RBAC

This extension may be referenced by the qualified name envoy.filters.http.rbac

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Role-Based Access Control configuration overview.

config.filter.http.rbac.v2.RBAC

[config.filter.http.rbac.v2.RBAC proto]

RBAC filter config.

{
  "rules": "{...}",
  "shadow_rules": "{...}"
}

rules

(config.rbac.v2.RBAC) Specify the RBAC rules to be applied globally. If absent, no enforcing RBAC policy will be applied.

shadow_rules

(config.rbac.v2.RBAC) Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing. If absent, no shadow RBAC policy will be applied.

config.filter.http.rbac.v2.RBACPerRoute

[config.filter.http.rbac.v2.RBACPerRoute proto]

{
  "rbac": "{...}"
}

rbac

(config.filter.http.rbac.v2.RBAC) Override the global configuration of the filter with this new config. If absent, the global RBAC policy will be disabled for this route.