Documentation ¶
Overview ¶
Package rbac provides service-level and method-level access control for a service. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#role-based-access-control-rbac for documentation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ChainEngine ¶
type ChainEngine struct {
// contains filtered or unexported fields
}
ChainEngine represents a chain of RBAC Engines, used to make authorization decisions on incoming RPCs.
func NewChainEngine ¶
func NewChainEngine(policies []*v3rbacpb.RBAC) (*ChainEngine, error)
NewChainEngine returns a chain of RBAC engines, used to make authorization decisions on incoming RPCs. Returns a non-nil error for invalid policies.
func (*ChainEngine) IsAuthorized ¶
func (cre *ChainEngine) IsAuthorized(ctx context.Context) error
IsAuthorized determines if an incoming RPC is authorized based on the chain of RBAC engines and their associated actions.
Errors returned by this function are compatible with the status package.