Package io.grpc.xds.internal.rbac.engine
Class GrpcAuthorizationEngine
- java.lang.Object
-
- io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine
-
public final class GrpcAuthorizationEngine extends java.lang.ObjectImplementation of gRPC server access control based on envoy RBAC protocol: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.protoOne GrpcAuthorizationEngine is initialized with one action type and a list of policies. Policies are examined sequentially in order in an any match fashion, and the first matched policy will be returned. If not matched at all, the opposite action type is returned as a result.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classGrpcAuthorizationEngine.Actionstatic classGrpcAuthorizationEngine.AlwaysTrueMatcherAlways true matcher.static classGrpcAuthorizationEngine.AndMatcherstatic classGrpcAuthorizationEngine.AuthConfigRepresents authorization config policy that the engine will evaluate against.static classGrpcAuthorizationEngine.AuthDecisionAn authorization decision provides information about the decision type and the policy name identifier based on the authorization engine evaluation.static classGrpcAuthorizationEngine.AuthenticatedMatcherstatic classGrpcAuthorizationEngine.AuthHeaderMatcherstatic classGrpcAuthorizationEngine.DestinationIpMatcherstatic classGrpcAuthorizationEngine.DestinationPortMatcherstatic classGrpcAuthorizationEngine.DestinationPortRangeMatcherprivate static classGrpcAuthorizationEngine.EvaluateArgsstatic classGrpcAuthorizationEngine.InvertMatcherNegate matcher.static interfaceGrpcAuthorizationEngine.Matcherstatic classGrpcAuthorizationEngine.OrMatcherstatic classGrpcAuthorizationEngine.PathMatcherstatic classGrpcAuthorizationEngine.PolicyMatcherImplements a top levelGrpcAuthorizationEngine.Matcherfor a single RBAC policy configuration per envoy protocol: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#config-rbac-v3-policy.static classGrpcAuthorizationEngine.RequestedServerNameMatcherstatic classGrpcAuthorizationEngine.SourceIpMatcher
-
Field Summary
Fields Modifier and Type Field Description private GrpcAuthorizationEngine.AuthConfigauthConfigprivate static java.util.logging.Loggerlog
-
Constructor Summary
Constructors Constructor Description GrpcAuthorizationEngine(GrpcAuthorizationEngine.AuthConfig authConfig)Instantiated with envoy policyMatcher configuration.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description GrpcAuthorizationEngine.AuthDecisionevaluate(io.grpc.Metadata metadata, io.grpc.ServerCall<?,?> serverCall)Return the auth decision for the request argument against the policies.
-
-
-
Field Detail
-
log
private static final java.util.logging.Logger log
-
authConfig
private final GrpcAuthorizationEngine.AuthConfig authConfig
-
-
Constructor Detail
-
GrpcAuthorizationEngine
public GrpcAuthorizationEngine(GrpcAuthorizationEngine.AuthConfig authConfig)
Instantiated with envoy policyMatcher configuration.
-
-
Method Detail
-
evaluate
public GrpcAuthorizationEngine.AuthDecision evaluate(io.grpc.Metadata metadata, io.grpc.ServerCall<?,?> serverCall)
Return the auth decision for the request argument against the policies.
-
-