diff options
author | robot-contrib <robot-contrib@yandex-team.com> | 2024-01-30 11:20:39 +0300 |
---|---|---|
committer | robot-contrib <robot-contrib@yandex-team.com> | 2024-01-30 12:12:51 +0300 |
commit | be737fd8956853e06bd2c4f9fcd4a85188f4c172 (patch) | |
tree | 5bd76802fac1096dfd90983c7739d50de367a79f /vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac | |
parent | fe62880c46b1f2c9fec779b0dc39f8a92ce256a5 (diff) | |
download | ydb-be737fd8956853e06bd2c4f9fcd4a85188f4c172.tar.gz |
Update vendor/github.com/envoyproxy/go-control-plane to 0.12.0
Diffstat (limited to 'vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac')
-rw-r--r-- | vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go | 185 |
1 files changed, 97 insertions, 88 deletions
diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go index dd98cec635..126084f32b 100644 --- a/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.4 // source: envoy/config/rbac/v3/rbac.proto package rbacv3 @@ -38,7 +38,7 @@ const ( // The policies deny access to principals. The rest are allowed. This is block-list style // access control. RBAC_DENY RBAC_Action = 1 - // The policies set the ``access_log_hint`` dynamic metadata key based on if requests match. + // The policies set the “access_log_hint“ dynamic metadata key based on if requests match. // All requests are allowed. RBAC_LOG RBAC_Action = 2 ) @@ -142,54 +142,63 @@ func (RBAC_AuditLoggingOptions_AuditCondition) EnumDescriptor() ([]byte, []int) } // Role Based Access Control (RBAC) provides service-level and method-level access control for a -// service. Requests are allowed or denied based on the ``action`` and whether a matching policy is +// service. Requests are allowed or denied based on the “action“ and whether a matching policy is // found. For instance, if the action is ALLOW and a matching policy is found the request should be // allowed. // // RBAC can also be used to make access logging decisions by communicating with access loggers // through dynamic metadata. When the action is LOG and at least one policy matches, the -// ``access_log_hint`` value in the shared key namespace 'envoy.common' is set to ``true`` indicating +// “access_log_hint“ value in the shared key namespace 'envoy.common' is set to “true“ indicating // the request should be logged. // // Here is an example of RBAC configuration. It has two policies: // -// * Service account ``cluster.local/ns/default/sa/admin`` has full access to the service, and so -// does "cluster.local/ns/default/sa/superuser". +// - Service account “cluster.local/ns/default/sa/admin“ has full access to the service, and so +// does "cluster.local/ns/default/sa/superuser". // -// * Any user can read (``GET``) the service at paths with prefix ``/products``, so long as the -// destination port is either 80 or 443. +// - Any user can read (“GET“) the service at paths with prefix “/products“, so long as the +// destination port is either 80 or 443. // -// .. code-block:: yaml +// .. code-block:: yaml // -// action: ALLOW -// policies: +// action: ALLOW +// policies: // "service-admin": -// permissions: -// - any: true -// principals: -// - authenticated: -// principal_name: -// exact: "cluster.local/ns/default/sa/admin" -// - authenticated: -// principal_name: -// exact: "cluster.local/ns/default/sa/superuser" +// permissions: +// +// - any: true +// principals: +// +// - authenticated: +// principal_name: +// exact: "cluster.local/ns/default/sa/admin" +// +// - authenticated: +// principal_name: +// exact: "cluster.local/ns/default/sa/superuser" // "product-viewer": -// permissions: -// - and_rules: -// rules: -// - header: -// name: ":method" -// string_match: -// exact: "GET" -// - url_path: -// path: { prefix: "/products" } -// - or_rules: -// rules: -// - destination_port: 80 -// - destination_port: 443 -// principals: -// - any: true +// permissions: +// +// - and_rules: +// rules: +// +// - header: +// name: ":method" +// string_match: +// exact: "GET" +// +// - url_path: +// path: { prefix: "/products" } +// +// - or_rules: +// rules: // +// - destination_port: 80 +// +// - destination_port: 443 +// principals: +// +// - any: true type RBAC struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -200,15 +209,14 @@ type RBAC struct { // // Actions: // - // * ``ALLOW``: Allows the request if and only if there is a policy that matches - // the request. - // * ``DENY``: Allows the request if and only if there are no policies that - // match the request. - // * ``LOG``: Allows all requests. If at least one policy matches, the dynamic - // metadata key ``access_log_hint`` is set to the value ``true`` under the shared - // key namespace ``envoy.common``. If no policies match, it is set to ``false``. - // Other actions do not modify this key. - // + // - “ALLOW“: Allows the request if and only if there is a policy that matches + // the request. + // - “DENY“: Allows the request if and only if there are no policies that + // match the request. + // - “LOG“: Allows all requests. If at least one policy matches, the dynamic + // metadata key “access_log_hint“ is set to the value “true“ under the shared + // key namespace “envoy.common“. If no policies match, it is set to “false“. + // Other actions do not modify this key. Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"` // Maps from policy name to policy. A match occurs when at least one policy matches the request. // The policies are evaluated in lexicographic order of the policy name. @@ -284,11 +292,11 @@ type Policy struct { // Required. The set of permissions that define a role. Each permission is // matched with OR semantics. To match all actions for this policy, a single - // Permission with the ``any`` field set to true should be used. + // Permission with the “any“ field set to true should be used. Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"` // Required. The set of principals that are assigned/denied the role based on // “action”. Each principal is matched with OR semantics. To match all - // downstreams for this policy, a single Principal with the ``any`` field set to + // downstreams for this policy, a single Principal with the “any“ field set to // true should be used. Principals []*Principal `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"` // An optional symbolic expression specifying an access control @@ -370,6 +378,7 @@ type Permission struct { unknownFields protoimpl.UnknownFields // Types that are assignable to Rule: + // // *Permission_AndRules // *Permission_OrRules // *Permission_Any @@ -530,7 +539,7 @@ type Permission_Any struct { type Permission_Header struct { // A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only // available for HTTP request. - // Note: the pseudo-header :path includes the query and fragment string. Use the ``url_path`` + // Note: the pseudo-header :path includes the query and fragment string. Use the “url_path“ // field if you want to match the URL path without the query and fragment string. Header *v3.HeaderMatcher `protobuf:"bytes,4,opt,name=header,proto3,oneof"` } @@ -562,8 +571,8 @@ type Permission_Metadata struct { type Permission_NotRule struct { // Negates matching the provided permission. For instance, if the value of - // ``not_rule`` would match, this permission would not match. Conversely, if - // the value of ``not_rule`` would not match, this permission would match. + // “not_rule“ would match, this permission would not match. Conversely, if + // the value of “not_rule“ would not match, this permission would match. NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,proto3,oneof"` } @@ -573,18 +582,18 @@ type Permission_RequestedServerName struct { // // .. attention:: // - // The behavior of this field may be affected by how Envoy is configured - // as explained below. + // The behavior of this field may be affected by how Envoy is configured + // as explained below. // - // * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>` - // filter is not added, and if a ``FilterChainMatch`` is not defined for - // the :ref:`server name - // <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`, - // a TLS connection's requested SNI server name will be treated as if it - // wasn't present. + // * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>` + // filter is not added, and if a ``FilterChainMatch`` is not defined for + // the :ref:`server name + // <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`, + // a TLS connection's requested SNI server name will be treated as if it + // wasn't present. // - // * A :ref:`listener filter <arch_overview_listener_filters>` may - // overwrite a connection's requested server name within Envoy. + // * A :ref:`listener filter <arch_overview_listener_filters>` may + // overwrite a connection's requested server name within Envoy. // // Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to // setup SNI. @@ -630,6 +639,7 @@ type Principal struct { unknownFields protoimpl.UnknownFields // Types that are assignable to Identifier: + // // *Principal_AndIds // *Principal_OrIds // *Principal_Any @@ -712,7 +722,7 @@ func (x *Principal) GetAuthenticated() *Principal_Authenticated { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto. func (x *Principal) GetSourceIp() *v32.CidrRange { if x, ok := x.GetIdentifier().(*Principal_SourceIp); ok { return x.SourceIp @@ -804,7 +814,7 @@ type Principal_SourceIp struct { // behavior, or use // :ref:`direct_remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto. SourceIp *v32.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,proto3,oneof"` } @@ -830,7 +840,7 @@ type Principal_RemoteIp struct { type Principal_Header struct { // A header (or pseudo-header such as :path or :method) on the incoming HTTP // request. Only available for HTTP request. Note: the pseudo-header :path - // includes the query and fragment string. Use the ``url_path`` field if you + // includes the query and fragment string. Use the “url_path“ field if you // want to match the URL path without the query and fragment string. Header *v3.HeaderMatcher `protobuf:"bytes,6,opt,name=header,proto3,oneof"` } @@ -852,8 +862,8 @@ type Principal_FilterState struct { type Principal_NotId struct { // Negates matching the provided principal. For instance, if the value of - // ``not_id`` would match, this principal would not match. Conversely, if the - // value of ``not_id`` would not match, this principal would match. + // “not_id“ would match, this principal would not match. Conversely, if the + // value of “not_id“ would not match, this principal would match. NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,proto3,oneof"` } @@ -894,19 +904,18 @@ type Action struct { // // Actions: // - // * ``ALLOW``: If the request gets matched on ALLOW, it is permitted. - // * ``DENY``: If the request gets matched on DENY, it is not permitted. - // * ``LOG``: If the request gets matched on LOG, it is permitted. Besides, the - // dynamic metadata key ``access_log_hint`` under the shared key namespace - // ``envoy.common`` will be set to the value ``true``. - // * If the request cannot get matched, it will fallback to ``DENY``. + // - “ALLOW“: If the request gets matched on ALLOW, it is permitted. + // - “DENY“: If the request gets matched on DENY, it is not permitted. + // - “LOG“: If the request gets matched on LOG, it is permitted. Besides, the + // dynamic metadata key “access_log_hint“ under the shared key namespace + // “envoy.common“ will be set to the value “true“. + // - If the request cannot get matched, it will fallback to “DENY“. // // Log behavior: // - // If the RBAC matcher contains at least one LOG action, the dynamic - // metadata key ``access_log_hint`` will be set based on if the request - // get matched on the LOG action. - // + // If the RBAC matcher contains at least one LOG action, the dynamic + // metadata key ``access_log_hint`` will be set based on if the request + // get matched on the LOG action. Action RBAC_Action `protobuf:"varint,2,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"` } @@ -1078,7 +1087,7 @@ func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) GetIsOptional() bool { return false } -// Used in the ``and_rules`` and ``or_rules`` fields in the ``rule`` oneof. Depending on the context, +// Used in the “and_rules“ and “or_rules“ fields in the “rule“ oneof. Depending on the context, // each are applied with the associated behavior. type Permission_Set struct { state protoimpl.MessageState @@ -1127,7 +1136,7 @@ func (x *Permission_Set) GetRules() []*Permission { return nil } -// Used in the ``and_ids`` and ``or_ids`` fields in the ``identifier`` oneof. +// Used in the “and_ids“ and “or_ids“ fields in the “identifier“ oneof. // Depending on the context, each are applied with the associated behavior. type Principal_Set struct { state protoimpl.MessageState @@ -1427,8 +1436,8 @@ var file_envoy_config_rbac_v3_rbac_proto_rawDesc = []byte{ 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x4b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, - 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x0b, 0x18, 0x01, 0x92, 0xc7, - 0x86, 0xd8, 0x04, 0x03, 0x33, 0x2e, 0x30, 0x48, 0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x0b, 0x92, 0xc7, 0x86, 0xd8, + 0x04, 0x03, 0x33, 0x2e, 0x30, 0x18, 0x01, 0x48, 0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x4b, 0x0a, 0x10, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, @@ -1485,15 +1494,15 @@ var file_envoy_config_rbac_v3_rbac_proto_rawDesc = []byte{ 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, - 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x7d, 0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, - 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62, - 0x61, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, - 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72, - 0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x3b, 0x72, 0x62, 0x61, 0x63, 0x76, 0x33, 0xba, 0x80, 0xc8, - 0xd1, 0x06, 0x02, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x7d, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, + 0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, + 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, + 0x63, 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62, 0x61, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x3b, 0x72, + 0x62, 0x61, 0x63, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( |