resource_authz.h - vbmc - Git at Google

 #ifndef THIRD_PARTY_MILOTIC_INTERNAL_CC_PROXY_RESOURCE_AUTHZ_H_
 #define THIRD_PARTY_MILOTIC_INTERNAL_CC_PROXY_RESOURCE_AUTHZ_H_

 #include <string>
 #include <utility>
 #include <vector>

 #include "absl/status/status.h"
 #include "absl/strings/string_view.h"
 #include "grpcpp/security/auth_context.h"
 #include "proxy_config.pb.h"
 #include "redfish_plugin.h"

 namespace milotic {
 struct AuthorizationContext;
 class PermissionChecker {
  public:
   virtual ~PermissionChecker() = default;
   virtual bool Check(const AuthorizationContext& context,
                      absl::string_view permission) = 0;
 };

 struct AuthorizationContext {
   const grpc::AuthContext& grpc_context;
   PermissionChecker* permission_checker;
 };

 class AuthorizationEngine {
  public:
   explicit AuthorizationEngine(
       const milotic_grpc_proxy::AuthorizationPolicy& policy);

   absl::Status Authorize(RedfishPlugin::RequestVerb verb,
                          absl::string_view redfish_id,
                          AuthorizationContext& auth_context) const;

  private:
   struct PrecomputedMapping {
     std::string name;
     // We can store the whole Mapping proto or just what we need.
     // Storing the proto might be easier for some fields, but we want sorted
     // rules.
     milotic_grpc_proxy::AuthorizationPolicy::Mapping mapping_proto;
     std::vector<
         std::pair<std::string, milotic_grpc_proxy::AuthorizationPolicy::Rule>>
         sorted_rules;
   };

   std::vector<PrecomputedMapping> mappings_;
 };

 absl::Status AuthorizeRequest(
     const milotic_grpc_proxy::AuthorizationPolicy& authorization_policy,
     RedfishPlugin::RequestVerb verb, absl::string_view redfish_id,
     AuthorizationContext& auth_context);

 }  // namespace milotic

 #endif  // THIRD_PARTY_MILOTIC_INTERNAL_CC_PROXY_RESOURCE_AUTHZ_H_
	#ifndef THIRD_PARTY_MILOTIC_INTERNAL_CC_PROXY_RESOURCE_AUTHZ_H_
	#define THIRD_PARTY_MILOTIC_INTERNAL_CC_PROXY_RESOURCE_AUTHZ_H_

	#include <string>
	#include <utility>
	#include <vector>

	#include "absl/status/status.h"
	#include "absl/strings/string_view.h"
	#include "grpcpp/security/auth_context.h"
	#include "proxy_config.pb.h"
	#include "redfish_plugin.h"

	namespace milotic {
	struct AuthorizationContext;
	class PermissionChecker {
	public:
	virtual ~PermissionChecker() = default;
	virtual bool Check(const AuthorizationContext& context,
	absl::string_view permission) = 0;
	};

	struct AuthorizationContext {
	const grpc::AuthContext& grpc_context;
	PermissionChecker* permission_checker;
	};

	class AuthorizationEngine {
	public:
	explicit AuthorizationEngine(
	const milotic_grpc_proxy::AuthorizationPolicy& policy);

	absl::Status Authorize(RedfishPlugin::RequestVerb verb,
	absl::string_view redfish_id,
	AuthorizationContext& auth_context) const;

	private:
	struct PrecomputedMapping {
	std::string name;
	// We can store the whole Mapping proto or just what we need.
	// Storing the proto might be easier for some fields, but we want sorted
	// rules.
	milotic_grpc_proxy::AuthorizationPolicy::Mapping mapping_proto;
	std::vector<
	std::pair<std::string, milotic_grpc_proxy::AuthorizationPolicy::Rule>>
	sorted_rules;
	};

	std::vector<PrecomputedMapping> mappings_;
	};

	absl::Status AuthorizeRequest(
	const milotic_grpc_proxy::AuthorizationPolicy& authorization_policy,
	RedfishPlugin::RequestVerb verb, absl::string_view redfish_id,
	AuthorizationContext& auth_context);

	} // namespace milotic

	#endif // THIRD_PARTY_MILOTIC_INTERNAL_CC_PROXY_RESOURCE_AUTHZ_H_