api: wrap the audit logger extension with an is_optional bool (#26415)

Signed-off-by: Luwei Ge <lwge@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 38d6cfa44ab28fbf6f78eff182a54a9a79bd678c
2 years ago · c852242e23
parent 2c005c080f
commit c852242e23
1 changed files with 12 additions and 3 deletions
--- a/envoy/config/rbac/v3/rbac.proto
+++ b/envoy/config/rbac/v3/rbac.proto
@ -111,6 +111,17 @@ message RBAC {
      ON_DENY_AND_ALLOW = 3;
    }

+    // [#not-implemented-hide:]
+    message AuditLoggerConfig {
+      // Typed logger configuration.
+      //
+      // [#extension-category: envoy.rbac.audit_loggers]
+      core.v3.TypedExtensionConfig audit_logger = 1;
+
+      // If true, when the logger is not supported, the data plane will not NACK but simply ignore it.
+      bool is_optional = 2;
+    }
+
    // Condition for the audit logging to happen.
    // If this condition is met, all the audit loggers configured here will be invoked.
    //
@ -120,9 +131,7 @@ message RBAC {
    // Configurations for RBAC-based authorization audit loggers.
    //
    // [#not-implemented-hide:]
-    // [#extension-category: envoy.rbac.audit_loggers]
-    repeated core.v3.TypedExtensionConfig audit_loggers = 2
-        [(validate.rules).repeated = {min_items: 1}];
+    repeated AuditLoggerConfig logger_configs = 2;
  }

  // The action to take if a policy matches. Every action either allows or denies a request,