aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac
diff options
context:
space:
mode:
authorrobot-contrib <robot-contrib@yandex-team.com>2024-01-30 11:20:39 +0300
committerrobot-contrib <robot-contrib@yandex-team.com>2024-01-30 12:12:51 +0300
commitbe737fd8956853e06bd2c4f9fcd4a85188f4c172 (patch)
tree5bd76802fac1096dfd90983c7739d50de367a79f /vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac
parentfe62880c46b1f2c9fec779b0dc39f8a92ce256a5 (diff)
downloadydb-be737fd8956853e06bd2c4f9fcd4a85188f4c172.tar.gz
Update vendor/github.com/envoyproxy/go-control-plane to 0.12.0
Diffstat (limited to 'vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac')
-rw-r--r--vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go185
1 files changed, 97 insertions, 88 deletions
diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go
index dd98cec635..126084f32b 100644
--- a/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go
+++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go
@@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.28.1
-// protoc v3.21.12
+// protoc-gen-go v1.30.0
+// protoc v4.23.4
// source: envoy/config/rbac/v3/rbac.proto
package rbacv3
@@ -38,7 +38,7 @@ const (
// The policies deny access to principals. The rest are allowed. This is block-list style
// access control.
RBAC_DENY RBAC_Action = 1
- // The policies set the ``access_log_hint`` dynamic metadata key based on if requests match.
+ // The policies set the “access_log_hint“ dynamic metadata key based on if requests match.
// All requests are allowed.
RBAC_LOG RBAC_Action = 2
)
@@ -142,54 +142,63 @@ func (RBAC_AuditLoggingOptions_AuditCondition) EnumDescriptor() ([]byte, []int)
}
// Role Based Access Control (RBAC) provides service-level and method-level access control for a
-// service. Requests are allowed or denied based on the ``action`` and whether a matching policy is
+// service. Requests are allowed or denied based on the “action“ and whether a matching policy is
// found. For instance, if the action is ALLOW and a matching policy is found the request should be
// allowed.
//
// RBAC can also be used to make access logging decisions by communicating with access loggers
// through dynamic metadata. When the action is LOG and at least one policy matches, the
-// ``access_log_hint`` value in the shared key namespace 'envoy.common' is set to ``true`` indicating
+// “access_log_hint“ value in the shared key namespace 'envoy.common' is set to “true“ indicating
// the request should be logged.
//
// Here is an example of RBAC configuration. It has two policies:
//
-// * Service account ``cluster.local/ns/default/sa/admin`` has full access to the service, and so
-// does "cluster.local/ns/default/sa/superuser".
+// - Service account “cluster.local/ns/default/sa/admin“ has full access to the service, and so
+// does "cluster.local/ns/default/sa/superuser".
//
-// * Any user can read (``GET``) the service at paths with prefix ``/products``, so long as the
-// destination port is either 80 or 443.
+// - Any user can read (“GET“) the service at paths with prefix “/products“, so long as the
+// destination port is either 80 or 443.
//
-// .. code-block:: yaml
+// .. code-block:: yaml
//
-// action: ALLOW
-// policies:
+// action: ALLOW
+// policies:
// "service-admin":
-// permissions:
-// - any: true
-// principals:
-// - authenticated:
-// principal_name:
-// exact: "cluster.local/ns/default/sa/admin"
-// - authenticated:
-// principal_name:
-// exact: "cluster.local/ns/default/sa/superuser"
+// permissions:
+//
+// - any: true
+// principals:
+//
+// - authenticated:
+// principal_name:
+// exact: "cluster.local/ns/default/sa/admin"
+//
+// - authenticated:
+// principal_name:
+// exact: "cluster.local/ns/default/sa/superuser"
// "product-viewer":
-// permissions:
-// - and_rules:
-// rules:
-// - header:
-// name: ":method"
-// string_match:
-// exact: "GET"
-// - url_path:
-// path: { prefix: "/products" }
-// - or_rules:
-// rules:
-// - destination_port: 80
-// - destination_port: 443
-// principals:
-// - any: true
+// permissions:
+//
+// - and_rules:
+// rules:
+//
+// - header:
+// name: ":method"
+// string_match:
+// exact: "GET"
+//
+// - url_path:
+// path: { prefix: "/products" }
+//
+// - or_rules:
+// rules:
//
+// - destination_port: 80
+//
+// - destination_port: 443
+// principals:
+//
+// - any: true
type RBAC struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@@ -200,15 +209,14 @@ type RBAC struct {
//
// Actions:
//
- // * ``ALLOW``: Allows the request if and only if there is a policy that matches
- // the request.
- // * ``DENY``: Allows the request if and only if there are no policies that
- // match the request.
- // * ``LOG``: Allows all requests. If at least one policy matches, the dynamic
- // metadata key ``access_log_hint`` is set to the value ``true`` under the shared
- // key namespace ``envoy.common``. If no policies match, it is set to ``false``.
- // Other actions do not modify this key.
- //
+ // - “ALLOW“: Allows the request if and only if there is a policy that matches
+ // the request.
+ // - “DENY“: Allows the request if and only if there are no policies that
+ // match the request.
+ // - “LOG“: Allows all requests. If at least one policy matches, the dynamic
+ // metadata key “access_log_hint“ is set to the value “true“ under the shared
+ // key namespace “envoy.common“. If no policies match, it is set to “false“.
+ // Other actions do not modify this key.
Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"`
// Maps from policy name to policy. A match occurs when at least one policy matches the request.
// The policies are evaluated in lexicographic order of the policy name.
@@ -284,11 +292,11 @@ type Policy struct {
// Required. The set of permissions that define a role. Each permission is
// matched with OR semantics. To match all actions for this policy, a single
- // Permission with the ``any`` field set to true should be used.
+ // Permission with the “any“ field set to true should be used.
Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
// Required. The set of principals that are assigned/denied the role based on
// “action”. Each principal is matched with OR semantics. To match all
- // downstreams for this policy, a single Principal with the ``any`` field set to
+ // downstreams for this policy, a single Principal with the “any“ field set to
// true should be used.
Principals []*Principal `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"`
// An optional symbolic expression specifying an access control
@@ -370,6 +378,7 @@ type Permission struct {
unknownFields protoimpl.UnknownFields
// Types that are assignable to Rule:
+ //
// *Permission_AndRules
// *Permission_OrRules
// *Permission_Any
@@ -530,7 +539,7 @@ type Permission_Any struct {
type Permission_Header struct {
// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
// available for HTTP request.
- // Note: the pseudo-header :path includes the query and fragment string. Use the ``url_path``
+ // Note: the pseudo-header :path includes the query and fragment string. Use the “url_path“
// field if you want to match the URL path without the query and fragment string.
Header *v3.HeaderMatcher `protobuf:"bytes,4,opt,name=header,proto3,oneof"`
}
@@ -562,8 +571,8 @@ type Permission_Metadata struct {
type Permission_NotRule struct {
// Negates matching the provided permission. For instance, if the value of
- // ``not_rule`` would match, this permission would not match. Conversely, if
- // the value of ``not_rule`` would not match, this permission would match.
+ // “not_rule“ would match, this permission would not match. Conversely, if
+ // the value of “not_rule“ would not match, this permission would match.
NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,proto3,oneof"`
}
@@ -573,18 +582,18 @@ type Permission_RequestedServerName struct {
//
// .. attention::
//
- // The behavior of this field may be affected by how Envoy is configured
- // as explained below.
+ // The behavior of this field may be affected by how Envoy is configured
+ // as explained below.
//
- // * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
- // filter is not added, and if a ``FilterChainMatch`` is not defined for
- // the :ref:`server name
- // <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
- // a TLS connection's requested SNI server name will be treated as if it
- // wasn't present.
+ // * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
+ // filter is not added, and if a ``FilterChainMatch`` is not defined for
+ // the :ref:`server name
+ // <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
+ // a TLS connection's requested SNI server name will be treated as if it
+ // wasn't present.
//
- // * A :ref:`listener filter <arch_overview_listener_filters>` may
- // overwrite a connection's requested server name within Envoy.
+ // * A :ref:`listener filter <arch_overview_listener_filters>` may
+ // overwrite a connection's requested server name within Envoy.
//
// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to
// setup SNI.
@@ -630,6 +639,7 @@ type Principal struct {
unknownFields protoimpl.UnknownFields
// Types that are assignable to Identifier:
+ //
// *Principal_AndIds
// *Principal_OrIds
// *Principal_Any
@@ -712,7 +722,7 @@ func (x *Principal) GetAuthenticated() *Principal_Authenticated {
return nil
}
-// Deprecated: Do not use.
+// Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.
func (x *Principal) GetSourceIp() *v32.CidrRange {
if x, ok := x.GetIdentifier().(*Principal_SourceIp); ok {
return x.SourceIp
@@ -804,7 +814,7 @@ type Principal_SourceIp struct {
// behavior, or use
// :ref:`direct_remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`.
//
- // Deprecated: Do not use.
+ // Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.
SourceIp *v32.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,proto3,oneof"`
}
@@ -830,7 +840,7 @@ type Principal_RemoteIp struct {
type Principal_Header struct {
// A header (or pseudo-header such as :path or :method) on the incoming HTTP
// request. Only available for HTTP request. Note: the pseudo-header :path
- // includes the query and fragment string. Use the ``url_path`` field if you
+ // includes the query and fragment string. Use the “url_path“ field if you
// want to match the URL path without the query and fragment string.
Header *v3.HeaderMatcher `protobuf:"bytes,6,opt,name=header,proto3,oneof"`
}
@@ -852,8 +862,8 @@ type Principal_FilterState struct {
type Principal_NotId struct {
// Negates matching the provided principal. For instance, if the value of
- // ``not_id`` would match, this principal would not match. Conversely, if the
- // value of ``not_id`` would not match, this principal would match.
+ // “not_id“ would match, this principal would not match. Conversely, if the
+ // value of “not_id“ would not match, this principal would match.
NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,proto3,oneof"`
}
@@ -894,19 +904,18 @@ type Action struct {
//
// Actions:
//
- // * ``ALLOW``: If the request gets matched on ALLOW, it is permitted.
- // * ``DENY``: If the request gets matched on DENY, it is not permitted.
- // * ``LOG``: If the request gets matched on LOG, it is permitted. Besides, the
- // dynamic metadata key ``access_log_hint`` under the shared key namespace
- // ``envoy.common`` will be set to the value ``true``.
- // * If the request cannot get matched, it will fallback to ``DENY``.
+ // - “ALLOW“: If the request gets matched on ALLOW, it is permitted.
+ // - “DENY“: If the request gets matched on DENY, it is not permitted.
+ // - “LOG“: If the request gets matched on LOG, it is permitted. Besides, the
+ // dynamic metadata key “access_log_hint“ under the shared key namespace
+ // “envoy.common“ will be set to the value “true“.
+ // - If the request cannot get matched, it will fallback to “DENY“.
//
// Log behavior:
//
- // If the RBAC matcher contains at least one LOG action, the dynamic
- // metadata key ``access_log_hint`` will be set based on if the request
- // get matched on the LOG action.
- //
+ // If the RBAC matcher contains at least one LOG action, the dynamic
+ // metadata key ``access_log_hint`` will be set based on if the request
+ // get matched on the LOG action.
Action RBAC_Action `protobuf:"varint,2,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"`
}
@@ -1078,7 +1087,7 @@ func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) GetIsOptional() bool {
return false
}
-// Used in the ``and_rules`` and ``or_rules`` fields in the ``rule`` oneof. Depending on the context,
+// Used in the “and_rules“ and “or_rules“ fields in the “rule“ oneof. Depending on the context,
// each are applied with the associated behavior.
type Permission_Set struct {
state protoimpl.MessageState
@@ -1127,7 +1136,7 @@ func (x *Permission_Set) GetRules() []*Permission {
return nil
}
-// Used in the ``and_ids`` and ``or_ids`` fields in the ``identifier`` oneof.
+// Used in the “and_ids“ and “or_ids“ fields in the “identifier“ oneof.
// Depending on the context, each are applied with the associated behavior.
type Principal_Set struct {
state protoimpl.MessageState
@@ -1427,8 +1436,8 @@ var file_envoy_config_rbac_v3_rbac_proto_rawDesc = []byte{
0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x4b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
0x5f, 0x69, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f,
0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33,
- 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x0b, 0x18, 0x01, 0x92, 0xc7,
- 0x86, 0xd8, 0x04, 0x03, 0x33, 0x2e, 0x30, 0x48, 0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x0b, 0x92, 0xc7, 0x86, 0xd8,
+ 0x04, 0x03, 0x33, 0x2e, 0x30, 0x18, 0x01, 0x48, 0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63,
0x65, 0x49, 0x70, 0x12, 0x4b, 0x0a, 0x10, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65,
0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e,
0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72,
@@ -1485,15 +1494,15 @@ var file_envoy_config_rbac_v3_rbac_proto_rawDesc = []byte{
0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x65, 0x6e,
0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e,
0x76, 0x33, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06,
- 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x7d, 0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76,
- 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f,
- 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62,
- 0x61, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75,
- 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79,
- 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e,
- 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72,
- 0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x3b, 0x72, 0x62, 0x61, 0x63, 0x76, 0x33, 0xba, 0x80, 0xc8,
- 0xd1, 0x06, 0x02, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x7d, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02,
+ 0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e,
+ 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61,
+ 0x63, 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62, 0x61, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+ 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e,
+ 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74,
+ 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f,
+ 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x3b, 0x72,
+ 0x62, 0x61, 0x63, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (