/proc/self/cwd/source/extensions/filters/common/rbac/engine.h
Line | Count | Source |
1 | | #pragma once |
2 | | |
3 | | #include "envoy/http/filter.h" |
4 | | #include "envoy/http/header_map.h" |
5 | | #include "envoy/network/connection.h" |
6 | | #include "envoy/stream_info/stream_info.h" |
7 | | |
8 | | namespace Envoy { |
9 | | namespace Extensions { |
10 | | namespace Filters { |
11 | | namespace Common { |
12 | | namespace RBAC { |
13 | | |
14 | | /** |
15 | | * Shared logic for evaluating RBAC policies. |
16 | | */ |
17 | | class RoleBasedAccessControlEngine { |
18 | | public: |
19 | 4.43k | virtual ~RoleBasedAccessControlEngine() = default; |
20 | | |
21 | | /** |
22 | | * Handles action-specific operations and returns whether or not the request is permitted. |
23 | | * |
24 | | * @param connection the downstream connection used to identify the action/principal. |
25 | | * @param headers the headers of the incoming request used to identify the action/principal. An |
26 | | * empty map should be used if there are no headers available. |
27 | | * @param info the per-request or per-connection stream info with additional information |
28 | | * about the action/principal. Can be modified by the LOG Action. |
29 | | * @param effective_policy_id it will be filled by the matching policy's ID, |
30 | | * which is used to identity the source of the allow/deny. |
31 | | */ |
32 | | virtual bool handleAction(const Network::Connection& connection, |
33 | | const Envoy::Http::RequestHeaderMap& headers, |
34 | | StreamInfo::StreamInfo& info, |
35 | | std::string* effective_policy_id) const PURE; |
36 | | |
37 | | /** |
38 | | * Handles action-specific operations and returns whether or not the request is permitted. |
39 | | * |
40 | | * @param connection the downstream connection used to identify the action/principal. |
41 | | * @param info the per-request or per-connection stream info with additional information |
42 | | * about the action/principal. Can be modified by the LOG Action. |
43 | | * @param effective_policy_id it will be filled by the matching policy's ID, |
44 | | * which is used to identity the source of the allow/deny. |
45 | | */ |
46 | | virtual bool handleAction(const Network::Connection& connection, StreamInfo::StreamInfo& info, |
47 | | std::string* effective_policy_id) const PURE; |
48 | | }; |
49 | | |
50 | | } // namespace RBAC |
51 | | } // namespace Common |
52 | | } // namespace Filters |
53 | | } // namespace Extensions |
54 | | } // namespace Envoy |