xref: /aosp_15_r20/external/grpc-grpc/include/grpcpp/security/authorization_policy_provider.h (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2) 
1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef GRPCPP_SECURITY_AUTHORIZATION_POLICY_PROVIDER_H
16 #define GRPCPP_SECURITY_AUTHORIZATION_POLICY_PROVIDER_H
17 
18 #include <memory>
19 
20 #include <grpc/grpc_security.h>
21 #include <grpc/status.h>
22 #include <grpcpp/impl/codegen/status.h>
23 
24 namespace grpc {
25 namespace experimental {
26 
27 // Wrapper around C-core grpc_authorization_policy_provider. Internally, it
28 // handles creating and updating authorization engine objects, using SDK
29 // authorization policy.
30 class AuthorizationPolicyProviderInterface {
31  public:
32   virtual ~AuthorizationPolicyProviderInterface() = default;
33   virtual grpc_authorization_policy_provider* c_provider() = 0;
34 };
35 
36 // Implementation obtains authorization policy from static string. This provider
37 // will always return the same authorization engines.
38 class StaticDataAuthorizationPolicyProvider
39     : public AuthorizationPolicyProviderInterface {
40  public:
41   static std::shared_ptr<StaticDataAuthorizationPolicyProvider> Create(
42       const std::string& authz_policy, grpc::Status* status);
43 
44   // Use factory method "Create" to create an instance of
45   // StaticDataAuthorizationPolicyProvider.
StaticDataAuthorizationPolicyProvider(grpc_authorization_policy_provider * provider)46   explicit StaticDataAuthorizationPolicyProvider(
47       grpc_authorization_policy_provider* provider)
48       : c_provider_(provider) {}
49 
50   ~StaticDataAuthorizationPolicyProvider() override;
51 
c_provider()52   grpc_authorization_policy_provider* c_provider() override {
53     return c_provider_;
54   }
55 
56  private:
57   grpc_authorization_policy_provider* c_provider_ = nullptr;
58 };
59 
60 // Implementation obtains authorization policy by watching for changes in
61 // filesystem.
62 class FileWatcherAuthorizationPolicyProvider
63     : public AuthorizationPolicyProviderInterface {
64  public:
65   static std::shared_ptr<FileWatcherAuthorizationPolicyProvider> Create(
66       const std::string& authz_policy_path, unsigned int refresh_interval_sec,
67       grpc::Status* status);
68 
69   // Use factory method "Create" to create an instance of
70   // FileWatcherAuthorizationPolicyProvider.
FileWatcherAuthorizationPolicyProvider(grpc_authorization_policy_provider * provider)71   explicit FileWatcherAuthorizationPolicyProvider(
72       grpc_authorization_policy_provider* provider)
73       : c_provider_(provider) {}
74 
75   ~FileWatcherAuthorizationPolicyProvider() override;
76 
c_provider()77   grpc_authorization_policy_provider* c_provider() override {
78     return c_provider_;
79   }
80 
81  private:
82   grpc_authorization_policy_provider* c_provider_ = nullptr;
83 };
84 
85 }  // namespace experimental
86 }  // namespace grpc
87 
88 #endif  // GRPCPP_SECURITY_AUTHORIZATION_POLICY_PROVIDER_H
89