role.proto

Package : rbac.enterprise.mesh.gloo.solo.io

Top

role.proto

Table of Contents

RoleBindingSpec

Field Type Label Description
subjects []core.skv2.solo.io.TypedObjectRef repeated Specify by reference the Kubernetes Users or Groups the Role should apply to.
roleRef core.skv2.solo.io.ObjectRef Specify by reference the Gloo Mesh Role to bind.

RoleBindingStatus

RoleSpec

A role represents a set of permissions for creating, updating, and deleting Gloo Mesh configuration objects. A role consists of a set of scopes for each policy type. Depending on the policy type, the permission granularity is defined at the field level or at the object level.

Field Type Label Description
trafficPolicyScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.TrafficPolicyScope repeated A set of TrafficPolicy configuration permissions. Permission granularity is defined at the field level.
virtualMeshScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.VirtualMeshScope repeated A set of VirtualMesh configuration permissions. Permission granularity is defined at the field level.
accessPolicyScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.AccessPolicyScope repeated A set of AccessPolicy configuration permissions. Permission granularity is defined at the object level.
virtualDestinationScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.VirtualDestinationScope repeated A set of VirtualDestination configuration permissions. Permission granularity is defined at the object level.
wasmDeploymentScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.WasmDeploymentScope repeated A set of WasmDeployment configuration permissions. Permission granularity is defined at the object level.
accessLogRecordScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.AccessLogRecordScope repeated A set of AccessLogRecord configuration permissions. Permission granularity is defined at the object level.
virtualGatewayScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.VirtualGatewayScope repeated A set of VirtualGateway configuration permissions.
virtualHostScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.VirtualHostScope repeated A set of VirtualHost configuration permissions applied to both Virtual Hosts and inlined Virtual Hosts on a Virtual Gateway.
routeScopes []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.RouteScope repeated A set of route destination configuration permissions applied to all Gateway CRs with routes: VirtualGateways, VirtualHosts, and RouteTables.

RoleSpec.AccessLogRecordScope

Represents permissions for configuring AccessLogRecords.

Field Type Label Description
workloadSelectors []common.mesh.gloo.solo.io.WorkloadSelector repeated A list of permitted Workload selectors.

RoleSpec.AccessPolicyScope

Represents permissions for configuring AccessPolicies.

Field Type Label Description
identitySelectors []common.mesh.gloo.solo.io.IdentitySelector repeated A list of permitted identity selectors.
destinationSelectors []common.mesh.gloo.solo.io.DestinationSelector repeated A list of permitted Destination selectors.

RoleSpec.RouteScope

Represents permissions for configuring Routes.

Field Type Label Description
kubeServiceRefs []core.skv2.solo.io.ClusterObjectRef repeated A list of Kube services the user can reference in a new route
virtualDestinationSelectors []core.skv2.solo.io.ObjectSelector repeated Selectors for which Virtual Destinations the user can reference in a new route
staticDestinationSelectors []core.skv2.solo.io.ObjectSelector repeated Selectors for which Static Destinations the user can reference in a new route
routeTableSelectors []core.skv2.solo.io.ObjectSelector repeated Selectors for which route tables a route can reference

RoleSpec.TrafficPolicyScope

Represents permissions for configuring TrafficPolicies.

Field Type Label Description
trafficPolicyActions []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.TrafficPolicyScope.TrafficPolicyActions repeated A list of permitted TrafficPolicy configuration actions.
destinationSelectors []common.mesh.gloo.solo.io.DestinationSelector repeated A list of permitted Destination selectors.
workloadSelectors []common.mesh.gloo.solo.io.WorkloadSelector repeated A list of permitted Workload selectors.

RoleSpec.VirtualDestinationScope

Represents permissions for configuring VirtualDestinations.

Field Type Label Description
virtualMeshRefs []core.skv2.solo.io.ObjectRef repeated A list of permitted virtual mesh references.
meshRefs []core.skv2.solo.io.ObjectRef repeated A list of permitted mesh references.
destinationSelectors []common.mesh.gloo.solo.io.DestinationSelector repeated A list of permitted backing service selectors.
destinations []networking.enterprise.mesh.gloo.solo.io.VirtualDestinationBackingDestination repeated A list of permitted backing Destinations.

RoleSpec.VirtualGatewayScope

Represents permissions for configuring VirtualGateways.

Field Type Label Description
ingressGatewaySelectors []common.mesh.gloo.solo.io.IngressGatewaySelector repeated A list of ingress gateways selectors which this user is allowed to use
virtualHostSelectors []core.skv2.solo.io.ObjectSelector repeated Selectors for which virtual hosts this role can reference

RoleSpec.VirtualHostScope

Represents permissions for configuring VirtualHosts.

Field Type Label Description
domains []string repeated A list of allowed domains for created virtual hosts (Regex matching is available - see https://github.com/google/re2/wiki/Syntax)

RoleSpec.VirtualMeshScope

Represents permissions for configuring VirtualMeshes.

Field Type Label Description
virtualMeshActions []rbac.enterprise.mesh.gloo.solo.io.RoleSpec.VirtualMeshScope.VirtualMeshActions repeated A list of permitted VirtualMesh configuration actions.
meshRefs []core.skv2.solo.io.ObjectRef repeated A list of permitted mesh references.

RoleSpec.WasmDeploymentScope

Represents permissions for configuring WasmDeployments.

Field Type Label Description
workloadSelectors []common.mesh.gloo.solo.io.WorkloadSelector repeated A list of permitted Workload selectors.

RoleStatus

Field Type Label Description
observedGeneration int64 The observed generation of the Role. When this matches the Role's metadata.generation it indicates that Gloo Mesh has processed the latest version of the Role.

RoleSpec.TrafficPolicyScope.TrafficPolicyActions

Enums representing fields on the TrafficPolicy CRD.

Name Number Description
UNKNOWN_TRAFFIC_POLICY_ACTION 0
ALL 1
TRAFFIC_SHIFT 2
FAULT_INJECTION 3
REQUEST_TIMEOUT 4
RETRIES 5
CORS_POLICY 6
MIRROR 7
HEADER_MANIPULATION 8
OUTLIER_DETECTION 9
MTLS_CONFIG 10

RoleSpec.VirtualMeshScope.VirtualMeshActions

Enums representing fields on the VirtualMesh CRD.

Name Number Description
UNKNOWN_VIRTUAL_MESH_ACTION 0
ALL 1
MTLS_CONFIG 2
FEDERATION 3
GLOBAL_ACCESS_POLICY 4