1
// Copyright Istio Authors
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
7
// http://www.apache.org/licenses/LICENSE-2.0
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
18
core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
19
rbacpb "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
20
routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
21
matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
24
func permissionAny() *rbacpb.Permission {
25
return &rbacpb.Permission{
26
Rule: &rbacpb.Permission_Any{
32
func permissionAnd(permission []*rbacpb.Permission) *rbacpb.Permission {
33
return &rbacpb.Permission{
34
Rule: &rbacpb.Permission_AndRules{
35
AndRules: &rbacpb.Permission_Set{
42
func permissionOr(permission []*rbacpb.Permission) *rbacpb.Permission {
43
return &rbacpb.Permission{
44
Rule: &rbacpb.Permission_OrRules{
45
OrRules: &rbacpb.Permission_Set{
52
func permissionNot(permission *rbacpb.Permission) *rbacpb.Permission {
53
return &rbacpb.Permission{
54
Rule: &rbacpb.Permission_NotRule{
60
func permissionDestinationIP(cidr *core.CidrRange) *rbacpb.Permission {
61
return &rbacpb.Permission{
62
Rule: &rbacpb.Permission_DestinationIp{
68
func permissionDestinationPort(port uint32) *rbacpb.Permission {
69
return &rbacpb.Permission{
70
Rule: &rbacpb.Permission_DestinationPort{
71
DestinationPort: port,
76
func permissionRequestedServerName(name *matcher.StringMatcher) *rbacpb.Permission {
77
return &rbacpb.Permission{
78
Rule: &rbacpb.Permission_RequestedServerName{
79
RequestedServerName: name,
84
func permissionMetadata(metadata *matcher.MetadataMatcher) *rbacpb.Permission {
85
return &rbacpb.Permission{
86
Rule: &rbacpb.Permission_Metadata{
92
func permissionHeader(header *routepb.HeaderMatcher) *rbacpb.Permission {
93
return &rbacpb.Permission{
94
Rule: &rbacpb.Permission_Header{
100
func permissionPath(path *matcher.PathMatcher) *rbacpb.Permission {
101
return &rbacpb.Permission{
102
Rule: &rbacpb.Permission_UrlPath{