| // Copyright 2021 The gRPC Authors |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| // Local copy of Envoy xDS proto file, used for testing only. |
| |
| syntax = "proto3"; |
| |
| package envoy.type.matcher.v3; |
| |
| // [#protodoc-title: Metadata matcher] |
| |
| // MetadataMatcher provides a general interface to check if a given value is matched in |
| // :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses `filter` and `path` to retrieve the value |
| // from the Metadata and then check if it's matched to the specified value. |
| // |
| // For example, for the following Metadata: |
| // |
| // .. code-block:: yaml |
| // |
| // filter_metadata: |
| // envoy.filters.http.rbac: |
| // fields: |
| // a: |
| // struct_value: |
| // fields: |
| // b: |
| // struct_value: |
| // fields: |
| // c: |
| // string_value: pro |
| // t: |
| // list_value: |
| // values: |
| // - string_value: m |
| // - string_value: n |
| // |
| // The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro" |
| // from the Metadata which is matched to the specified prefix match. |
| // |
| // .. code-block:: yaml |
| // |
| // filter: envoy.filters.http.rbac |
| // path: |
| // - key: a |
| // - key: b |
| // - key: c |
| // value: |
| // string_match: |
| // prefix: pr |
| // |
| // The following MetadataMatcher is matched as the code will match one of the string values in the |
| // list at the path [a, t]. |
| // |
| // .. code-block:: yaml |
| // |
| // filter: envoy.filters.http.rbac |
| // path: |
| // - key: a |
| // - key: t |
| // value: |
| // list_match: |
| // one_of: |
| // string_match: |
| // exact: m |
| // |
| // An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to |
| // enforce access control based on dynamic metadata in a request. See :ref:`Permission |
| // <envoy_v3_api_msg_config.rbac.v3.Permission>` and :ref:`Principal |
| // <envoy_v3_api_msg_config.rbac.v3.Principal>`. |
| |
| // [#next-major-version: MetadataMatcher should use StructMatcher] |
| message MetadataMatcher { |
| } |