1 // Copyright 2021 gRPC authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #include <grpc/support/port_platform.h> 16 17 #include "src/core/lib/security/authorization/grpc_authorization_engine.h" 18 19 namespace grpc_core { 20 GrpcAuthorizationEngine(Rbac policy)21GrpcAuthorizationEngine::GrpcAuthorizationEngine(Rbac policy) 22 : action_(policy.action) { 23 for (auto& sub_policy : policy.policies) { 24 Policy policy; 25 policy.name = sub_policy.first; 26 policy.matcher = absl::make_unique<PolicyAuthorizationMatcher>( 27 std::move(sub_policy.second)); 28 policies_.push_back(std::move(policy)); 29 } 30 } 31 Evaluate(const EvaluateArgs & args) const32AuthorizationEngine::Decision GrpcAuthorizationEngine::Evaluate( 33 const EvaluateArgs& args) const { 34 Decision decision; 35 bool matches = false; 36 for (const auto& policy : policies_) { 37 if (policy.matcher->Matches(args)) { 38 matches = true; 39 decision.matching_policy_name = policy.name; 40 break; 41 } 42 } 43 decision.type = (matches == (action_ == Rbac::Action::kAllow)) 44 ? Decision::Type::kAllow 45 : Decision::Type::kDeny; 46 return decision; 47 } 48 49 } // namespace grpc_core 50