Package: rbac.plugins.gloo.solo.io


Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/plugins/rbac/rbac.proto


A JWT principal. To use this, JWT plugin MUST be enabled.

"claims": map<string, string>
"provider": string
Field Type Description Default
claims map<string, string> Set of claims that make up this principal. Commonly, the ‘iss’ and ‘sub’ or ‘email’ claims are used. all claims must be present on the JWT.
provider string Verify that the JWT came from a specific provider. This usually can be left empty and a provider will be chosen automatically.


An RBAC principal - the identity enitity (usually a user or a service account).

"jwtPrincipal": .rbac.plugins.gloo.solo.io.JWTPrincipal
Field Type Description Default
jwtPrincipal .rbac.plugins.gloo.solo.io.JWTPrincipal


What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.

"pathPrefix": string
"methods": []string
Field Type Description Default
pathPrefix string Paths that have this prefix will be allowed.
methods []string What http methods (GET, POST, …) are allowed.


"principals": []rbac.plugins.gloo.solo.io.Principal
"permissions": .rbac.plugins.gloo.solo.io.Permissions
Field Type Description Default
principals []rbac.plugins.gloo.solo.io.Principal Principals in this policy.
permissions .rbac.plugins.gloo.solo.io.Permissions Permissions granted to the principals.


"requireRbac": bool
Field Type Description Default
requireRbac bool Require RBAC for all vhosts. A vhost without an RBAC policy set will fallback to a deny-all policy.


"policies": map<string, .rbac.plugins.gloo.solo.io.Policy>
Field Type Description Default
policies map<string, .rbac.plugins.gloo.solo.io.Policy> Named policies to apply.


"config": .rbac.plugins.gloo.solo.io.Config
Field Type Description Default
config .rbac.plugins.gloo.solo.io.Config


"disable": bool
"config": .rbac.plugins.gloo.solo.io.Config
Field Type Description Default
disable bool Disable RBAC checks on this route. This is useful to allow access to static resources \ login page without RBAC checks. Only one of disable or config can be set.
config .rbac.plugins.gloo.solo.io.Config Only one of config or disable can be set.