rbac.proto

Package: rbac.options.gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/rbac/rbac.proto

Settings

Global RBAC settings

"requireRbac": bool
Field Type Description Default
requireRbac bool Require RBAC for all virtual hosts. A vhost without an RBAC policy set will fallback to a deny-all policy.

ExtensionSettings

RBAC settings for Virtual Hosts and Routes

"disable": bool
"policies": map<string, .rbac.options.gloo.solo.io.Policy>
Field Type Description Default
disable bool Disable RBAC checks on this resource (default false). This is useful to allow access to static resources/login page without RBAC checks. If provided on a route, all route settings override any vhost settings.
policies map<string, .rbac.options.gloo.solo.io.Policy> Named policies to apply.

Policy

"principals": []rbac.options.gloo.solo.io.Principal
"permissions": .rbac.options.gloo.solo.io.Permissions
Field Type Description Default
principals []rbac.options.gloo.solo.io.Principal Principals in this policy.
permissions .rbac.options.gloo.solo.io.Permissions Permissions granted to the principals.

Principal

An RBAC principal - the identity entity (usually a user or a service account).

"jwtPrincipal": .rbac.options.gloo.solo.io.JWTPrincipal
Field Type Description Default
jwtPrincipal .rbac.options.gloo.solo.io.JWTPrincipal

JWTPrincipal

A JWT principal. To use this, JWT option MUST be enabled.

"claims": map<string, string>
"provider": string
Field Type Description Default
claims map<string, string> Set of claims that make up this principal. Commonly, the ‘iss’ and ‘sub’ or ‘email’ claims are used. all claims must be present on the JWT.
provider string Verify that the JWT came from a specific provider. This usually can be left empty and a provider will be chosen automatically.

Permissions

What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.

"pathPrefix": string
"methods": []string
Field Type Description Default
pathPrefix string Paths that have this prefix will be allowed.
methods []string What http methods (GET, POST, …) are allowed.