/
upstream_ip_port_matcher.proto
35 lines (28 loc) · 1.66 KB
/
upstream_ip_port_matcher.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
syntax = "proto3";
package envoy.extensions.rbac.matchers.upstream_ip_port.v3;
import "envoy/config/core/v3/address.proto";
import "envoy/type/v3/range.proto";
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.extensions.rbac.matchers.upstream_ip_port.v3";
option java_outer_classname = "UpstreamIpPortMatcherProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/rbac/matchers/upstream_ip_port/v3;upstream_ip_portv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: RBAC upstream IP and port matcher plugin]
// [#extension: envoy.rbac.matchers.upstream_ip_port]
// This is configuration for matching upstream ip and port.
// Note that although both fields are optional, at least one of IP or port must be supplied. If only
// one is supplied the other is a wildcard match.
// This matcher requires a filter in the chain to have saved the upstream address in the
// filter state before the matcher is executed by RBAC filter. The state should be saved with key
// ``envoy.stream.upstream_address`` (See
// :repo:`upstream_address.h<source/common/stream_info/upstream_address.h>`).
// Also, See :repo:`proxy_filter.cc<source/extensions/filters/http/dynamic_forward_proxy/proxy_filter.cc>`
// for an example of a filter which populates the FilterState.
message UpstreamIpPortMatcher {
// A CIDR block that will be used to match the upstream IP.
// Both Ipv4 and Ipv6 ranges can be matched.
config.core.v3.CidrRange upstream_ip = 1;
// A port range that will be used to match the upstream port.
type.v3.Int64Range upstream_port_range = 2;
}