Role Based Access Control (RBAC) Filter

    • This filter should be configured with the name envoy.filters.http.rbac.

    The RBAC filter configuration can be overridden or disabled on a per-route basis by providing a RBACPerRoute configuration on the virtual host, route, or weighted cluster.

    The RBAC filter outputs statistics in the http..rbac. namespace. The comes from the owning HTTP connection manager.

    Name

    Type

    Description

    shadow_effective_policy_id

    string

    The effective shadow policy ID matching the action (if any).

    shadow_engine_result

    string

    The engine result for the shadow rules (i.e. either allowed or denied).