Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

rbac: update documentation about policy evaluation order (#16911)

Browse Source 
Signed-off-by: Yangmin Zhu <ymzhu@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 5e68aac3aaed1c431fdb1fcaad2a753f98d2362b
pull/624/head
data-plane-api(Azure Pipelines) 4 years ago
parent ad12d3cdae
commit b319254abb
2 changed files with 8 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      envoy/config/rbac/v3/rbac.proto
  2. 7
      envoy/config/rbac/v4alpha/rbac.proto

7
envoy/config/rbac/v3/rbac.proto
Unescape View File

@ -25,9 +25,9 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Role Based Access Control (RBAC)]
// Role Based Access Control (RBAC) provides service-level and method-level access control for a
// service. RBAC policies are additive. The policies are examined in order. Requests are allowed
// or denied based on the `action` and whether a matching policy is found. For instance, if the
// action is ALLOW and a matching policy is found the request should be allowed.
// service. Requests are allowed or denied based on the `action` and whether a matching policy is
// found. For instance, if the action is ALLOW and a matching policy is found the request should be
// allowed.
//
// RBAC can also be used to make access logging decisions by communicating with access loggers
// through dynamic metadata. When the action is LOG and at least one policy matches, the
@ -105,6 +105,7 @@ message RBAC {
Action action = 1 [(validate.rules).enum = {defined_only: true}];
// Maps from policy name to policy. A match occurs when at least one policy matches the request.
// The policies are evaluated in lexicographic order of the policy name.
map<string, Policy> policies = 2;
}

7
envoy/config/rbac/v4alpha/rbac.proto
Unescape View File

@ -23,9 +23,9 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO
// [#protodoc-title: Role Based Access Control (RBAC)]
// Role Based Access Control (RBAC) provides service-level and method-level access control for a
// service. RBAC policies are additive. The policies are examined in order. Requests are allowed
// or denied based on the `action` and whether a matching policy is found. For instance, if the
// action is ALLOW and a matching policy is found the request should be allowed.
// service. Requests are allowed or denied based on the `action` and whether a matching policy is
// found. For instance, if the action is ALLOW and a matching policy is found the request should be
// allowed.
//
// RBAC can also be used to make access logging decisions by communicating with access loggers
// through dynamic metadata. When the action is LOG and at least one policy matches, the
@ -103,6 +103,7 @@ message RBAC {
Action action = 1 [(validate.rules).enum = {defined_only: true}];
// Maps from policy name to policy. A match occurs when at least one policy matches the request.
// The policies are evaluated in lexicographic order of the policy name.
map<string, Policy> policies = 2;
}

Write Preview
Loading…
Cancel
Save