Examples with Principal io.envoyproxy.envoy.config.rbac.v3.Principal used on opensource projects

Search in sources :

Example 6 with Principal

use of io.envoyproxy.envoy.config.rbac.v3.Principal in project grpc-java by grpc.

the class RbacFilterTest method pathParser.

@Test
@SuppressWarnings("unchecked")
public void pathParser() {
    PathMatcher pathMatcher = PathMatcher.newBuilder().setPath(STRING_MATCHER).build();
    List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setUrlPath(pathMatcher).build());
    List<Principal> principalList = Arrays.asList(Principal.newBuilder().setUrlPath(pathMatcher).build());
    ConfigOrError<RbacConfig> result = parse(permissionList, principalList);
    assertThat(result.errorDetail).isNull();
    ServerCall<Void, Void> serverCall = mock(ServerCall.class);
    when(serverCall.getMethodDescriptor()).thenReturn(method().build());
    GrpcAuthorizationEngine engine = new GrpcAuthorizationEngine(result.config.authConfig());
    AuthDecision decision = engine.evaluate(new Metadata(), serverCall);
    assertThat(decision.decision()).isEqualTo(GrpcAuthorizationEngine.Action.DENY);
}
Also used : PathMatcher(io.envoyproxy.envoy.type.matcher.v3.PathMatcher) AuthDecision(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.AuthDecision) Permission(io.envoyproxy.envoy.config.rbac.v3.Permission) Metadata(io.grpc.Metadata) GrpcAuthorizationEngine(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine) Principal(io.envoyproxy.envoy.config.rbac.v3.Principal) Test(org.junit.Test)

Example 7 with Principal

use of io.envoyproxy.envoy.config.rbac.v3.Principal in project grpc-java by grpc.

the class RbacFilterTest method headerParser.

@Test
@SuppressWarnings({ "unchecked", "deprecation" })
public void headerParser() {
    HeaderMatcher headerMatcher = HeaderMatcher.newBuilder().setName("party").setExactMatch("win").build();
    List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setHeader(headerMatcher).build());
    List<Principal> principalList = Arrays.asList(Principal.newBuilder().setHeader(headerMatcher).build());
    ConfigOrError<RbacConfig> result = parseOverride(permissionList, principalList);
    assertThat(result.errorDetail).isNull();
    ServerCall<Void, Void> serverCall = mock(ServerCall.class);
    GrpcAuthorizationEngine engine = new GrpcAuthorizationEngine(result.config.authConfig());
    AuthDecision decision = engine.evaluate(metadata("party", "win"), serverCall);
    assertThat(decision.decision()).isEqualTo(GrpcAuthorizationEngine.Action.DENY);
}
Also used : HeaderMatcher(io.envoyproxy.envoy.config.route.v3.HeaderMatcher) AuthDecision(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.AuthDecision) Permission(io.envoyproxy.envoy.config.rbac.v3.Permission) GrpcAuthorizationEngine(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine) Principal(io.envoyproxy.envoy.config.rbac.v3.Principal) Test(org.junit.Test)

Example 8 with Principal

use of io.envoyproxy.envoy.config.rbac.v3.Principal in project grpc-java by grpc.

the class RbacFilterTest method headerParser_headerName.

@Test
@SuppressWarnings("deprecation")
public void headerParser_headerName() {
    HeaderMatcher headerMatcher = HeaderMatcher.newBuilder().setName("grpc--feature").setExactMatch("win").build();
    List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setHeader(headerMatcher).build());
    HeaderMatcher headerMatcher2 = HeaderMatcher.newBuilder().setName(":scheme").setExactMatch("win").build();
    List<Principal> principalList = Arrays.asList(Principal.newBuilder().setHeader(headerMatcher2).build());
    ConfigOrError<RbacConfig> result = parseOverride(permissionList, principalList);
    assertThat(result.errorDetail).isNotNull();
}
Also used : HeaderMatcher(io.envoyproxy.envoy.config.route.v3.HeaderMatcher) Permission(io.envoyproxy.envoy.config.rbac.v3.Permission) Principal(io.envoyproxy.envoy.config.rbac.v3.Principal) Test(org.junit.Test)

Example 9 with Principal

use of io.envoyproxy.envoy.config.rbac.v3.Principal in project grpc-java by grpc.

the class RbacFilterTest method ipPortParser.

@Test
@SuppressWarnings({ "unchecked", "deprecation" })
public void ipPortParser() {
    CidrRange cidrRange = CidrRange.newBuilder().setAddressPrefix("10.10.10.0").setPrefixLen(UInt32Value.of(24)).build();
    List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setDestinationIp(cidrRange).build()).addRules(Permission.newBuilder().setDestinationPort(9090).build()).build()).build());
    List<Principal> principalList = Arrays.asList(Principal.newBuilder().setAndIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setDirectRemoteIp(cidrRange).build()).addIds(Principal.newBuilder().setRemoteIp(cidrRange).build()).addIds(Principal.newBuilder().setSourceIp(cidrRange).build()).build()).build());
    ConfigOrError<?> result = parseRaw(permissionList, principalList);
    assertThat(result.errorDetail).isNull();
    ServerCall<Void, Void> serverCall = mock(ServerCall.class);
    Attributes attributes = Attributes.newBuilder().set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, new InetSocketAddress("10.10.10.0", 1)).set(Grpc.TRANSPORT_ATTR_LOCAL_ADDR, new InetSocketAddress("10.10.10.0", 9090)).build();
    when(serverCall.getAttributes()).thenReturn(attributes);
    when(serverCall.getMethodDescriptor()).thenReturn(method().build());
    GrpcAuthorizationEngine engine = new GrpcAuthorizationEngine(((RbacConfig) result.config).authConfig());
    AuthDecision decision = engine.evaluate(new Metadata(), serverCall);
    assertThat(decision.decision()).isEqualTo(GrpcAuthorizationEngine.Action.DENY);
}
Also used : AuthDecision(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.AuthDecision) CidrRange(io.envoyproxy.envoy.config.core.v3.CidrRange) InetSocketAddress(java.net.InetSocketAddress) Attributes(io.grpc.Attributes) Metadata(io.grpc.Metadata) GrpcAuthorizationEngine(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine) Permission(io.envoyproxy.envoy.config.rbac.v3.Permission) Principal(io.envoyproxy.envoy.config.rbac.v3.Principal) Test(org.junit.Test)

Aggregations

Permission (io.envoyproxy.envoy.config.rbac.v3.Permission)9 Principal (io.envoyproxy.envoy.config.rbac.v3.Principal)9 Test (org.junit.Test)8 GrpcAuthorizationEngine (io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine)6 AuthDecision (io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.AuthDecision)6 Metadata (io.grpc.Metadata)5 Attributes (io.grpc.Attributes)3 HeaderMatcher (io.envoyproxy.envoy.config.route.v3.HeaderMatcher)2 PathMatcher (io.envoyproxy.envoy.type.matcher.v3.PathMatcher)2 InetSocketAddress (java.net.InetSocketAddress)2 Message (com.google.protobuf.Message)1 CidrRange (io.envoyproxy.envoy.config.core.v3.CidrRange)1 Policy (io.envoyproxy.envoy.config.rbac.v3.Policy)1 MetadataMatcher (io.envoyproxy.envoy.type.matcher.v3.MetadataMatcher)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 LinkedHashMap (java.util.LinkedHashMap)1 SSLSession (javax.net.ssl.SSLSession)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial