MCPcopy
hub / github.com/grpc/grpc-go / newEngine

Function newEngine

internal/xds/rbac/rbac_engine.go:129–155  ·  view source on GitHub ↗

newEngine creates an RBAC Engine based on the contents of a policy. Returns a non-nil error if the policy is invalid.

(config *v3rbacpb.RBAC, policyName string)

Source from the content-addressed store, hash-verified

127// newEngine creates an RBAC Engine based on the contents of a policy. Returns a
128// non-nil error if the policy is invalid.
129func newEngine(config *v3rbacpb.RBAC, policyName string) (*engine, error) {
130 a := config.GetAction()
131 if a != v3rbacpb.RBAC_ALLOW && a != v3rbacpb.RBAC_DENY {
132 return nil, fmt.Errorf("unsupported action %s", config.Action)
133 }
134
135 policies := make(map[string]*policyMatcher, len(config.GetPolicies()))
136 for name, policy := range config.GetPolicies() {
137 matcher, err := newPolicyMatcher(policy)
138 if err != nil {
139 return nil, err
140 }
141 policies[name] = matcher
142 }
143
144 auditLoggers, auditCondition, err := parseAuditOptions(config.GetAuditLoggingOptions())
145 if err != nil {
146 return nil, err
147 }
148 return &engine{
149 policyName: policyName,
150 policies: policies,
151 action: a,
152 auditLoggers: auditLoggers,
153 auditCondition: auditCondition,
154 }, nil
155}
156
157func parseAuditOptions(opts *v3rbacpb.RBAC_AuditLoggingOptions) ([]audit.Logger, v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition, error) {
158 if opts == nil {

Callers 1

NewChainEngineFunction · 0.85

Calls 3

newPolicyMatcherFunction · 0.85
parseAuditOptionsFunction · 0.85
ErrorfMethod · 0.65

Tested by

no test coverage detected