Search in sources :

Example 1 with PathMatcher

use of io.envoyproxy.envoy.type.matcher.v3.PathMatcher in project grpc-java by grpc.

the class RbacFilterTest method handleException.

@Test
public void handleException() {
    PathMatcher pathMatcher = PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().build()).build();
    List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setUrlPath(pathMatcher).build());
    List<Principal> principalList = Arrays.asList(Principal.newBuilder().setUrlPath(pathMatcher).build());
    ConfigOrError<?> result = parse(permissionList, principalList);
    assertThat(result.errorDetail).isNotNull();
    permissionList = Arrays.asList(Permission.newBuilder().build());
    principalList = Arrays.asList(Principal.newBuilder().build());
    result = parse(permissionList, principalList);
    assertThat(result.errorDetail).isNotNull();
    Message rawProto = io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC.newBuilder().setRules(RBAC.newBuilder().setAction(Action.DENY).putPolicies("policy-name", Policy.newBuilder().setCondition(Expr.newBuilder().build()).build()).build()).build();
    result = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
    assertThat(result.errorDetail).isNotNull();
}
Also used : PathMatcher(io.envoyproxy.envoy.type.matcher.v3.PathMatcher) Message(com.google.protobuf.Message) Permission(io.envoyproxy.envoy.config.rbac.v3.Permission) Principal(io.envoyproxy.envoy.config.rbac.v3.Principal) Test(org.junit.Test)

Example 2 with PathMatcher

use of io.envoyproxy.envoy.type.matcher.v3.PathMatcher in project grpc-java by grpc.

the class RbacFilterTest method pathParser.

@Test
@SuppressWarnings("unchecked")
public void pathParser() {
    PathMatcher pathMatcher = PathMatcher.newBuilder().setPath(STRING_MATCHER).build();
    List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setUrlPath(pathMatcher).build());
    List<Principal> principalList = Arrays.asList(Principal.newBuilder().setUrlPath(pathMatcher).build());
    ConfigOrError<RbacConfig> result = parse(permissionList, principalList);
    assertThat(result.errorDetail).isNull();
    ServerCall<Void, Void> serverCall = mock(ServerCall.class);
    when(serverCall.getMethodDescriptor()).thenReturn(method().build());
    GrpcAuthorizationEngine engine = new GrpcAuthorizationEngine(result.config.authConfig());
    AuthDecision decision = engine.evaluate(new Metadata(), serverCall);
    assertThat(decision.decision()).isEqualTo(GrpcAuthorizationEngine.Action.DENY);
}
Also used : PathMatcher(io.envoyproxy.envoy.type.matcher.v3.PathMatcher) AuthDecision(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.AuthDecision) Permission(io.envoyproxy.envoy.config.rbac.v3.Permission) Metadata(io.grpc.Metadata) GrpcAuthorizationEngine(io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine) Principal(io.envoyproxy.envoy.config.rbac.v3.Principal) Test(org.junit.Test)

Aggregations

Permission (io.envoyproxy.envoy.config.rbac.v3.Permission)2 Principal (io.envoyproxy.envoy.config.rbac.v3.Principal)2 PathMatcher (io.envoyproxy.envoy.type.matcher.v3.PathMatcher)2 Test (org.junit.Test)2 Message (com.google.protobuf.Message)1 Metadata (io.grpc.Metadata)1 GrpcAuthorizationEngine (io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine)1 AuthDecision (io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.AuthDecision)1