• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright 2021 gRPC authors.
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //     http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef GRPC_SRC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
18 #define GRPC_SRC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
19 
20 #include <grpc/support/port_platform.h>
21 #include <stddef.h>
22 
23 #include "absl/status/statusor.h"
24 #include "src/core/lib/channel/channel_args.h"
25 #include "src/core/lib/channel/channel_fwd.h"
26 #include "src/core/lib/channel/promise_based_filter.h"
27 #include "src/core/lib/promise/arena_promise.h"
28 #include "src/core/lib/security/authorization/evaluate_args.h"
29 #include "src/core/lib/transport/transport.h"
30 
31 namespace grpc_core {
32 
33 // Filter used when xDS server config fetcher provides a configuration with an
34 // HTTP RBAC filter. Also serves as the type for channel data for the filter.
35 class RbacFilter : public ImplementChannelFilter<RbacFilter> {
36  public:
37   // This channel filter is intended to be used by connections on xDS enabled
38   // servers configured with RBAC. The RBAC filter fetches the RBAC policy from
39   // the method config of service config returned by the ServerConfigSelector,
40   // and enforces the RBAC policy.
41   static const grpc_channel_filter kFilterVtable;
42 
TypeName()43   static absl::string_view TypeName() { return "rbac_filter"; }
44 
45   static absl::StatusOr<std::unique_ptr<RbacFilter>> Create(
46       const ChannelArgs& args, ChannelFilter::Args filter_args);
47 
48   RbacFilter(size_t index,
49              EvaluateArgs::PerChannelArgs per_channel_evaluate_args);
50 
51   class Call {
52    public:
53     absl::Status OnClientInitialMetadata(ClientMetadata& md,
54                                          RbacFilter* filter);
55     static const NoInterceptor OnServerInitialMetadata;
56     static const NoInterceptor OnServerTrailingMetadata;
57     static const NoInterceptor OnClientToServerMessage;
58     static const NoInterceptor OnClientToServerHalfClose;
59     static const NoInterceptor OnServerToClientMessage;
60     static const NoInterceptor OnFinalize;
61   };
62 
63  private:
64   // The index of this filter instance among instances of the same filter.
65   size_t index_;
66   // Assigned index for service config data from the parser.
67   const size_t service_config_parser_index_;
68   // Per channel args used for authorization.
69   EvaluateArgs::PerChannelArgs per_channel_evaluate_args_;
70 };
71 
72 }  // namespace grpc_core
73 
74 #endif  // GRPC_SRC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
75