// Generated by the protocol buffer compiler. DO NOT EDIT!
// source: envoy/config/rbac/v2/rbac.proto
package io.envoyproxy.envoy.config.rbac.v2;
* Policy specifies a role and the principals that are assigned/denied the role. A policy matches if
* and only if at least one of its permissions match the action taking place AND at least one of its
* principals match the downstream AND the condition is true if specified.
* Protobuf type {@code envoy.config.rbac.v2.Policy}
public final class Policy extends implements
// @@protoc_insertion_point(message_implements:envoy.config.rbac.v2.Policy)
PolicyOrBuilder {
private static final long serialVersionUID = 0L;
// Use Policy.newBuilder() to construct.
private Policy(> builder) {
private Policy() {
permissions_ = java.util.Collections.emptyList();
principals_ = java.util.Collections.emptyList();
protected java.lang.Object newInstance(
UnusedPrivateParameter unused) {
return new Policy();
public final
getUnknownFields() {
return this.unknownFields;
private Policy( input, extensionRegistry)
throws {
if (extensionRegistry == null) {
throw new java.lang.NullPointerException();
int mutable_bitField0_ = 0; unknownFields =;
try {
boolean done = false;
while (!done) {
int tag = input.readTag();
switch (tag) {
case 0:
done = true;
case 10: {
if (!((mutable_bitField0_ & 0x00000001) != 0)) {
permissions_ = new java.util.ArrayList();
mutable_bitField0_ |= 0x00000001;
input.readMessage(io.envoyproxy.envoy.config.rbac.v2.Permission.parser(), extensionRegistry));
case 18: {
if (!((mutable_bitField0_ & 0x00000002) != 0)) {
principals_ = new java.util.ArrayList();
mutable_bitField0_ |= 0x00000002;
input.readMessage(io.envoyproxy.envoy.config.rbac.v2.Principal.parser(), extensionRegistry));
case 26: { subBuilder = null;
if (condition_ != null) {
subBuilder = condition_.toBuilder();
condition_ = input.readMessage(, extensionRegistry);
if (subBuilder != null) {
condition_ = subBuilder.buildPartial();
default: {
if (!parseUnknownField(
input, unknownFields, extensionRegistry, tag)) {
done = true;
} catch ( e) {
throw e.setUnfinishedMessage(this);
} catch ( e) {
throw new
} finally {
if (((mutable_bitField0_ & 0x00000001) != 0)) {
permissions_ = java.util.Collections.unmodifiableList(permissions_);
if (((mutable_bitField0_ & 0x00000002) != 0)) {
principals_ = java.util.Collections.unmodifiableList(principals_);
this.unknownFields =;
public static final
getDescriptor() {
return io.envoyproxy.envoy.config.rbac.v2.RbacProto.internal_static_envoy_config_rbac_v2_Policy_descriptor;
internalGetFieldAccessorTable() {
return io.envoyproxy.envoy.config.rbac.v2.RbacProto.internal_static_envoy_config_rbac_v2_Policy_fieldAccessorTable
io.envoyproxy.envoy.config.rbac.v2.Policy.class, io.envoyproxy.envoy.config.rbac.v2.Policy.Builder.class);
public static final int PERMISSIONS_FIELD_NUMBER = 1;
private java.util.List permissions_;
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* repeated .envoy.config.rbac.v2.Permission permissions = 1 [(.validate.rules) = { ... }
public io.envoyproxy.envoy.config.rbac.v2.PermissionOrBuilder getPermissionsOrBuilder(
int index) {
return permissions_.get(index);
public static final int PRINCIPALS_FIELD_NUMBER = 2;
private java.util.List principals_;
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* repeated .envoy.config.rbac.v2.Principal principals = 2 [(.validate.rules) = { ... }
public io.envoyproxy.envoy.config.rbac.v2.PrincipalOrBuilder getPrincipalsOrBuilder(
int index) {
return principals_.get(index);
public static final int CONDITION_FIELD_NUMBER = 3;
private condition_;
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* .google.api.expr.v1alpha1.Expr condition = 3;
public getConditionOrBuilder() {
return getCondition();
private byte memoizedIsInitialized = -1;
public final boolean isInitialized() {
byte isInitialized = memoizedIsInitialized;
if (isInitialized == 1) return true;
if (isInitialized == 0) return false;
memoizedIsInitialized = 1;
return true;
public void writeTo( output)
throws {
for (int i = 0; i < permissions_.size(); i++) {
output.writeMessage(1, permissions_.get(i));
for (int i = 0; i < principals_.size(); i++) {
output.writeMessage(2, principals_.get(i));
if (condition_ != null) {
output.writeMessage(3, getCondition());
public int getSerializedSize() {
int size = memoizedSize;
if (size != -1) return size;
size = 0;
for (int i = 0; i < permissions_.size(); i++) {
size +=
.computeMessageSize(1, permissions_.get(i));
for (int i = 0; i < principals_.size(); i++) {
size +=
.computeMessageSize(2, principals_.get(i));
if (condition_ != null) {
size +=
.computeMessageSize(3, getCondition());
size += unknownFields.getSerializedSize();
memoizedSize = size;
return size;
public boolean equals(final java.lang.Object obj) {
if (obj == this) {
return true;
if (!(obj instanceof io.envoyproxy.envoy.config.rbac.v2.Policy)) {
return super.equals(obj);
io.envoyproxy.envoy.config.rbac.v2.Policy other = (io.envoyproxy.envoy.config.rbac.v2.Policy) obj;
if (!getPermissionsList()
.equals(other.getPermissionsList())) return false;
if (!getPrincipalsList()
.equals(other.getPrincipalsList())) return false;
if (hasCondition() != other.hasCondition()) return false;
if (hasCondition()) {
if (!getCondition()
.equals(other.getCondition())) return false;
if (!unknownFields.equals(other.unknownFields)) return false;
return true;
public int hashCode() {
if (memoizedHashCode != 0) {
return memoizedHashCode;
int hash = 41;
hash = (19 * hash) + getDescriptor().hashCode();
if (getPermissionsCount() > 0) {
hash = (37 * hash) + PERMISSIONS_FIELD_NUMBER;
hash = (53 * hash) + getPermissionsList().hashCode();
if (getPrincipalsCount() > 0) {
hash = (37 * hash) + PRINCIPALS_FIELD_NUMBER;
hash = (53 * hash) + getPrincipalsList().hashCode();
if (hasCondition()) {
hash = (37 * hash) + CONDITION_FIELD_NUMBER;
hash = (53 * hash) + getCondition().hashCode();
hash = (29 * hash) + unknownFields.hashCode();
memoizedHashCode = hash;
return hash;
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom(
java.nio.ByteBuffer data)
throws {
return PARSER.parseFrom(data);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom(
java.nio.ByteBuffer data, extensionRegistry)
throws {
return PARSER.parseFrom(data, extensionRegistry);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom( data)
throws {
return PARSER.parseFrom(data);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom( data, extensionRegistry)
throws {
return PARSER.parseFrom(data, extensionRegistry);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom(byte[] data)
throws {
return PARSER.parseFrom(data);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom(
byte[] data, extensionRegistry)
throws {
return PARSER.parseFrom(data, extensionRegistry);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom( input)
throws {
.parseWithIOException(PARSER, input);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom( input, extensionRegistry)
throws {
.parseWithIOException(PARSER, input, extensionRegistry);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseDelimitedFrom( input)
throws {
.parseDelimitedWithIOException(PARSER, input);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseDelimitedFrom( input, extensionRegistry)
throws {
.parseDelimitedWithIOException(PARSER, input, extensionRegistry);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom( input)
throws {
.parseWithIOException(PARSER, input);
public static io.envoyproxy.envoy.config.rbac.v2.Policy parseFrom( input, extensionRegistry)
throws {
.parseWithIOException(PARSER, input, extensionRegistry);
public Builder newBuilderForType() { return newBuilder(); }
public static Builder newBuilder() {
return DEFAULT_INSTANCE.toBuilder();
public static Builder newBuilder(io.envoyproxy.envoy.config.rbac.v2.Policy prototype) {
return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
public Builder toBuilder() {
return this == DEFAULT_INSTANCE
? new Builder() : new Builder().mergeFrom(this);
protected Builder newBuilderForType( parent) {
Builder builder = new Builder(parent);
return builder;
* Policy specifies a role and the principals that are assigned/denied the role. A policy matches if
* and only if at least one of its permissions match the action taking place AND at least one of its
* principals match the downstream AND the condition is true if specified.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* repeated .envoy.config.rbac.v2.Permission permissions = 1 [(.validate.rules) = { ... }
public Builder setPermissions(
int index, io.envoyproxy.envoy.config.rbac.v2.Permission value) {
if (permissionsBuilder_ == null) {
if (value == null) {
throw new NullPointerException();
permissions_.set(index, value);
} else {
permissionsBuilder_.setMessage(index, value);
return this;
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* repeated .envoy.config.rbac.v2.Permission permissions = 1 [(.validate.rules) = { ... }
public Builder addPermissions(
int index, io.envoyproxy.envoy.config.rbac.v2.Permission value) {
if (permissionsBuilder_ == null) {
if (value == null) {
throw new NullPointerException();
permissions_.add(index, value);
} else {
permissionsBuilder_.addMessage(index, value);
return this;
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of permissions that define a role. Each permission is matched with OR
* semantics. To match all actions for this policy, a single Permission with the `any` field set
* to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* repeated .envoy.config.rbac.v2.Principal principals = 2 [(.validate.rules) = { ... }
public Builder setPrincipals(
int index, io.envoyproxy.envoy.config.rbac.v2.Principal value) {
if (principalsBuilder_ == null) {
if (value == null) {
throw new NullPointerException();
principals_.set(index, value);
} else {
principalsBuilder_.setMessage(index, value);
return this;
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* repeated .envoy.config.rbac.v2.Principal principals = 2 [(.validate.rules) = { ... }
public Builder addPrincipals(
int index, io.envoyproxy.envoy.config.rbac.v2.Principal value) {
if (principalsBuilder_ == null) {
if (value == null) {
throw new NullPointerException();
principals_.add(index, value);
} else {
principalsBuilder_.addMessage(index, value);
return this;
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* Required. The set of principals that are assigned/denied the role based on “action”. Each
* principal is matched with OR semantics. To match all downstreams for this policy, a single
* Principal with the `any` field set to true should be used.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* .google.api.expr.v1alpha1.Expr condition = 3;
public Builder setCondition( value) {
if (conditionBuilder_ == null) {
if (value == null) {
throw new NullPointerException();
condition_ = value;
} else {
return this;
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* An optional symbolic expression specifying an access control
* :ref:`condition <arch_overview_condition>`. The condition is combined
* with the permissions and the principals as a clause with AND semantics.
* .google.api.expr.v1alpha1.Expr condition = 3;
getConditionFieldBuilder() {
if (conditionBuilder_ == null) {
conditionBuilder_ = new<,,>(
condition_ = null;
return conditionBuilder_;
public final Builder setUnknownFields(
final unknownFields) {
return super.setUnknownFields(unknownFields);
public final Builder mergeUnknownFields(
final unknownFields) {
return super.mergeUnknownFields(unknownFields);
// @@protoc_insertion_point(builder_scope:envoy.config.rbac.v2.Policy)
// @@protoc_insertion_point(class_scope:envoy.config.rbac.v2.Policy)
private static final io.envoyproxy.envoy.config.rbac.v2.Policy DEFAULT_INSTANCE;
static {
DEFAULT_INSTANCE = new io.envoyproxy.envoy.config.rbac.v2.Policy();
public static io.envoyproxy.envoy.config.rbac.v2.Policy getDefaultInstance() {
private static final
PARSER = new {
public Policy parsePartialFrom( input, extensionRegistry)
throws {
return new Policy(input, extensionRegistry);
public static parser() {
return PARSER;
public getParserForType() {
return PARSER;
public io.envoyproxy.envoy.config.rbac.v2.Policy getDefaultInstanceForType() {