use of com.tbruyelle.rxpermissions3.Permission in project grpc-java by grpc.
the class RbacFilterTest method handleException.
@Test
public void handleException() {
PathMatcher pathMatcher = PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().build()).build();
List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setUrlPath(pathMatcher).build());
List<Principal> principalList = Arrays.asList(Principal.newBuilder().setUrlPath(pathMatcher).build());
ConfigOrError<?> result = parse(permissionList, principalList);
assertThat(result.errorDetail).isNotNull();
permissionList = Arrays.asList(Permission.newBuilder().build());
principalList = Arrays.asList(Principal.newBuilder().build());
result = parse(permissionList, principalList);
assertThat(result.errorDetail).isNotNull();
Message rawProto = io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC.newBuilder().setRules(RBAC.newBuilder().setAction(Action.DENY).putPolicies("policy-name", Policy.newBuilder().setCondition(Expr.newBuilder().build()).build()).build()).build();
result = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
assertThat(result.errorDetail).isNotNull();
}
use of com.tbruyelle.rxpermissions3.Permission in project grpc-java by grpc.
the class RbacFilterTest method pathParser.
@Test
@SuppressWarnings("unchecked")
public void pathParser() {
PathMatcher pathMatcher = PathMatcher.newBuilder().setPath(STRING_MATCHER).build();
List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setUrlPath(pathMatcher).build());
List<Principal> principalList = Arrays.asList(Principal.newBuilder().setUrlPath(pathMatcher).build());
ConfigOrError<RbacConfig> result = parse(permissionList, principalList);
assertThat(result.errorDetail).isNull();
ServerCall<Void, Void> serverCall = mock(ServerCall.class);
when(serverCall.getMethodDescriptor()).thenReturn(method().build());
GrpcAuthorizationEngine engine = new GrpcAuthorizationEngine(result.config.authConfig());
AuthDecision decision = engine.evaluate(new Metadata(), serverCall);
assertThat(decision.decision()).isEqualTo(GrpcAuthorizationEngine.Action.DENY);
}
use of com.tbruyelle.rxpermissions3.Permission in project grpc-java by grpc.
the class RbacFilterTest method headerParser.
@Test
@SuppressWarnings({ "unchecked", "deprecation" })
public void headerParser() {
HeaderMatcher headerMatcher = HeaderMatcher.newBuilder().setName("party").setExactMatch("win").build();
List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setHeader(headerMatcher).build());
List<Principal> principalList = Arrays.asList(Principal.newBuilder().setHeader(headerMatcher).build());
ConfigOrError<RbacConfig> result = parseOverride(permissionList, principalList);
assertThat(result.errorDetail).isNull();
ServerCall<Void, Void> serverCall = mock(ServerCall.class);
GrpcAuthorizationEngine engine = new GrpcAuthorizationEngine(result.config.authConfig());
AuthDecision decision = engine.evaluate(metadata("party", "win"), serverCall);
assertThat(decision.decision()).isEqualTo(GrpcAuthorizationEngine.Action.DENY);
}
use of com.tbruyelle.rxpermissions3.Permission in project grpc-java by grpc.
the class RbacFilterTest method headerParser_headerName.
@Test
@SuppressWarnings("deprecation")
public void headerParser_headerName() {
HeaderMatcher headerMatcher = HeaderMatcher.newBuilder().setName("grpc--feature").setExactMatch("win").build();
List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setHeader(headerMatcher).build());
HeaderMatcher headerMatcher2 = HeaderMatcher.newBuilder().setName(":scheme").setExactMatch("win").build();
List<Principal> principalList = Arrays.asList(Principal.newBuilder().setHeader(headerMatcher2).build());
ConfigOrError<RbacConfig> result = parseOverride(permissionList, principalList);
assertThat(result.errorDetail).isNotNull();
}
use of com.tbruyelle.rxpermissions3.Permission in project grpc-java by grpc.
the class RbacFilterTest method ipPortParser.
@Test
@SuppressWarnings({ "unchecked", "deprecation" })
public void ipPortParser() {
CidrRange cidrRange = CidrRange.newBuilder().setAddressPrefix("10.10.10.0").setPrefixLen(UInt32Value.of(24)).build();
List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setDestinationIp(cidrRange).build()).addRules(Permission.newBuilder().setDestinationPort(9090).build()).build()).build());
List<Principal> principalList = Arrays.asList(Principal.newBuilder().setAndIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setDirectRemoteIp(cidrRange).build()).addIds(Principal.newBuilder().setRemoteIp(cidrRange).build()).addIds(Principal.newBuilder().setSourceIp(cidrRange).build()).build()).build());
ConfigOrError<?> result = parseRaw(permissionList, principalList);
assertThat(result.errorDetail).isNull();
ServerCall<Void, Void> serverCall = mock(ServerCall.class);
Attributes attributes = Attributes.newBuilder().set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, new InetSocketAddress("10.10.10.0", 1)).set(Grpc.TRANSPORT_ATTR_LOCAL_ADDR, new InetSocketAddress("10.10.10.0", 9090)).build();
when(serverCall.getAttributes()).thenReturn(attributes);
when(serverCall.getMethodDescriptor()).thenReturn(method().build());
GrpcAuthorizationEngine engine = new GrpcAuthorizationEngine(((RbacConfig) result.config).authConfig());
AuthDecision decision = engine.evaluate(new Metadata(), serverCall);
assertThat(decision.decision()).isEqualTo(GrpcAuthorizationEngine.Action.DENY);
}
Aggregations