Examples with RBAC io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC used on opensource projects

Search in sources :

Example 1 with RBAC

use of io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC in project grpc-java by grpc.

the class AuthorizationPolicyTranslatorTest method missingSourceAndRequest.

@Test
public void missingSourceAndRequest() throws Exception {
    String policy = "{" + " \"name\" : \"authz\" ," + " \"allow_rules\" : [" + "   {" + "     \"name\": \"allow_all\"" + "   }" + " ]" + "}";
    List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
    assertEquals(1, rbacs.size());
    RBAC expected_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_all", Policy.newBuilder().addPrincipals(Principal.newBuilder().setAny(true)).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
    assertEquals(expected_rbac, rbacs.get(0));
}
Also used : RBAC(io.envoyproxy.envoy.config.rbac.v3.RBAC) Test(org.junit.Test)

Example 2 with RBAC

use of io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC in project grpc-java by grpc.

the class AuthorizationPolicyTranslatorTest method emptySourceAndRequest.

@Test
public void emptySourceAndRequest() throws Exception {
    String policy = "{" + " \"name\" : \"authz\" ," + " \"allow_rules\" : [" + "   {" + "     \"name\": \"allow_all\"," + "     \"source\": {}," + "     \"request\": {}" + "   }" + " ]" + "}";
    List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
    assertEquals(1, rbacs.size());
    RBAC expected_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_all", Policy.newBuilder().addPrincipals(Principal.newBuilder().setAny(true)).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
    assertEquals(expected_rbac, rbacs.get(0));
}
Also used : RBAC(io.envoyproxy.envoy.config.rbac.v3.RBAC) Test(org.junit.Test)

Example 3 with RBAC

use of io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC in project grpc-java by grpc.

the class RbacFilter method parseFilterConfig.

@Override
public ConfigOrError<RbacConfig> parseFilterConfig(Message rawProtoMessage) {
    RBAC rbacProto;
    if (!(rawProtoMessage instanceof Any)) {
        return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
    }
    Any anyMessage = (Any) rawProtoMessage;
    try {
        rbacProto = anyMessage.unpack(RBAC.class);
    } catch (InvalidProtocolBufferException e) {
        return ConfigOrError.fromError("Invalid proto: " + e);
    }
    return parseRbacConfig(rbacProto);
}
Also used : RBAC(io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) Any(com.google.protobuf.Any)

Example 4 with RBAC

use of io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC in project grpc-java by grpc.

the class AuthorizationPolicyTranslatorTest method parseSourceSuccess.

@Test
public void parseSourceSuccess() throws Exception {
    String policy = "{" + " \"name\" : \"authz\" ," + " \"deny_rules\": [" + "   {" + "     \"name\": \"deny_users\"," + "     \"source\": {" + "       \"principals\": [" + "         \"spiffe://foo.com\"," + "         \"spiffe://bar*\"," + "         \"*baz\"," + "         \"spiffe://*.com\"" + "       ]" + "     }" + "   }" + " ]," + " \"allow_rules\": [" + "   {" + "     \"name\": \"allow_any\"," + "     \"source\": {" + "       \"principals\": [" + "         \"*\"" + "       ]" + "     }" + "   }" + " ]" + "}";
    List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
    assertEquals(2, rbacs.size());
    RBAC expected_deny_rbac = RBAC.newBuilder().setAction(Action.DENY).putPolicies("authz_deny_users", Policy.newBuilder().addPrincipals(Principal.newBuilder().setOrIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setExact("spiffe://foo.com").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setPrefix("spiffe://bar").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setSuffix("baz").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setExact("spiffe://*.com").build()).build()).build()).build()).build()).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
    RBAC expected_allow_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_any", Policy.newBuilder().addPrincipals(Principal.newBuilder().setOrIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(".+").build()).build()).build()).build()).build()).build()).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
    assertEquals(expected_deny_rbac, rbacs.get(0));
    assertEquals(expected_allow_rbac, rbacs.get(1));
}
Also used : RBAC(io.envoyproxy.envoy.config.rbac.v3.RBAC) Test(org.junit.Test)

Example 5 with RBAC

use of io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC in project grpc-java by grpc.

the class AuthorizationPolicyTranslatorTest method parseRequestSuccess.

@Test
public void parseRequestSuccess() throws Exception {
    String policy = "{" + " \"name\" : \"authz\" ," + " \"deny_rules\": [" + "   {" + "     \"name\": \"deny_access\"," + "     \"request\": {" + "       \"paths\": [" + "         \"/pkg.service/foo\"," + "         \"/pkg.service/bar*\"" + "       ]," + "       \"headers\": [" + "         {" + "           \"key\": \"dev-path\"," + "           \"values\": [\"/dev/path/*\"]" + "         }" + "       ]" + "     }" + "   }" + " ]," + " \"allow_rules\": [" + "   {" + "     \"name\": \"allow_access1\"," + "     \"request\": {" + "       \"headers\": [" + "         {" + "           \"key\": \"key-1\"," + "           \"values\": [" + "             \"foo\"," + "             \"*bar\"" + "           ]" + "         }," + "         {" + "           \"key\": \"key-2\"," + "           \"values\": [" + "             \"*\"" + "           ]" + "         }" + "       ]" + "     }" + "   }," + "   {" + "     \"name\": \"allow_access2\"," + "     \"request\": {" + "       \"paths\": [" + "         \"*baz\"" + "       ]" + "     }" + "   }" + " ]" + "}";
    List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
    assertEquals(2, rbacs.size());
    RBAC expected_deny_rbac = RBAC.newBuilder().setAction(Action.DENY).putPolicies("authz_deny_access", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setExact("/pkg.service/foo").build()).build()).build()).addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setPrefix("/pkg.service/bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("dev-path").setStringMatch(StringMatcher.newBuilder().setPrefix("/dev/path/").build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
    RBAC expected_allow_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_access1", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setExact("foo").build()).build()).build()).addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setSuffix("bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-2").setStringMatch(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(".+").build()).build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).putPolicies("authz_allow_access2", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setSuffix("baz").build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
    assertEquals(expected_deny_rbac, rbacs.get(0));
    assertEquals(expected_allow_rbac, rbacs.get(1));
}
Also used : RBAC(io.envoyproxy.envoy.config.rbac.v3.RBAC) Test(org.junit.Test)

Aggregations

RBAC (io.envoyproxy.envoy.config.rbac.v3.RBAC)4 Test (org.junit.Test)4 Any (com.google.protobuf.Any)1 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 RBAC (io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial