Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
xds: import v3 RBAC http filter proto (#8215)
- Loading branch information
Showing
2 changed files
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
syntax = "proto3"; | ||
|
||
package envoy.extensions.filters.http.rbac.v3; | ||
|
||
import "envoy/config/rbac/v3/rbac.proto"; | ||
|
||
import "udpa/annotations/status.proto"; | ||
import "udpa/annotations/versioning.proto"; | ||
|
||
option java_package = "io.envoyproxy.envoy.extensions.filters.http.rbac.v3"; | ||
option java_outer_classname = "RbacProto"; | ||
option java_multiple_files = true; | ||
option (udpa.annotations.file_status).package_version_status = ACTIVE; | ||
|
||
// [#protodoc-title: RBAC] | ||
// Role-Based Access Control :ref:`configuration overview <config_http_filters_rbac>`. | ||
// [#extension: envoy.filters.http.rbac] | ||
|
||
// RBAC filter config. | ||
message RBAC { | ||
option (udpa.annotations.versioning).previous_message_type = | ||
"envoy.config.filter.http.rbac.v2.RBAC"; | ||
|
||
// Specify the RBAC rules to be applied globally. | ||
// If absent, no enforcing RBAC policy will be applied. | ||
config.rbac.v3.RBAC rules = 1; | ||
|
||
// Shadow rules are not enforced by the filter (i.e., returning a 403) | ||
// but will emit stats and logs and can be used for rule testing. | ||
// If absent, no shadow RBAC policy will be applied. | ||
config.rbac.v3.RBAC shadow_rules = 2; | ||
|
||
// If specified, shadow rules will emit stats with the given prefix. | ||
// This is useful to distinguish the stat when there are more than 1 RBAC filter configured with | ||
// shadow rules. | ||
string shadow_rules_stat_prefix = 3; | ||
} | ||
|
||
message RBACPerRoute { | ||
option (udpa.annotations.versioning).previous_message_type = | ||
"envoy.config.filter.http.rbac.v2.RBACPerRoute"; | ||
|
||
reserved 1; | ||
|
||
// Override the global configuration of the filter with this new config. | ||
// If absent, the global RBAC policy will be disabled for this route. | ||
RBAC rbac = 2; | ||
} |