• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2021 The gRPC Authors
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// Local copy of Envoy xDS proto file, used for testing only.
16
17syntax = "proto3";
18
19package envoy.type.matcher.v3;
20
21// [#protodoc-title: Metadata matcher]
22
23// MetadataMatcher provides a general interface to check if a given value is matched in
24// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses `filter` and `path` to retrieve the value
25// from the Metadata and then check if it's matched to the specified value.
26//
27// For example, for the following Metadata:
28//
29// .. code-block:: yaml
30//
31//    filter_metadata:
32//      envoy.filters.http.rbac:
33//        fields:
34//          a:
35//            struct_value:
36//              fields:
37//                b:
38//                  struct_value:
39//                    fields:
40//                      c:
41//                        string_value: pro
42//                t:
43//                  list_value:
44//                    values:
45//                      - string_value: m
46//                      - string_value: n
47//
48// The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro"
49// from the Metadata which is matched to the specified prefix match.
50//
51// .. code-block:: yaml
52//
53//    filter: envoy.filters.http.rbac
54//    path:
55//    - key: a
56//    - key: b
57//    - key: c
58//    value:
59//      string_match:
60//        prefix: pr
61//
62// The following MetadataMatcher is matched as the code will match one of the string values in the
63// list at the path [a, t].
64//
65// .. code-block:: yaml
66//
67//    filter: envoy.filters.http.rbac
68//    path:
69//    - key: a
70//    - key: t
71//    value:
72//      list_match:
73//        one_of:
74//          string_match:
75//            exact: m
76//
77// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to
78// enforce access control based on dynamic metadata in a request. See :ref:`Permission
79// <envoy_v3_api_msg_config.rbac.v3.Permission>` and :ref:`Principal
80// <envoy_v3_api_msg_config.rbac.v3.Principal>`.
81
82// [#next-major-version: MetadataMatcher should use StructMatcher]
83message MetadataMatcher {
84  // If true, the match result will be inverted.
85  bool invert = 4;
86}
87