rbac.pb.go

Documentation: github.com/emissary-ingress/emissary/v3/pkg/api/envoy/config/rbac/v2

     1  // Code generated by protoc-gen-go. DO NOT EDIT.
     2  // versions:
     3  // 	protoc-gen-go v1.28.1
     4  // 	protoc        v3.21.12
     5  // source: envoy/config/rbac/v2/rbac.proto
     6  
     7  package rbacv2
     8  
     9  import (
    10  	_ "github.com/cncf/xds/go/udpa/annotations"
    11  	core "github.com/emissary-ingress/emissary/v3/pkg/api/envoy/api/v2/core"
    12  	route "github.com/emissary-ingress/emissary/v3/pkg/api/envoy/api/v2/route"
    13  	matcher "github.com/emissary-ingress/emissary/v3/pkg/api/envoy/type/matcher"
    14  	_ "github.com/envoyproxy/protoc-gen-validate/validate"
    15  	v1alpha1 "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
    16  	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
    17  	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
    18  	reflect "reflect"
    19  	sync "sync"
    20  )
    21  
    22  const (
    23  	// Verify that this generated code is sufficiently up-to-date.
    24  	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
    25  	// Verify that runtime/protoimpl is sufficiently up-to-date.
    26  	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
    27  )
    28  
    29  // Should we do safe-list or block-list style access control?
    30  type RBAC_Action int32
    31  
    32  const (
    33  	// The policies grant access to principals. The rest is denied. This is safe-list style
    34  	// access control. This is the default type.
    35  	RBAC_ALLOW RBAC_Action = 0
    36  	// The policies deny access to principals. The rest is allowed. This is block-list style
    37  	// access control.
    38  	RBAC_DENY RBAC_Action = 1
    39  )
    40  
    41  // Enum value maps for RBAC_Action.
    42  var (
    43  	RBAC_Action_name = map[int32]string{
    44  		0: "ALLOW",
    45  		1: "DENY",
    46  	}
    47  	RBAC_Action_value = map[string]int32{
    48  		"ALLOW": 0,
    49  		"DENY":  1,
    50  	}
    51  )
    52  
    53  func (x RBAC_Action) Enum() *RBAC_Action {
    54  	p := new(RBAC_Action)
    55  	*p = x
    56  	return p
    57  }
    58  
    59  func (x RBAC_Action) String() string {
    60  	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
    61  }
    62  
    63  func (RBAC_Action) Descriptor() protoreflect.EnumDescriptor {
    64  	return file_envoy_config_rbac_v2_rbac_proto_enumTypes[0].Descriptor()
    65  }
    66  
    67  func (RBAC_Action) Type() protoreflect.EnumType {
    68  	return &file_envoy_config_rbac_v2_rbac_proto_enumTypes[0]
    69  }
    70  
    71  func (x RBAC_Action) Number() protoreflect.EnumNumber {
    72  	return protoreflect.EnumNumber(x)
    73  }
    74  
    75  // Deprecated: Use RBAC_Action.Descriptor instead.
    76  func (RBAC_Action) EnumDescriptor() ([]byte, []int) {
    77  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{0, 0}
    78  }
    79  
    80  // Role Based Access Control (RBAC) provides service-level and method-level access control for a
    81  // service. RBAC policies are additive. The policies are examined in order. A request is allowed
    82  // once a matching policy is found (suppose the `action` is ALLOW).
    83  //
    84  // Here is an example of RBAC configuration. It has two policies:
    85  //
    86  //   - Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
    87  //     does "cluster.local/ns/default/sa/superuser".
    88  //
    89  //   - Any user can read ("GET") the service at paths with prefix "/products", so long as the
    90  //     destination port is either 80 or 443.
    91  //
    92  //     .. code-block:: yaml
    93  //
    94  //     action: ALLOW
    95  //     policies:
    96  //     "service-admin":
    97  //     permissions:
    98  //
    99  //   - any: true
   100  //     principals:
   101  //
   102  //   - authenticated:
   103  //     principal_name:
   104  //     exact: "cluster.local/ns/default/sa/admin"
   105  //
   106  //   - authenticated:
   107  //     principal_name:
   108  //     exact: "cluster.local/ns/default/sa/superuser"
   109  //     "product-viewer":
   110  //     permissions:
   111  //
   112  //   - and_rules:
   113  //     rules:
   114  //
   115  //   - header: { name: ":method", exact_match: "GET" }
   116  //
   117  //   - url_path:
   118  //     path: { prefix: "/products" }
   119  //
   120  //   - or_rules:
   121  //     rules:
   122  //
   123  //   - destination_port: 80
   124  //
   125  //   - destination_port: 443
   126  //     principals:
   127  //
   128  //   - any: true
   129  type RBAC struct {
   130  	state         protoimpl.MessageState
   131  	sizeCache     protoimpl.SizeCache
   132  	unknownFields protoimpl.UnknownFields
   133  
   134  	// The action to take if a policy matches. The request is allowed if and only if:
   135  	//
   136  	//   * `action` is "ALLOWED" and at least one policy matches
   137  	//   * `action` is "DENY" and none of the policies match
   138  	Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v2.RBAC_Action" json:"action,omitempty"`
   139  	// Maps from policy name to policy. A match occurs when at least one policy matches the request.
   140  	Policies map[string]*Policy `protobuf:"bytes,2,rep,name=policies,proto3" json:"policies,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
   141  }
   142  
   143  func (x *RBAC) Reset() {
   144  	*x = RBAC{}
   145  	if protoimpl.UnsafeEnabled {
   146  		mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[0]
   147  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   148  		ms.StoreMessageInfo(mi)
   149  	}
   150  }
   151  
   152  func (x *RBAC) String() string {
   153  	return protoimpl.X.MessageStringOf(x)
   154  }
   155  
   156  func (*RBAC) ProtoMessage() {}
   157  
   158  func (x *RBAC) ProtoReflect() protoreflect.Message {
   159  	mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[0]
   160  	if protoimpl.UnsafeEnabled && x != nil {
   161  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   162  		if ms.LoadMessageInfo() == nil {
   163  			ms.StoreMessageInfo(mi)
   164  		}
   165  		return ms
   166  	}
   167  	return mi.MessageOf(x)
   168  }
   169  
   170  // Deprecated: Use RBAC.ProtoReflect.Descriptor instead.
   171  func (*RBAC) Descriptor() ([]byte, []int) {
   172  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{0}
   173  }
   174  
   175  func (x *RBAC) GetAction() RBAC_Action {
   176  	if x != nil {
   177  		return x.Action
   178  	}
   179  	return RBAC_ALLOW
   180  }
   181  
   182  func (x *RBAC) GetPolicies() map[string]*Policy {
   183  	if x != nil {
   184  		return x.Policies
   185  	}
   186  	return nil
   187  }
   188  
   189  // Policy specifies a role and the principals that are assigned/denied the role. A policy matches if
   190  // and only if at least one of its permissions match the action taking place AND at least one of its
   191  // principals match the downstream AND the condition is true if specified.
   192  type Policy struct {
   193  	state         protoimpl.MessageState
   194  	sizeCache     protoimpl.SizeCache
   195  	unknownFields protoimpl.UnknownFields
   196  
   197  	// Required. The set of permissions that define a role. Each permission is matched with OR
   198  	// semantics. To match all actions for this policy, a single Permission with the `any` field set
   199  	// to true should be used.
   200  	Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
   201  	// Required. The set of principals that are assigned/denied the role based on “action”. Each
   202  	// principal is matched with OR semantics. To match all downstreams for this policy, a single
   203  	// Principal with the `any` field set to true should be used.
   204  	Principals []*Principal `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"`
   205  	// An optional symbolic expression specifying an access control
   206  	// :ref:`condition <arch_overview_condition>`. The condition is combined
   207  	// with the permissions and the principals as a clause with AND semantics.
   208  	Condition *v1alpha1.Expr `protobuf:"bytes,3,opt,name=condition,proto3" json:"condition,omitempty"`
   209  }
   210  
   211  func (x *Policy) Reset() {
   212  	*x = Policy{}
   213  	if protoimpl.UnsafeEnabled {
   214  		mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[1]
   215  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   216  		ms.StoreMessageInfo(mi)
   217  	}
   218  }
   219  
   220  func (x *Policy) String() string {
   221  	return protoimpl.X.MessageStringOf(x)
   222  }
   223  
   224  func (*Policy) ProtoMessage() {}
   225  
   226  func (x *Policy) ProtoReflect() protoreflect.Message {
   227  	mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[1]
   228  	if protoimpl.UnsafeEnabled && x != nil {
   229  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   230  		if ms.LoadMessageInfo() == nil {
   231  			ms.StoreMessageInfo(mi)
   232  		}
   233  		return ms
   234  	}
   235  	return mi.MessageOf(x)
   236  }
   237  
   238  // Deprecated: Use Policy.ProtoReflect.Descriptor instead.
   239  func (*Policy) Descriptor() ([]byte, []int) {
   240  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{1}
   241  }
   242  
   243  func (x *Policy) GetPermissions() []*Permission {
   244  	if x != nil {
   245  		return x.Permissions
   246  	}
   247  	return nil
   248  }
   249  
   250  func (x *Policy) GetPrincipals() []*Principal {
   251  	if x != nil {
   252  		return x.Principals
   253  	}
   254  	return nil
   255  }
   256  
   257  func (x *Policy) GetCondition() *v1alpha1.Expr {
   258  	if x != nil {
   259  		return x.Condition
   260  	}
   261  	return nil
   262  }
   263  
   264  // Permission defines an action (or actions) that a principal can take.
   265  // [#next-free-field: 11]
   266  type Permission struct {
   267  	state         protoimpl.MessageState
   268  	sizeCache     protoimpl.SizeCache
   269  	unknownFields protoimpl.UnknownFields
   270  
   271  	// Types that are assignable to Rule:
   272  	//	*Permission_AndRules
   273  	//	*Permission_OrRules
   274  	//	*Permission_Any
   275  	//	*Permission_Header
   276  	//	*Permission_UrlPath
   277  	//	*Permission_DestinationIp
   278  	//	*Permission_DestinationPort
   279  	//	*Permission_Metadata
   280  	//	*Permission_NotRule
   281  	//	*Permission_RequestedServerName
   282  	Rule isPermission_Rule `protobuf_oneof:"rule"`
   283  }
   284  
   285  func (x *Permission) Reset() {
   286  	*x = Permission{}
   287  	if protoimpl.UnsafeEnabled {
   288  		mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[2]
   289  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   290  		ms.StoreMessageInfo(mi)
   291  	}
   292  }
   293  
   294  func (x *Permission) String() string {
   295  	return protoimpl.X.MessageStringOf(x)
   296  }
   297  
   298  func (*Permission) ProtoMessage() {}
   299  
   300  func (x *Permission) ProtoReflect() protoreflect.Message {
   301  	mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[2]
   302  	if protoimpl.UnsafeEnabled && x != nil {
   303  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   304  		if ms.LoadMessageInfo() == nil {
   305  			ms.StoreMessageInfo(mi)
   306  		}
   307  		return ms
   308  	}
   309  	return mi.MessageOf(x)
   310  }
   311  
   312  // Deprecated: Use Permission.ProtoReflect.Descriptor instead.
   313  func (*Permission) Descriptor() ([]byte, []int) {
   314  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{2}
   315  }
   316  
   317  func (m *Permission) GetRule() isPermission_Rule {
   318  	if m != nil {
   319  		return m.Rule
   320  	}
   321  	return nil
   322  }
   323  
   324  func (x *Permission) GetAndRules() *Permission_Set {
   325  	if x, ok := x.GetRule().(*Permission_AndRules); ok {
   326  		return x.AndRules
   327  	}
   328  	return nil
   329  }
   330  
   331  func (x *Permission) GetOrRules() *Permission_Set {
   332  	if x, ok := x.GetRule().(*Permission_OrRules); ok {
   333  		return x.OrRules
   334  	}
   335  	return nil
   336  }
   337  
   338  func (x *Permission) GetAny() bool {
   339  	if x, ok := x.GetRule().(*Permission_Any); ok {
   340  		return x.Any
   341  	}
   342  	return false
   343  }
   344  
   345  func (x *Permission) GetHeader() *route.HeaderMatcher {
   346  	if x, ok := x.GetRule().(*Permission_Header); ok {
   347  		return x.Header
   348  	}
   349  	return nil
   350  }
   351  
   352  func (x *Permission) GetUrlPath() *matcher.PathMatcher {
   353  	if x, ok := x.GetRule().(*Permission_UrlPath); ok {
   354  		return x.UrlPath
   355  	}
   356  	return nil
   357  }
   358  
   359  func (x *Permission) GetDestinationIp() *core.CidrRange {
   360  	if x, ok := x.GetRule().(*Permission_DestinationIp); ok {
   361  		return x.DestinationIp
   362  	}
   363  	return nil
   364  }
   365  
   366  func (x *Permission) GetDestinationPort() uint32 {
   367  	if x, ok := x.GetRule().(*Permission_DestinationPort); ok {
   368  		return x.DestinationPort
   369  	}
   370  	return 0
   371  }
   372  
   373  func (x *Permission) GetMetadata() *matcher.MetadataMatcher {
   374  	if x, ok := x.GetRule().(*Permission_Metadata); ok {
   375  		return x.Metadata
   376  	}
   377  	return nil
   378  }
   379  
   380  func (x *Permission) GetNotRule() *Permission {
   381  	if x, ok := x.GetRule().(*Permission_NotRule); ok {
   382  		return x.NotRule
   383  	}
   384  	return nil
   385  }
   386  
   387  func (x *Permission) GetRequestedServerName() *matcher.StringMatcher {
   388  	if x, ok := x.GetRule().(*Permission_RequestedServerName); ok {
   389  		return x.RequestedServerName
   390  	}
   391  	return nil
   392  }
   393  
   394  type isPermission_Rule interface {
   395  	isPermission_Rule()
   396  }
   397  
   398  type Permission_AndRules struct {
   399  	// A set of rules that all must match in order to define the action.
   400  	AndRules *Permission_Set `protobuf:"bytes,1,opt,name=and_rules,json=andRules,proto3,oneof"`
   401  }
   402  
   403  type Permission_OrRules struct {
   404  	// A set of rules where at least one must match in order to define the action.
   405  	OrRules *Permission_Set `protobuf:"bytes,2,opt,name=or_rules,json=orRules,proto3,oneof"`
   406  }
   407  
   408  type Permission_Any struct {
   409  	// When any is set, it matches any action.
   410  	Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
   411  }
   412  
   413  type Permission_Header struct {
   414  	// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
   415  	// available for HTTP request.
   416  	// Note: the pseudo-header :path includes the query and fragment string. Use the `url_path`
   417  	// field if you want to match the URL path without the query and fragment string.
   418  	Header *route.HeaderMatcher `protobuf:"bytes,4,opt,name=header,proto3,oneof"`
   419  }
   420  
   421  type Permission_UrlPath struct {
   422  	// A URL path on the incoming HTTP request. Only available for HTTP.
   423  	UrlPath *matcher.PathMatcher `protobuf:"bytes,10,opt,name=url_path,json=urlPath,proto3,oneof"`
   424  }
   425  
   426  type Permission_DestinationIp struct {
   427  	// A CIDR block that describes the destination IP.
   428  	DestinationIp *core.CidrRange `protobuf:"bytes,5,opt,name=destination_ip,json=destinationIp,proto3,oneof"`
   429  }
   430  
   431  type Permission_DestinationPort struct {
   432  	// A port number that describes the destination port connecting to.
   433  	DestinationPort uint32 `protobuf:"varint,6,opt,name=destination_port,json=destinationPort,proto3,oneof"`
   434  }
   435  
   436  type Permission_Metadata struct {
   437  	// Metadata that describes additional information about the action.
   438  	Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof"`
   439  }
   440  
   441  type Permission_NotRule struct {
   442  	// Negates matching the provided permission. For instance, if the value of `not_rule` would
   443  	// match, this permission would not match. Conversely, if the value of `not_rule` would not
   444  	// match, this permission would match.
   445  	NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,proto3,oneof"`
   446  }
   447  
   448  type Permission_RequestedServerName struct {
   449  	// The request server from the client's connection request. This is
   450  	// typically TLS SNI.
   451  	//
   452  	// .. attention::
   453  	//
   454  	//   The behavior of this field may be affected by how Envoy is configured
   455  	//   as explained below.
   456  	//
   457  	//   * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
   458  	//     filter is not added, and if a `FilterChainMatch` is not defined for
   459  	//     the :ref:`server name <envoy_api_field_listener.FilterChainMatch.server_names>`,
   460  	//     a TLS connection's requested SNI server name will be treated as if it
   461  	//     wasn't present.
   462  	//
   463  	//   * A :ref:`listener filter <arch_overview_listener_filters>` may
   464  	//     overwrite a connection's requested server name within Envoy.
   465  	//
   466  	// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to
   467  	// setup SNI.
   468  	RequestedServerName *matcher.StringMatcher `protobuf:"bytes,9,opt,name=requested_server_name,json=requestedServerName,proto3,oneof"`
   469  }
   470  
   471  func (*Permission_AndRules) isPermission_Rule() {}
   472  
   473  func (*Permission_OrRules) isPermission_Rule() {}
   474  
   475  func (*Permission_Any) isPermission_Rule() {}
   476  
   477  func (*Permission_Header) isPermission_Rule() {}
   478  
   479  func (*Permission_UrlPath) isPermission_Rule() {}
   480  
   481  func (*Permission_DestinationIp) isPermission_Rule() {}
   482  
   483  func (*Permission_DestinationPort) isPermission_Rule() {}
   484  
   485  func (*Permission_Metadata) isPermission_Rule() {}
   486  
   487  func (*Permission_NotRule) isPermission_Rule() {}
   488  
   489  func (*Permission_RequestedServerName) isPermission_Rule() {}
   490  
   491  // Principal defines an identity or a group of identities for a downstream subject.
   492  // [#next-free-field: 12]
   493  type Principal struct {
   494  	state         protoimpl.MessageState
   495  	sizeCache     protoimpl.SizeCache
   496  	unknownFields protoimpl.UnknownFields
   497  
   498  	// Types that are assignable to Identifier:
   499  	//	*Principal_AndIds
   500  	//	*Principal_OrIds
   501  	//	*Principal_Any
   502  	//	*Principal_Authenticated_
   503  	//	*Principal_SourceIp
   504  	//	*Principal_DirectRemoteIp
   505  	//	*Principal_RemoteIp
   506  	//	*Principal_Header
   507  	//	*Principal_UrlPath
   508  	//	*Principal_Metadata
   509  	//	*Principal_NotId
   510  	Identifier isPrincipal_Identifier `protobuf_oneof:"identifier"`
   511  }
   512  
   513  func (x *Principal) Reset() {
   514  	*x = Principal{}
   515  	if protoimpl.UnsafeEnabled {
   516  		mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[3]
   517  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   518  		ms.StoreMessageInfo(mi)
   519  	}
   520  }
   521  
   522  func (x *Principal) String() string {
   523  	return protoimpl.X.MessageStringOf(x)
   524  }
   525  
   526  func (*Principal) ProtoMessage() {}
   527  
   528  func (x *Principal) ProtoReflect() protoreflect.Message {
   529  	mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[3]
   530  	if protoimpl.UnsafeEnabled && x != nil {
   531  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   532  		if ms.LoadMessageInfo() == nil {
   533  			ms.StoreMessageInfo(mi)
   534  		}
   535  		return ms
   536  	}
   537  	return mi.MessageOf(x)
   538  }
   539  
   540  // Deprecated: Use Principal.ProtoReflect.Descriptor instead.
   541  func (*Principal) Descriptor() ([]byte, []int) {
   542  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{3}
   543  }
   544  
   545  func (m *Principal) GetIdentifier() isPrincipal_Identifier {
   546  	if m != nil {
   547  		return m.Identifier
   548  	}
   549  	return nil
   550  }
   551  
   552  func (x *Principal) GetAndIds() *Principal_Set {
   553  	if x, ok := x.GetIdentifier().(*Principal_AndIds); ok {
   554  		return x.AndIds
   555  	}
   556  	return nil
   557  }
   558  
   559  func (x *Principal) GetOrIds() *Principal_Set {
   560  	if x, ok := x.GetIdentifier().(*Principal_OrIds); ok {
   561  		return x.OrIds
   562  	}
   563  	return nil
   564  }
   565  
   566  func (x *Principal) GetAny() bool {
   567  	if x, ok := x.GetIdentifier().(*Principal_Any); ok {
   568  		return x.Any
   569  	}
   570  	return false
   571  }
   572  
   573  func (x *Principal) GetAuthenticated() *Principal_Authenticated {
   574  	if x, ok := x.GetIdentifier().(*Principal_Authenticated_); ok {
   575  		return x.Authenticated
   576  	}
   577  	return nil
   578  }
   579  
   580  // Deprecated: Do not use.
   581  func (x *Principal) GetSourceIp() *core.CidrRange {
   582  	if x, ok := x.GetIdentifier().(*Principal_SourceIp); ok {
   583  		return x.SourceIp
   584  	}
   585  	return nil
   586  }
   587  
   588  func (x *Principal) GetDirectRemoteIp() *core.CidrRange {
   589  	if x, ok := x.GetIdentifier().(*Principal_DirectRemoteIp); ok {
   590  		return x.DirectRemoteIp
   591  	}
   592  	return nil
   593  }
   594  
   595  func (x *Principal) GetRemoteIp() *core.CidrRange {
   596  	if x, ok := x.GetIdentifier().(*Principal_RemoteIp); ok {
   597  		return x.RemoteIp
   598  	}
   599  	return nil
   600  }
   601  
   602  func (x *Principal) GetHeader() *route.HeaderMatcher {
   603  	if x, ok := x.GetIdentifier().(*Principal_Header); ok {
   604  		return x.Header
   605  	}
   606  	return nil
   607  }
   608  
   609  func (x *Principal) GetUrlPath() *matcher.PathMatcher {
   610  	if x, ok := x.GetIdentifier().(*Principal_UrlPath); ok {
   611  		return x.UrlPath
   612  	}
   613  	return nil
   614  }
   615  
   616  func (x *Principal) GetMetadata() *matcher.MetadataMatcher {
   617  	if x, ok := x.GetIdentifier().(*Principal_Metadata); ok {
   618  		return x.Metadata
   619  	}
   620  	return nil
   621  }
   622  
   623  func (x *Principal) GetNotId() *Principal {
   624  	if x, ok := x.GetIdentifier().(*Principal_NotId); ok {
   625  		return x.NotId
   626  	}
   627  	return nil
   628  }
   629  
   630  type isPrincipal_Identifier interface {
   631  	isPrincipal_Identifier()
   632  }
   633  
   634  type Principal_AndIds struct {
   635  	// A set of identifiers that all must match in order to define the downstream.
   636  	AndIds *Principal_Set `protobuf:"bytes,1,opt,name=and_ids,json=andIds,proto3,oneof"`
   637  }
   638  
   639  type Principal_OrIds struct {
   640  	// A set of identifiers at least one must match in order to define the downstream.
   641  	OrIds *Principal_Set `protobuf:"bytes,2,opt,name=or_ids,json=orIds,proto3,oneof"`
   642  }
   643  
   644  type Principal_Any struct {
   645  	// When any is set, it matches any downstream.
   646  	Any bool `protobuf:"varint,3,opt,name=any,proto3,oneof"`
   647  }
   648  
   649  type Principal_Authenticated_ struct {
   650  	// Authenticated attributes that identify the downstream.
   651  	Authenticated *Principal_Authenticated `protobuf:"bytes,4,opt,name=authenticated,proto3,oneof"`
   652  }
   653  
   654  type Principal_SourceIp struct {
   655  	// A CIDR block that describes the downstream IP.
   656  	// This address will honor proxy protocol, but will not honor XFF.
   657  	//
   658  	// Deprecated: Do not use.
   659  	SourceIp *core.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,proto3,oneof"`
   660  }
   661  
   662  type Principal_DirectRemoteIp struct {
   663  	// A CIDR block that describes the downstream remote/origin address.
   664  	// Note: This is always the physical peer even if the
   665  	// :ref:`remote_ip <envoy_api_field_config.rbac.v2.Principal.remote_ip>` is inferred
   666  	// from for example the x-forwarder-for header, proxy protocol, etc.
   667  	DirectRemoteIp *core.CidrRange `protobuf:"bytes,10,opt,name=direct_remote_ip,json=directRemoteIp,proto3,oneof"`
   668  }
   669  
   670  type Principal_RemoteIp struct {
   671  	// A CIDR block that describes the downstream remote/origin address.
   672  	// Note: This may not be the physical peer and could be different from the
   673  	// :ref:`direct_remote_ip <envoy_api_field_config.rbac.v2.Principal.direct_remote_ip>`.
   674  	// E.g, if the remote ip is inferred from for example the x-forwarder-for header,
   675  	// proxy protocol, etc.
   676  	RemoteIp *core.CidrRange `protobuf:"bytes,11,opt,name=remote_ip,json=remoteIp,proto3,oneof"`
   677  }
   678  
   679  type Principal_Header struct {
   680  	// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
   681  	// available for HTTP request.
   682  	// Note: the pseudo-header :path includes the query and fragment string. Use the `url_path`
   683  	// field if you want to match the URL path without the query and fragment string.
   684  	Header *route.HeaderMatcher `protobuf:"bytes,6,opt,name=header,proto3,oneof"`
   685  }
   686  
   687  type Principal_UrlPath struct {
   688  	// A URL path on the incoming HTTP request. Only available for HTTP.
   689  	UrlPath *matcher.PathMatcher `protobuf:"bytes,9,opt,name=url_path,json=urlPath,proto3,oneof"`
   690  }
   691  
   692  type Principal_Metadata struct {
   693  	// Metadata that describes additional information about the principal.
   694  	Metadata *matcher.MetadataMatcher `protobuf:"bytes,7,opt,name=metadata,proto3,oneof"`
   695  }
   696  
   697  type Principal_NotId struct {
   698  	// Negates matching the provided principal. For instance, if the value of `not_id` would match,
   699  	// this principal would not match. Conversely, if the value of `not_id` would not match, this
   700  	// principal would match.
   701  	NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,proto3,oneof"`
   702  }
   703  
   704  func (*Principal_AndIds) isPrincipal_Identifier() {}
   705  
   706  func (*Principal_OrIds) isPrincipal_Identifier() {}
   707  
   708  func (*Principal_Any) isPrincipal_Identifier() {}
   709  
   710  func (*Principal_Authenticated_) isPrincipal_Identifier() {}
   711  
   712  func (*Principal_SourceIp) isPrincipal_Identifier() {}
   713  
   714  func (*Principal_DirectRemoteIp) isPrincipal_Identifier() {}
   715  
   716  func (*Principal_RemoteIp) isPrincipal_Identifier() {}
   717  
   718  func (*Principal_Header) isPrincipal_Identifier() {}
   719  
   720  func (*Principal_UrlPath) isPrincipal_Identifier() {}
   721  
   722  func (*Principal_Metadata) isPrincipal_Identifier() {}
   723  
   724  func (*Principal_NotId) isPrincipal_Identifier() {}
   725  
   726  // Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context,
   727  // each are applied with the associated behavior.
   728  type Permission_Set struct {
   729  	state         protoimpl.MessageState
   730  	sizeCache     protoimpl.SizeCache
   731  	unknownFields protoimpl.UnknownFields
   732  
   733  	Rules []*Permission `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
   734  }
   735  
   736  func (x *Permission_Set) Reset() {
   737  	*x = Permission_Set{}
   738  	if protoimpl.UnsafeEnabled {
   739  		mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[5]
   740  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   741  		ms.StoreMessageInfo(mi)
   742  	}
   743  }
   744  
   745  func (x *Permission_Set) String() string {
   746  	return protoimpl.X.MessageStringOf(x)
   747  }
   748  
   749  func (*Permission_Set) ProtoMessage() {}
   750  
   751  func (x *Permission_Set) ProtoReflect() protoreflect.Message {
   752  	mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[5]
   753  	if protoimpl.UnsafeEnabled && x != nil {
   754  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   755  		if ms.LoadMessageInfo() == nil {
   756  			ms.StoreMessageInfo(mi)
   757  		}
   758  		return ms
   759  	}
   760  	return mi.MessageOf(x)
   761  }
   762  
   763  // Deprecated: Use Permission_Set.ProtoReflect.Descriptor instead.
   764  func (*Permission_Set) Descriptor() ([]byte, []int) {
   765  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{2, 0}
   766  }
   767  
   768  func (x *Permission_Set) GetRules() []*Permission {
   769  	if x != nil {
   770  		return x.Rules
   771  	}
   772  	return nil
   773  }
   774  
   775  // Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. Depending on the context,
   776  // each are applied with the associated behavior.
   777  type Principal_Set struct {
   778  	state         protoimpl.MessageState
   779  	sizeCache     protoimpl.SizeCache
   780  	unknownFields protoimpl.UnknownFields
   781  
   782  	Ids []*Principal `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"`
   783  }
   784  
   785  func (x *Principal_Set) Reset() {
   786  	*x = Principal_Set{}
   787  	if protoimpl.UnsafeEnabled {
   788  		mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[6]
   789  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   790  		ms.StoreMessageInfo(mi)
   791  	}
   792  }
   793  
   794  func (x *Principal_Set) String() string {
   795  	return protoimpl.X.MessageStringOf(x)
   796  }
   797  
   798  func (*Principal_Set) ProtoMessage() {}
   799  
   800  func (x *Principal_Set) ProtoReflect() protoreflect.Message {
   801  	mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[6]
   802  	if protoimpl.UnsafeEnabled && x != nil {
   803  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   804  		if ms.LoadMessageInfo() == nil {
   805  			ms.StoreMessageInfo(mi)
   806  		}
   807  		return ms
   808  	}
   809  	return mi.MessageOf(x)
   810  }
   811  
   812  // Deprecated: Use Principal_Set.ProtoReflect.Descriptor instead.
   813  func (*Principal_Set) Descriptor() ([]byte, []int) {
   814  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{3, 0}
   815  }
   816  
   817  func (x *Principal_Set) GetIds() []*Principal {
   818  	if x != nil {
   819  		return x.Ids
   820  	}
   821  	return nil
   822  }
   823  
   824  // Authentication attributes for a downstream.
   825  type Principal_Authenticated struct {
   826  	state         protoimpl.MessageState
   827  	sizeCache     protoimpl.SizeCache
   828  	unknownFields protoimpl.UnknownFields
   829  
   830  	// The name of the principal. If set, The URI SAN or DNS SAN in that order is used from the
   831  	// certificate, otherwise the subject field is used. If unset, it applies to any user that is
   832  	// authenticated.
   833  	PrincipalName *matcher.StringMatcher `protobuf:"bytes,2,opt,name=principal_name,json=principalName,proto3" json:"principal_name,omitempty"`
   834  }
   835  
   836  func (x *Principal_Authenticated) Reset() {
   837  	*x = Principal_Authenticated{}
   838  	if protoimpl.UnsafeEnabled {
   839  		mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[7]
   840  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   841  		ms.StoreMessageInfo(mi)
   842  	}
   843  }
   844  
   845  func (x *Principal_Authenticated) String() string {
   846  	return protoimpl.X.MessageStringOf(x)
   847  }
   848  
   849  func (*Principal_Authenticated) ProtoMessage() {}
   850  
   851  func (x *Principal_Authenticated) ProtoReflect() protoreflect.Message {
   852  	mi := &file_envoy_config_rbac_v2_rbac_proto_msgTypes[7]
   853  	if protoimpl.UnsafeEnabled && x != nil {
   854  		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
   855  		if ms.LoadMessageInfo() == nil {
   856  			ms.StoreMessageInfo(mi)
   857  		}
   858  		return ms
   859  	}
   860  	return mi.MessageOf(x)
   861  }
   862  
   863  // Deprecated: Use Principal_Authenticated.ProtoReflect.Descriptor instead.
   864  func (*Principal_Authenticated) Descriptor() ([]byte, []int) {
   865  	return file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP(), []int{3, 1}
   866  }
   867  
   868  func (x *Principal_Authenticated) GetPrincipalName() *matcher.StringMatcher {
   869  	if x != nil {
   870  		return x.PrincipalName
   871  	}
   872  	return nil
   873  }
   874  
   875  var File_envoy_config_rbac_v2_rbac_proto protoreflect.FileDescriptor
   876  
   877  var file_envoy_config_rbac_v2_rbac_proto_rawDesc = []byte{
   878  	0x0a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72,
   879  	0x62, 0x61, 0x63, 0x2f, 0x76, 0x32, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74,
   880  	0x6f, 0x12, 0x14, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e,
   881  	0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x61,
   882  	0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x64, 0x64, 0x72, 0x65,
   883  	0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f,
   884  	0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2f, 0x72, 0x6f, 0x75,
   885  	0x74, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72,
   886  	0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f,
   887  	0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
   888  	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79,
   889  	0x70, 0x65, 0x2f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x70, 0x61, 0x74, 0x68, 0x2e,
   890  	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 0x70,
   891  	0x65, 0x2f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67,
   892  	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x25, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61,
   893  	0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31,
   894  	0x2f, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x75,
   895  	0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f,
   896  	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61,
   897  	0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e,
   898  	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x81, 0x02, 0x0a, 0x04, 0x52, 0x42, 0x41, 0x43, 0x12, 0x39,
   899  	0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21,
   900  	0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62,
   901  	0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f,
   902  	0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x44, 0x0a, 0x08, 0x70, 0x6f, 0x6c,
   903  	0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x65, 0x6e,
   904  	0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e,
   905  	0x76, 0x32, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73,
   906  	0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x1a,
   907  	0x59, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
   908  	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
   909  	0x65, 0x79, 0x12, 0x32, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
   910  	0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
   911  	0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52,
   912  	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x1d, 0x0a, 0x06, 0x41, 0x63,
   913  	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x10, 0x00, 0x12,
   914  	0x08, 0x0a, 0x04, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x01, 0x22, 0xdf, 0x01, 0x0a, 0x06, 0x50, 0x6f,
   915  	0x6c, 0x69, 0x63, 0x79, 0x12, 0x4c, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69,
   916  	0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f,
   917  	0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32,
   918  	0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa, 0x42, 0x05,
   919  	0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f,
   920  	0x6e, 0x73, 0x12, 0x49, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73,
   921  	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63,
   922  	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72,
   923  	0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x92, 0x01, 0x02, 0x08,
   924  	0x01, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x3c, 0x0a,
   925  	0x09, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
   926  	0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78,
   927  	0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72,
   928  	0x52, 0x09, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xdc, 0x05, 0x0a, 0x0a,
   929  	0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x09, 0x61, 0x6e,
   930  	0x64, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e,
   931  	0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61,
   932  	0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x2e,
   933  	0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x08, 0x61, 0x6e, 0x64, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12,
   934  	0x41, 0x0a, 0x08, 0x6f, 0x72, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
   935  	0x0b, 0x32, 0x24, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
   936  	0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73,
   937  	0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, 0x07, 0x6f, 0x72, 0x52, 0x75, 0x6c,
   938  	0x65, 0x73, 0x12, 0x1b, 0x0a, 0x03, 0x61, 0x6e, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x42,
   939  	0x07, 0xfa, 0x42, 0x04, 0x6a, 0x02, 0x08, 0x01, 0x48, 0x00, 0x52, 0x03, 0x61, 0x6e, 0x79, 0x12,
   940  	0x3b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
   941  	0x21, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x72,
   942  	0x6f, 0x75, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68,
   943  	0x65, 0x72, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x08,
   944  	0x75, 0x72, 0x6c, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f,
   945  	0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63,
   946  	0x68, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x48,
   947  	0x00, 0x52, 0x07, 0x75, 0x72, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x12, 0x45, 0x0a, 0x0e, 0x64, 0x65,
   948  	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x70, 0x18, 0x05, 0x20, 0x01,
   949  	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76,
   950  	0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65,
   951  	0x48, 0x00, 0x52, 0x0d, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49,
   952  	0x70, 0x12, 0x36, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
   953  	0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x09, 0xfa, 0x42, 0x06,
   954  	0x2a, 0x04, 0x18, 0xff, 0xff, 0x03, 0x48, 0x00, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e,
   955  	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x41, 0x0a, 0x08, 0x6d, 0x65, 0x74,
   956  	0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x65, 0x6e,
   957  	0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72,
   958  	0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72,
   959  	0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3d, 0x0a, 0x08,
   960  	0x6e, 0x6f, 0x74, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20,
   961  	0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62,
   962  	0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e,
   963  	0x48, 0x00, 0x52, 0x07, 0x6e, 0x6f, 0x74, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x57, 0x0a, 0x15, 0x72,
   964  	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f,
   965  	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x65, 0x6e, 0x76,
   966  	0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e,
   967  	0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52,
   968  	0x13, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
   969  	0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x47, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x12, 0x40, 0x0a, 0x05, 0x72,
   970  	0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76,
   971  	0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76,
   972  	0x32, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa, 0x42,
   973  	0x05, 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x42, 0x0b, 0x0a,
   974  	0x04, 0x72, 0x75, 0x6c, 0x65, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x22, 0xf5, 0x06, 0x0a, 0x09, 0x50,
   975  	0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x3e, 0x0a, 0x07, 0x61, 0x6e, 0x64, 0x5f,
   976  	0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x65, 0x6e, 0x76, 0x6f,
   977  	0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32,
   978  	0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x2e, 0x53, 0x65, 0x74, 0x48, 0x00,
   979  	0x52, 0x06, 0x61, 0x6e, 0x64, 0x49, 0x64, 0x73, 0x12, 0x3c, 0x0a, 0x06, 0x6f, 0x72, 0x5f, 0x69,
   980  	0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79,
   981  	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e,
   982  	0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x2e, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52,
   983  	0x05, 0x6f, 0x72, 0x49, 0x64, 0x73, 0x12, 0x1b, 0x0a, 0x03, 0x61, 0x6e, 0x79, 0x18, 0x03, 0x20,
   984  	0x01, 0x28, 0x08, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x6a, 0x02, 0x08, 0x01, 0x48, 0x00, 0x52, 0x03,
   985  	0x61, 0x6e, 0x79, 0x12, 0x55, 0x0a, 0x0d, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
   986  	0x61, 0x74, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x65, 0x6e, 0x76,
   987  	0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76,
   988  	0x32, 0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x2e, 0x41, 0x75, 0x74, 0x68,
   989  	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0d, 0x61, 0x75, 0x74,
   990  	0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x3f, 0x0a, 0x09, 0x73, 0x6f,
   991  	0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e,
   992  	0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72,
   993  	0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x02, 0x18, 0x01, 0x48,
   994  	0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x48, 0x0a, 0x10, 0x64,
   995  	0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x69, 0x70, 0x18,
   996  	0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70,
   997  	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61,
   998  	0x6e, 0x67, 0x65, 0x48, 0x00, 0x52, 0x0e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x6d,
   999  	0x6f, 0x74, 0x65, 0x49, 0x70, 0x12, 0x3b, 0x0a, 0x09, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f,
  1000  	0x69, 0x70, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79,
  1001  	0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x69, 0x64,
  1002  	0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x48, 0x00, 0x52, 0x08, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65,
  1003  	0x49, 0x70, 0x12, 0x3b, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01,
  1004  	0x28, 0x0b, 0x32, 0x21, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76,
  1005  	0x32, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61,
  1006  	0x74, 0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12,
  1007  	0x3c, 0x0a, 0x08, 0x75, 0x72, 0x6c, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28,
  1008  	0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d,
  1009  	0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x74, 0x63, 0x68,
  1010  	0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x75, 0x72, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x12, 0x41, 0x0a,
  1011  	0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32,
  1012  	0x23, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74,
  1013  	0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x61, 0x74,
  1014  	0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
  1015  	0x12, 0x38, 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b,
  1016  	0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e,
  1017  	0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61,
  1018  	0x6c, 0x48, 0x00, 0x52, 0x05, 0x6e, 0x6f, 0x74, 0x49, 0x64, 0x1a, 0x42, 0x0a, 0x03, 0x53, 0x65,
  1019  	0x74, 0x12, 0x3b, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f,
  1020  	0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62,
  1021  	0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x42,
  1022  	0x08, 0xfa, 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x03, 0x69, 0x64, 0x73, 0x1a, 0x5f,
  1023  	0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12,
  1024  	0x48, 0x0a, 0x0e, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d,
  1025  	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e,
  1026  	0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x53, 0x74, 0x72,
  1027  	0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x52, 0x0d, 0x70, 0x72, 0x69, 0x6e,
  1028  	0x63, 0x69, 0x70, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x42,
  1029  	0x11, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x03, 0xf8,
  1030  	0x42, 0x01, 0x42, 0x7d, 0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72,
  1031  	0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
  1032  	0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x42, 0x09, 0x52, 0x62, 0x61, 0x63, 0x50, 0x72,
  1033  	0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
  1034  	0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d,
  1035  	0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e,
  1036  	0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2f,
  1037  	0x76, 0x32, 0x3b, 0x72, 0x62, 0x61, 0x63, 0x76, 0x32, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10,
  1038  	0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
  1039  }
  1040  
  1041  var (
  1042  	file_envoy_config_rbac_v2_rbac_proto_rawDescOnce sync.Once
  1043  	file_envoy_config_rbac_v2_rbac_proto_rawDescData = file_envoy_config_rbac_v2_rbac_proto_rawDesc
  1044  )
  1045  
  1046  func file_envoy_config_rbac_v2_rbac_proto_rawDescGZIP() []byte {
  1047  	file_envoy_config_rbac_v2_rbac_proto_rawDescOnce.Do(func() {
  1048  		file_envoy_config_rbac_v2_rbac_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_config_rbac_v2_rbac_proto_rawDescData)
  1049  	})
  1050  	return file_envoy_config_rbac_v2_rbac_proto_rawDescData
  1051  }
  1052  
  1053  var file_envoy_config_rbac_v2_rbac_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
  1054  var file_envoy_config_rbac_v2_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
  1055  var file_envoy_config_rbac_v2_rbac_proto_goTypes = []interface{}{
  1056  	(RBAC_Action)(0),                // 0: envoy.config.rbac.v2.RBAC.Action
  1057  	(*RBAC)(nil),                    // 1: envoy.config.rbac.v2.RBAC
  1058  	(*Policy)(nil),                  // 2: envoy.config.rbac.v2.Policy
  1059  	(*Permission)(nil),              // 3: envoy.config.rbac.v2.Permission
  1060  	(*Principal)(nil),               // 4: envoy.config.rbac.v2.Principal
  1061  	nil,                             // 5: envoy.config.rbac.v2.RBAC.PoliciesEntry
  1062  	(*Permission_Set)(nil),          // 6: envoy.config.rbac.v2.Permission.Set
  1063  	(*Principal_Set)(nil),           // 7: envoy.config.rbac.v2.Principal.Set
  1064  	(*Principal_Authenticated)(nil), // 8: envoy.config.rbac.v2.Principal.Authenticated
  1065  	(*v1alpha1.Expr)(nil),           // 9: google.api.expr.v1alpha1.Expr
  1066  	(*route.HeaderMatcher)(nil),     // 10: envoy.api.v2.route.HeaderMatcher
  1067  	(*matcher.PathMatcher)(nil),     // 11: envoy.type.matcher.PathMatcher
  1068  	(*core.CidrRange)(nil),          // 12: envoy.api.v2.core.CidrRange
  1069  	(*matcher.MetadataMatcher)(nil), // 13: envoy.type.matcher.MetadataMatcher
  1070  	(*matcher.StringMatcher)(nil),   // 14: envoy.type.matcher.StringMatcher
  1071  }
  1072  var file_envoy_config_rbac_v2_rbac_proto_depIdxs = []int32{
  1073  	0,  // 0: envoy.config.rbac.v2.RBAC.action:type_name -> envoy.config.rbac.v2.RBAC.Action
  1074  	5,  // 1: envoy.config.rbac.v2.RBAC.policies:type_name -> envoy.config.rbac.v2.RBAC.PoliciesEntry
  1075  	3,  // 2: envoy.config.rbac.v2.Policy.permissions:type_name -> envoy.config.rbac.v2.Permission
  1076  	4,  // 3: envoy.config.rbac.v2.Policy.principals:type_name -> envoy.config.rbac.v2.Principal
  1077  	9,  // 4: envoy.config.rbac.v2.Policy.condition:type_name -> google.api.expr.v1alpha1.Expr
  1078  	6,  // 5: envoy.config.rbac.v2.Permission.and_rules:type_name -> envoy.config.rbac.v2.Permission.Set
  1079  	6,  // 6: envoy.config.rbac.v2.Permission.or_rules:type_name -> envoy.config.rbac.v2.Permission.Set
  1080  	10, // 7: envoy.config.rbac.v2.Permission.header:type_name -> envoy.api.v2.route.HeaderMatcher
  1081  	11, // 8: envoy.config.rbac.v2.Permission.url_path:type_name -> envoy.type.matcher.PathMatcher
  1082  	12, // 9: envoy.config.rbac.v2.Permission.destination_ip:type_name -> envoy.api.v2.core.CidrRange
  1083  	13, // 10: envoy.config.rbac.v2.Permission.metadata:type_name -> envoy.type.matcher.MetadataMatcher
  1084  	3,  // 11: envoy.config.rbac.v2.Permission.not_rule:type_name -> envoy.config.rbac.v2.Permission
  1085  	14, // 12: envoy.config.rbac.v2.Permission.requested_server_name:type_name -> envoy.type.matcher.StringMatcher
  1086  	7,  // 13: envoy.config.rbac.v2.Principal.and_ids:type_name -> envoy.config.rbac.v2.Principal.Set
  1087  	7,  // 14: envoy.config.rbac.v2.Principal.or_ids:type_name -> envoy.config.rbac.v2.Principal.Set
  1088  	8,  // 15: envoy.config.rbac.v2.Principal.authenticated:type_name -> envoy.config.rbac.v2.Principal.Authenticated
  1089  	12, // 16: envoy.config.rbac.v2.Principal.source_ip:type_name -> envoy.api.v2.core.CidrRange
  1090  	12, // 17: envoy.config.rbac.v2.Principal.direct_remote_ip:type_name -> envoy.api.v2.core.CidrRange
  1091  	12, // 18: envoy.config.rbac.v2.Principal.remote_ip:type_name -> envoy.api.v2.core.CidrRange
  1092  	10, // 19: envoy.config.rbac.v2.Principal.header:type_name -> envoy.api.v2.route.HeaderMatcher
  1093  	11, // 20: envoy.config.rbac.v2.Principal.url_path:type_name -> envoy.type.matcher.PathMatcher
  1094  	13, // 21: envoy.config.rbac.v2.Principal.metadata:type_name -> envoy.type.matcher.MetadataMatcher
  1095  	4,  // 22: envoy.config.rbac.v2.Principal.not_id:type_name -> envoy.config.rbac.v2.Principal
  1096  	2,  // 23: envoy.config.rbac.v2.RBAC.PoliciesEntry.value:type_name -> envoy.config.rbac.v2.Policy
  1097  	3,  // 24: envoy.config.rbac.v2.Permission.Set.rules:type_name -> envoy.config.rbac.v2.Permission
  1098  	4,  // 25: envoy.config.rbac.v2.Principal.Set.ids:type_name -> envoy.config.rbac.v2.Principal
  1099  	14, // 26: envoy.config.rbac.v2.Principal.Authenticated.principal_name:type_name -> envoy.type.matcher.StringMatcher
  1100  	27, // [27:27] is the sub-list for method output_type
  1101  	27, // [27:27] is the sub-list for method input_type
  1102  	27, // [27:27] is the sub-list for extension type_name
  1103  	27, // [27:27] is the sub-list for extension extendee
  1104  	0,  // [0:27] is the sub-list for field type_name
  1105  }
  1106  
  1107  func init() { file_envoy_config_rbac_v2_rbac_proto_init() }
  1108  func file_envoy_config_rbac_v2_rbac_proto_init() {
  1109  	if File_envoy_config_rbac_v2_rbac_proto != nil {
  1110  		return
  1111  	}
  1112  	if !protoimpl.UnsafeEnabled {
  1113  		file_envoy_config_rbac_v2_rbac_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
  1114  			switch v := v.(*RBAC); i {
  1115  			case 0:
  1116  				return &v.state
  1117  			case 1:
  1118  				return &v.sizeCache
  1119  			case 2:
  1120  				return &v.unknownFields
  1121  			default:
  1122  				return nil
  1123  			}
  1124  		}
  1125  		file_envoy_config_rbac_v2_rbac_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
  1126  			switch v := v.(*Policy); i {
  1127  			case 0:
  1128  				return &v.state
  1129  			case 1:
  1130  				return &v.sizeCache
  1131  			case 2:
  1132  				return &v.unknownFields
  1133  			default:
  1134  				return nil
  1135  			}
  1136  		}
  1137  		file_envoy_config_rbac_v2_rbac_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
  1138  			switch v := v.(*Permission); i {
  1139  			case 0:
  1140  				return &v.state
  1141  			case 1:
  1142  				return &v.sizeCache
  1143  			case 2:
  1144  				return &v.unknownFields
  1145  			default:
  1146  				return nil
  1147  			}
  1148  		}
  1149  		file_envoy_config_rbac_v2_rbac_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
  1150  			switch v := v.(*Principal); i {
  1151  			case 0:
  1152  				return &v.state
  1153  			case 1:
  1154  				return &v.sizeCache
  1155  			case 2:
  1156  				return &v.unknownFields
  1157  			default:
  1158  				return nil
  1159  			}
  1160  		}
  1161  		file_envoy_config_rbac_v2_rbac_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
  1162  			switch v := v.(*Permission_Set); i {
  1163  			case 0:
  1164  				return &v.state
  1165  			case 1:
  1166  				return &v.sizeCache
  1167  			case 2:
  1168  				return &v.unknownFields
  1169  			default:
  1170  				return nil
  1171  			}
  1172  		}
  1173  		file_envoy_config_rbac_v2_rbac_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
  1174  			switch v := v.(*Principal_Set); i {
  1175  			case 0:
  1176  				return &v.state
  1177  			case 1:
  1178  				return &v.sizeCache
  1179  			case 2:
  1180  				return &v.unknownFields
  1181  			default:
  1182  				return nil
  1183  			}
  1184  		}
  1185  		file_envoy_config_rbac_v2_rbac_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
  1186  			switch v := v.(*Principal_Authenticated); i {
  1187  			case 0:
  1188  				return &v.state
  1189  			case 1:
  1190  				return &v.sizeCache
  1191  			case 2:
  1192  				return &v.unknownFields
  1193  			default:
  1194  				return nil
  1195  			}
  1196  		}
  1197  	}
  1198  	file_envoy_config_rbac_v2_rbac_proto_msgTypes[2].OneofWrappers = []interface{}{
  1199  		(*Permission_AndRules)(nil),
  1200  		(*Permission_OrRules)(nil),
  1201  		(*Permission_Any)(nil),
  1202  		(*Permission_Header)(nil),
  1203  		(*Permission_UrlPath)(nil),
  1204  		(*Permission_DestinationIp)(nil),
  1205  		(*Permission_DestinationPort)(nil),
  1206  		(*Permission_Metadata)(nil),
  1207  		(*Permission_NotRule)(nil),
  1208  		(*Permission_RequestedServerName)(nil),
  1209  	}
  1210  	file_envoy_config_rbac_v2_rbac_proto_msgTypes[3].OneofWrappers = []interface{}{
  1211  		(*Principal_AndIds)(nil),
  1212  		(*Principal_OrIds)(nil),
  1213  		(*Principal_Any)(nil),
  1214  		(*Principal_Authenticated_)(nil),
  1215  		(*Principal_SourceIp)(nil),
  1216  		(*Principal_DirectRemoteIp)(nil),
  1217  		(*Principal_RemoteIp)(nil),
  1218  		(*Principal_Header)(nil),
  1219  		(*Principal_UrlPath)(nil),
  1220  		(*Principal_Metadata)(nil),
  1221  		(*Principal_NotId)(nil),
  1222  	}
  1223  	type x struct{}
  1224  	out := protoimpl.TypeBuilder{
  1225  		File: protoimpl.DescBuilder{
  1226  			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
  1227  			RawDescriptor: file_envoy_config_rbac_v2_rbac_proto_rawDesc,
  1228  			NumEnums:      1,
  1229  			NumMessages:   8,
  1230  			NumExtensions: 0,
  1231  			NumServices:   0,
  1232  		},
  1233  		GoTypes:           file_envoy_config_rbac_v2_rbac_proto_goTypes,
  1234  		DependencyIndexes: file_envoy_config_rbac_v2_rbac_proto_depIdxs,
  1235  		EnumInfos:         file_envoy_config_rbac_v2_rbac_proto_enumTypes,
  1236  		MessageInfos:      file_envoy_config_rbac_v2_rbac_proto_msgTypes,
  1237  	}.Build()
  1238  	File_envoy_config_rbac_v2_rbac_proto = out.File
  1239  	file_envoy_config_rbac_v2_rbac_proto_rawDesc = nil
  1240  	file_envoy_config_rbac_v2_rbac_proto_goTypes = nil
  1241  	file_envoy_config_rbac_v2_rbac_proto_depIdxs = nil
  1242  }
  1243
View as plain text