package rbac

import "google.golang.org/grpc/internal/xds/rbac"

Package rbac provides service-level and method-level access control for a service. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#role-based-access-control-rbac for documentation.

Index ¶

• func SetConnection(ctx context.Context, conn net.Conn) context.Context
• type ChainEngine
• func NewChainEngine(policies []*v3rbacpb.RBAC) (*ChainEngine, error)
• func (cre *ChainEngine) IsAuthorized(ctx context.Context) error

Functions ¶

func SetConnection ¶

func SetConnection(ctx context.Context, conn net.Conn) context.Context

SetConnection adds the connection to the context to be able to get information about the destination ip and port for an incoming RPC.

Types ¶

type ChainEngine ¶

type ChainEngine struct {
	// contains filtered or unexported fields
}

ChainEngine represents a chain of RBAC Engines, used to make authorization decisions on incoming RPCs.

func NewChainEngine ¶

func NewChainEngine(policies []*v3rbacpb.RBAC) (*ChainEngine, error)

NewChainEngine returns a chain of RBAC engines, used to make authorization decisions on incoming RPCs. Returns a non-nil error for invalid policies.

func (*ChainEngine) IsAuthorized ¶

func (cre *ChainEngine) IsAuthorized(ctx context.Context) error

IsAuthorized determines if an incoming RPC is authorized based on the chain of RBAC engines and their associated actions.

Errors returned by this function are compatible with the status package.

Source Files ¶

matchers.go rbac_engine.go