From 1fee3d72becb61ce8d6586bfe664a2ec646e5ef1 Mon Sep 17 00:00:00 2001
From: Ashitha Santhosh <55257063+ashithasantosh@users.noreply.github.com>
Date: Mon, 14 Feb 2022 11:44:15 -0800
Subject: [PATCH] remove SDK term from gRPC authz (#28843)
---
BUILD | 4 +-
CMakeLists.txt | 110 +++++++++---------
Makefile | 4 +-
build_autogenerated.yaml | 48 ++++----
config.m4 | 2 +-
config.w32 | 2 +-
doc/environment_variables.md | 2 +-
gRPC-C++.podspec | 4 +-
gRPC-Core.podspec | 8 +-
grpc.gemspec | 4 +-
grpc.gyp | 6 +-
include/grpc/grpc_security.h | 8 +-
package.xml | 4 +-
.../grpc_authorization_policy_provider.cc | 6 +-
.../grpc_authorization_policy_provider.h | 4 +-
..._filter.cc => grpc_server_authz_filter.cc} | 30 ++---
...hz_filter.h => grpc_server_authz_filter.h} | 12 +-
.../security/authorization/rbac_translator.cc | 2 +-
src/core/lib/surface/init.cc | 14 +--
src/python/grpcio/grpc_core_dependencies.py | 2 +-
test/core/end2end/end2end_tests.cc | 16 +--
test/core/end2end/generate_tests.bzl | 2 +-
.../tests/{sdk_authz.cc => grpc_authz.cc} | 4 +-
test/core/security/rbac_translator_test.cc | 2 +-
test/cpp/end2end/BUILD | 4 +-
...end_test.cc => grpc_authz_end2end_test.cc} | 44 +++----
tools/doxygen/Doxyfile.c++.internal | 4 +-
tools/doxygen/Doxyfile.core.internal | 4 +-
tools/run_tests/generated/tests.json | 48 ++++----
29 files changed, 203 insertions(+), 201 deletions(-)
rename src/core/lib/security/authorization/{sdk_server_authz_filter.cc => grpc_server_authz_filter.cc} (81%)
rename src/core/lib/security/authorization/{sdk_server_authz_filter.h => grpc_server_authz_filter.h} (81%)
rename test/core/end2end/tests/{sdk_authz.cc => grpc_authz.cc} (99%)
rename test/cpp/end2end/{sdk_authz_end2end_test.cc => grpc_authz_end2end_test.cc} (95%)
diff --git a/BUILD b/BUILD
index 3058c0f7335..4b4a7f036d7 100644
--- a/BUILD
+++ b/BUILD
@@ -3564,13 +3564,13 @@ grpc_cc_library(
srcs = [
"src/core/lib/security/authorization/authorization_policy_provider_vtable.cc",
"src/core/lib/security/authorization/evaluate_args.cc",
- "src/core/lib/security/authorization/sdk_server_authz_filter.cc",
+ "src/core/lib/security/authorization/grpc_server_authz_filter.cc",
],
hdrs = [
"src/core/lib/security/authorization/authorization_engine.h",
"src/core/lib/security/authorization/authorization_policy_provider.h",
"src/core/lib/security/authorization/evaluate_args.h",
- "src/core/lib/security/authorization/sdk_server_authz_filter.h",
+ "src/core/lib/security/authorization/grpc_server_authz_filter.h",
],
external_deps = [
"absl/strings",
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3dc6e64dcd4..b5a69553ddb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -872,6 +872,7 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx google_mesh_ca_certificate_provider_factory_test)
add_dependencies(buildtests_cxx grpc_authorization_engine_test)
add_dependencies(buildtests_cxx grpc_authorization_policy_provider_test)
+ add_dependencies(buildtests_cxx grpc_authz_end2end_test)
add_dependencies(buildtests_cxx grpc_cli)
add_dependencies(buildtests_cxx grpc_tls_certificate_distributor_test)
add_dependencies(buildtests_cxx grpc_tls_certificate_provider_test)
@@ -957,7 +958,6 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx retry_throttle_test)
add_dependencies(buildtests_cxx rls_end2end_test)
add_dependencies(buildtests_cxx rls_lb_config_parser_test)
- add_dependencies(buildtests_cxx sdk_authz_end2end_test)
add_dependencies(buildtests_cxx secure_auth_context_test)
add_dependencies(buildtests_cxx seq_test)
add_dependencies(buildtests_cxx server_builder_plugin_test)
@@ -1287,6 +1287,7 @@ add_library(end2end_tests
test/core/end2end/tests/filter_latency.cc
test/core/end2end/tests/filter_status_code.cc
test/core/end2end/tests/graceful_server_shutdown.cc
+ test/core/end2end/tests/grpc_authz.cc
test/core/end2end/tests/high_initial_seqno.cc
test/core/end2end/tests/hpack_size.cc
test/core/end2end/tests/idempotent_request.cc
@@ -1339,7 +1340,6 @@ add_library(end2end_tests
test/core/end2end/tests/retry_transparent_goaway.cc
test/core/end2end/tests/retry_transparent_max_concurrent_streams.cc
test/core/end2end/tests/retry_transparent_not_sent_on_wire.cc
- test/core/end2end/tests/sdk_authz.cc
test/core/end2end/tests/server_finishes_request.cc
test/core/end2end/tests/server_streaming.cc
test/core/end2end/tests/shutdown_finishes_calls.cc
@@ -2112,9 +2112,9 @@ add_library(grpc
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
+ src/core/lib/security/authorization/grpc_server_authz_filter.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/sdk_server_authz_filter.cc
src/core/lib/security/context/security_context.cc
src/core/lib/security/credentials/alts/alts_credentials.cc
src/core/lib/security/credentials/alts/check_gcp_environment.cc
@@ -2759,7 +2759,7 @@ add_library(grpc_unsecure
src/core/lib/resource_quota/trace.cc
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/sdk_server_authz_filter.cc
+ src/core/lib/security/authorization/grpc_server_authz_filter.cc
src/core/lib/security/context/security_context.cc
src/core/lib/security/credentials/composite/composite_credentials.cc
src/core/lib/security/credentials/credentials.cc
@@ -11059,6 +11059,57 @@ target_link_libraries(grpc_authorization_policy_provider_test
)
+endif()
+if(gRPC_BUILD_TESTS)
+
+add_executable(grpc_authz_end2end_test
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.pb.cc
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.grpc.pb.cc
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.pb.h
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.grpc.pb.h
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.pb.cc
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.grpc.pb.cc
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.pb.h
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.grpc.pb.h
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.cc
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.cc
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.h
+ ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.h
+ src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
+ src/core/lib/security/authorization/rbac_translator.cc
+ src/cpp/server/authorization_policy_provider.cc
+ test/cpp/end2end/grpc_authz_end2end_test.cc
+ test/cpp/end2end/test_service_impl.cc
+ third_party/googletest/googletest/src/gtest-all.cc
+ third_party/googletest/googlemock/src/gmock-all.cc
+)
+
+target_include_directories(grpc_authz_end2end_test
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/include
+ ${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}
+ ${_gRPC_RE2_INCLUDE_DIR}
+ ${_gRPC_SSL_INCLUDE_DIR}
+ ${_gRPC_UPB_GENERATED_DIR}
+ ${_gRPC_UPB_GRPC_GENERATED_DIR}
+ ${_gRPC_UPB_INCLUDE_DIR}
+ ${_gRPC_XXHASH_INCLUDE_DIR}
+ ${_gRPC_ZLIB_INCLUDE_DIR}
+ third_party/googletest/googletest/include
+ third_party/googletest/googletest
+ third_party/googletest/googlemock/include
+ third_party/googletest/googlemock
+ ${_gRPC_PROTO_GENS_DIR}
+)
+
+target_link_libraries(grpc_authz_end2end_test
+ ${_gRPC_PROTOBUF_LIBRARIES}
+ ${_gRPC_ALLTARGETS_LIBRARIES}
+ grpc++_test_util
+)
+
+
endif()
if(gRPC_BUILD_TESTS)
@@ -14464,57 +14515,6 @@ target_link_libraries(rls_lb_config_parser_test
)
-endif()
-if(gRPC_BUILD_TESTS)
-
-add_executable(sdk_authz_end2end_test
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.pb.cc
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.grpc.pb.cc
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.pb.h
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo.grpc.pb.h
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.pb.cc
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.grpc.pb.cc
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.pb.h
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/echo_messages.grpc.pb.h
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.cc
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.cc
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.h
- ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/rbac_translator.cc
- src/cpp/server/authorization_policy_provider.cc
- test/cpp/end2end/sdk_authz_end2end_test.cc
- test/cpp/end2end/test_service_impl.cc
- third_party/googletest/googletest/src/gtest-all.cc
- third_party/googletest/googlemock/src/gmock-all.cc
-)
-
-target_include_directories(sdk_authz_end2end_test
- PRIVATE
- ${CMAKE_CURRENT_SOURCE_DIR}
- ${CMAKE_CURRENT_SOURCE_DIR}/include
- ${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}
- ${_gRPC_RE2_INCLUDE_DIR}
- ${_gRPC_SSL_INCLUDE_DIR}
- ${_gRPC_UPB_GENERATED_DIR}
- ${_gRPC_UPB_GRPC_GENERATED_DIR}
- ${_gRPC_UPB_INCLUDE_DIR}
- ${_gRPC_XXHASH_INCLUDE_DIR}
- ${_gRPC_ZLIB_INCLUDE_DIR}
- third_party/googletest/googletest/include
- third_party/googletest/googletest
- third_party/googletest/googlemock/include
- third_party/googletest/googlemock
- ${_gRPC_PROTO_GENS_DIR}
-)
-
-target_link_libraries(sdk_authz_end2end_test
- ${_gRPC_PROTOBUF_LIBRARIES}
- ${_gRPC_ALLTARGETS_LIBRARIES}
- grpc++_test_util
-)
-
-
endif()
if(gRPC_BUILD_TESTS)
diff --git a/Makefile b/Makefile
index 79cc47da74f..8b742100131 100644
--- a/Makefile
+++ b/Makefile
@@ -1559,9 +1559,9 @@ LIBGRPC_SRC = \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
+ src/core/lib/security/authorization/grpc_server_authz_filter.cc \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/rbac_policy.cc \
- src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \
src/core/lib/security/credentials/alts/check_gcp_environment.cc \
@@ -2053,7 +2053,7 @@ LIBGRPC_UNSECURE_SRC = \
src/core/lib/resource_quota/trace.cc \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
- src/core/lib/security/authorization/sdk_server_authz_filter.cc \
+ src/core/lib/security/authorization/grpc_server_authz_filter.cc \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/composite/composite_credentials.cc \
src/core/lib/security/credentials/credentials.cc \
diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml
index 40eaccfe5c7..7feb237093c 100644
--- a/build_autogenerated.yaml
+++ b/build_autogenerated.yaml
@@ -199,6 +199,7 @@ libs:
- test/core/end2end/tests/filter_latency.cc
- test/core/end2end/tests/filter_status_code.cc
- test/core/end2end/tests/graceful_server_shutdown.cc
+ - test/core/end2end/tests/grpc_authz.cc
- test/core/end2end/tests/high_initial_seqno.cc
- test/core/end2end/tests/hpack_size.cc
- test/core/end2end/tests/idempotent_request.cc
@@ -251,7 +252,6 @@ libs:
- test/core/end2end/tests/retry_transparent_goaway.cc
- test/core/end2end/tests/retry_transparent_max_concurrent_streams.cc
- test/core/end2end/tests/retry_transparent_not_sent_on_wire.cc
- - test/core/end2end/tests/sdk_authz.cc
- test/core/end2end/tests/server_finishes_request.cc
- test/core/end2end/tests/server_streaming.cc
- test/core/end2end/tests/shutdown_finishes_calls.cc
@@ -959,9 +959,9 @@ libs:
- src/core/lib/security/authorization/authorization_policy_provider.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
+ - src/core/lib/security/authorization/grpc_server_authz_filter.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- - src/core/lib/security/authorization/sdk_server_authz_filter.h
- src/core/lib/security/context/security_context.h
- src/core/lib/security/credentials/alts/alts_credentials.h
- src/core/lib/security/credentials/alts/check_gcp_environment.h
@@ -1612,9 +1612,9 @@ libs:
- src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
+ - src/core/lib/security/authorization/grpc_server_authz_filter.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- - src/core/lib/security/authorization/sdk_server_authz_filter.cc
- src/core/lib/security/context/security_context.cc
- src/core/lib/security/credentials/alts/alts_credentials.cc
- src/core/lib/security/credentials/alts/check_gcp_environment.cc
@@ -2134,7 +2134,7 @@ libs:
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/authorization_policy_provider.h
- src/core/lib/security/authorization/evaluate_args.h
- - src/core/lib/security/authorization/sdk_server_authz_filter.h
+ - src/core/lib/security/authorization/grpc_server_authz_filter.h
- src/core/lib/security/context/security_context.h
- src/core/lib/security/credentials/channel_creds_registry.h
- src/core/lib/security/credentials/composite/composite_credentials.h
@@ -2441,7 +2441,7 @@ libs:
- src/core/lib/resource_quota/trace.cc
- src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
- src/core/lib/security/authorization/evaluate_args.cc
- - src/core/lib/security/authorization/sdk_server_authz_filter.cc
+ - src/core/lib/security/authorization/grpc_server_authz_filter.cc
- src/core/lib/security/context/security_context.cc
- src/core/lib/security/credentials/composite/composite_credentials.cc
- src/core/lib/security/credentials/credentials.cc
@@ -6090,6 +6090,25 @@ targets:
- test/core/security/grpc_authorization_policy_provider_test.cc
deps:
- grpc_test_util
+- name: grpc_authz_end2end_test
+ gtest: true
+ build: test
+ language: c++
+ headers:
+ - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
+ - src/core/lib/security/authorization/rbac_translator.h
+ - test/cpp/end2end/test_service_impl.h
+ src:
+ - src/proto/grpc/testing/echo.proto
+ - src/proto/grpc/testing/echo_messages.proto
+ - src/proto/grpc/testing/simple_messages.proto
+ - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
+ - src/core/lib/security/authorization/rbac_translator.cc
+ - src/cpp/server/authorization_policy_provider.cc
+ - test/cpp/end2end/grpc_authz_end2end_test.cc
+ - test/cpp/end2end/test_service_impl.cc
+ deps:
+ - grpc++_test_util
- name: grpc_cli
build: test
run: false
@@ -7510,25 +7529,6 @@ targets:
- test/core/client_channel/rls_lb_config_parser_test.cc
deps:
- grpc_test_util
-- name: sdk_authz_end2end_test
- gtest: true
- build: test
- language: c++
- headers:
- - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- - src/core/lib/security/authorization/rbac_translator.h
- - test/cpp/end2end/test_service_impl.h
- src:
- - src/proto/grpc/testing/echo.proto
- - src/proto/grpc/testing/echo_messages.proto
- - src/proto/grpc/testing/simple_messages.proto
- - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- - src/core/lib/security/authorization/rbac_translator.cc
- - src/cpp/server/authorization_policy_provider.cc
- - test/cpp/end2end/sdk_authz_end2end_test.cc
- - test/cpp/end2end/test_service_impl.cc
- deps:
- - grpc++_test_util
- name: secure_auth_context_test
gtest: true
build: test
diff --git a/config.m4 b/config.m4
index 3e678866504..b8f82ef573c 100644
--- a/config.m4
+++ b/config.m4
@@ -621,9 +621,9 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
+ src/core/lib/security/authorization/grpc_server_authz_filter.cc \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/rbac_policy.cc \
- src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \
src/core/lib/security/credentials/alts/check_gcp_environment.cc \
diff --git a/config.w32 b/config.w32
index eba85230be1..a03c8886221 100644
--- a/config.w32
+++ b/config.w32
@@ -587,9 +587,9 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\security\\authorization\\authorization_policy_provider_vtable.cc " +
"src\\core\\lib\\security\\authorization\\evaluate_args.cc " +
"src\\core\\lib\\security\\authorization\\grpc_authorization_engine.cc " +
+ "src\\core\\lib\\security\\authorization\\grpc_server_authz_filter.cc " +
"src\\core\\lib\\security\\authorization\\matchers.cc " +
"src\\core\\lib\\security\\authorization\\rbac_policy.cc " +
- "src\\core\\lib\\security\\authorization\\sdk_server_authz_filter.cc " +
"src\\core\\lib\\security\\context\\security_context.cc " +
"src\\core\\lib\\security\\credentials\\alts\\alts_credentials.cc " +
"src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment.cc " +
diff --git a/doc/environment_variables.md b/doc/environment_variables.md
index 3c5e49010d6..67c5240eaa0 100644
--- a/doc/environment_variables.md
+++ b/doc/environment_variables.md
@@ -81,7 +81,7 @@ some configuration as environment variables that can be set.
- rls_lb - traces the RLS load balancing policy
- round_robin - traces the round_robin load balancing policy
- queue_pluck
- - sdk_authz - traces sdk authorization
+ - grpc_authz_api - traces gRPC authorization
- server_channel - lightweight trace of significant server channel events
- secure_endpoint - traces bytes flowing through encrypted channels
- subchannel - traces the connectivity state of subchannel
diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec
index b29b703a658..a696ec18e5a 100644
--- a/gRPC-C++.podspec
+++ b/gRPC-C++.podspec
@@ -811,9 +811,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/alts/check_gcp_environment.h',
@@ -1609,9 +1609,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/alts/check_gcp_environment.h',
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
index b8114518b49..1a845d5a6b8 100644
--- a/gRPC-Core.podspec
+++ b/gRPC-Core.podspec
@@ -1331,12 +1331,12 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.cc',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.h',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/rbac_policy.h',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.cc',
@@ -2207,9 +2207,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/alts/check_gcp_environment.h',
@@ -2451,6 +2451,7 @@ Pod::Spec.new do |s|
'test/core/end2end/tests/filter_latency.cc',
'test/core/end2end/tests/filter_status_code.cc',
'test/core/end2end/tests/graceful_server_shutdown.cc',
+ 'test/core/end2end/tests/grpc_authz.cc',
'test/core/end2end/tests/high_initial_seqno.cc',
'test/core/end2end/tests/hpack_size.cc',
'test/core/end2end/tests/idempotent_request.cc',
@@ -2503,7 +2504,6 @@ Pod::Spec.new do |s|
'test/core/end2end/tests/retry_transparent_goaway.cc',
'test/core/end2end/tests/retry_transparent_max_concurrent_streams.cc',
'test/core/end2end/tests/retry_transparent_not_sent_on_wire.cc',
- 'test/core/end2end/tests/sdk_authz.cc',
'test/core/end2end/tests/server_finishes_request.cc',
'test/core/end2end/tests/server_streaming.cc',
'test/core/end2end/tests/shutdown_finishes_calls.cc',
diff --git a/grpc.gemspec b/grpc.gemspec
index 41c08b2bdc3..199d7d81ff5 100644
--- a/grpc.gemspec
+++ b/grpc.gemspec
@@ -1250,12 +1250,12 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/authorization/evaluate_args.h )
s.files += %w( src/core/lib/security/authorization/grpc_authorization_engine.cc )
s.files += %w( src/core/lib/security/authorization/grpc_authorization_engine.h )
+ s.files += %w( src/core/lib/security/authorization/grpc_server_authz_filter.cc )
+ s.files += %w( src/core/lib/security/authorization/grpc_server_authz_filter.h )
s.files += %w( src/core/lib/security/authorization/matchers.cc )
s.files += %w( src/core/lib/security/authorization/matchers.h )
s.files += %w( src/core/lib/security/authorization/rbac_policy.cc )
s.files += %w( src/core/lib/security/authorization/rbac_policy.h )
- s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.cc )
- s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.h )
s.files += %w( src/core/lib/security/context/security_context.cc )
s.files += %w( src/core/lib/security/context/security_context.h )
s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.cc )
diff --git a/grpc.gyp b/grpc.gyp
index 536d576eae5..d6e516e3cf9 100644
--- a/grpc.gyp
+++ b/grpc.gyp
@@ -329,6 +329,7 @@
'test/core/end2end/tests/filter_latency.cc',
'test/core/end2end/tests/filter_status_code.cc',
'test/core/end2end/tests/graceful_server_shutdown.cc',
+ 'test/core/end2end/tests/grpc_authz.cc',
'test/core/end2end/tests/high_initial_seqno.cc',
'test/core/end2end/tests/hpack_size.cc',
'test/core/end2end/tests/idempotent_request.cc',
@@ -381,7 +382,6 @@
'test/core/end2end/tests/retry_transparent_goaway.cc',
'test/core/end2end/tests/retry_transparent_max_concurrent_streams.cc',
'test/core/end2end/tests/retry_transparent_not_sent_on_wire.cc',
- 'test/core/end2end/tests/sdk_authz.cc',
'test/core/end2end/tests/server_finishes_request.cc',
'test/core/end2end/tests/server_streaming.cc',
'test/core/end2end/tests/shutdown_finishes_calls.cc',
@@ -1015,9 +1015,9 @@
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc',
'src/core/lib/security/credentials/alts/check_gcp_environment.cc',
@@ -1482,7 +1482,7 @@
'src/core/lib/resource_quota/trace.cc',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.cc',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/composite/composite_credentials.cc',
'src/core/lib/security/credentials/credentials.cc',
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 6f86d1894ce..a90904e7d67 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -1192,9 +1192,9 @@ typedef struct grpc_authorization_policy_provider
/**
* EXPERIMENTAL - Subject to change.
- * Creates a grpc_authorization_policy_provider using SDK authorization policy
+ * Creates a grpc_authorization_policy_provider using gRPC authorization policy
* from static string.
- * - authz_policy is the input SDK authorization policy.
+ * - authz_policy is the input gRPC authorization policy.
* - code is the error status code on failure. On success, it equals
* GRPC_STATUS_OK.
* - error_details contains details about the error if any. If the
@@ -1208,9 +1208,9 @@ grpc_authorization_policy_provider_static_data_create(
/**
* EXPERIMENTAL - Subject to change.
- * Creates a grpc_authorization_policy_provider by watching for SDK
+ * Creates a grpc_authorization_policy_provider by watching for gRPC
* authorization policy changes in filesystem.
- * - authz_policy is the file path of SDK authorization policy.
+ * - authz_policy is the file path of gRPC authorization policy.
* - refresh_interval_sec is the amount of time the internal thread would wait
* before checking for file updates.
* - code is the error status code on failure. On success, it equals
diff --git a/package.xml b/package.xml
index 8e803c3f91e..a4ab59c309d 100644
--- a/package.xml
+++ b/package.xml
@@ -1230,12 +1230,12 @@
+
+
-
-
diff --git a/src/core/lib/security/authorization/grpc_authorization_policy_provider.cc b/src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
index 267b94d3cc9..bbc69de7c23 100644
--- a/src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
+++ b/src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
@@ -25,7 +25,7 @@
namespace grpc_core {
-extern TraceFlag grpc_sdk_authz_trace;
+extern TraceFlag grpc_authz_trace;
absl::StatusOr>
StaticDataAuthorizationPolicyProvider::Create(absl::string_view authz_policy) {
@@ -103,7 +103,7 @@ FileWatcherAuthorizationPolicyProvider::FileWatcherAuthorizationPolicyProvider(
return;
}
absl::Status status = provider->ForceUpdate();
- if (GRPC_TRACE_FLAG_ENABLED(grpc_sdk_authz_trace) && !status.ok()) {
+ if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace) && !status.ok()) {
gpr_log(GPR_ERROR,
"authorization policy reload status. code=%d error_details=%s",
status.code(), std::string(status.message()).c_str());
@@ -135,7 +135,7 @@ absl::Status FileWatcherAuthorizationPolicyProvider::ForceUpdate() {
std::move(rbac_policies_or->allow_policy));
deny_engine_ = MakeRefCounted(
std::move(rbac_policies_or->deny_policy));
- if (GRPC_TRACE_FLAG_ENABLED(grpc_sdk_authz_trace)) {
+ if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
gpr_log(GPR_INFO,
"authorization policy reload status: successfully loaded new "
"policy\n%s",
diff --git a/src/core/lib/security/authorization/grpc_authorization_policy_provider.h b/src/core/lib/security/authorization/grpc_authorization_policy_provider.h
index e897e6b1c51..1d59252c787 100644
--- a/src/core/lib/security/authorization/grpc_authorization_policy_provider.h
+++ b/src/core/lib/security/authorization/grpc_authorization_policy_provider.h
@@ -28,7 +28,7 @@
namespace grpc_core {
-// Provider class will get SDK Authorization policy from string during
+// Provider class will get gRPC Authorization policy from string during
// initialization. This policy will be translated to Envoy RBAC policies and
// used to initialize allow and deny AuthorizationEngine objects. This provider
// will return the same authorization engines everytime.
@@ -53,7 +53,7 @@ class StaticDataAuthorizationPolicyProvider
RefCountedPtr deny_engine_;
};
-// Provider class will get SDK Authorization policy from provided file path.
+// Provider class will get gRPC Authorization policy from provided file path.
// This policy will be translated to Envoy RBAC policies and used to initialize
// allow and deny AuthorizationEngine objects. This provider will periodically
// load file contents in specified path, and upon modification update the engine
diff --git a/src/core/lib/security/authorization/sdk_server_authz_filter.cc b/src/core/lib/security/authorization/grpc_server_authz_filter.cc
similarity index 81%
rename from src/core/lib/security/authorization/sdk_server_authz_filter.cc
rename to src/core/lib/security/authorization/grpc_server_authz_filter.cc
index 5840cca9d81..b483678b05b 100644
--- a/src/core/lib/security/authorization/sdk_server_authz_filter.cc
+++ b/src/core/lib/security/authorization/grpc_server_authz_filter.cc
@@ -14,7 +14,7 @@
#include
-#include "src/core/lib/security/authorization/sdk_server_authz_filter.h"
+#include "src/core/lib/security/authorization/grpc_server_authz_filter.h"
#include "src/core/lib/channel/promise_based_filter.h"
#include "src/core/lib/security/authorization/evaluate_args.h"
@@ -22,16 +22,16 @@
namespace grpc_core {
-TraceFlag grpc_sdk_authz_trace(false, "sdk_authz");
+TraceFlag grpc_authz_trace(false, "grpc_authz_api");
-SdkServerAuthzFilter::SdkServerAuthzFilter(
+GrpcServerAuthzFilter::GrpcServerAuthzFilter(
RefCountedPtr auth_context, grpc_endpoint* endpoint,
RefCountedPtr provider)
: auth_context_(std::move(auth_context)),
per_channel_evaluate_args_(auth_context_.get(), endpoint),
provider_(std::move(provider)) {}
-absl::StatusOr SdkServerAuthzFilter::Create(
+absl::StatusOr GrpcServerAuthzFilter::Create(
const grpc_channel_args* args) {
grpc_auth_context* auth_context = grpc_find_auth_context_in_args(args);
grpc_authorization_policy_provider* provider =
@@ -40,18 +40,18 @@ absl::StatusOr SdkServerAuthzFilter::Create(
if (provider == nullptr) {
return absl::InvalidArgumentError("Failed to get authorization provider.");
}
- // grpc_endpoint isn't needed because the current SDK authorization policy
+ // grpc_endpoint isn't needed because the current gRPC authorization policy
// does not support any rules that requires looking for source or destination
// addresses.
- return SdkServerAuthzFilter(
+ return GrpcServerAuthzFilter(
auth_context != nullptr ? auth_context->Ref() : nullptr,
/*endpoint=*/nullptr, provider->Ref());
}
-bool SdkServerAuthzFilter::IsAuthorized(
+bool GrpcServerAuthzFilter::IsAuthorized(
const ClientInitialMetadata& initial_metadata) {
EvaluateArgs args(initial_metadata.get(), &per_channel_evaluate_args_);
- if (GRPC_TRACE_FLAG_ENABLED(grpc_sdk_authz_trace)) {
+ if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
gpr_log(GPR_DEBUG,
"checking request: url_path=%s, transport_security_type=%s, "
"uri_sans=[%s], dns_sans=[%s], subject=%s",
@@ -67,7 +67,7 @@ bool SdkServerAuthzFilter::IsAuthorized(
AuthorizationEngine::Decision decision =
engines.deny_engine->Evaluate(args);
if (decision.type == AuthorizationEngine::Decision::Type::kDeny) {
- if (GRPC_TRACE_FLAG_ENABLED(grpc_sdk_authz_trace)) {
+ if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
gpr_log(GPR_INFO, "chand=%p: request denied by policy %s.", this,
decision.matching_policy_name.c_str());
}
@@ -78,21 +78,21 @@ bool SdkServerAuthzFilter::IsAuthorized(
AuthorizationEngine::Decision decision =
engines.allow_engine->Evaluate(args);
if (decision.type == AuthorizationEngine::Decision::Type::kAllow) {
- if (GRPC_TRACE_FLAG_ENABLED(grpc_sdk_authz_trace)) {
+ if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
gpr_log(GPR_DEBUG, "chand=%p: request allowed by policy %s.", this,
decision.matching_policy_name.c_str());
}
return true;
}
}
- if (GRPC_TRACE_FLAG_ENABLED(grpc_sdk_authz_trace)) {
+ if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
gpr_log(GPR_INFO, "chand=%p: request denied, no matching policy found.",
this);
}
return false;
}
-ArenaPromise SdkServerAuthzFilter::MakeCallPromise(
+ArenaPromise GrpcServerAuthzFilter::MakeCallPromise(
ClientInitialMetadata initial_metadata,
NextPromiseFactory next_promise_factory) {
if (!IsAuthorized(initial_metadata)) {
@@ -102,8 +102,8 @@ ArenaPromise SdkServerAuthzFilter::MakeCallPromise(
return next_promise_factory(std::move(initial_metadata));
}
-const grpc_channel_filter SdkServerAuthzFilter::kFilterVtable =
- MakePromiseBasedFilter(
- "sdk-server-authz");
+const grpc_channel_filter GrpcServerAuthzFilter::kFilterVtable =
+ MakePromiseBasedFilter(
+ "grpc-server-authz");
} // namespace grpc_core
diff --git a/src/core/lib/security/authorization/sdk_server_authz_filter.h b/src/core/lib/security/authorization/grpc_server_authz_filter.h
similarity index 81%
rename from src/core/lib/security/authorization/sdk_server_authz_filter.h
rename to src/core/lib/security/authorization/grpc_server_authz_filter.h
index 88ed9389f48..e4c64461fba 100644
--- a/src/core/lib/security/authorization/sdk_server_authz_filter.h
+++ b/src/core/lib/security/authorization/grpc_server_authz_filter.h
@@ -12,8 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_SDK_SERVER_AUTHZ_FILTER_H
-#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_SDK_SERVER_AUTHZ_FILTER_H
+#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_GRPC_SERVER_AUTHZ_FILTER_H
+#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_GRPC_SERVER_AUTHZ_FILTER_H
#include
@@ -22,11 +22,11 @@
namespace grpc_core {
-class SdkServerAuthzFilter {
+class GrpcServerAuthzFilter {
public:
static const grpc_channel_filter kFilterVtable;
- static absl::StatusOr Create(
+ static absl::StatusOr Create(
const grpc_channel_args* args);
ArenaPromise MakeCallPromise(
@@ -34,7 +34,7 @@ class SdkServerAuthzFilter {
NextPromiseFactory next_promise_factory);
private:
- SdkServerAuthzFilter(
+ GrpcServerAuthzFilter(
RefCountedPtr auth_context, grpc_endpoint* endpoint,
RefCountedPtr provider);
@@ -47,4 +47,4 @@ class SdkServerAuthzFilter {
} // namespace grpc_core
-#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_SDK_SERVER_AUTHZ_FILTER_H
+#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_GRPC_SERVER_AUTHZ_FILTER_H
diff --git a/src/core/lib/security/authorization/rbac_translator.cc b/src/core/lib/security/authorization/rbac_translator.cc
index 6f0cd81ce9c..01d9c0eb949 100644
--- a/src/core/lib/security/authorization/rbac_translator.cc
+++ b/src/core/lib/security/authorization/rbac_translator.cc
@@ -319,7 +319,7 @@ absl::StatusOr GenerateRbacPolicies(
Json json = Json::Parse(authz_policy, &error);
if (error != GRPC_ERROR_NONE) {
absl::Status status = absl::InvalidArgumentError(
- absl::StrCat("Failed to parse SDK authorization policy. Error: ",
+ absl::StrCat("Failed to parse gRPC authorization policy. Error: ",
grpc_error_std_string(error)));
GRPC_ERROR_UNREF(error);
return status;
diff --git a/src/core/lib/surface/init.cc b/src/core/lib/surface/init.cc
index 27481d5f9ac..e4bf4f99ce4 100644
--- a/src/core/lib/surface/init.cc
+++ b/src/core/lib/surface/init.cc
@@ -46,7 +46,7 @@
#include "src/core/lib/iomgr/iomgr.h"
#include "src/core/lib/iomgr/timer_manager.h"
#include "src/core/lib/profiling/timers.h"
-#include "src/core/lib/security/authorization/sdk_server_authz_filter.h"
+#include "src/core/lib/security/authorization/grpc_server_authz_filter.h"
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/credentials/plugin/plugin_credentials.h"
@@ -104,14 +104,14 @@ static bool maybe_prepend_server_auth_filter(
return true;
}
-static bool maybe_prepend_sdk_server_authz_filter(
+static bool maybe_prepend_grpc_server_authz_filter(
grpc_core::ChannelStackBuilder* builder) {
const grpc_channel_args* args = builder->channel_args();
const auto* provider =
grpc_channel_args_find_pointer(
args, GRPC_ARG_AUTHORIZATION_POLICY_PROVIDER);
if (provider != nullptr) {
- builder->PrependFilter(&grpc_core::SdkServerAuthzFilter::kFilterVtable,
+ builder->PrependFilter(&grpc_core::GrpcServerAuthzFilter::kFilterVtable,
nullptr);
}
return true;
@@ -129,11 +129,11 @@ void RegisterSecurityFilters(CoreConfiguration::Builder* builder) {
maybe_prepend_client_auth_filter);
builder->channel_init()->RegisterStage(GRPC_SERVER_CHANNEL, INT_MAX - 1,
maybe_prepend_server_auth_filter);
- // Register the SdkServerAuthzFilter with a priority less than
- // server_auth_filter to allow server_auth_filter on which the sdk filter
+ // Register the GrpcServerAuthzFilter with a priority less than
+ // server_auth_filter to allow server_auth_filter on which the grpc filter
// depends on to be higher on the channel stack.
- builder->channel_init()->RegisterStage(GRPC_SERVER_CHANNEL, INT_MAX - 2,
- maybe_prepend_sdk_server_authz_filter);
+ builder->channel_init()->RegisterStage(
+ GRPC_SERVER_CHANNEL, INT_MAX - 2, maybe_prepend_grpc_server_authz_filter);
}
} // namespace grpc_core
diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py
index 009ed4a483e..24d72c29b23 100644
--- a/src/python/grpcio/grpc_core_dependencies.py
+++ b/src/python/grpcio/grpc_core_dependencies.py
@@ -596,9 +596,9 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
+ 'src/core/lib/security/authorization/grpc_server_authz_filter.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
- 'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc',
'src/core/lib/security/credentials/alts/check_gcp_environment.cc',
diff --git a/test/core/end2end/end2end_tests.cc b/test/core/end2end/end2end_tests.cc
index 0b984ff2f0d..6ae489877de 100644
--- a/test/core/end2end/end2end_tests.cc
+++ b/test/core/end2end/end2end_tests.cc
@@ -81,6 +81,8 @@ extern void filter_status_code(grpc_end2end_test_config config);
extern void filter_status_code_pre_init(void);
extern void graceful_server_shutdown(grpc_end2end_test_config config);
extern void graceful_server_shutdown_pre_init(void);
+extern void grpc_authz(grpc_end2end_test_config config);
+extern void grpc_authz_pre_init(void);
extern void high_initial_seqno(grpc_end2end_test_config config);
extern void high_initial_seqno_pre_init(void);
extern void hpack_size(grpc_end2end_test_config config);
@@ -185,8 +187,6 @@ extern void retry_transparent_max_concurrent_streams(grpc_end2end_test_config co
extern void retry_transparent_max_concurrent_streams_pre_init(void);
extern void retry_transparent_not_sent_on_wire(grpc_end2end_test_config config);
extern void retry_transparent_not_sent_on_wire_pre_init(void);
-extern void sdk_authz(grpc_end2end_test_config config);
-extern void sdk_authz_pre_init(void);
extern void server_finishes_request(grpc_end2end_test_config config);
extern void server_finishes_request_pre_init(void);
extern void server_streaming(grpc_end2end_test_config config);
@@ -241,6 +241,7 @@ void grpc_end2end_tests_pre_init(void) {
filter_latency_pre_init();
filter_status_code_pre_init();
graceful_server_shutdown_pre_init();
+ grpc_authz_pre_init();
high_initial_seqno_pre_init();
hpack_size_pre_init();
idempotent_request_pre_init();
@@ -293,7 +294,6 @@ void grpc_end2end_tests_pre_init(void) {
retry_transparent_goaway_pre_init();
retry_transparent_max_concurrent_streams_pre_init();
retry_transparent_not_sent_on_wire_pre_init();
- sdk_authz_pre_init();
server_finishes_request_pre_init();
server_streaming_pre_init();
shutdown_finishes_calls_pre_init();
@@ -342,6 +342,7 @@ void grpc_end2end_tests(int argc, char **argv,
filter_latency(config);
filter_status_code(config);
graceful_server_shutdown(config);
+ grpc_authz(config);
high_initial_seqno(config);
hpack_size(config);
idempotent_request(config);
@@ -394,7 +395,6 @@ void grpc_end2end_tests(int argc, char **argv,
retry_transparent_goaway(config);
retry_transparent_max_concurrent_streams(config);
retry_transparent_not_sent_on_wire(config);
- sdk_authz(config);
server_finishes_request(config);
server_streaming(config);
shutdown_finishes_calls(config);
@@ -515,6 +515,10 @@ void grpc_end2end_tests(int argc, char **argv,
graceful_server_shutdown(config);
continue;
}
+ if (0 == strcmp("grpc_authz", argv[i])) {
+ grpc_authz(config);
+ continue;
+ }
if (0 == strcmp("high_initial_seqno", argv[i])) {
high_initial_seqno(config);
continue;
@@ -723,10 +727,6 @@ void grpc_end2end_tests(int argc, char **argv,
retry_transparent_not_sent_on_wire(config);
continue;
}
- if (0 == strcmp("sdk_authz", argv[i])) {
- sdk_authz(config);
- continue;
- }
if (0 == strcmp("server_finishes_request", argv[i])) {
server_finishes_request(config);
continue;
diff --git a/test/core/end2end/generate_tests.bzl b/test/core/end2end/generate_tests.bzl
index 494b3312bd7..a85158c02e9 100755
--- a/test/core/end2end/generate_tests.bzl
+++ b/test/core/end2end/generate_tests.bzl
@@ -266,6 +266,7 @@ END2END_TESTS = {
"filter_init_fails": _test_options(),
"filter_context": _test_options(),
"graceful_server_shutdown": _test_options(exclude_inproc = True),
+ "grpc_authz": _test_options(secure = True),
"hpack_size": _test_options(
proxyable = False,
traceable = False,
@@ -366,7 +367,6 @@ END2END_TESTS = {
# See b/151617965
short_name = "retry_transparent_mcs",
),
- "sdk_authz": _test_options(secure = True),
"server_finishes_request": _test_options(),
"server_streaming": _test_options(needs_http2 = True),
"shutdown_finishes_calls": _test_options(),
diff --git a/test/core/end2end/tests/sdk_authz.cc b/test/core/end2end/tests/grpc_authz.cc
similarity index 99%
rename from test/core/end2end/tests/sdk_authz.cc
rename to test/core/end2end/tests/grpc_authz.cc
index 19e228bd4d5..f9fe1a28b8e 100644
--- a/test/core/end2end/tests/sdk_authz.cc
+++ b/test/core/end2end/tests/grpc_authz.cc
@@ -707,7 +707,7 @@ static void test_file_watcher_recovers_from_failure(
config.tear_down_data(&f);
}
-void sdk_authz(grpc_end2end_test_config config) {
+void grpc_authz(grpc_end2end_test_config config) {
test_static_init_allow_authorized_request(config);
test_static_init_deny_unauthorized_request(config);
test_static_init_deny_request_no_match_in_policy(config);
@@ -719,4 +719,4 @@ void sdk_authz(grpc_end2end_test_config config) {
test_file_watcher_recovers_from_failure(config);
}
-void sdk_authz_pre_init(void) {}
+void grpc_authz_pre_init(void) {}
diff --git a/test/core/security/rbac_translator_test.cc b/test/core/security/rbac_translator_test.cc
index 1290ae3a0ca..07f4abf64a6 100644
--- a/test/core/security/rbac_translator_test.cc
+++ b/test/core/security/rbac_translator_test.cc
@@ -62,7 +62,7 @@ TEST(GenerateRbacPoliciesTest, InvalidPolicy) {
EXPECT_EQ(rbac_policies.status().code(), absl::StatusCode::kInvalidArgument);
EXPECT_THAT(
std::string(rbac_policies.status().message()),
- ::testing::StartsWith("Failed to parse SDK authorization policy."));
+ ::testing::StartsWith("Failed to parse gRPC authorization policy."));
}
TEST(GenerateRbacPoliciesTest, MissingAuthorizationPolicyName) {
diff --git a/test/cpp/end2end/BUILD b/test/cpp/end2end/BUILD
index 00fa17ccbd7..2bae92a3b17 100644
--- a/test/cpp/end2end/BUILD
+++ b/test/cpp/end2end/BUILD
@@ -853,8 +853,8 @@ grpc_cc_test(
)
grpc_cc_test(
- name = "sdk_authz_end2end_test",
- srcs = ["sdk_authz_end2end_test.cc"],
+ name = "grpc_authz_end2end_test",
+ srcs = ["grpc_authz_end2end_test.cc"],
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:client.key",
diff --git a/test/cpp/end2end/sdk_authz_end2end_test.cc b/test/cpp/end2end/grpc_authz_end2end_test.cc
similarity index 95%
rename from test/cpp/end2end/sdk_authz_end2end_test.cc
rename to test/cpp/end2end/grpc_authz_end2end_test.cc
index 09d06f71956..b7d72a2b888 100644
--- a/test/cpp/end2end/sdk_authz_end2end_test.cc
+++ b/test/cpp/end2end/grpc_authz_end2end_test.cc
@@ -53,9 +53,9 @@ std::string ReadFile(const char* file_path) {
return file_contents;
}
-class SdkAuthzEnd2EndTest : public ::testing::Test {
+class GrpcAuthzEnd2EndTest : public ::testing::Test {
protected:
- SdkAuthzEnd2EndTest()
+ GrpcAuthzEnd2EndTest()
: server_address_(
absl::StrCat("localhost:", grpc_pick_unused_port_or_die())) {
std::string root_cert = ReadFile(kCaCertPath);
@@ -83,7 +83,7 @@ class SdkAuthzEnd2EndTest : public ::testing::Test {
channel_creds_ = grpc::experimental::TlsCredentials(channel_options);
}
- ~SdkAuthzEnd2EndTest() override { server_->Shutdown(); }
+ ~GrpcAuthzEnd2EndTest() override { server_->Shutdown(); }
// Replaces existing credentials with insecure credentials.
void UseInsecureCredentials() {
@@ -91,7 +91,7 @@ class SdkAuthzEnd2EndTest : public ::testing::Test {
channel_creds_ = InsecureChannelCredentials();
}
- // Creates server with sdk authorization enabled when provider is not null.
+ // Creates server with gRPC authorization enabled when provider is not null.
void InitServer(
std::shared_ptr
provider) {
@@ -145,7 +145,7 @@ class SdkAuthzEnd2EndTest : public ::testing::Test {
std::shared_ptr channel_creds_;
};
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
StaticInitAllowsRpcRequestNoMatchInDenyMatchInAllow) {
std::string policy =
"{"
@@ -193,7 +193,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_EQ(resp.message(), kMessage);
}
-TEST_F(SdkAuthzEnd2EndTest, StaticInitDeniesRpcRequestNoMatchInAllowAndDeny) {
+TEST_F(GrpcAuthzEnd2EndTest, StaticInitDeniesRpcRequestNoMatchInAllowAndDeny) {
std::string policy =
"{"
" \"name\": \"authz\","
@@ -228,7 +228,8 @@ TEST_F(SdkAuthzEnd2EndTest, StaticInitDeniesRpcRequestNoMatchInAllowAndDeny) {
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest, StaticInitDeniesRpcRequestMatchInDenyMatchInAllow) {
+TEST_F(GrpcAuthzEnd2EndTest,
+ StaticInitDeniesRpcRequestMatchInDenyMatchInAllow) {
std::string policy =
"{"
" \"name\": \"authz\","
@@ -258,7 +259,7 @@ TEST_F(SdkAuthzEnd2EndTest, StaticInitDeniesRpcRequestMatchInDenyMatchInAllow) {
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
StaticInitDeniesRpcRequestMatchInDenyNoMatchInAllow) {
std::string policy =
"{"
@@ -294,7 +295,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest, StaticInitAllowsRpcRequestEmptyDenyMatchInAllow) {
+TEST_F(GrpcAuthzEnd2EndTest, StaticInitAllowsRpcRequestEmptyDenyMatchInAllow) {
std::string policy =
"{"
" \"name\": \"authz\","
@@ -331,7 +332,8 @@ TEST_F(SdkAuthzEnd2EndTest, StaticInitAllowsRpcRequestEmptyDenyMatchInAllow) {
EXPECT_EQ(resp.message(), kMessage);
}
-TEST_F(SdkAuthzEnd2EndTest, StaticInitDeniesRpcRequestEmptyDenyNoMatchInAllow) {
+TEST_F(GrpcAuthzEnd2EndTest,
+ StaticInitDeniesRpcRequestEmptyDenyNoMatchInAllow) {
std::string policy =
"{"
" \"name\": \"authz\","
@@ -364,7 +366,7 @@ TEST_F(SdkAuthzEnd2EndTest, StaticInitDeniesRpcRequestEmptyDenyNoMatchInAllow) {
}
TEST_F(
- SdkAuthzEnd2EndTest,
+ GrpcAuthzEnd2EndTest,
StaticInitDeniesRpcRequestWithPrincipalsFieldOnUnauthenticatedConnection) {
std::string policy =
"{"
@@ -389,7 +391,7 @@ TEST_F(
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
StaticInitAllowsRpcRequestWithPrincipalsFieldOnAuthenticatedConnection) {
std::string policy =
"{"
@@ -412,7 +414,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_EQ(resp.message(), kMessage);
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
FileWatcherInitAllowsRpcRequestNoMatchInDenyMatchInAllow) {
std::string policy =
"{"
@@ -461,7 +463,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_EQ(resp.message(), kMessage);
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
FileWatcherInitDeniesRpcRequestNoMatchInAllowAndDeny) {
std::string policy =
"{"
@@ -498,7 +500,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
FileWatcherInitDeniesRpcRequestMatchInDenyMatchInAllow) {
std::string policy =
"{"
@@ -530,7 +532,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
FileWatcherInitDeniesRpcRequestMatchInDenyNoMatchInAllow) {
std::string policy =
"{"
@@ -567,7 +569,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
FileWatcherInitAllowsRpcRequestEmptyDenyMatchInAllow) {
std::string policy =
"{"
@@ -606,7 +608,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_EQ(resp.message(), kMessage);
}
-TEST_F(SdkAuthzEnd2EndTest,
+TEST_F(GrpcAuthzEnd2EndTest,
FileWatcherInitDeniesRpcRequestEmptyDenyNoMatchInAllow) {
std::string policy =
"{"
@@ -640,7 +642,7 @@ TEST_F(SdkAuthzEnd2EndTest,
EXPECT_TRUE(resp.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest, FileWatcherValidPolicyRefresh) {
+TEST_F(GrpcAuthzEnd2EndTest, FileWatcherValidPolicyRefresh) {
std::string policy =
"{"
" \"name\": \"authz\","
@@ -699,7 +701,7 @@ TEST_F(SdkAuthzEnd2EndTest, FileWatcherValidPolicyRefresh) {
EXPECT_TRUE(resp2.message().empty());
}
-TEST_F(SdkAuthzEnd2EndTest, FileWatcherInvalidPolicyRefreshSkipsReload) {
+TEST_F(GrpcAuthzEnd2EndTest, FileWatcherInvalidPolicyRefreshSkipsReload) {
std::string policy =
"{"
" \"name\": \"authz\","
@@ -734,7 +736,7 @@ TEST_F(SdkAuthzEnd2EndTest, FileWatcherInvalidPolicyRefreshSkipsReload) {
EXPECT_EQ(resp2.message(), kMessage);
}
-TEST_F(SdkAuthzEnd2EndTest, FileWatcherRecoversFromFailure) {
+TEST_F(GrpcAuthzEnd2EndTest, FileWatcherRecoversFromFailure) {
std::string policy =
"{"
" \"name\": \"authz\","
diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal
index 1216558759f..1631065a69b 100644
--- a/tools/doxygen/Doxyfile.c++.internal
+++ b/tools/doxygen/Doxyfile.c++.internal
@@ -2229,12 +2229,12 @@ src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/grpc_authorization_engine.h \
+src/core/lib/security/authorization/grpc_server_authz_filter.cc \
+src/core/lib/security/authorization/grpc_server_authz_filter.h \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/matchers.h \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/rbac_policy.h \
-src/core/lib/security/authorization/sdk_server_authz_filter.cc \
-src/core/lib/security/authorization/sdk_server_authz_filter.h \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/context/security_context.h \
src/core/lib/security/credentials/alts/alts_credentials.cc \
diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal
index b6b86c76d76..e0b92bcbb54 100644
--- a/tools/doxygen/Doxyfile.core.internal
+++ b/tools/doxygen/Doxyfile.core.internal
@@ -2024,12 +2024,12 @@ src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/grpc_authorization_engine.h \
+src/core/lib/security/authorization/grpc_server_authz_filter.cc \
+src/core/lib/security/authorization/grpc_server_authz_filter.h \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/matchers.h \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/rbac_policy.h \
-src/core/lib/security/authorization/sdk_server_authz_filter.cc \
-src/core/lib/security/authorization/sdk_server_authz_filter.h \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/context/security_context.h \
src/core/lib/security/credentials/alts/alts_credentials.cc \
diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json
index 9c609863098..cae82c9f4ed 100644
--- a/tools/run_tests/generated/tests.json
+++ b/tools/run_tests/generated/tests.json
@@ -4549,6 +4549,30 @@
],
"uses_polling": true
},
+ {
+ "args": [],
+ "benchmark": false,
+ "ci_platforms": [
+ "linux",
+ "mac",
+ "posix",
+ "windows"
+ ],
+ "cpu_cost": 1.0,
+ "exclude_configs": [],
+ "exclude_iomgrs": [],
+ "flaky": false,
+ "gtest": true,
+ "language": "c++",
+ "name": "grpc_authz_end2end_test",
+ "platforms": [
+ "linux",
+ "mac",
+ "posix",
+ "windows"
+ ],
+ "uses_polling": true
+ },
{
"args": [],
"benchmark": false,
@@ -6121,30 +6145,6 @@
],
"uses_polling": true
},
- {
- "args": [],
- "benchmark": false,
- "ci_platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "cpu_cost": 1.0,
- "exclude_configs": [],
- "exclude_iomgrs": [],
- "flaky": false,
- "gtest": true,
- "language": "c++",
- "name": "sdk_authz_end2end_test",
- "platforms": [
- "linux",
- "mac",
- "posix",
- "windows"
- ],
- "uses_polling": true
- },
{
"args": [],
"benchmark": false,