java.lang.Object

io.grpc.xds.RbacFilter

All Implemented Interfaces:: Filter, Filter.ServerInterceptorBuilder

final class RbacFilter extends Object implements Filter, Filter.ServerInterceptorBuilder

RBAC Http filter implementation.

Nested Class Summary

Nested classes/interfaces inherited from interface io.grpc.xds.Filter
Filter.ClientInterceptorBuilder, Filter.FilterConfig, Filter.NamedFilterConfig, Filter.ServerInterceptorBuilder
Field Summary

Fields

Modifier and Type

Field

Description

(package private) static final RbacFilter

INSTANCE

private static final Logger

logger

(package private) static final String

TYPE_URL

private static final String

TYPE_URL_OVERRIDE_CONFIG
Constructor Summary

Constructors

Constructor

Description

RbacFilter()
Method Summary

Modifier and Type

Method

Description

io.grpc.ServerInterceptor

buildServerInterceptor(Filter.FilterConfig config, Filter.FilterConfig overrideConfig)

private static GrpcAuthorizationEngine.DestinationIpMatcher

createDestinationIpMatcher(CidrRange cidrRange)

private static GrpcAuthorizationEngine.DestinationPortMatcher

createDestinationPortMatcher(int port)

private static GrpcAuthorizationEngine.SourceIpMatcher

createSourceIpMatcher(CidrRange cidrRange)

private io.grpc.ServerInterceptor

generateAuthorizationInterceptor(GrpcAuthorizationEngine.AuthConfig config)

private static GrpcAuthorizationEngine.AuthenticatedMatcher

parseAuthenticatedMatcher(Principal.Authenticated proto)

private static GrpcAuthorizationEngine.DestinationPortRangeMatcher

parseDestinationPortRangeMatcher(Int32Range range)

ConfigOrError<RbacConfig>

parseFilterConfig(com.google.protobuf.Message rawProtoMessage)

Parses the top-level filter config from raw proto message.

ConfigOrError<RbacConfig>

parseFilterConfigOverride(com.google.protobuf.Message rawProtoMessage)

Parses the per-filter override filter config from raw proto message.

private static GrpcAuthorizationEngine.AuthHeaderMatcher

parseHeaderMatcher(HeaderMatcher proto)

private static GrpcAuthorizationEngine.PathMatcher

parsePathMatcher(PathMatcher proto)

private static GrpcAuthorizationEngine.Matcher

parsePermission(Permission permission)

private static GrpcAuthorizationEngine.OrMatcher

parsePermissionList(List<Permission> permissions)

private static GrpcAuthorizationEngine.Matcher

parsePrincipal(Principal principal)

private static GrpcAuthorizationEngine.OrMatcher

parsePrincipalList(List<Principal> principals)

(package private) static ConfigOrError<RbacConfig>

parseRbacConfig(RBAC rbac)

private static GrpcAuthorizationEngine.RequestedServerNameMatcher

parseRequestedServerNameMatcher(StringMatcher proto)

private static InetAddress

resolve(CidrRange cidrRange)

String[]

typeUrls()

The proto message types supported by this filter.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- logger
  
  private static final Logger logger
- INSTANCE
  
  static final RbacFilter INSTANCE
- TYPE_URL
  
  static final String TYPE_URL
  See Also:
  
  Constant Field Values
- TYPE_URL_OVERRIDE_CONFIG
  
  private static final String TYPE_URL_OVERRIDE_CONFIG
  See Also:
  
  Constant Field Values
Constructor Details
- RbacFilter
  
  RbacFilter()
Method Details
- typeUrls
  
  public String[] typeUrls()
  
  Description copied from interface: Filter
  
  The proto message types supported by this filter. A filter will be registered by each of its supported message types.
  
  Specified by:
  
  typeUrls in interface Filter
- parseFilterConfig
  
  public ConfigOrError<RbacConfig> parseFilterConfig(com.google.protobuf.Message rawProtoMessage)
  
  Description copied from interface: Filter
  
  Parses the top-level filter config from raw proto message. The message may be either a Any or a Struct.
  
  Specified by:
  
  parseFilterConfig in interface Filter
- parseRbacConfig
  
  static ConfigOrError<RbacConfig> parseRbacConfig(RBAC rbac)
- parseFilterConfigOverride
  
  public ConfigOrError<RbacConfig> parseFilterConfigOverride(com.google.protobuf.Message rawProtoMessage)
  
  Description copied from interface: Filter
  
  Parses the per-filter override filter config from raw proto message. The message may be either a Any or a Struct.
  
  Specified by:
  
  parseFilterConfigOverride in interface Filter
- buildServerInterceptor
  
  @Nullable public io.grpc.ServerInterceptor buildServerInterceptor(Filter.FilterConfig config, @Nullable Filter.FilterConfig overrideConfig)
  
  Specified by:
  
  buildServerInterceptor in interface Filter.ServerInterceptorBuilder
- generateAuthorizationInterceptor
  
  private io.grpc.ServerInterceptor generateAuthorizationInterceptor(GrpcAuthorizationEngine.AuthConfig config)
- parsePermissionList
  
  private static GrpcAuthorizationEngine.OrMatcher parsePermissionList(List<Permission> permissions)
- parsePermission
  
  private static GrpcAuthorizationEngine.Matcher parsePermission(Permission permission)
- parsePrincipalList
  
  private static GrpcAuthorizationEngine.OrMatcher parsePrincipalList(List<Principal> principals)
- parsePrincipal
  
  private static GrpcAuthorizationEngine.Matcher parsePrincipal(Principal principal)
- parsePathMatcher
  
  private static GrpcAuthorizationEngine.PathMatcher parsePathMatcher(PathMatcher proto)
- parseRequestedServerNameMatcher
  
  private static GrpcAuthorizationEngine.RequestedServerNameMatcher parseRequestedServerNameMatcher(StringMatcher proto)
- parseHeaderMatcher
  
  private static GrpcAuthorizationEngine.AuthHeaderMatcher parseHeaderMatcher(HeaderMatcher proto)
- parseAuthenticatedMatcher
  
  private static GrpcAuthorizationEngine.AuthenticatedMatcher parseAuthenticatedMatcher(Principal.Authenticated proto)
- createDestinationPortMatcher
  
  private static GrpcAuthorizationEngine.DestinationPortMatcher createDestinationPortMatcher(int port)
- parseDestinationPortRangeMatcher
  
  private static GrpcAuthorizationEngine.DestinationPortRangeMatcher parseDestinationPortRangeMatcher(Int32Range range)
- createDestinationIpMatcher
  
  private static GrpcAuthorizationEngine.DestinationIpMatcher createDestinationIpMatcher(CidrRange cidrRange)
- createSourceIpMatcher
  
  private static GrpcAuthorizationEngine.SourceIpMatcher createSourceIpMatcher(CidrRange cidrRange)
- resolve
  
  private static InetAddress resolve(CidrRange cidrRange)

Class RbacFilter

Nested Class Summary

Nested classes/interfaces inherited from interface io.grpc.xds.Filter

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

logger

INSTANCE

TYPE_URL

TYPE_URL_OVERRIDE_CONFIG

Constructor Details

RbacFilter

Method Details

typeUrls

parseFilterConfig

parseRbacConfig

parseFilterConfigOverride

buildServerInterceptor

generateAuthorizationInterceptor

parsePermissionList

parsePermission

parsePrincipalList

parsePrincipal

parsePathMatcher

parseRequestedServerNameMatcher

parseHeaderMatcher

parseAuthenticatedMatcher

createDestinationPortMatcher

parseDestinationPortRangeMatcher

createDestinationIpMatcher

createSourceIpMatcher

resolve