istio

permission.go
106 строк · 2.6 Кб
Перенос по словам
1
// Copyright Istio Authors
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14

15
package model
16

17
import (
18
	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
19
	rbacpb "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
20
	routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
21
	matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
22
)
23

24
func permissionAny() *rbacpb.Permission {
25
	return &rbacpb.Permission{
26
		Rule: &rbacpb.Permission_Any{
27
			Any: true,
28
		},
29
	}
30
}
31

32
func permissionAnd(permission []*rbacpb.Permission) *rbacpb.Permission {
33
	return &rbacpb.Permission{
34
		Rule: &rbacpb.Permission_AndRules{
35
			AndRules: &rbacpb.Permission_Set{
36
				Rules: permission,
37
			},
38
		},
39
	}
40
}
41

42
func permissionOr(permission []*rbacpb.Permission) *rbacpb.Permission {
43
	return &rbacpb.Permission{
44
		Rule: &rbacpb.Permission_OrRules{
45
			OrRules: &rbacpb.Permission_Set{
46
				Rules: permission,
47
			},
48
		},
49
	}
50
}
51

52
func permissionNot(permission *rbacpb.Permission) *rbacpb.Permission {
53
	return &rbacpb.Permission{
54
		Rule: &rbacpb.Permission_NotRule{
55
			NotRule: permission,
56
		},
57
	}
58
}
59

60
func permissionDestinationIP(cidr *core.CidrRange) *rbacpb.Permission {
61
	return &rbacpb.Permission{
62
		Rule: &rbacpb.Permission_DestinationIp{
63
			DestinationIp: cidr,
64
		},
65
	}
66
}
67

68
func permissionDestinationPort(port uint32) *rbacpb.Permission {
69
	return &rbacpb.Permission{
70
		Rule: &rbacpb.Permission_DestinationPort{
71
			DestinationPort: port,
72
		},
73
	}
74
}
75

76
func permissionRequestedServerName(name *matcher.StringMatcher) *rbacpb.Permission {
77
	return &rbacpb.Permission{
78
		Rule: &rbacpb.Permission_RequestedServerName{
79
			RequestedServerName: name,
80
		},
81
	}
82
}
83

84
func permissionMetadata(metadata *matcher.MetadataMatcher) *rbacpb.Permission {
85
	return &rbacpb.Permission{
86
		Rule: &rbacpb.Permission_Metadata{
87
			Metadata: metadata,
88
		},
89
	}
90
}
91

92
func permissionHeader(header *routepb.HeaderMatcher) *rbacpb.Permission {
93
	return &rbacpb.Permission{
94
		Rule: &rbacpb.Permission_Header{
95
			Header: header,
96
		},
97
	}
98
}
99

100
func permissionPath(path *matcher.PathMatcher) *rbacpb.Permission {
101
	return &rbacpb.Permission{
102
		Rule: &rbacpb.Permission_UrlPath{
103
			UrlPath: path,
104
		},
105
	}
106
}
107
istio

Использование cookies
