Examples with RBAC io.envoyproxy.envoy.config.rbac.v3.RBAC used on opensource projects

Search in sources :

Example 6 with RBAC

use of io.envoyproxy.envoy.config.rbac.v3.RBAC in project grpc-java by grpc.

the class AuthorizationPolicyTranslatorTest method parseRequestSuccess.

@Test
public void parseRequestSuccess() throws Exception {
    String policy = "{" + " \"name\" : \"authz\" ," + " \"deny_rules\": [" + "   {" + "     \"name\": \"deny_access\"," + "     \"request\": {" + "       \"paths\": [" + "         \"/pkg.service/foo\"," + "         \"/pkg.service/bar*\"" + "       ]," + "       \"headers\": [" + "         {" + "           \"key\": \"dev-path\"," + "           \"values\": [\"/dev/path/*\"]" + "         }" + "       ]" + "     }" + "   }" + " ]," + " \"allow_rules\": [" + "   {" + "     \"name\": \"allow_access1\"," + "     \"request\": {" + "       \"headers\": [" + "         {" + "           \"key\": \"key-1\"," + "           \"values\": [" + "             \"foo\"," + "             \"*bar\"" + "           ]" + "         }," + "         {" + "           \"key\": \"key-2\"," + "           \"values\": [" + "             \"*\"" + "           ]" + "         }" + "       ]" + "     }" + "   }," + "   {" + "     \"name\": \"allow_access2\"," + "     \"request\": {" + "       \"paths\": [" + "         \"*baz\"" + "       ]" + "     }" + "   }" + " ]" + "}";
    List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
    assertEquals(2, rbacs.size());
    RBAC expected_deny_rbac = RBAC.newBuilder().setAction(Action.DENY).putPolicies("authz_deny_access", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setExact("/pkg.service/foo").build()).build()).build()).addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setPrefix("/pkg.service/bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("dev-path").setStringMatch(StringMatcher.newBuilder().setPrefix("/dev/path/").build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
    RBAC expected_allow_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_access1", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setExact("foo").build()).build()).build()).addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setSuffix("bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-2").setStringMatch(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(".+").build()).build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).putPolicies("authz_allow_access2", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setSuffix("baz").build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
    assertEquals(expected_deny_rbac, rbacs.get(0));
    assertEquals(expected_allow_rbac, rbacs.get(1));
}
Also used : RBAC(io.envoyproxy.envoy.config.rbac.v3.RBAC) Test(org.junit.Test)

Aggregations

RBAC (io.envoyproxy.envoy.config.rbac.v3.RBAC)4 Test (org.junit.Test)4 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Any (com.google.protobuf.Any)1 Policy (io.envoyproxy.envoy.config.rbac.v3.Policy)1 RBAC (io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC)1 GrpcAuthorizationEngine (io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine)1 PolicyMatcher (io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.PolicyMatcher)1 UnknownHostException (java.net.UnknownHostException)1 ArrayList (java.util.ArrayList)1 Map (java.util.Map)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial