From c852242e231a621fd588b9495925925938aa0b17 Mon Sep 17 00:00:00 2001 From: "data-plane-api(Azure Pipelines)" Date: Tue, 4 Apr 2023 01:59:13 +0000 Subject: [PATCH] api: wrap the audit logger extension with an is_optional bool (#26415) Signed-off-by: Luwei Ge Mirrored from https://github.com/envoyproxy/envoy @ 38d6cfa44ab28fbf6f78eff182a54a9a79bd678c --- envoy/config/rbac/v3/rbac.proto | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/envoy/config/rbac/v3/rbac.proto b/envoy/config/rbac/v3/rbac.proto index cc58ac76..e2f9b5c8 100644 --- a/envoy/config/rbac/v3/rbac.proto +++ b/envoy/config/rbac/v3/rbac.proto @@ -111,6 +111,17 @@ message RBAC { ON_DENY_AND_ALLOW = 3; } + // [#not-implemented-hide:] + message AuditLoggerConfig { + // Typed logger configuration. + // + // [#extension-category: envoy.rbac.audit_loggers] + core.v3.TypedExtensionConfig audit_logger = 1; + + // If true, when the logger is not supported, the data plane will not NACK but simply ignore it. + bool is_optional = 2; + } + // Condition for the audit logging to happen. // If this condition is met, all the audit loggers configured here will be invoked. // @@ -120,9 +131,7 @@ message RBAC { // Configurations for RBAC-based authorization audit loggers. // // [#not-implemented-hide:] - // [#extension-category: envoy.rbac.audit_loggers] - repeated core.v3.TypedExtensionConfig audit_loggers = 2 - [(validate.rules).repeated = {min_items: 1}]; + repeated AuditLoggerConfig logger_configs = 2; } // The action to take if a policy matches. Every action either allows or denies a request,