Package io.grpc.xds.internal.rbac.engine
Class GrpcAuthorizationEngine
- java.lang.Object
-
- io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine
-
public final class GrpcAuthorizationEngine extends java.lang.Object
Implementation of gRPC server access control based on envoy RBAC protocol: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.protoOne GrpcAuthorizationEngine is initialized with one action type and a list of policies. Policies are examined sequentially in order in an any match fashion, and the first matched policy will be returned. If not matched at all, the opposite action type is returned as a result.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
GrpcAuthorizationEngine.Action
static class
GrpcAuthorizationEngine.AlwaysTrueMatcher
Always true matcher.static class
GrpcAuthorizationEngine.AndMatcher
static class
GrpcAuthorizationEngine.AuthConfig
Represents authorization config policy that the engine will evaluate against.static class
GrpcAuthorizationEngine.AuthDecision
An authorization decision provides information about the decision type and the policy name identifier based on the authorization engine evaluation.static class
GrpcAuthorizationEngine.AuthenticatedMatcher
static class
GrpcAuthorizationEngine.AuthHeaderMatcher
static class
GrpcAuthorizationEngine.DestinationIpMatcher
static class
GrpcAuthorizationEngine.DestinationPortMatcher
static class
GrpcAuthorizationEngine.DestinationPortRangeMatcher
private static class
GrpcAuthorizationEngine.EvaluateArgs
static class
GrpcAuthorizationEngine.InvertMatcher
Negate matcher.static interface
GrpcAuthorizationEngine.Matcher
static class
GrpcAuthorizationEngine.OrMatcher
static class
GrpcAuthorizationEngine.PathMatcher
static class
GrpcAuthorizationEngine.PolicyMatcher
Implements a top levelGrpcAuthorizationEngine.Matcher
for a single RBAC policy configuration per envoy protocol: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#config-rbac-v3-policy.static class
GrpcAuthorizationEngine.RequestedServerNameMatcher
static class
GrpcAuthorizationEngine.SourceIpMatcher
-
Field Summary
Fields Modifier and Type Field Description private GrpcAuthorizationEngine.AuthConfig
authConfig
private static java.util.logging.Logger
log
-
Constructor Summary
Constructors Constructor Description GrpcAuthorizationEngine(GrpcAuthorizationEngine.AuthConfig authConfig)
Instantiated with envoy policyMatcher configuration.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description GrpcAuthorizationEngine.AuthDecision
evaluate(io.grpc.Metadata metadata, io.grpc.ServerCall<?,?> serverCall)
Return the auth decision for the request argument against the policies.
-
-
-
Field Detail
-
log
private static final java.util.logging.Logger log
-
authConfig
private final GrpcAuthorizationEngine.AuthConfig authConfig
-
-
Constructor Detail
-
GrpcAuthorizationEngine
public GrpcAuthorizationEngine(GrpcAuthorizationEngine.AuthConfig authConfig)
Instantiated with envoy policyMatcher configuration.
-
-
Method Detail
-
evaluate
public GrpcAuthorizationEngine.AuthDecision evaluate(io.grpc.Metadata metadata, io.grpc.ServerCall<?,?> serverCall)
Return the auth decision for the request argument against the policies.
-
-