Role Based Access Control (RBAC) Filter

    • This filter should be configured with the name envoy.filters.http.rbac.

    The RBAC filter configuration can be overridden or disabled on a per-route basis by providing a RBACPerRoute configuration on the virtual host, route, or weighted cluster.

    The RBAC filter outputs statistics in the http.<stat_prefix>.rbac. namespace. The comes from the owning HTTP connection manager.

    Name

    Type

    Description

    shadow_effective_policy_id

    string

    The effective shadow policy ID matching the action (if any).

    shadow_engine_result

    string

    The engine result for the shadow rules (i.e. either allowed or denied).