1
// Copyright Istio Authors
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
7
// http://www.apache.org/licenses/LICENSE-2.0
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
18
core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
19
rbacpb "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
20
routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
21
matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
24
func principalAny() *rbacpb.Principal {
25
return &rbacpb.Principal{
26
Identifier: &rbacpb.Principal_Any{
32
func principalOr(principals []*rbacpb.Principal) *rbacpb.Principal {
33
return &rbacpb.Principal{
34
Identifier: &rbacpb.Principal_OrIds{
35
OrIds: &rbacpb.Principal_Set{
42
func principalAnd(principals []*rbacpb.Principal) *rbacpb.Principal {
43
return &rbacpb.Principal{
44
Identifier: &rbacpb.Principal_AndIds{
45
AndIds: &rbacpb.Principal_Set{
52
func principalNot(principal *rbacpb.Principal) *rbacpb.Principal {
53
return &rbacpb.Principal{
54
Identifier: &rbacpb.Principal_NotId{
60
func principalAuthenticated(name *matcher.StringMatcher, useAuthenticated bool) *rbacpb.Principal {
62
return &rbacpb.Principal{
63
Identifier: &rbacpb.Principal_Authenticated_{
64
Authenticated: &rbacpb.Principal_Authenticated{
70
return &rbacpb.Principal{
71
Identifier: &rbacpb.Principal_FilterState{
72
FilterState: &matcher.FilterStateMatcher{
73
Key: "io.istio.peer_principal",
74
Matcher: &matcher.FilterStateMatcher_StringMatch{
82
func principalDirectRemoteIP(cidr *core.CidrRange) *rbacpb.Principal {
83
return &rbacpb.Principal{
84
Identifier: &rbacpb.Principal_DirectRemoteIp{
90
func principalRemoteIP(cidr *core.CidrRange) *rbacpb.Principal {
91
return &rbacpb.Principal{
92
Identifier: &rbacpb.Principal_RemoteIp{
98
func principalMetadata(metadata *matcher.MetadataMatcher) *rbacpb.Principal {
99
return &rbacpb.Principal{
100
Identifier: &rbacpb.Principal_Metadata{
106
func principalHeader(header *routepb.HeaderMatcher) *rbacpb.Principal {
107
return &rbacpb.Principal{
108
Identifier: &rbacpb.Principal_Header{