diff --git a/BUILD b/BUILD
index a75ff60dc96..e3b5f4a1903 100644
--- a/BUILD
+++ b/BUILD
@@ -1854,6 +1854,22 @@ grpc_cc_library(
],
)
+grpc_cc_library(
+ name = "grpc_authorization_engine",
+ srcs = [
+ "src/core/lib/security/authorization/authorization_engine.cc",
+ ],
+ hdrs = [
+ "src/core/lib/security/authorization/authorization_engine.h",
+ ],
+ language = "c++",
+ deps = [
+ "envoy_ads_upb",
+ "google_api_upb",
+ "grpc_base",
+ ],
+)
+
grpc_cc_library(
name = "grpc_transport_chttp2",
srcs = [
@@ -2506,6 +2522,7 @@ grpc_cc_library(
"src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c",
"src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c",
"src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c",
+ "src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c",
"src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c",
"src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c",
"src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c",
@@ -2537,6 +2554,7 @@ grpc_cc_library(
"src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h",
"src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h",
"src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h",
+ "src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h",
"src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h",
"src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h",
"src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h",
@@ -2632,8 +2650,12 @@ grpc_cc_library(
grpc_cc_library(
name = "envoy_type_upb",
srcs = [
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c",
"src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c",
"src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c",
"src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c",
"src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c",
"src/core/ext/upb-generated/envoy/type/v3/http.upb.c",
@@ -2642,8 +2664,12 @@ grpc_cc_library(
"src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c",
],
hdrs = [
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h",
"src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h",
"src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h",
"src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h",
"src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h",
"src/core/ext/upb-generated/envoy/type/v3/http.upb.h",
@@ -2753,6 +2779,7 @@ grpc_cc_library(
name = "google_api_upb",
srcs = [
"src/core/ext/upb-generated/google/api/annotations.upb.c",
+ "src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c",
"src/core/ext/upb-generated/google/api/http.upb.c",
"src/core/ext/upb-generated/google/protobuf/any.upb.c",
"src/core/ext/upb-generated/google/protobuf/descriptor.upb.c",
@@ -2765,6 +2792,7 @@ grpc_cc_library(
],
hdrs = [
"src/core/ext/upb-generated/google/api/annotations.upb.h",
+ "src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h",
"src/core/ext/upb-generated/google/api/http.upb.h",
"src/core/ext/upb-generated/google/protobuf/any.upb.h",
"src/core/ext/upb-generated/google/protobuf/descriptor.upb.h",
diff --git a/BUILD.gn b/BUILD.gn
index 313e62f4ea9..c75d3a0e728 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -449,6 +449,8 @@ config("grpc_config") {
"src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h",
"src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c",
"src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h",
+ "src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c",
+ "src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h",
"src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c",
"src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h",
"src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c",
@@ -483,10 +485,18 @@ config("grpc_config") {
"src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h",
"src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c",
"src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h",
"src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c",
"src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h",
"src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c",
"src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c",
+ "src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h",
"src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c",
"src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h",
"src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c",
@@ -503,6 +513,8 @@ config("grpc_config") {
"src/core/ext/upb-generated/gogoproto/gogo.upb.h",
"src/core/ext/upb-generated/google/api/annotations.upb.c",
"src/core/ext/upb-generated/google/api/annotations.upb.h",
+ "src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c",
+ "src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h",
"src/core/ext/upb-generated/google/api/http.upb.c",
"src/core/ext/upb-generated/google/api/http.upb.h",
"src/core/ext/upb-generated/google/protobuf/any.upb.c",
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7408c1439ca..7241fc47380 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -696,6 +696,7 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx alts_util_test)
add_dependencies(buildtests_cxx async_end2end_test)
add_dependencies(buildtests_cxx auth_property_iterator_test)
+ add_dependencies(buildtests_cxx authorization_engine_test)
add_dependencies(buildtests_cxx backoff_test)
add_dependencies(buildtests_cxx bad_streaming_id_bad_client_test)
add_dependencies(buildtests_cxx badreq_bad_client_test)
@@ -1525,6 +1526,7 @@ add_library(grpc
src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c
src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c
src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c
+ src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c
src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c
src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c
src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c
@@ -1542,8 +1544,12 @@ add_library(grpc
src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c
src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c
src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c
src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c
src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c
src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c
src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c
src/core/ext/upb-generated/envoy/type/v3/http.upb.c
@@ -1552,6 +1558,7 @@ add_library(grpc
src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c
src/core/ext/upb-generated/gogoproto/gogo.upb.c
src/core/ext/upb-generated/google/api/annotations.upb.c
+ src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c
src/core/ext/upb-generated/google/api/http.upb.c
src/core/ext/upb-generated/google/protobuf/any.upb.c
src/core/ext/upb-generated/google/protobuf/descriptor.upb.c
@@ -2201,6 +2208,7 @@ add_library(grpc_unsecure
src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c
src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c
src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c
+ src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c
src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c
src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c
src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c
@@ -2218,8 +2226,12 @@ add_library(grpc_unsecure
src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c
src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c
src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c
src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c
src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c
+ src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c
src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c
src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c
src/core/ext/upb-generated/envoy/type/v3/http.upb.c
@@ -2228,6 +2240,7 @@ add_library(grpc_unsecure
src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c
src/core/ext/upb-generated/gogoproto/gogo.upb.c
src/core/ext/upb-generated/google/api/annotations.upb.c
+ src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c
src/core/ext/upb-generated/google/api/http.upb.c
src/core/ext/upb-generated/google/protobuf/any.upb.c
src/core/ext/upb-generated/google/protobuf/descriptor.upb.c
@@ -8401,6 +8414,46 @@ target_link_libraries(auth_property_iterator_test
)
+endif()
+if(gRPC_BUILD_TESTS)
+
+add_executable(authorization_engine_test
+ src/core/lib/security/authorization/authorization_engine.cc
+ test/core/security/authorization_engine_test.cc
+ third_party/googletest/googletest/src/gtest-all.cc
+ third_party/googletest/googlemock/src/gmock-all.cc
+)
+
+target_include_directories(authorization_engine_test
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/include
+ ${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}
+ ${_gRPC_RE2_INCLUDE_DIR}
+ ${_gRPC_SSL_INCLUDE_DIR}
+ ${_gRPC_UPB_GENERATED_DIR}
+ ${_gRPC_UPB_GRPC_GENERATED_DIR}
+ ${_gRPC_UPB_INCLUDE_DIR}
+ ${_gRPC_ZLIB_INCLUDE_DIR}
+ third_party/googletest/googletest/include
+ third_party/googletest/googletest
+ third_party/googletest/googlemock/include
+ third_party/googletest/googlemock
+ ${_gRPC_PROTO_GENS_DIR}
+)
+
+target_link_libraries(authorization_engine_test
+ ${_gRPC_PROTOBUF_LIBRARIES}
+ ${_gRPC_ALLTARGETS_LIBRARIES}
+ grpc_test_util
+ grpc
+ gpr
+ address_sorting
+ upb
+ ${_gRPC_GFLAGS_LIBRARIES}
+)
+
+
endif()
if(gRPC_BUILD_TESTS)
diff --git a/Makefile b/Makefile
index cb15ee1cc57..1edade64c67 100644
--- a/Makefile
+++ b/Makefile
@@ -1148,6 +1148,7 @@ alts_credentials_fuzzer: $(BINDIR)/$(CONFIG)/alts_credentials_fuzzer
alts_util_test: $(BINDIR)/$(CONFIG)/alts_util_test
async_end2end_test: $(BINDIR)/$(CONFIG)/async_end2end_test
auth_property_iterator_test: $(BINDIR)/$(CONFIG)/auth_property_iterator_test
+authorization_engine_test: $(BINDIR)/$(CONFIG)/authorization_engine_test
backoff_test: $(BINDIR)/$(CONFIG)/backoff_test
bad_streaming_id_bad_client_test: $(BINDIR)/$(CONFIG)/bad_streaming_id_bad_client_test
badreq_bad_client_test: $(BINDIR)/$(CONFIG)/badreq_bad_client_test
@@ -1525,6 +1526,7 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/alts_util_test \
$(BINDIR)/$(CONFIG)/async_end2end_test \
$(BINDIR)/$(CONFIG)/auth_property_iterator_test \
+ $(BINDIR)/$(CONFIG)/authorization_engine_test \
$(BINDIR)/$(CONFIG)/backoff_test \
$(BINDIR)/$(CONFIG)/bad_streaming_id_bad_client_test \
$(BINDIR)/$(CONFIG)/badreq_bad_client_test \
@@ -1682,6 +1684,7 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/alts_util_test \
$(BINDIR)/$(CONFIG)/async_end2end_test \
$(BINDIR)/$(CONFIG)/auth_property_iterator_test \
+ $(BINDIR)/$(CONFIG)/authorization_engine_test \
$(BINDIR)/$(CONFIG)/backoff_test \
$(BINDIR)/$(CONFIG)/bad_streaming_id_bad_client_test \
$(BINDIR)/$(CONFIG)/badreq_bad_client_test \
@@ -2124,6 +2127,8 @@ test_cxx: buildtests_cxx
$(Q) $(BINDIR)/$(CONFIG)/async_end2end_test || ( echo test async_end2end_test failed ; exit 1 )
$(E) "[RUN] Testing auth_property_iterator_test"
$(Q) $(BINDIR)/$(CONFIG)/auth_property_iterator_test || ( echo test auth_property_iterator_test failed ; exit 1 )
+ $(E) "[RUN] Testing authorization_engine_test"
+ $(Q) $(BINDIR)/$(CONFIG)/authorization_engine_test || ( echo test authorization_engine_test failed ; exit 1 )
$(E) "[RUN] Testing backoff_test"
$(Q) $(BINDIR)/$(CONFIG)/backoff_test || ( echo test backoff_test failed ; exit 1 )
$(E) "[RUN] Testing bad_streaming_id_bad_client_test"
@@ -3766,6 +3771,7 @@ LIBGRPC_SRC = \
src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c \
src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c \
src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c \
+ src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c \
@@ -3783,8 +3789,12 @@ LIBGRPC_SRC = \
src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c \
src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c \
src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c \
src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c \
src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c \
src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c \
src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c \
src/core/ext/upb-generated/envoy/type/v3/http.upb.c \
@@ -3793,6 +3803,7 @@ LIBGRPC_SRC = \
src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c \
src/core/ext/upb-generated/gogoproto/gogo.upb.c \
src/core/ext/upb-generated/google/api/annotations.upb.c \
+ src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c \
src/core/ext/upb-generated/google/api/http.upb.c \
src/core/ext/upb-generated/google/protobuf/any.upb.c \
src/core/ext/upb-generated/google/protobuf/descriptor.upb.c \
@@ -4410,6 +4421,7 @@ LIBGRPC_UNSECURE_SRC = \
src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c \
src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c \
src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c \
+ src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c \
@@ -4427,8 +4439,12 @@ LIBGRPC_UNSECURE_SRC = \
src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c \
src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c \
src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c \
src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c \
src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c \
src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c \
src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c \
src/core/ext/upb-generated/envoy/type/v3/http.upb.c \
@@ -4437,6 +4453,7 @@ LIBGRPC_UNSECURE_SRC = \
src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c \
src/core/ext/upb-generated/gogoproto/gogo.upb.c \
src/core/ext/upb-generated/google/api/annotations.upb.c \
+ src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c \
src/core/ext/upb-generated/google/api/http.upb.c \
src/core/ext/upb-generated/google/protobuf/any.upb.c \
src/core/ext/upb-generated/google/protobuf/descriptor.upb.c \
@@ -11643,6 +11660,52 @@ endif
endif
+AUTHORIZATION_ENGINE_TEST_SRC = \
+ src/core/lib/security/authorization/authorization_engine.cc \
+ test/core/security/authorization_engine_test.cc \
+
+AUTHORIZATION_ENGINE_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(AUTHORIZATION_ENGINE_TEST_SRC))))
+ifeq ($(NO_SECURE),true)
+
+# You can't build secure targets if you don't have OpenSSL.
+
+$(BINDIR)/$(CONFIG)/authorization_engine_test: openssl_dep_error
+
+else
+
+
+
+
+ifeq ($(NO_PROTOBUF),true)
+
+# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.12.0+.
+
+$(BINDIR)/$(CONFIG)/authorization_engine_test: protobuf_dep_error
+
+else
+
+$(BINDIR)/$(CONFIG)/authorization_engine_test: $(PROTOBUF_DEP) $(AUTHORIZATION_ENGINE_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libaddress_sorting.a $(LIBDIR)/$(CONFIG)/libupb.a
+ $(E) "[LD] Linking $@"
+ $(Q) mkdir -p `dirname $@`
+ $(Q) $(LDXX) $(LDFLAGS) $(AUTHORIZATION_ENGINE_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libaddress_sorting.a $(LIBDIR)/$(CONFIG)/libupb.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/authorization_engine_test
+
+endif
+
+endif
+
+$(OBJDIR)/$(CONFIG)/src/core/lib/security/authorization/authorization_engine.o: $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libaddress_sorting.a $(LIBDIR)/$(CONFIG)/libupb.a
+
+$(OBJDIR)/$(CONFIG)/test/core/security/authorization_engine_test.o: $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libaddress_sorting.a $(LIBDIR)/$(CONFIG)/libupb.a
+
+deps_authorization_engine_test: $(AUTHORIZATION_ENGINE_TEST_OBJS:.o=.dep)
+
+ifneq ($(NO_SECURE),true)
+ifneq ($(NO_DEPS),true)
+-include $(AUTHORIZATION_ENGINE_TEST_OBJS:.o=.dep)
+endif
+endif
+
+
BACKOFF_TEST_SRC = \
test/core/backoff/backoff_test.cc \
diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml
index 9bd597bad31..5fd7e2ee544 100644
--- a/build_autogenerated.yaml
+++ b/build_autogenerated.yaml
@@ -486,6 +486,7 @@ libs:
- src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h
- src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h
- src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h
+ - src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h
- src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h
- src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h
- src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h
@@ -503,8 +504,12 @@ libs:
- src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h
- src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h
- src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h
- src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h
- src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h
- src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h
- src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h
- src/core/ext/upb-generated/envoy/type/v3/http.upb.h
@@ -513,6 +518,7 @@ libs:
- src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h
- src/core/ext/upb-generated/gogoproto/gogo.upb.h
- src/core/ext/upb-generated/google/api/annotations.upb.h
+ - src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h
- src/core/ext/upb-generated/google/api/http.upb.h
- src/core/ext/upb-generated/google/protobuf/any.upb.h
- src/core/ext/upb-generated/google/protobuf/descriptor.upb.h
@@ -875,6 +881,7 @@ libs:
- src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c
- src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c
- src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c
+ - src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c
- src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c
- src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c
- src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c
@@ -892,8 +899,12 @@ libs:
- src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c
- src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c
- src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c
- src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c
- src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c
- src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c
- src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c
- src/core/ext/upb-generated/envoy/type/v3/http.upb.c
@@ -902,6 +913,7 @@ libs:
- src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c
- src/core/ext/upb-generated/gogoproto/gogo.upb.c
- src/core/ext/upb-generated/google/api/annotations.upb.c
+ - src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c
- src/core/ext/upb-generated/google/api/http.upb.c
- src/core/ext/upb-generated/google/protobuf/any.upb.c
- src/core/ext/upb-generated/google/protobuf/descriptor.upb.c
@@ -1411,6 +1423,7 @@ libs:
- src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h
- src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h
- src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h
+ - src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h
- src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h
- src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h
- src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h
@@ -1428,8 +1441,12 @@ libs:
- src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h
- src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h
- src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h
- src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h
- src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h
- src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h
- src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h
- src/core/ext/upb-generated/envoy/type/v3/http.upb.h
@@ -1438,6 +1455,7 @@ libs:
- src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h
- src/core/ext/upb-generated/gogoproto/gogo.upb.h
- src/core/ext/upb-generated/google/api/annotations.upb.h
+ - src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h
- src/core/ext/upb-generated/google/api/http.upb.h
- src/core/ext/upb-generated/google/protobuf/any.upb.h
- src/core/ext/upb-generated/google/protobuf/descriptor.upb.h
@@ -1735,6 +1753,7 @@ libs:
- src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c
- src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c
- src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c
+ - src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c
- src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c
- src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c
- src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c
@@ -1752,8 +1771,12 @@ libs:
- src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c
- src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c
- src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c
- src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c
- src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c
+ - src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c
- src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c
- src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c
- src/core/ext/upb-generated/envoy/type/v3/http.upb.c
@@ -1762,6 +1785,7 @@ libs:
- src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c
- src/core/ext/upb-generated/gogoproto/gogo.upb.c
- src/core/ext/upb-generated/google/api/annotations.upb.c
+ - src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c
- src/core/ext/upb-generated/google/api/http.upb.c
- src/core/ext/upb-generated/google/protobuf/any.upb.c
- src/core/ext/upb-generated/google/protobuf/descriptor.upb.c
@@ -4749,6 +4773,21 @@ targets:
- address_sorting
- upb
uses_polling: false
+- name: authorization_engine_test
+ gtest: true
+ build: test
+ language: c++
+ headers:
+ - src/core/lib/security/authorization/authorization_engine.h
+ src:
+ - src/core/lib/security/authorization/authorization_engine.cc
+ - test/core/security/authorization_engine_test.cc
+ deps:
+ - grpc_test_util
+ - grpc
+ - gpr
+ - address_sorting
+ - upb
- name: backoff_test
gtest: true
build: test
diff --git a/config.m4 b/config.m4
index b9ac6382d67..96d9420759f 100644
--- a/config.m4
+++ b/config.m4
@@ -175,6 +175,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c \
src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c \
src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c \
+ src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c \
src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c \
@@ -192,8 +193,12 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c \
src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c \
src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c \
src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c \
src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c \
+ src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c \
src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c \
src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c \
src/core/ext/upb-generated/envoy/type/v3/http.upb.c \
@@ -202,6 +207,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c \
src/core/ext/upb-generated/gogoproto/gogo.upb.c \
src/core/ext/upb-generated/google/api/annotations.upb.c \
+ src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c \
src/core/ext/upb-generated/google/api/http.upb.c \
src/core/ext/upb-generated/google/protobuf/any.upb.c \
src/core/ext/upb-generated/google/protobuf/descriptor.upb.c \
@@ -918,6 +924,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/config/core/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/config/endpoint/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/config/listener/v3)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/config/rbac/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/config/route/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/config/trace/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3)
@@ -934,6 +941,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/type/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/gogoproto)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/google/api)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/google/api/expr/v1alpha1)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/google/protobuf)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/google/rpc)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/src/proto/grpc/gcp)
diff --git a/config.w32 b/config.w32
index b751ca12cb7..63ded465319 100644
--- a/config.w32
+++ b/config.w32
@@ -143,6 +143,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upb-generated\\envoy\\config\\listener\\v3\\listener.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\config\\listener\\v3\\listener_components.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\config\\listener\\v3\\udp_listener_config.upb.c " +
+ "src\\core\\ext\\upb-generated\\envoy\\config\\rbac\\v3\\rbac.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\config\\route\\v3\\route.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\config\\route\\v3\\route_components.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\config\\route\\v3\\scoped_route.upb.c " +
@@ -160,8 +161,12 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upb-generated\\envoy\\service\\load_stats\\v3\\lrs.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\service\\route\\v3\\rds.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\service\\route\\v3\\srds.upb.c " +
+ "src\\core\\ext\\upb-generated\\envoy\\type\\matcher\\v3\\metadata.upb.c " +
+ "src\\core\\ext\\upb-generated\\envoy\\type\\matcher\\v3\\number.upb.c " +
+ "src\\core\\ext\\upb-generated\\envoy\\type\\matcher\\v3\\path.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\type\\matcher\\v3\\regex.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\type\\matcher\\v3\\string.upb.c " +
+ "src\\core\\ext\\upb-generated\\envoy\\type\\matcher\\v3\\value.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\type\\metadata\\v3\\metadata.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\type\\tracing\\v3\\custom_tag.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\type\\v3\\http.upb.c " +
@@ -170,6 +175,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upb-generated\\envoy\\type\\v3\\semantic_version.upb.c " +
"src\\core\\ext\\upb-generated\\gogoproto\\gogo.upb.c " +
"src\\core\\ext\\upb-generated\\google\\api\\annotations.upb.c " +
+ "src\\core\\ext\\upb-generated\\google\\api\\expr\\v1alpha1\\syntax.upb.c " +
"src\\core\\ext\\upb-generated\\google\\api\\http.upb.c " +
"src\\core\\ext\\upb-generated\\google\\protobuf\\any.upb.c " +
"src\\core\\ext\\upb-generated\\google\\protobuf\\descriptor.upb.c " +
@@ -929,6 +935,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\endpoint\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\listener");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\listener\\v3");
+ FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\rbac");
+ FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\rbac\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\route");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\route\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\config\\trace");
@@ -965,6 +973,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\gogoproto");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\google");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\google\\api");
+ FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\google\\api\\expr");
+ FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\google\\api\\expr\\v1alpha1");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\google\\protobuf");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\google\\rpc");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\src");
diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec
index b6307dd5c6f..76d86b3a1c7 100644
--- a/gRPC-C++.podspec
+++ b/gRPC-C++.podspec
@@ -327,6 +327,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h',
'src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h',
'src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h',
+ 'src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h',
@@ -344,8 +345,12 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h',
'src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h',
'src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h',
'src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h',
'src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h',
'src/core/ext/upb-generated/envoy/type/v3/http.upb.h',
@@ -354,6 +359,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h',
'src/core/ext/upb-generated/gogoproto/gogo.upb.h',
'src/core/ext/upb-generated/google/api/annotations.upb.h',
+ 'src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h',
'src/core/ext/upb-generated/google/api/http.upb.h',
'src/core/ext/upb-generated/google/protobuf/any.upb.h',
'src/core/ext/upb-generated/google/protobuf/descriptor.upb.h',
@@ -811,6 +817,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h',
'src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h',
'src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h',
+ 'src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h',
@@ -828,8 +835,12 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h',
'src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h',
'src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h',
'src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h',
'src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h',
'src/core/ext/upb-generated/envoy/type/v3/http.upb.h',
@@ -838,6 +849,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h',
'src/core/ext/upb-generated/gogoproto/gogo.upb.h',
'src/core/ext/upb-generated/google/api/annotations.upb.h',
+ 'src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h',
'src/core/ext/upb-generated/google/api/http.upb.h',
'src/core/ext/upb-generated/google/protobuf/any.upb.h',
'src/core/ext/upb-generated/google/protobuf/descriptor.upb.h',
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
index 7d3b7f1d80a..bffe9c6d0f1 100644
--- a/gRPC-Core.podspec
+++ b/gRPC-Core.podspec
@@ -434,6 +434,8 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h',
'src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c',
'src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h',
+ 'src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c',
+ 'src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c',
'src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c',
@@ -468,10 +470,18 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h',
'src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c',
'src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c',
'src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c',
'src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h',
'src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c',
'src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h',
'src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c',
@@ -488,6 +498,8 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/gogoproto/gogo.upb.h',
'src/core/ext/upb-generated/google/api/annotations.upb.c',
'src/core/ext/upb-generated/google/api/annotations.upb.h',
+ 'src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c',
+ 'src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h',
'src/core/ext/upb-generated/google/api/http.upb.c',
'src/core/ext/upb-generated/google/api/http.upb.h',
'src/core/ext/upb-generated/google/protobuf/any.upb.c',
@@ -1209,6 +1221,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h',
'src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h',
'src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h',
+ 'src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h',
'src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h',
@@ -1226,8 +1239,12 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h',
'src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h',
'src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h',
'src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h',
'src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h',
'src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h',
'src/core/ext/upb-generated/envoy/type/v3/http.upb.h',
@@ -1236,6 +1253,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h',
'src/core/ext/upb-generated/gogoproto/gogo.upb.h',
'src/core/ext/upb-generated/google/api/annotations.upb.h',
+ 'src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h',
'src/core/ext/upb-generated/google/api/http.upb.h',
'src/core/ext/upb-generated/google/protobuf/any.upb.h',
'src/core/ext/upb-generated/google/protobuf/descriptor.upb.h',
diff --git a/grpc.gemspec b/grpc.gemspec
index d510bf44f13..b24c85d30ba 100644
--- a/grpc.gemspec
+++ b/grpc.gemspec
@@ -353,6 +353,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h )
+ s.files += %w( src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c )
+ s.files += %w( src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c )
@@ -387,10 +389,18 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c )
+ s.files += %w( src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c )
@@ -407,6 +417,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upb-generated/gogoproto/gogo.upb.h )
s.files += %w( src/core/ext/upb-generated/google/api/annotations.upb.c )
s.files += %w( src/core/ext/upb-generated/google/api/annotations.upb.h )
+ s.files += %w( src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c )
+ s.files += %w( src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h )
s.files += %w( src/core/ext/upb-generated/google/api/http.upb.c )
s.files += %w( src/core/ext/upb-generated/google/api/http.upb.h )
s.files += %w( src/core/ext/upb-generated/google/protobuf/any.upb.c )
diff --git a/grpc.gyp b/grpc.gyp
index bec76c0f8e0..6f304f5c0cd 100644
--- a/grpc.gyp
+++ b/grpc.gyp
@@ -575,6 +575,7 @@
'src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c',
'src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c',
'src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c',
+ 'src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c',
'src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c',
'src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c',
@@ -592,8 +593,12 @@
'src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c',
'src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c',
'src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c',
'src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c',
'src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c',
'src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c',
'src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c',
'src/core/ext/upb-generated/envoy/type/v3/http.upb.c',
@@ -602,6 +607,7 @@
'src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c',
'src/core/ext/upb-generated/gogoproto/gogo.upb.c',
'src/core/ext/upb-generated/google/api/annotations.upb.c',
+ 'src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c',
'src/core/ext/upb-generated/google/api/http.upb.c',
'src/core/ext/upb-generated/google/protobuf/any.upb.c',
'src/core/ext/upb-generated/google/protobuf/descriptor.upb.c',
@@ -1082,6 +1088,7 @@
'src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c',
'src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c',
'src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c',
+ 'src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c',
'src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c',
'src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c',
@@ -1099,8 +1106,12 @@
'src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c',
'src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c',
'src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c',
'src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c',
'src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c',
+ 'src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c',
'src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c',
'src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c',
'src/core/ext/upb-generated/envoy/type/v3/http.upb.c',
@@ -1109,6 +1120,7 @@
'src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c',
'src/core/ext/upb-generated/gogoproto/gogo.upb.c',
'src/core/ext/upb-generated/google/api/annotations.upb.c',
+ 'src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c',
'src/core/ext/upb-generated/google/api/http.upb.c',
'src/core/ext/upb-generated/google/protobuf/any.upb.c',
'src/core/ext/upb-generated/google/protobuf/descriptor.upb.c',
diff --git a/package.xml b/package.xml
index f40687b5a06..871e12d9b13 100644
--- a/package.xml
+++ b/package.xml
@@ -333,6 +333,8 @@
+
+
@@ -367,10 +369,18 @@
+
+
+
+
+
+
+
+
@@ -387,6 +397,8 @@
+
+
diff --git a/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c b/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c
new file mode 100644
index 00000000000..e5e4720354a
--- /dev/null
+++ b/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c
@@ -0,0 +1,47 @@
+/* This file was generated by upbc (the upb compiler) from the input
+ * file:
+ *
+ * envoy/type/matcher/v3/metadata.proto
+ *
+ * Do not edit -- your changes will be discarded when the file is
+ * regenerated. */
+
+#include
+#include "upb/msg.h"
+#include "envoy/type/matcher/v3/metadata.upb.h"
+#include "envoy/type/matcher/v3/value.upb.h"
+#include "udpa/annotations/status.upb.h"
+#include "udpa/annotations/versioning.upb.h"
+#include "validate/validate.upb.h"
+
+#include "upb/port_def.inc"
+
+static const upb_msglayout *const envoy_type_matcher_v3_MetadataMatcher_submsgs[2] = {
+ &envoy_type_matcher_v3_MetadataMatcher_PathSegment_msginit,
+ &envoy_type_matcher_v3_ValueMatcher_msginit,
+};
+
+static const upb_msglayout_field envoy_type_matcher_v3_MetadataMatcher__fields[3] = {
+ {1, UPB_SIZE(0, 0), 0, 0, 9, 1},
+ {2, UPB_SIZE(12, 24), 0, 0, 11, 3},
+ {3, UPB_SIZE(8, 16), 0, 1, 11, 1},
+};
+
+const upb_msglayout envoy_type_matcher_v3_MetadataMatcher_msginit = {
+ &envoy_type_matcher_v3_MetadataMatcher_submsgs[0],
+ &envoy_type_matcher_v3_MetadataMatcher__fields[0],
+ UPB_SIZE(16, 32), 3, false,
+};
+
+static const upb_msglayout_field envoy_type_matcher_v3_MetadataMatcher_PathSegment__fields[1] = {
+ {1, UPB_SIZE(0, 0), UPB_SIZE(-9, -17), 0, 9, 1},
+};
+
+const upb_msglayout envoy_type_matcher_v3_MetadataMatcher_PathSegment_msginit = {
+ NULL,
+ &envoy_type_matcher_v3_MetadataMatcher_PathSegment__fields[0],
+ UPB_SIZE(16, 32), 1, false,
+};
+
+#include "upb/port_undef.inc"
+
diff --git a/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h b/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h
new file mode 100644
index 00000000000..71111fff169
--- /dev/null
+++ b/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h
@@ -0,0 +1,114 @@
+/* This file was generated by upbc (the upb compiler) from the input
+ * file:
+ *
+ * envoy/type/matcher/v3/metadata.proto
+ *
+ * Do not edit -- your changes will be discarded when the file is
+ * regenerated. */
+
+#ifndef ENVOY_TYPE_MATCHER_V3_METADATA_PROTO_UPB_H_
+#define ENVOY_TYPE_MATCHER_V3_METADATA_PROTO_UPB_H_
+
+#include "upb/msg.h"
+#include "upb/decode.h"
+#include "upb/encode.h"
+
+#include "upb/port_def.inc"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct envoy_type_matcher_v3_MetadataMatcher;
+struct envoy_type_matcher_v3_MetadataMatcher_PathSegment;
+typedef struct envoy_type_matcher_v3_MetadataMatcher envoy_type_matcher_v3_MetadataMatcher;
+typedef struct envoy_type_matcher_v3_MetadataMatcher_PathSegment envoy_type_matcher_v3_MetadataMatcher_PathSegment;
+extern const upb_msglayout envoy_type_matcher_v3_MetadataMatcher_msginit;
+extern const upb_msglayout envoy_type_matcher_v3_MetadataMatcher_PathSegment_msginit;
+struct envoy_type_matcher_v3_ValueMatcher;
+extern const upb_msglayout envoy_type_matcher_v3_ValueMatcher_msginit;
+
+
+/* envoy.type.matcher.v3.MetadataMatcher */
+
+UPB_INLINE envoy_type_matcher_v3_MetadataMatcher *envoy_type_matcher_v3_MetadataMatcher_new(upb_arena *arena) {
+ return (envoy_type_matcher_v3_MetadataMatcher *)_upb_msg_new(&envoy_type_matcher_v3_MetadataMatcher_msginit, arena);
+}
+UPB_INLINE envoy_type_matcher_v3_MetadataMatcher *envoy_type_matcher_v3_MetadataMatcher_parse(const char *buf, size_t size,
+ upb_arena *arena) {
+ envoy_type_matcher_v3_MetadataMatcher *ret = envoy_type_matcher_v3_MetadataMatcher_new(arena);
+ return (ret && upb_decode(buf, size, ret, &envoy_type_matcher_v3_MetadataMatcher_msginit, arena)) ? ret : NULL;
+}
+UPB_INLINE char *envoy_type_matcher_v3_MetadataMatcher_serialize(const envoy_type_matcher_v3_MetadataMatcher *msg, upb_arena *arena, size_t *len) {
+ return upb_encode(msg, &envoy_type_matcher_v3_MetadataMatcher_msginit, arena, len);
+}
+
+UPB_INLINE upb_strview envoy_type_matcher_v3_MetadataMatcher_filter(const envoy_type_matcher_v3_MetadataMatcher *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(0, 0), upb_strview); }
+UPB_INLINE bool envoy_type_matcher_v3_MetadataMatcher_has_path(const envoy_type_matcher_v3_MetadataMatcher *msg) { return _upb_has_submsg_nohasbit(msg, UPB_SIZE(12, 24)); }
+UPB_INLINE const envoy_type_matcher_v3_MetadataMatcher_PathSegment* const* envoy_type_matcher_v3_MetadataMatcher_path(const envoy_type_matcher_v3_MetadataMatcher *msg, size_t *len) { return (const envoy_type_matcher_v3_MetadataMatcher_PathSegment* const*)_upb_array_accessor(msg, UPB_SIZE(12, 24), len); }
+UPB_INLINE bool envoy_type_matcher_v3_MetadataMatcher_has_value(const envoy_type_matcher_v3_MetadataMatcher *msg) { return _upb_has_submsg_nohasbit(msg, UPB_SIZE(8, 16)); }
+UPB_INLINE const struct envoy_type_matcher_v3_ValueMatcher* envoy_type_matcher_v3_MetadataMatcher_value(const envoy_type_matcher_v3_MetadataMatcher *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(8, 16), const struct envoy_type_matcher_v3_ValueMatcher*); }
+
+UPB_INLINE void envoy_type_matcher_v3_MetadataMatcher_set_filter(envoy_type_matcher_v3_MetadataMatcher *msg, upb_strview value) {
+ *UPB_PTR_AT(msg, UPB_SIZE(0, 0), upb_strview) = value;
+}
+UPB_INLINE envoy_type_matcher_v3_MetadataMatcher_PathSegment** envoy_type_matcher_v3_MetadataMatcher_mutable_path(envoy_type_matcher_v3_MetadataMatcher *msg, size_t *len) {
+ return (envoy_type_matcher_v3_MetadataMatcher_PathSegment**)_upb_array_mutable_accessor(msg, UPB_SIZE(12, 24), len);
+}
+UPB_INLINE envoy_type_matcher_v3_MetadataMatcher_PathSegment** envoy_type_matcher_v3_MetadataMatcher_resize_path(envoy_type_matcher_v3_MetadataMatcher *msg, size_t len, upb_arena *arena) {
+ return (envoy_type_matcher_v3_MetadataMatcher_PathSegment**)_upb_array_resize_accessor(msg, UPB_SIZE(12, 24), len, UPB_TYPE_MESSAGE, arena);
+}
+UPB_INLINE struct envoy_type_matcher_v3_MetadataMatcher_PathSegment* envoy_type_matcher_v3_MetadataMatcher_add_path(envoy_type_matcher_v3_MetadataMatcher *msg, upb_arena *arena) {
+ struct envoy_type_matcher_v3_MetadataMatcher_PathSegment* sub = (struct envoy_type_matcher_v3_MetadataMatcher_PathSegment*)_upb_msg_new(&envoy_type_matcher_v3_MetadataMatcher_PathSegment_msginit, arena);
+ bool ok = _upb_array_append_accessor(
+ msg, UPB_SIZE(12, 24), UPB_SIZE(4, 8), UPB_TYPE_MESSAGE, &sub, arena);
+ if (!ok) return NULL;
+ return sub;
+}
+UPB_INLINE void envoy_type_matcher_v3_MetadataMatcher_set_value(envoy_type_matcher_v3_MetadataMatcher *msg, struct envoy_type_matcher_v3_ValueMatcher* value) {
+ *UPB_PTR_AT(msg, UPB_SIZE(8, 16), struct envoy_type_matcher_v3_ValueMatcher*) = value;
+}
+UPB_INLINE struct envoy_type_matcher_v3_ValueMatcher* envoy_type_matcher_v3_MetadataMatcher_mutable_value(envoy_type_matcher_v3_MetadataMatcher *msg, upb_arena *arena) {
+ struct envoy_type_matcher_v3_ValueMatcher* sub = (struct envoy_type_matcher_v3_ValueMatcher*)envoy_type_matcher_v3_MetadataMatcher_value(msg);
+ if (sub == NULL) {
+ sub = (struct envoy_type_matcher_v3_ValueMatcher*)_upb_msg_new(&envoy_type_matcher_v3_ValueMatcher_msginit, arena);
+ if (!sub) return NULL;
+ envoy_type_matcher_v3_MetadataMatcher_set_value(msg, sub);
+ }
+ return sub;
+}
+
+/* envoy.type.matcher.v3.MetadataMatcher.PathSegment */
+
+UPB_INLINE envoy_type_matcher_v3_MetadataMatcher_PathSegment *envoy_type_matcher_v3_MetadataMatcher_PathSegment_new(upb_arena *arena) {
+ return (envoy_type_matcher_v3_MetadataMatcher_PathSegment *)_upb_msg_new(&envoy_type_matcher_v3_MetadataMatcher_PathSegment_msginit, arena);
+}
+UPB_INLINE envoy_type_matcher_v3_MetadataMatcher_PathSegment *envoy_type_matcher_v3_MetadataMatcher_PathSegment_parse(const char *buf, size_t size,
+ upb_arena *arena) {
+ envoy_type_matcher_v3_MetadataMatcher_PathSegment *ret = envoy_type_matcher_v3_MetadataMatcher_PathSegment_new(arena);
+ return (ret && upb_decode(buf, size, ret, &envoy_type_matcher_v3_MetadataMatcher_PathSegment_msginit, arena)) ? ret : NULL;
+}
+UPB_INLINE char *envoy_type_matcher_v3_MetadataMatcher_PathSegment_serialize(const envoy_type_matcher_v3_MetadataMatcher_PathSegment *msg, upb_arena *arena, size_t *len) {
+ return upb_encode(msg, &envoy_type_matcher_v3_MetadataMatcher_PathSegment_msginit, arena, len);
+}
+
+typedef enum {
+ envoy_type_matcher_v3_MetadataMatcher_PathSegment_segment_key = 1,
+ envoy_type_matcher_v3_MetadataMatcher_PathSegment_segment_NOT_SET = 0
+} envoy_type_matcher_v3_MetadataMatcher_PathSegment_segment_oneofcases;
+UPB_INLINE envoy_type_matcher_v3_MetadataMatcher_PathSegment_segment_oneofcases envoy_type_matcher_v3_MetadataMatcher_PathSegment_segment_case(const envoy_type_matcher_v3_MetadataMatcher_PathSegment* msg) { return (envoy_type_matcher_v3_MetadataMatcher_PathSegment_segment_oneofcases)*UPB_PTR_AT(msg, UPB_SIZE(8, 16), int32_t); }
+
+UPB_INLINE bool envoy_type_matcher_v3_MetadataMatcher_PathSegment_has_key(const envoy_type_matcher_v3_MetadataMatcher_PathSegment *msg) { return _upb_getoneofcase(msg, UPB_SIZE(8, 16)) == 1; }
+UPB_INLINE upb_strview envoy_type_matcher_v3_MetadataMatcher_PathSegment_key(const envoy_type_matcher_v3_MetadataMatcher_PathSegment *msg) { return UPB_READ_ONEOF(msg, upb_strview, UPB_SIZE(0, 0), UPB_SIZE(8, 16), 1, upb_strview_make("", strlen(""))); }
+
+UPB_INLINE void envoy_type_matcher_v3_MetadataMatcher_PathSegment_set_key(envoy_type_matcher_v3_MetadataMatcher_PathSegment *msg, upb_strview value) {
+ UPB_WRITE_ONEOF(msg, upb_strview, UPB_SIZE(0, 0), value, UPB_SIZE(8, 16), 1);
+}
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#include "upb/port_undef.inc"
+
+#endif /* ENVOY_TYPE_MATCHER_V3_METADATA_PROTO_UPB_H_ */
diff --git a/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c b/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c
new file mode 100644
index 00000000000..7d61b981580
--- /dev/null
+++ b/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c
@@ -0,0 +1,35 @@
+/* This file was generated by upbc (the upb compiler) from the input
+ * file:
+ *
+ * envoy/type/matcher/v3/number.proto
+ *
+ * Do not edit -- your changes will be discarded when the file is
+ * regenerated. */
+
+#include
+#include "upb/msg.h"
+#include "envoy/type/matcher/v3/number.upb.h"
+#include "envoy/type/v3/range.upb.h"
+#include "udpa/annotations/status.upb.h"
+#include "udpa/annotations/versioning.upb.h"
+#include "validate/validate.upb.h"
+
+#include "upb/port_def.inc"
+
+static const upb_msglayout *const envoy_type_matcher_v3_DoubleMatcher_submsgs[1] = {
+ &envoy_type_v3_DoubleRange_msginit,
+};
+
+static const upb_msglayout_field envoy_type_matcher_v3_DoubleMatcher__fields[2] = {
+ {1, UPB_SIZE(0, 0), UPB_SIZE(-9, -9), 0, 11, 1},
+ {2, UPB_SIZE(0, 0), UPB_SIZE(-9, -9), 0, 1, 1},
+};
+
+const upb_msglayout envoy_type_matcher_v3_DoubleMatcher_msginit = {
+ &envoy_type_matcher_v3_DoubleMatcher_submsgs[0],
+ &envoy_type_matcher_v3_DoubleMatcher__fields[0],
+ UPB_SIZE(16, 16), 2, false,
+};
+
+#include "upb/port_undef.inc"
+
diff --git a/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h b/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h
new file mode 100644
index 00000000000..a6112daf90f
--- /dev/null
+++ b/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h
@@ -0,0 +1,77 @@
+/* This file was generated by upbc (the upb compiler) from the input
+ * file:
+ *
+ * envoy/type/matcher/v3/number.proto
+ *
+ * Do not edit -- your changes will be discarded when the file is
+ * regenerated. */
+
+#ifndef ENVOY_TYPE_MATCHER_V3_NUMBER_PROTO_UPB_H_
+#define ENVOY_TYPE_MATCHER_V3_NUMBER_PROTO_UPB_H_
+
+#include "upb/msg.h"
+#include "upb/decode.h"
+#include "upb/encode.h"
+
+#include "upb/port_def.inc"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct envoy_type_matcher_v3_DoubleMatcher;
+typedef struct envoy_type_matcher_v3_DoubleMatcher envoy_type_matcher_v3_DoubleMatcher;
+extern const upb_msglayout envoy_type_matcher_v3_DoubleMatcher_msginit;
+struct envoy_type_v3_DoubleRange;
+extern const upb_msglayout envoy_type_v3_DoubleRange_msginit;
+
+
+/* envoy.type.matcher.v3.DoubleMatcher */
+
+UPB_INLINE envoy_type_matcher_v3_DoubleMatcher *envoy_type_matcher_v3_DoubleMatcher_new(upb_arena *arena) {
+ return (envoy_type_matcher_v3_DoubleMatcher *)_upb_msg_new(&envoy_type_matcher_v3_DoubleMatcher_msginit, arena);
+}
+UPB_INLINE envoy_type_matcher_v3_DoubleMatcher *envoy_type_matcher_v3_DoubleMatcher_parse(const char *buf, size_t size,
+ upb_arena *arena) {
+ envoy_type_matcher_v3_DoubleMatcher *ret = envoy_type_matcher_v3_DoubleMatcher_new(arena);
+ return (ret && upb_decode(buf, size, ret, &envoy_type_matcher_v3_DoubleMatcher_msginit, arena)) ? ret : NULL;
+}
+UPB_INLINE char *envoy_type_matcher_v3_DoubleMatcher_serialize(const envoy_type_matcher_v3_DoubleMatcher *msg, upb_arena *arena, size_t *len) {
+ return upb_encode(msg, &envoy_type_matcher_v3_DoubleMatcher_msginit, arena, len);
+}
+
+typedef enum {
+ envoy_type_matcher_v3_DoubleMatcher_match_pattern_range = 1,
+ envoy_type_matcher_v3_DoubleMatcher_match_pattern_exact = 2,
+ envoy_type_matcher_v3_DoubleMatcher_match_pattern_NOT_SET = 0
+} envoy_type_matcher_v3_DoubleMatcher_match_pattern_oneofcases;
+UPB_INLINE envoy_type_matcher_v3_DoubleMatcher_match_pattern_oneofcases envoy_type_matcher_v3_DoubleMatcher_match_pattern_case(const envoy_type_matcher_v3_DoubleMatcher* msg) { return (envoy_type_matcher_v3_DoubleMatcher_match_pattern_oneofcases)*UPB_PTR_AT(msg, UPB_SIZE(8, 8), int32_t); }
+
+UPB_INLINE bool envoy_type_matcher_v3_DoubleMatcher_has_range(const envoy_type_matcher_v3_DoubleMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(8, 8)) == 1; }
+UPB_INLINE const struct envoy_type_v3_DoubleRange* envoy_type_matcher_v3_DoubleMatcher_range(const envoy_type_matcher_v3_DoubleMatcher *msg) { return UPB_READ_ONEOF(msg, const struct envoy_type_v3_DoubleRange*, UPB_SIZE(0, 0), UPB_SIZE(8, 8), 1, NULL); }
+UPB_INLINE bool envoy_type_matcher_v3_DoubleMatcher_has_exact(const envoy_type_matcher_v3_DoubleMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(8, 8)) == 2; }
+UPB_INLINE double envoy_type_matcher_v3_DoubleMatcher_exact(const envoy_type_matcher_v3_DoubleMatcher *msg) { return UPB_READ_ONEOF(msg, double, UPB_SIZE(0, 0), UPB_SIZE(8, 8), 2, 0); }
+
+UPB_INLINE void envoy_type_matcher_v3_DoubleMatcher_set_range(envoy_type_matcher_v3_DoubleMatcher *msg, struct envoy_type_v3_DoubleRange* value) {
+ UPB_WRITE_ONEOF(msg, struct envoy_type_v3_DoubleRange*, UPB_SIZE(0, 0), value, UPB_SIZE(8, 8), 1);
+}
+UPB_INLINE struct envoy_type_v3_DoubleRange* envoy_type_matcher_v3_DoubleMatcher_mutable_range(envoy_type_matcher_v3_DoubleMatcher *msg, upb_arena *arena) {
+ struct envoy_type_v3_DoubleRange* sub = (struct envoy_type_v3_DoubleRange*)envoy_type_matcher_v3_DoubleMatcher_range(msg);
+ if (sub == NULL) {
+ sub = (struct envoy_type_v3_DoubleRange*)_upb_msg_new(&envoy_type_v3_DoubleRange_msginit, arena);
+ if (!sub) return NULL;
+ envoy_type_matcher_v3_DoubleMatcher_set_range(msg, sub);
+ }
+ return sub;
+}
+UPB_INLINE void envoy_type_matcher_v3_DoubleMatcher_set_exact(envoy_type_matcher_v3_DoubleMatcher *msg, double value) {
+ UPB_WRITE_ONEOF(msg, double, UPB_SIZE(0, 0), value, UPB_SIZE(8, 8), 2);
+}
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#include "upb/port_undef.inc"
+
+#endif /* ENVOY_TYPE_MATCHER_V3_NUMBER_PROTO_UPB_H_ */
diff --git a/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c b/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c
new file mode 100644
index 00000000000..a2ab19e1896
--- /dev/null
+++ b/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c
@@ -0,0 +1,63 @@
+/* This file was generated by upbc (the upb compiler) from the input
+ * file:
+ *
+ * envoy/type/matcher/v3/value.proto
+ *
+ * Do not edit -- your changes will be discarded when the file is
+ * regenerated. */
+
+#include
+#include "upb/msg.h"
+#include "envoy/type/matcher/v3/value.upb.h"
+#include "envoy/type/matcher/v3/number.upb.h"
+#include "envoy/type/matcher/v3/string.upb.h"
+#include "udpa/annotations/status.upb.h"
+#include "udpa/annotations/versioning.upb.h"
+#include "validate/validate.upb.h"
+
+#include "upb/port_def.inc"
+
+static const upb_msglayout *const envoy_type_matcher_v3_ValueMatcher_submsgs[4] = {
+ &envoy_type_matcher_v3_DoubleMatcher_msginit,
+ &envoy_type_matcher_v3_ListMatcher_msginit,
+ &envoy_type_matcher_v3_StringMatcher_msginit,
+ &envoy_type_matcher_v3_ValueMatcher_NullMatch_msginit,
+};
+
+static const upb_msglayout_field envoy_type_matcher_v3_ValueMatcher__fields[6] = {
+ {1, UPB_SIZE(0, 0), UPB_SIZE(-5, -9), 3, 11, 1},
+ {2, UPB_SIZE(0, 0), UPB_SIZE(-5, -9), 0, 11, 1},
+ {3, UPB_SIZE(0, 0), UPB_SIZE(-5, -9), 2, 11, 1},
+ {4, UPB_SIZE(0, 0), UPB_SIZE(-5, -9), 0, 8, 1},
+ {5, UPB_SIZE(0, 0), UPB_SIZE(-5, -9), 0, 8, 1},
+ {6, UPB_SIZE(0, 0), UPB_SIZE(-5, -9), 1, 11, 1},
+};
+
+const upb_msglayout envoy_type_matcher_v3_ValueMatcher_msginit = {
+ &envoy_type_matcher_v3_ValueMatcher_submsgs[0],
+ &envoy_type_matcher_v3_ValueMatcher__fields[0],
+ UPB_SIZE(8, 16), 6, false,
+};
+
+const upb_msglayout envoy_type_matcher_v3_ValueMatcher_NullMatch_msginit = {
+ NULL,
+ NULL,
+ UPB_SIZE(0, 0), 0, false,
+};
+
+static const upb_msglayout *const envoy_type_matcher_v3_ListMatcher_submsgs[1] = {
+ &envoy_type_matcher_v3_ValueMatcher_msginit,
+};
+
+static const upb_msglayout_field envoy_type_matcher_v3_ListMatcher__fields[1] = {
+ {1, UPB_SIZE(0, 0), UPB_SIZE(-5, -9), 0, 11, 1},
+};
+
+const upb_msglayout envoy_type_matcher_v3_ListMatcher_msginit = {
+ &envoy_type_matcher_v3_ListMatcher_submsgs[0],
+ &envoy_type_matcher_v3_ListMatcher__fields[0],
+ UPB_SIZE(8, 16), 1, false,
+};
+
+#include "upb/port_undef.inc"
+
diff --git a/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h b/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h
new file mode 100644
index 00000000000..5ff8ccd9985
--- /dev/null
+++ b/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h
@@ -0,0 +1,188 @@
+/* This file was generated by upbc (the upb compiler) from the input
+ * file:
+ *
+ * envoy/type/matcher/v3/value.proto
+ *
+ * Do not edit -- your changes will be discarded when the file is
+ * regenerated. */
+
+#ifndef ENVOY_TYPE_MATCHER_V3_VALUE_PROTO_UPB_H_
+#define ENVOY_TYPE_MATCHER_V3_VALUE_PROTO_UPB_H_
+
+#include "upb/msg.h"
+#include "upb/decode.h"
+#include "upb/encode.h"
+
+#include "upb/port_def.inc"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct envoy_type_matcher_v3_ValueMatcher;
+struct envoy_type_matcher_v3_ValueMatcher_NullMatch;
+struct envoy_type_matcher_v3_ListMatcher;
+typedef struct envoy_type_matcher_v3_ValueMatcher envoy_type_matcher_v3_ValueMatcher;
+typedef struct envoy_type_matcher_v3_ValueMatcher_NullMatch envoy_type_matcher_v3_ValueMatcher_NullMatch;
+typedef struct envoy_type_matcher_v3_ListMatcher envoy_type_matcher_v3_ListMatcher;
+extern const upb_msglayout envoy_type_matcher_v3_ValueMatcher_msginit;
+extern const upb_msglayout envoy_type_matcher_v3_ValueMatcher_NullMatch_msginit;
+extern const upb_msglayout envoy_type_matcher_v3_ListMatcher_msginit;
+struct envoy_type_matcher_v3_DoubleMatcher;
+struct envoy_type_matcher_v3_StringMatcher;
+extern const upb_msglayout envoy_type_matcher_v3_DoubleMatcher_msginit;
+extern const upb_msglayout envoy_type_matcher_v3_StringMatcher_msginit;
+
+
+/* envoy.type.matcher.v3.ValueMatcher */
+
+UPB_INLINE envoy_type_matcher_v3_ValueMatcher *envoy_type_matcher_v3_ValueMatcher_new(upb_arena *arena) {
+ return (envoy_type_matcher_v3_ValueMatcher *)_upb_msg_new(&envoy_type_matcher_v3_ValueMatcher_msginit, arena);
+}
+UPB_INLINE envoy_type_matcher_v3_ValueMatcher *envoy_type_matcher_v3_ValueMatcher_parse(const char *buf, size_t size,
+ upb_arena *arena) {
+ envoy_type_matcher_v3_ValueMatcher *ret = envoy_type_matcher_v3_ValueMatcher_new(arena);
+ return (ret && upb_decode(buf, size, ret, &envoy_type_matcher_v3_ValueMatcher_msginit, arena)) ? ret : NULL;
+}
+UPB_INLINE char *envoy_type_matcher_v3_ValueMatcher_serialize(const envoy_type_matcher_v3_ValueMatcher *msg, upb_arena *arena, size_t *len) {
+ return upb_encode(msg, &envoy_type_matcher_v3_ValueMatcher_msginit, arena, len);
+}
+
+typedef enum {
+ envoy_type_matcher_v3_ValueMatcher_match_pattern_null_match = 1,
+ envoy_type_matcher_v3_ValueMatcher_match_pattern_double_match = 2,
+ envoy_type_matcher_v3_ValueMatcher_match_pattern_string_match = 3,
+ envoy_type_matcher_v3_ValueMatcher_match_pattern_bool_match = 4,
+ envoy_type_matcher_v3_ValueMatcher_match_pattern_present_match = 5,
+ envoy_type_matcher_v3_ValueMatcher_match_pattern_list_match = 6,
+ envoy_type_matcher_v3_ValueMatcher_match_pattern_NOT_SET = 0
+} envoy_type_matcher_v3_ValueMatcher_match_pattern_oneofcases;
+UPB_INLINE envoy_type_matcher_v3_ValueMatcher_match_pattern_oneofcases envoy_type_matcher_v3_ValueMatcher_match_pattern_case(const envoy_type_matcher_v3_ValueMatcher* msg) { return (envoy_type_matcher_v3_ValueMatcher_match_pattern_oneofcases)*UPB_PTR_AT(msg, UPB_SIZE(4, 8), int32_t); }
+
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_has_null_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(4, 8)) == 1; }
+UPB_INLINE const envoy_type_matcher_v3_ValueMatcher_NullMatch* envoy_type_matcher_v3_ValueMatcher_null_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return UPB_READ_ONEOF(msg, const envoy_type_matcher_v3_ValueMatcher_NullMatch*, UPB_SIZE(0, 0), UPB_SIZE(4, 8), 1, NULL); }
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_has_double_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(4, 8)) == 2; }
+UPB_INLINE const struct envoy_type_matcher_v3_DoubleMatcher* envoy_type_matcher_v3_ValueMatcher_double_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return UPB_READ_ONEOF(msg, const struct envoy_type_matcher_v3_DoubleMatcher*, UPB_SIZE(0, 0), UPB_SIZE(4, 8), 2, NULL); }
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_has_string_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(4, 8)) == 3; }
+UPB_INLINE const struct envoy_type_matcher_v3_StringMatcher* envoy_type_matcher_v3_ValueMatcher_string_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return UPB_READ_ONEOF(msg, const struct envoy_type_matcher_v3_StringMatcher*, UPB_SIZE(0, 0), UPB_SIZE(4, 8), 3, NULL); }
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_has_bool_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(4, 8)) == 4; }
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_bool_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return UPB_READ_ONEOF(msg, bool, UPB_SIZE(0, 0), UPB_SIZE(4, 8), 4, false); }
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_has_present_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(4, 8)) == 5; }
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_present_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return UPB_READ_ONEOF(msg, bool, UPB_SIZE(0, 0), UPB_SIZE(4, 8), 5, false); }
+UPB_INLINE bool envoy_type_matcher_v3_ValueMatcher_has_list_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(4, 8)) == 6; }
+UPB_INLINE const envoy_type_matcher_v3_ListMatcher* envoy_type_matcher_v3_ValueMatcher_list_match(const envoy_type_matcher_v3_ValueMatcher *msg) { return UPB_READ_ONEOF(msg, const envoy_type_matcher_v3_ListMatcher*, UPB_SIZE(0, 0), UPB_SIZE(4, 8), 6, NULL); }
+
+UPB_INLINE void envoy_type_matcher_v3_ValueMatcher_set_null_match(envoy_type_matcher_v3_ValueMatcher *msg, envoy_type_matcher_v3_ValueMatcher_NullMatch* value) {
+ UPB_WRITE_ONEOF(msg, envoy_type_matcher_v3_ValueMatcher_NullMatch*, UPB_SIZE(0, 0), value, UPB_SIZE(4, 8), 1);
+}
+UPB_INLINE struct envoy_type_matcher_v3_ValueMatcher_NullMatch* envoy_type_matcher_v3_ValueMatcher_mutable_null_match(envoy_type_matcher_v3_ValueMatcher *msg, upb_arena *arena) {
+ struct envoy_type_matcher_v3_ValueMatcher_NullMatch* sub = (struct envoy_type_matcher_v3_ValueMatcher_NullMatch*)envoy_type_matcher_v3_ValueMatcher_null_match(msg);
+ if (sub == NULL) {
+ sub = (struct envoy_type_matcher_v3_ValueMatcher_NullMatch*)_upb_msg_new(&envoy_type_matcher_v3_ValueMatcher_NullMatch_msginit, arena);
+ if (!sub) return NULL;
+ envoy_type_matcher_v3_ValueMatcher_set_null_match(msg, sub);
+ }
+ return sub;
+}
+UPB_INLINE void envoy_type_matcher_v3_ValueMatcher_set_double_match(envoy_type_matcher_v3_ValueMatcher *msg, struct envoy_type_matcher_v3_DoubleMatcher* value) {
+ UPB_WRITE_ONEOF(msg, struct envoy_type_matcher_v3_DoubleMatcher*, UPB_SIZE(0, 0), value, UPB_SIZE(4, 8), 2);
+}
+UPB_INLINE struct envoy_type_matcher_v3_DoubleMatcher* envoy_type_matcher_v3_ValueMatcher_mutable_double_match(envoy_type_matcher_v3_ValueMatcher *msg, upb_arena *arena) {
+ struct envoy_type_matcher_v3_DoubleMatcher* sub = (struct envoy_type_matcher_v3_DoubleMatcher*)envoy_type_matcher_v3_ValueMatcher_double_match(msg);
+ if (sub == NULL) {
+ sub = (struct envoy_type_matcher_v3_DoubleMatcher*)_upb_msg_new(&envoy_type_matcher_v3_DoubleMatcher_msginit, arena);
+ if (!sub) return NULL;
+ envoy_type_matcher_v3_ValueMatcher_set_double_match(msg, sub);
+ }
+ return sub;
+}
+UPB_INLINE void envoy_type_matcher_v3_ValueMatcher_set_string_match(envoy_type_matcher_v3_ValueMatcher *msg, struct envoy_type_matcher_v3_StringMatcher* value) {
+ UPB_WRITE_ONEOF(msg, struct envoy_type_matcher_v3_StringMatcher*, UPB_SIZE(0, 0), value, UPB_SIZE(4, 8), 3);
+}
+UPB_INLINE struct envoy_type_matcher_v3_StringMatcher* envoy_type_matcher_v3_ValueMatcher_mutable_string_match(envoy_type_matcher_v3_ValueMatcher *msg, upb_arena *arena) {
+ struct envoy_type_matcher_v3_StringMatcher* sub = (struct envoy_type_matcher_v3_StringMatcher*)envoy_type_matcher_v3_ValueMatcher_string_match(msg);
+ if (sub == NULL) {
+ sub = (struct envoy_type_matcher_v3_StringMatcher*)_upb_msg_new(&envoy_type_matcher_v3_StringMatcher_msginit, arena);
+ if (!sub) return NULL;
+ envoy_type_matcher_v3_ValueMatcher_set_string_match(msg, sub);
+ }
+ return sub;
+}
+UPB_INLINE void envoy_type_matcher_v3_ValueMatcher_set_bool_match(envoy_type_matcher_v3_ValueMatcher *msg, bool value) {
+ UPB_WRITE_ONEOF(msg, bool, UPB_SIZE(0, 0), value, UPB_SIZE(4, 8), 4);
+}
+UPB_INLINE void envoy_type_matcher_v3_ValueMatcher_set_present_match(envoy_type_matcher_v3_ValueMatcher *msg, bool value) {
+ UPB_WRITE_ONEOF(msg, bool, UPB_SIZE(0, 0), value, UPB_SIZE(4, 8), 5);
+}
+UPB_INLINE void envoy_type_matcher_v3_ValueMatcher_set_list_match(envoy_type_matcher_v3_ValueMatcher *msg, envoy_type_matcher_v3_ListMatcher* value) {
+ UPB_WRITE_ONEOF(msg, envoy_type_matcher_v3_ListMatcher*, UPB_SIZE(0, 0), value, UPB_SIZE(4, 8), 6);
+}
+UPB_INLINE struct envoy_type_matcher_v3_ListMatcher* envoy_type_matcher_v3_ValueMatcher_mutable_list_match(envoy_type_matcher_v3_ValueMatcher *msg, upb_arena *arena) {
+ struct envoy_type_matcher_v3_ListMatcher* sub = (struct envoy_type_matcher_v3_ListMatcher*)envoy_type_matcher_v3_ValueMatcher_list_match(msg);
+ if (sub == NULL) {
+ sub = (struct envoy_type_matcher_v3_ListMatcher*)_upb_msg_new(&envoy_type_matcher_v3_ListMatcher_msginit, arena);
+ if (!sub) return NULL;
+ envoy_type_matcher_v3_ValueMatcher_set_list_match(msg, sub);
+ }
+ return sub;
+}
+
+/* envoy.type.matcher.v3.ValueMatcher.NullMatch */
+
+UPB_INLINE envoy_type_matcher_v3_ValueMatcher_NullMatch *envoy_type_matcher_v3_ValueMatcher_NullMatch_new(upb_arena *arena) {
+ return (envoy_type_matcher_v3_ValueMatcher_NullMatch *)_upb_msg_new(&envoy_type_matcher_v3_ValueMatcher_NullMatch_msginit, arena);
+}
+UPB_INLINE envoy_type_matcher_v3_ValueMatcher_NullMatch *envoy_type_matcher_v3_ValueMatcher_NullMatch_parse(const char *buf, size_t size,
+ upb_arena *arena) {
+ envoy_type_matcher_v3_ValueMatcher_NullMatch *ret = envoy_type_matcher_v3_ValueMatcher_NullMatch_new(arena);
+ return (ret && upb_decode(buf, size, ret, &envoy_type_matcher_v3_ValueMatcher_NullMatch_msginit, arena)) ? ret : NULL;
+}
+UPB_INLINE char *envoy_type_matcher_v3_ValueMatcher_NullMatch_serialize(const envoy_type_matcher_v3_ValueMatcher_NullMatch *msg, upb_arena *arena, size_t *len) {
+ return upb_encode(msg, &envoy_type_matcher_v3_ValueMatcher_NullMatch_msginit, arena, len);
+}
+
+
+
+/* envoy.type.matcher.v3.ListMatcher */
+
+UPB_INLINE envoy_type_matcher_v3_ListMatcher *envoy_type_matcher_v3_ListMatcher_new(upb_arena *arena) {
+ return (envoy_type_matcher_v3_ListMatcher *)_upb_msg_new(&envoy_type_matcher_v3_ListMatcher_msginit, arena);
+}
+UPB_INLINE envoy_type_matcher_v3_ListMatcher *envoy_type_matcher_v3_ListMatcher_parse(const char *buf, size_t size,
+ upb_arena *arena) {
+ envoy_type_matcher_v3_ListMatcher *ret = envoy_type_matcher_v3_ListMatcher_new(arena);
+ return (ret && upb_decode(buf, size, ret, &envoy_type_matcher_v3_ListMatcher_msginit, arena)) ? ret : NULL;
+}
+UPB_INLINE char *envoy_type_matcher_v3_ListMatcher_serialize(const envoy_type_matcher_v3_ListMatcher *msg, upb_arena *arena, size_t *len) {
+ return upb_encode(msg, &envoy_type_matcher_v3_ListMatcher_msginit, arena, len);
+}
+
+typedef enum {
+ envoy_type_matcher_v3_ListMatcher_match_pattern_one_of = 1,
+ envoy_type_matcher_v3_ListMatcher_match_pattern_NOT_SET = 0
+} envoy_type_matcher_v3_ListMatcher_match_pattern_oneofcases;
+UPB_INLINE envoy_type_matcher_v3_ListMatcher_match_pattern_oneofcases envoy_type_matcher_v3_ListMatcher_match_pattern_case(const envoy_type_matcher_v3_ListMatcher* msg) { return (envoy_type_matcher_v3_ListMatcher_match_pattern_oneofcases)*UPB_PTR_AT(msg, UPB_SIZE(4, 8), int32_t); }
+
+UPB_INLINE bool envoy_type_matcher_v3_ListMatcher_has_one_of(const envoy_type_matcher_v3_ListMatcher *msg) { return _upb_getoneofcase(msg, UPB_SIZE(4, 8)) == 1; }
+UPB_INLINE const envoy_type_matcher_v3_ValueMatcher* envoy_type_matcher_v3_ListMatcher_one_of(const envoy_type_matcher_v3_ListMatcher *msg) { return UPB_READ_ONEOF(msg, const envoy_type_matcher_v3_ValueMatcher*, UPB_SIZE(0, 0), UPB_SIZE(4, 8), 1, NULL); }
+
+UPB_INLINE void envoy_type_matcher_v3_ListMatcher_set_one_of(envoy_type_matcher_v3_ListMatcher *msg, envoy_type_matcher_v3_ValueMatcher* value) {
+ UPB_WRITE_ONEOF(msg, envoy_type_matcher_v3_ValueMatcher*, UPB_SIZE(0, 0), value, UPB_SIZE(4, 8), 1);
+}
+UPB_INLINE struct envoy_type_matcher_v3_ValueMatcher* envoy_type_matcher_v3_ListMatcher_mutable_one_of(envoy_type_matcher_v3_ListMatcher *msg, upb_arena *arena) {
+ struct envoy_type_matcher_v3_ValueMatcher* sub = (struct envoy_type_matcher_v3_ValueMatcher*)envoy_type_matcher_v3_ListMatcher_one_of(msg);
+ if (sub == NULL) {
+ sub = (struct envoy_type_matcher_v3_ValueMatcher*)_upb_msg_new(&envoy_type_matcher_v3_ValueMatcher_msginit, arena);
+ if (!sub) return NULL;
+ envoy_type_matcher_v3_ListMatcher_set_one_of(msg, sub);
+ }
+ return sub;
+}
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#include "upb/port_undef.inc"
+
+#endif /* ENVOY_TYPE_MATCHER_V3_VALUE_PROTO_UPB_H_ */
diff --git a/src/core/lib/security/authorization/authorization_engine.cc b/src/core/lib/security/authorization/authorization_engine.cc
new file mode 100644
index 00000000000..61d2e6d4af8
--- /dev/null
+++ b/src/core/lib/security/authorization/authorization_engine.cc
@@ -0,0 +1,77 @@
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include
+
+#include "absl/memory/memory.h"
+
+#include "src/core/lib/security/authorization/authorization_engine.h"
+
+namespace grpc_core {
+
+std::unique_ptr
+AuthorizationEngine::CreateAuthorizationEngine(
+ const std::vector& rbac_policies) {
+ if (rbac_policies.size() < 1 || rbac_policies.size() > 2) {
+ gpr_log(GPR_ERROR,
+ "Invalid rbac policies vector. Must contain either one or two rbac "
+ "policies.");
+ return nullptr;
+ } else if (rbac_policies.size() == 2 &&
+ (envoy_config_rbac_v3_RBAC_action(rbac_policies[0]) != kDeny ||
+ envoy_config_rbac_v3_RBAC_action(rbac_policies[1]) != kAllow)) {
+ gpr_log(GPR_ERROR,
+ "Invalid rbac policies vector. Must contain one deny \
+ policy and one allow policy, in that order.");
+ return nullptr;
+ } else {
+ return absl::make_unique(rbac_policies);
+ }
+}
+
+AuthorizationEngine::AuthorizationEngine(
+ const std::vector& rbac_policies) {
+ for (const auto& rbac_policy : rbac_policies) {
+ // Extract array of policies and store their condition fields in either
+ // allow_if_matched_ or deny_if_matched_, depending on the policy action.
+ upb::Arena temp_arena;
+ size_t policy_num = UPB_MAP_BEGIN;
+ const envoy_config_rbac_v3_RBAC_PoliciesEntry* policy_entry;
+ while ((policy_entry = envoy_config_rbac_v3_RBAC_policies_next(
+ rbac_policy, &policy_num)) != nullptr) {
+ const upb_strview policy_name_strview =
+ envoy_config_rbac_v3_RBAC_PoliciesEntry_key(policy_entry);
+ const std::string policy_name(policy_name_strview.data,
+ policy_name_strview.size);
+ const envoy_config_rbac_v3_Policy* policy =
+ envoy_config_rbac_v3_RBAC_PoliciesEntry_value(policy_entry);
+ const google_api_expr_v1alpha1_Expr* condition =
+ envoy_config_rbac_v3_Policy_condition(policy);
+ // Parse condition to make a pointer tied to the lifetime of arena_.
+ size_t serial_len;
+ const char* serialized = google_api_expr_v1alpha1_Expr_serialize(
+ condition, temp_arena.ptr(), &serial_len);
+ const google_api_expr_v1alpha1_Expr* parsed_condition =
+ google_api_expr_v1alpha1_Expr_parse(serialized, serial_len,
+ arena_.ptr());
+ if (envoy_config_rbac_v3_RBAC_action(rbac_policy) == kAllow) {
+ allow_if_matched_.insert(std::make_pair(policy_name, parsed_condition));
+ } else {
+ deny_if_matched_.insert(std::make_pair(policy_name, parsed_condition));
+ }
+ }
+ }
+}
+
+} // namespace grpc_core
diff --git a/src/core/lib/security/authorization/authorization_engine.h b/src/core/lib/security/authorization/authorization_engine.h
new file mode 100644
index 00000000000..406cebbc452
--- /dev/null
+++ b/src/core/lib/security/authorization/authorization_engine.h
@@ -0,0 +1,74 @@
+
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
+#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
+
+#include
+
+#include
+#include