Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

authz: RBAC HTTP filter + utilities (#3455)

Browse Source 
Signed-off-by: Chris Roche <croche@lyft.com>

Mirrored from https://github.com/envoyproxy/envoy @ d519097e9d0f914cac7362f8bafc8623ba2c09db
pull/620/head
data-plane-api(CircleCI) 7 years ago
parent 3ff81a05c1
commit 87b2671ef0
2 changed files with 7 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      docs/BUILD
  2. 14
      envoy/config/rbac/v2alpha/rbac.proto

2
docs/BUILD
Unescape View File

@ -34,6 +34,7 @@ proto_library(
"//envoy/config/filter/http/ip_tagging/v2:ip_tagging",
"//envoy/config/filter/http/lua/v2:lua",
"//envoy/config/filter/http/rate_limit/v2:rate_limit",
"//envoy/config/filter/http/rbac/v2:rbac",
"//envoy/config/filter/http/router/v2:router",
"//envoy/config/filter/http/squash/v2:squash",
"//envoy/config/filter/http/transcoder/v2:transcoder",
@ -48,6 +49,7 @@ proto_library(
"//envoy/config/metrics/v2:metrics_service",
"//envoy/config/metrics/v2:stats",
"//envoy/config/ratelimit/v2:rls",
"//envoy/config/rbac/v2alpha:rbac",
"//envoy/config/trace/v2:trace",
"//envoy/config/transport_socket/capture/v2alpha:capture",
"//envoy/extensions/common/tap/v2alpha:capture",

14
envoy/config/rbac/v2alpha/rbac.proto
Unescape View File

@ -8,12 +8,8 @@ package envoy.config.rbac.v2alpha;
option go_package = "v2alpha";
// Role Based Access Control (RBAC) provides service-level and method-level access control for a
// service. The RBAC engine authorizes a request by evaluating the request context (expressed in the
// form of :ref: `AttributeContext <envoy_api_msg_service.auth.v2alpha.AttributeContext>`) against
// the RBAC policies.
//
// RBAC policies are additive. The policies are examined in order. A request is allowed once a
// matching policy is found (suppose the `action` is ALLOW).
// service. RBAC policies are additive. The policies are examined in order. A request is allowed
// once a matching policy is found (suppose the `action` is ALLOW).
//
// Here is an example of RBAC configuration. It has two policies:
//
@ -48,13 +44,13 @@ option go_package = "v2alpha";
// - any: true
//
message RBAC {
// Should we do white-list or black-list style access control?
// Should we do safe-list or block-list style access control?
enum Action {
// The policies grant access to principals. The rest is denied. This is white-list style
// The policies grant access to principals. The rest is denied. This is safe-list style
// access control. This is the default type.
ALLOW = 0;
// The policies deny access to principals. The rest is allowed. This is black-list style
// The policies deny access to principals. The rest is allowed. This is block-list style
// access control.
DENY = 1;
}

Write Preview
Loading…
Cancel
Save