Documentation
¶
Overview ¶
Package rbac provides service-level and method-level access control for a service.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine is used for matching incoming RPCs to policies.
func NewEngine ¶
NewEngine creates an RBAC Engine based on the contents of policy. If the config is invalid (and fails to build underlying tree of matchers), NewEngine will return an error. This created RBAC Engine will not persist the action present in the policy, and will leave up to caller to handle the action that is attached to the config.
func (*Engine) FindMatchingPolicy ¶
FindMatchingPolicy determines if an incoming RPC matches a policy. On a successful match, it returns the name of the matching policy and a true boolean to specify that there was a matching policy found.
type RPCData ¶
type RPCData struct {
// MD is the HTTP Headers that are present in the incoming RPC.
MD metadata.MD
// PeerInfo is information about the downstream peer.
PeerInfo *peer.Peer
// FullMethod is the method name being called on the upstream service.
FullMethod string
// DestinationPort is the port that the RPC is being sent to on the
// server.
DestinationPort uint32
// DestinationAddr is the address that the RPC is being sent to.
DestinationAddr net.Addr
// PrincipalName is the name of the downstream principal. If set, the URI
// SAN or DNS SAN in that order is used from the certificate, otherwise the
// subject field is used. If unset, it applies to any user that is
// authenticated.
PrincipalName string
}
RPCData wraps data pulled from an incoming RPC that the RBAC engine needs to find a matching policy.
Source Files