import { Metadata } from "@grpc/grpc-js";
import { Matcher, ValueMatcher } from "./matcher";
import { CidrRange } from "./cidr";
import { PeerCertificate } from "tls";
import { RBAC__Output } from "./generated/envoy/config/rbac/v3/RBAC";
import { Policy__Output } from "./generated/envoy/config/rbac/v3/Policy";
import { Permission__Output } from "./generated/envoy/config/rbac/v3/Permission";
import { Principal__Output } from "./generated/envoy/config/rbac/v3/Principal";
export interface RbacRule<InfoType> {
    apply(info: InfoType): boolean;
    toString(): string;
}
export declare class AndRules<InfoType> implements RbacRule<InfoType> {
    private childRules;
    constructor(childRules: RbacRule<InfoType>[]);
    apply(info: InfoType): boolean;
    toString(): string;
}
export declare class OrRules<InfoType> implements RbacRule<InfoType> {
    private childRules;
    constructor(childRules: RbacRule<InfoType>[]);
    apply(info: InfoType): boolean;
    toString(): string;
}
export declare class NotRule<InfoType> implements RbacRule<InfoType> {
    private childRule;
    constructor(childRule: RbacRule<InfoType>);
    apply(info: InfoType): boolean;
    toString(): string;
}
export declare class AnyRule<InfoType> implements RbacRule<InfoType> {
    constructor();
    apply(info: InfoType): boolean;
    toString(): string;
}
export declare class NoneRule<InfoType> implements RbacRule<InfoType> {
    constructor();
    apply(info: InfoType): boolean;
    toString(): string;
}
export interface PermissionInfo {
    headers: Metadata;
    urlPath: string;
    destinationIp: string;
    destinationPort: number;
}
export type PermissionRule = RbacRule<PermissionInfo>;
export declare class HeaderPermission implements PermissionRule {
    private matcher;
    constructor(matcher: Matcher);
    apply(info: PermissionInfo): boolean;
    toString(): string;
}
export declare class UrlPathPermission implements PermissionRule {
    private matcher;
    constructor(matcher: ValueMatcher);
    apply(info: PermissionInfo): boolean;
    toString(): string;
}
export declare class DestinationIpPermission implements PermissionRule {
    private cidrRange;
    constructor(cidrRange: CidrRange);
    apply(info: PermissionInfo): boolean;
    toString(): string;
}
export declare class DestinationPortPermission implements PermissionRule {
    private port;
    constructor(port: number);
    apply(info: PermissionInfo): boolean;
    toString(): string;
}
export declare class MetadataPermission implements PermissionRule {
    constructor();
    apply(info: PermissionInfo): boolean;
    toString(): string;
}
export declare class RequestedServerNamePermission implements PermissionRule {
    private matcher;
    constructor(matcher: ValueMatcher);
    apply(info: PermissionInfo): boolean;
    toString(): string;
}
export type BasicPeerCertificate = Pick<PeerCertificate, 'subjectaltname' | 'subject'>;
export interface PrincipalInfo {
    tls: boolean;
    peerCertificate: BasicPeerCertificate | null;
    sourceIp: string;
    headers: Metadata;
    urlPath: string;
}
export type PrincipalRule = RbacRule<PrincipalInfo>;
export declare class AuthenticatedPrincipal implements PrincipalRule {
    private nameMatcher;
    constructor(nameMatcher: ValueMatcher | null);
    apply(info: PrincipalInfo): boolean;
    toString(): string;
}
export declare class SourceIpPrincipal implements PrincipalRule {
    private cidrRange;
    constructor(cidrRange: CidrRange);
    apply(info: PrincipalInfo): boolean;
    toString(): string;
}
export declare class HeaderPrincipal implements PrincipalRule {
    private matcher;
    constructor(matcher: Matcher);
    apply(info: PrincipalInfo): boolean;
    toString(): string;
}
export declare class UrlPathPrincipal implements PrincipalRule {
    private matcher;
    constructor(matcher: ValueMatcher);
    apply(info: PrincipalInfo): boolean;
    toString(): string;
}
export declare class MetadataPrincipal implements PrincipalRule {
    constructor();
    apply(info: PrincipalInfo): boolean;
    toString(): string;
}
export interface UnifiedInfo extends PermissionInfo, PrincipalInfo {
}
export declare class RbacPolicy {
    private permission;
    private principal;
    constructor(permissions: PermissionRule[], principals: PrincipalRule[]);
    matches(info: UnifiedInfo): boolean;
    toString(): string;
}
export declare class RbacPolicyGroup {
    private policies;
    private allow;
    constructor(policies: Map<string, RbacPolicy>, allow: boolean);
    /**
     *
     * @param info
     * @returns True if the call should be accepted, false if it should be rejected
     */
    apply(info: UnifiedInfo): boolean;
    toString(): string;
}
export declare function parsePermission(permission: Permission__Output): PermissionRule;
export declare function parsePrincipal(principal: Principal__Output): PrincipalRule;
export declare function parsePolicy(policy: Policy__Output): RbacPolicy;
export declare function parseConfig(rbac: RBAC__Output): RbacPolicyGroup;