies​(java.lang.String key)
      Maps from policy name to policy.
      boolean equals​(java.lang.Object obj)  
      RBAC.Action getAction()
      The action to take if a policy matches.
      int getActionValue()
      The action to take if a policy matches.
      static RBAC getDefaultInstance()  
      RBAC getDefaultInstanceForType()  
      static com.google.protobuf.Descriptors.Descriptor getDescriptor()  
      com.google.protobuf.Parser<RBAC> getParserForType()  
      java.util.Map<java.lang.String,​Policy> getPolicies()
      Deprecated.
      int getPoliciesCount()
      Maps from policy name to policy.
      java.util.Map<java.lang.String,​Policy> getPoliciesMap()
      Maps from policy name to policy.
      Policy getPoliciesOrDefault​(java.lang.String key, Policy defaultValue)
      Maps from policy name to policy.
      Policy getPoliciesOrThrow​(java.lang.String key)
      Maps from policy name to policy.
      int getSerializedSize()  
      com.google.protobuf.UnknownFieldSet getUnknownFields()  
      int hashCode()  
      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()  
      protected com.google.protobuf.MapField internalGetMapField​(int number)  
      boolean isInitialized()  
      static RBAC.Builder newBuilder()  
      static RBAC.Builder newBuilder​(RBAC prototype)  
      RBAC.Builder newBuilderForType()  
      protected RBAC.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)  
      protected java.lang.Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)  
      static RBAC parseDelimitedFrom​(java.io.InputStream input)  
      static RBAC parseDelimitedFrom​(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(byte[] data)  
      static RBAC parseFrom​(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(com.google.protobuf.ByteString data)  
      static RBAC parseFrom​(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(com.google.protobuf.CodedInputStream input)  
      static RBAC parseFrom​(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(java.io.InputStream input)  
      static RBAC parseFrom​(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static RBAC parseFrom​(java.nio.ByteBuffer data)  
      static RBAC parseFrom​(java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)  
      static com.google.protobuf.Parser<RBAC> parser()  
      RBAC.Builder toBuilder()  
      void writeTo​(com.google.protobuf.CodedOutputStream output)  

      • Methods inherited from class com.google.protobuf.GeneratedMessageV3

        canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, isStringEmpty, makeExtensionsImmutable, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

      • Methods inherited from class com.google.protobuf.AbstractMessage

        findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

      • Methods inherited from class com.google.protobuf.AbstractMessageLite

        addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait

      • Methods inherited from interface com.google.protobuf.MessageLite

        toByteArray, toByteString, writeDelimitedTo, writeTo

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof

    • Method Detail

      • newInstance

        protected java.lang.Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getUnknownFields

        public final com.google.protobuf.UnknownFieldSet getUnknownFields()
        Specified by:
        getUnknownFields in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getUnknownFields in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetMapField

        protected com.google.protobuf.MapField internalGetMapField​(int number)
        Overrides:
        internalGetMapField in class com.google.protobuf.GeneratedMessageV3

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getActionValue

        public int getActionValue()
         The action to take if a policy matches. The request is allowed if and only if:
   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
        .envoy.config.rbac.v2.RBAC.Action action = 1;
        Specified by:
        getActionValue in interface RBACOrBuilder
        Returns:
        The enum numeric value on the wire for action.

      • getAction

        public RBAC.Action getAction()
         The action to take if a policy matches. The request is allowed if and only if:
   * `action` is "ALLOWED" and at least one policy matches
   * `action` is "DENY" and none of the policies match
        .envoy.config.rbac.v2.RBAC.Action action = 1;
        Specified by:
        getAction in interface RBACOrBuilder
        Returns:
        The action.

      • getPoliciesCount

        public int getPoliciesCount()
        Description copied from interface: RBACOrBuilder
         Maps from policy name to policy. A match occurs when at least one policy matches the request.
        map<string, .envoy.config.rbac.v2.Policy> policies = 2;
        Specified by:
        getPoliciesCount in interface RBACOrBuilder

      • containsPolicies

        public boolean containsPolicies​(java.lang.String key)
         Maps from policy name to policy. A match occurs when at least one policy matches the request.
        map<string, .envoy.config.rbac.v2.Policy> policies = 2;
        Specified by:
        containsPolicies in interface RBACOrBuilder

      • getPoliciesMap

        public java.util.Map<java.lang.String,​Policy> getPoliciesMap()
         Maps from policy name to policy. A match occurs when at least one policy matches the request.
        map<string, .envoy.config.rbac.v2.Policy> policies = 2;
        Specified by:
        getPoliciesMap in interface RBACOrBuilder

      • getPoliciesOrDefault

        public Policy getPoliciesOrDefault​(java.lang.String key,
                                   Policy defaultValue)
         Maps from policy name to policy. A match occurs when at least one policy matches the request.
        map<string, .envoy.config.rbac.v2.Policy> policies = 2;
        Specified by:
        getPoliciesOrDefault in interface RBACOrBuilder

      • getPoliciesOrThrow

        public Policy getPoliciesOrThrow​(java.lang.String key)
         Maps from policy name to policy. A match occurs when at least one policy matches the request.
        map<string, .envoy.config.rbac.v2.Policy> policies = 2;
        Specified by:
        getPoliciesOrThrow in interface RBACOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws java.io.IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        java.io.IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(java.lang.Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static RBAC parseFrom​(java.nio.ByteBuffer data)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(java.nio.ByteBuffer data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(com.google.protobuf.ByteString data)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(com.google.protobuf.ByteString data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(byte[] data)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(byte[] data,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static RBAC parseFrom​(java.io.InputStream input)
                      throws java.io.IOException
        Throws:
        java.io.IOException

      • parseFrom

        public static RBAC parseFrom​(java.io.InputStream input,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws java.io.IOException
        Throws:
        java.io.IOException

      • parseDelimitedFrom

        public static RBAC parseDelimitedFrom​(java.io.InputStream input)
                               throws java.io.IOException
        Throws:
        java.io.IOException

      • parseDelimitedFrom

        public static RBAC parseDelimitedFrom​(java.io.InputStream input,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws java.io.IOException
        Throws:
        java.io.IOException

      • parseFrom

        public static RBAC parseFrom​(com.google.protobuf.CodedInputStream input)
                      throws java.io.IOException
        Throws:
        java.io.IOException

      • parseFrom

        public static RBAC parseFrom​(com.google.protobuf.CodedInputStream input,
                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                      throws java.io.IOException
        Throws:
        java.io.IOException

      • newBuilderForType

        public RBAC.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public RBAC.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected RBAC.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstance

        public static RBAC getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<RBAC> parser()

      • getParserForType

        public com.google.protobuf.Parser<RBAC> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public RBAC getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder