Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

xDS: Add support for RBAC HTTP filter (#28309)

Browse Source 
* xDS: ADD RBAC HTTP filter support

* sanity, upb regenerate files

* Revert PerChannelArg changes

* Reviewer comments

* Reviewer comments

* Reviewer comments

* Remove unnecessary header

* Fix sanity

* Add RBAC service config parsing tests

* Don't make a copy of the metadata batch

* Revert expr_proto changes

* Some more tests

* Reviewer comments

* Reviewer comments

* No metadata changes needed

* Fix leak of DynamicXdsServerConfigSelectorProvider

* Fix deadlock issues

* Fix test compilation
pull/28435/head
Yash Tibrewal 3 years ago committed by GitHub
parent 0dda706907
commit 6ea8214879
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
62 changed files with 5647 additions and 148 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 36
      BUILD
  2. 112
      CMakeLists.txt
  3. 28
      Makefile
  4. 101
      build_autogenerated.yaml
  5. 19
      config.m4
  6. 23
      config.w32
  7. 28
      gRPC-C++.podspec
  8. 50
      gRPC-Core.podspec
  9. 28
      grpc.gemspec
  10. 17
      grpc.gyp
  11. 28
      package.xml
  12. 157
      src/core/ext/filters/rbac/rbac_filter.cc
  13. 74
      src/core/ext/filters/rbac/rbac_filter.h
  14. 604
      src/core/ext/filters/rbac/rbac_service_config_parser.cc
  15. 70
      src/core/ext/filters/rbac/rbac_service_config_parser.h
  16. 3
      src/core/ext/filters/server_config_selector/server_config_selector.h
  17. 15
      src/core/ext/filters/server_config_selector/server_config_selector_filter.cc
  18. 31
      src/core/ext/transport/chttp2/server/chttp2_server.cc
  19. 61
      src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c
  20. 146
      src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h
  21. 56
      src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c
  22. 40
      src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h
  23. 154
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c
  24. 95
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h
  25. 58
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c
  26. 55
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h
  27. 44
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c
  28. 40
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h
  29. 153
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c
  30. 100
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h
  31. 75
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c
  32. 55
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h
  33. 5
      src/core/ext/xds/xds_http_filters.cc
  34. 551
      src/core/ext/xds/xds_http_rbac_filter.cc
  35. 54
      src/core/ext/xds/xds_http_rbac_filter.h
  36. 15
      src/core/ext/xds/xds_listener.cc
  37. 2
      src/core/ext/xds/xds_route_config.cc
  38. 82
      src/core/ext/xds/xds_server_config_fetcher.cc
  39. 2
      src/core/lib/gprpp/status_helper.cc
  40. 2
      src/core/lib/gprpp/status_helper.h
  41. 11
      src/core/lib/security/authorization/grpc_authorization_engine.cc
  42. 8
      src/core/lib/security/authorization/grpc_authorization_engine.h
  43. 4
      src/core/lib/security/authorization/rbac_policy.h
  44. 4
      src/core/plugin_registry/grpc_plugin_registry.cc
  45. 62
      src/proto/grpc/testing/xds/v3/BUILD
  46. 23
      src/proto/grpc/testing/xds/v3/expr.proto
  47. 27
      src/proto/grpc/testing/xds/v3/http_connection_manager.proto
  48. 41
      src/proto/grpc/testing/xds/v3/http_filter_rbac.proto
  49. 84
      src/proto/grpc/testing/xds/v3/metadata.proto
  50. 35
      src/proto/grpc/testing/xds/v3/path.proto
  51. 10
      src/proto/grpc/testing/xds/v3/range.proto
  52. 293
      src/proto/grpc/testing/xds/v3/rbac.proto
  53. 14
      src/python/grpcio/grpc_core_dependencies.py
  54. 33
      test/core/ext/filters/rbac/BUILD
  55. 652
      test/core/ext/filters/rbac/rbac_service_config_parser_test.cc
  56. 2
      test/core/server_config_selector/server_config_selector_test.cc
  57. 1
      test/cpp/end2end/xds/BUILD
  58. 1141
      test/cpp/end2end/xds/xds_end2end_test.cc
  59. 1
      tools/codegen/core/gen_upb_api.sh
  60. 28
      tools/doxygen/Doxyfile.c++.internal
  61. 28
      tools/doxygen/Doxyfile.core.internal
  62. 24
      tools/run_tests/generated/tests.json

36
BUILD
Unescape View File

@ -2414,6 +2414,27 @@ grpc_cc_library(
],
)
grpc_cc_library(
name = "grpc_rbac_filter",
srcs = [
"src/core/ext/filters/rbac/rbac_filter.cc",
"src/core/ext/filters/rbac/rbac_service_config_parser.cc",
],
hdrs = [
"src/core/ext/filters/rbac/rbac_filter.h",
"src/core/ext/filters/rbac/rbac_service_config_parser.h",
],
external_deps = ["absl/strings:str_format"],
language = "c++",
deps = [
"gpr_base",
"grpc_base",
"grpc_rbac_engine",
"grpc_service_config",
"json_util",
],
)
grpc_cc_library(
name = "grpc_http_filters",
srcs = [
@ -2616,6 +2637,7 @@ grpc_cc_library(
"src/core/ext/xds/xds_endpoint.cc",
"src/core/ext/xds/xds_http_fault_filter.cc",
"src/core/ext/xds/xds_http_filters.cc",
"src/core/ext/xds/xds_http_rbac_filter.cc",
"src/core/ext/xds/xds_listener.cc",
"src/core/ext/xds/xds_resource_type.cc",
"src/core/ext/xds/xds_route_config.cc",
@ -2639,6 +2661,7 @@ grpc_cc_library(
"src/core/ext/xds/xds_endpoint.h",
"src/core/ext/xds/xds_http_fault_filter.h",
"src/core/ext/xds/xds_http_filters.h",
"src/core/ext/xds/xds_http_rbac_filter.h",
"src/core/ext/xds/xds_listener.h",
"src/core/ext/xds/xds_resource_type.h",
"src/core/ext/xds/xds_resource_type_impl.h",
@ -2676,6 +2699,7 @@ grpc_cc_library(
"grpc_fault_injection_filter",
"grpc_lb_xds_channel_args",
"grpc_matchers",
"grpc_rbac_filter",
"grpc_secure",
"grpc_transport_chttp2_client_secure",
"json",
@ -4430,6 +4454,7 @@ grpc_cc_library(
"src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c",
"src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c",
@ -4475,6 +4500,7 @@ grpc_cc_library(
"src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h",
"src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h",
@ -4538,6 +4564,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c",
@ -4545,6 +4572,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c",
@ -4582,6 +4610,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h",
@ -4589,6 +4618,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h",
@ -4620,6 +4650,7 @@ grpc_cc_library(
"envoy_core_upbdefs",
"envoy_type_upbdefs",
"google_api_annotations_upbdefs",
"google_api_expr_upbdefs",
"google_rpc_status_upbdefs",
"proto_gen_validate_upbdefs",
"protobuf_any_upbdefs",
@ -5182,6 +5213,11 @@ grpc_upb_proto_library(
deps = ["@com_google_googleapis//google/api/expr/v1alpha1:expr_proto"],
)
grpc_upb_proto_reflection_library(
name = "google_api_expr_upbdefs",
deps = ["@com_google_googleapis//google/api/expr/v1alpha1:expr_proto"],
)
grpc_upb_proto_library(
name = "google_rpc_status_upb",
deps = ["@com_google_googleapis//google/rpc:status_proto"],

112
CMakeLists.txt generated
Unescape View File

@ -530,6 +530,9 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/endpoint.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/expr.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/extension.proto
)
@ -542,6 +545,9 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/http_connection_manager.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/http_filter_rbac.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/listener.proto
)
@ -551,9 +557,15 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/lrs.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/metadata.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/orca_load_report.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/path.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/percent.proto
)
@ -563,6 +575,9 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/range.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/rbac.proto
)
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/regex.proto
)
@ -924,6 +939,7 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx qps_worker)
add_dependencies(buildtests_cxx race_test)
add_dependencies(buildtests_cxx raw_end2end_test)
add_dependencies(buildtests_cxx rbac_service_config_parser_test)
add_dependencies(buildtests_cxx rbac_translator_test)
add_dependencies(buildtests_cxx ref_counted_ptr_test)
add_dependencies(buildtests_cxx ref_counted_test)
@ -1218,10 +1234,7 @@ endif()
if(gRPC_BUILD_TESTS)
add_library(end2end_tests
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
test/core/compression/args_utils.cc
test/core/end2end/cq_verifier.cc
@ -1596,6 +1609,8 @@ add_library(grpc
src/core/ext/filters/http/server/http_server_filter.cc
src/core/ext/filters/max_age/max_age_filter.cc
src/core/ext/filters/message_size/message_size_filter.cc
src/core/ext/filters/rbac/rbac_filter.cc
src/core/ext/filters/rbac/rbac_service_config_parser.cc
src/core/ext/filters/server_config_selector/server_config_selector.cc
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc
src/core/ext/service_config/service_config.cc
@ -1677,6 +1692,7 @@ add_library(grpc
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c
@ -1777,6 +1793,7 @@ add_library(grpc
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c
@ -1784,6 +1801,7 @@ add_library(grpc
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c
@ -1815,6 +1833,11 @@ add_library(grpc
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c
src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c
@ -1852,6 +1875,7 @@ add_library(grpc
src/core/ext/xds/xds_endpoint.cc
src/core/ext/xds/xds_http_fault_filter.cc
src/core/ext/xds/xds_http_filters.cc
src/core/ext/xds/xds_http_rbac_filter.cc
src/core/ext/xds/xds_listener.cc
src/core/ext/xds/xds_resource_type.cc
src/core/ext/xds/xds_route_config.cc
@ -1994,6 +2018,9 @@ add_library(grpc
src/core/lib/resource_quota/trace.cc
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/sdk_server_authz_filter.cc
src/core/lib/security/context/security_context.cc
src/core/lib/security/credentials/alts/alts_credentials.cc
@ -6427,10 +6454,7 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(public_headers_must_be_c89
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
test/core/surface/public_headers_must_be_c89.c
)
@ -7900,9 +7924,6 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(authorization_matchers_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
test/core/security/authorization_matchers_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
@ -7938,10 +7959,7 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(authorization_policy_provider_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
src/cpp/server/authorization_policy_provider.cc
test/cpp/server/authorization_policy_provider_test.cc
@ -8548,9 +8566,6 @@ if(gRPC_BUILD_TESTS)
add_executable(cel_authorization_engine_test
src/core/lib/security/authorization/cel_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
test/core/security/cel_authorization_engine_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
@ -10918,9 +10933,6 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(grpc_authorization_engine_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
test/core/security/grpc_authorization_engine_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
@ -10956,10 +10968,7 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(grpc_authorization_policy_provider_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
test/core/security/grpc_authorization_policy_provider_test.cc
third_party/googletest/googletest/src/gtest-all.cc
@ -13991,14 +14000,46 @@ target_link_libraries(raw_end2end_test
)
endif()
if(gRPC_BUILD_TESTS)
add_executable(rbac_service_config_parser_test
test/core/ext/filters/rbac/rbac_service_config_parser_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
)
target_include_directories(rbac_service_config_parser_test
PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/include
${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}
${_gRPC_RE2_INCLUDE_DIR}
${_gRPC_SSL_INCLUDE_DIR}
${_gRPC_UPB_GENERATED_DIR}
${_gRPC_UPB_GRPC_GENERATED_DIR}
${_gRPC_UPB_INCLUDE_DIR}
${_gRPC_XXHASH_INCLUDE_DIR}
${_gRPC_ZLIB_INCLUDE_DIR}
third_party/googletest/googletest/include
third_party/googletest/googletest
third_party/googletest/googlemock/include
third_party/googletest/googlemock
${_gRPC_PROTO_GENS_DIR}
)
target_link_libraries(rbac_service_config_parser_test
${_gRPC_PROTOBUF_LIBRARIES}
${_gRPC_ALLTARGETS_LIBRARIES}
grpc_test_util
)
endif()
if(gRPC_BUILD_TESTS)
add_executable(rbac_translator_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
test/core/security/rbac_translator_test.cc
third_party/googletest/googletest/src/gtest-all.cc
@ -14409,10 +14450,7 @@ add_executable(sdk_authz_end2end_test
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.h
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
src/cpp/server/authorization_policy_provider.cc
test/cpp/end2end/sdk_authz_end2end_test.cc
@ -17010,6 +17048,10 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.pb.h
@ -17026,6 +17068,10 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.pb.h
@ -17038,6 +17084,14 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.pb.h
@ -17050,6 +17104,10 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.pb.h

28
Makefile generated
Unescape View File

@ -1096,6 +1096,8 @@ LIBGRPC_SRC = \
src/core/ext/filters/http/server/http_server_filter.cc \
src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
src/core/ext/service_config/service_config.cc \
@ -1177,6 +1179,7 @@ LIBGRPC_SRC = \
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c \
@ -1277,6 +1280,7 @@ LIBGRPC_SRC = \
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c \
@ -1284,6 +1288,7 @@ LIBGRPC_SRC = \
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c \
@ -1315,6 +1320,11 @@ LIBGRPC_SRC = \
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c \
@ -1352,6 +1362,7 @@ LIBGRPC_SRC = \
src/core/ext/xds/xds_endpoint.cc \
src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_resource_type.cc \
src/core/ext/xds/xds_route_config.cc \
@ -1494,6 +1505,9 @@ LIBGRPC_SRC = \
src/core/lib/resource_quota/trace.cc \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \
@ -2744,6 +2758,8 @@ src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc: $(OPEN
src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc: $(OPENSSL_DEP)
src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc: $(OPENSSL_DEP)
src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc: $(OPENSSL_DEP)
src/core/ext/filters/rbac/rbac_filter.cc: $(OPENSSL_DEP)
src/core/ext/filters/rbac/rbac_service_config_parser.cc: $(OPENSSL_DEP)
src/core/ext/filters/server_config_selector/server_config_selector.cc: $(OPENSSL_DEP)
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc: $(OPENSSL_DEP)
src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc: $(OPENSSL_DEP)
@ -2790,6 +2806,7 @@ src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c: $(OPENSSL_DE
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c: $(OPENSSL_DEP)
@ -2881,6 +2898,7 @@ src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c: $
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c: $(OPENSSL_DEP)
@ -2888,6 +2906,7 @@ src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c: $(OP
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c: $(OPENSSL_DEP)
@ -2919,6 +2938,11 @@ src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c: $(OPENSSL_DEP)
@ -2955,6 +2979,7 @@ src/core/ext/xds/xds_common_types.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_endpoint.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_http_fault_filter.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_http_filters.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_http_rbac_filter.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_listener.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_resource_type.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_route_config.cc: $(OPENSSL_DEP)
@ -2964,6 +2989,9 @@ src/core/lib/http/httpcli_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/matchers/matchers.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/evaluate_args.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/grpc_authorization_engine.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/matchers.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/rbac_policy.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/sdk_server_authz_filter.cc: $(OPENSSL_DEP)
src/core/lib/security/context/security_context.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/alts/alts_credentials.cc: $(OPENSSL_DEP)

101
build_autogenerated.yaml generated
Unescape View File

@ -131,10 +131,7 @@ libs:
language: c
public_headers: []
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
- test/core/compression/args_utils.h
- test/core/end2end/cq_verifier.h
@ -146,10 +143,7 @@ libs:
- test/core/end2end/tests/cancel_test_helpers.h
- test/core/util/test_lb_policies.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- test/core/compression/args_utils.cc
- test/core/end2end/cq_verifier.cc
@ -470,6 +464,8 @@ libs:
- src/core/ext/filters/http/server/http_server_filter.h
- src/core/ext/filters/max_age/max_age_filter.h
- src/core/ext/filters/message_size/message_size_filter.h
- src/core/ext/filters/rbac/rbac_filter.h
- src/core/ext/filters/rbac/rbac_service_config_parser.h
- src/core/ext/filters/server_config_selector/server_config_selector.h
- src/core/ext/filters/server_config_selector/server_config_selector_filter.h
- src/core/ext/service_config/service_config.h
@ -546,6 +542,7 @@ libs:
- src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h
- src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h
@ -646,6 +643,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h
@ -653,6 +651,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h
@ -684,6 +683,11 @@ libs:
- src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/http.upbdefs.h
- src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h
- src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h
@ -724,6 +728,7 @@ libs:
- src/core/ext/xds/xds_endpoint.h
- src/core/ext/xds/xds_http_fault_filter.h
- src/core/ext/xds/xds_http_filters.h
- src/core/ext/xds/xds_http_rbac_filter.h
- src/core/ext/xds/xds_listener.h
- src/core/ext/xds/xds_resource_type.h
- src/core/ext/xds/xds_resource_type_impl.h
@ -872,6 +877,9 @@ libs:
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/authorization_policy_provider.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/sdk_server_authz_filter.h
- src/core/lib/security/context/security_context.h
- src/core/lib/security/credentials/alts/alts_credentials.h
@ -1059,6 +1067,8 @@ libs:
- src/core/ext/filters/http/server/http_server_filter.cc
- src/core/ext/filters/max_age/max_age_filter.cc
- src/core/ext/filters/message_size/message_size_filter.cc
- src/core/ext/filters/rbac/rbac_filter.cc
- src/core/ext/filters/rbac/rbac_service_config_parser.cc
- src/core/ext/filters/server_config_selector/server_config_selector.cc
- src/core/ext/filters/server_config_selector/server_config_selector_filter.cc
- src/core/ext/service_config/service_config.cc
@ -1140,6 +1150,7 @@ libs:
- src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c
- src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c
@ -1240,6 +1251,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c
@ -1247,6 +1259,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c
@ -1278,6 +1291,11 @@ libs:
- src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/http.upbdefs.c
- src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c
- src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c
@ -1315,6 +1333,7 @@ libs:
- src/core/ext/xds/xds_endpoint.cc
- src/core/ext/xds/xds_http_fault_filter.cc
- src/core/ext/xds/xds_http_filters.cc
- src/core/ext/xds/xds_http_rbac_filter.cc
- src/core/ext/xds/xds_listener.cc
- src/core/ext/xds/xds_resource_type.cc
- src/core/ext/xds/xds_route_config.cc
@ -1457,6 +1476,9 @@ libs:
- src/core/lib/resource_quota/trace.cc
- src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/sdk_server_authz_filter.cc
- src/core/lib/security/context/security_context.cc
- src/core/lib/security/credentials/alts/alts_credentials.cc
@ -3922,16 +3944,10 @@ targets:
build: test
language: c
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- test/core/surface/public_headers_must_be_c89.c
deps:
@ -4595,14 +4611,8 @@ targets:
gtest: true
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
headers: []
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/authorization_matchers_test.cc
deps:
- grpc_test_util
@ -4611,16 +4621,10 @@ targets:
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- src/cpp/server/authorization_policy_provider.cc
- test/cpp/server/authorization_policy_provider_test.cc
@ -4877,20 +4881,14 @@ targets:
language: c++
headers:
- src/core/lib/security/authorization/cel_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/mock_cel/activation.h
- src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h
- src/core/lib/security/authorization/mock_cel/cel_expression.h
- src/core/lib/security/authorization/mock_cel/cel_value.h
- src/core/lib/security/authorization/mock_cel/evaluator_core.h
- src/core/lib/security/authorization/mock_cel/flat_expr_builder.h
- src/core/lib/security/authorization/rbac_policy.h
src:
- src/core/lib/security/authorization/cel_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/cel_authorization_engine_test.cc
deps:
- absl/container:flat_hash_set
@ -6009,14 +6007,8 @@ targets:
gtest: true
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
headers: []
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/grpc_authorization_engine_test.cc
deps:
- grpc_test_util
@ -6025,16 +6017,10 @@ targets:
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- test/core/security/grpc_authorization_policy_provider_test.cc
deps:
@ -7313,21 +7299,25 @@ targets:
- test/cpp/end2end/test_service_impl.cc
deps:
- grpc++_test_util
- name: rbac_service_config_parser_test
gtest: true
build: test
language: c++
headers: []
src:
- test/core/ext/filters/rbac/rbac_service_config_parser_test.cc
deps:
- grpc_test_util
uses_polling: false
- name: rbac_translator_test
gtest: true
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- test/core/security/rbac_translator_test.cc
deps:
@ -7497,20 +7487,14 @@ targets:
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
- test/cpp/end2end/test_service_impl.h
src:
- src/proto/grpc/testing/echo.proto
- src/proto/grpc/testing/echo_messages.proto
- src/proto/grpc/testing/simple_messages.proto
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- src/cpp/server/authorization_policy_provider.cc
- test/cpp/end2end/sdk_authz_end2end_test.cc
@ -8584,16 +8568,21 @@ targets:
- src/proto/grpc/testing/xds/v3/csds.proto
- src/proto/grpc/testing/xds/v3/discovery.proto
- src/proto/grpc/testing/xds/v3/endpoint.proto
- src/proto/grpc/testing/xds/v3/expr.proto
- src/proto/grpc/testing/xds/v3/extension.proto
- src/proto/grpc/testing/xds/v3/fault.proto
- src/proto/grpc/testing/xds/v3/fault_common.proto
- src/proto/grpc/testing/xds/v3/http_connection_manager.proto
- src/proto/grpc/testing/xds/v3/http_filter_rbac.proto
- src/proto/grpc/testing/xds/v3/listener.proto
- src/proto/grpc/testing/xds/v3/load_report.proto
- src/proto/grpc/testing/xds/v3/lrs.proto
- src/proto/grpc/testing/xds/v3/metadata.proto
- src/proto/grpc/testing/xds/v3/path.proto
- src/proto/grpc/testing/xds/v3/percent.proto
- src/proto/grpc/testing/xds/v3/protocol.proto
- src/proto/grpc/testing/xds/v3/range.proto
- src/proto/grpc/testing/xds/v3/rbac.proto
- src/proto/grpc/testing/xds/v3/regex.proto
- src/proto/grpc/testing/xds/v3/route.proto
- src/proto/grpc/testing/xds/v3/router.proto

19
config.m4 generated
Unescape View File

@ -114,6 +114,8 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/filters/http/server/http_server_filter.cc \
src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
src/core/ext/service_config/service_config.cc \
@ -195,6 +197,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c \
@ -295,6 +298,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c \
@ -302,6 +306,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c \
@ -333,6 +338,11 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c \
@ -370,6 +380,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/xds/xds_endpoint.cc \
src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_resource_type.cc \
src/core/ext/xds/xds_route_config.cc \
@ -556,6 +567,9 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/resource_quota/trace.cc \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \
@ -1126,6 +1140,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/http/server)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/max_age)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/message_size)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/rbac)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/server_config_selector)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/service_config)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/transport/chttp2/alpn)
@ -1153,6 +1168,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3)
@ -1192,11 +1208,13 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/listener/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/metrics/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/overload/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/rbac/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/route/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/trace/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3)
@ -1213,6 +1231,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/type/tracing/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/type/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/api)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/protobuf)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/rpc)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/udpa/annotations)

23
config.w32 generated
Unescape View File

@ -80,6 +80,8 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\filters\\http\\server\\http_server_filter.cc " +
"src\\core\\ext\\filters\\max_age\\max_age_filter.cc " +
"src\\core\\ext\\filters\\message_size\\message_size_filter.cc " +
"src\\core\\ext\\filters\\rbac\\rbac_filter.cc " +
"src\\core\\ext\\filters\\rbac\\rbac_service_config_parser.cc " +
"src\\core\\ext\\filters\\server_config_selector\\server_config_selector.cc " +
"src\\core\\ext\\filters\\server_config_selector\\server_config_selector_filter.cc " +
"src\\core\\ext\\service_config\\service_config.cc " +
@ -161,6 +163,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upb-generated\\envoy\\extensions\\clusters\\aggregate\\v3\\cluster.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\common\\fault\\v3\\fault.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault\\v3\\fault.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\rbac\\v3\\rbac.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router\\v3\\router.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\network\\http_connection_manager\\v3\\http_connection_manager.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\transport_sockets\\tls\\v3\\cert.upb.c " +
@ -261,6 +264,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\listener\\v3\\udp_listener_config.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\metrics\\v3\\stats.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload\\v3\\overload.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\rbac\\v3\\rbac.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\route.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\route_components.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\scoped_route.upbdefs.c " +
@ -268,6 +272,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\clusters\\aggregate\\v3\\cluster.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\common\\fault\\v3\\fault.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault\\v3\\fault.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\rbac\\v3\\rbac.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router\\v3\\router.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\network\\http_connection_manager\\v3\\http_connection_manager.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\transport_sockets\\tls\\v3\\cert.upbdefs.c " +
@ -299,6 +304,11 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3\\range.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3\\semantic_version.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\annotations.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\checked.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\eval.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\explain.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\syntax.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\value.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\http.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\protobuf\\any.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\protobuf\\descriptor.upbdefs.c " +
@ -336,6 +346,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\xds\\xds_endpoint.cc " +
"src\\core\\ext\\xds\\xds_http_fault_filter.cc " +
"src\\core\\ext\\xds\\xds_http_filters.cc " +
"src\\core\\ext\\xds\\xds_http_rbac_filter.cc " +
"src\\core\\ext\\xds\\xds_listener.cc " +
"src\\core\\ext\\xds\\xds_resource_type.cc " +
"src\\core\\ext\\xds\\xds_route_config.cc " +
@ -522,6 +533,9 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\resource_quota\\trace.cc " +
"src\\core\\lib\\security\\authorization\\authorization_policy_provider_vtable.cc " +
"src\\core\\lib\\security\\authorization\\evaluate_args.cc " +
"src\\core\\lib\\security\\authorization\\grpc_authorization_engine.cc " +
"src\\core\\lib\\security\\authorization\\matchers.cc " +
"src\\core\\lib\\security\\authorization\\rbac_policy.cc " +
"src\\core\\lib\\security\\authorization\\sdk_server_authz_filter.cc " +
"src\\core\\lib\\security\\context\\security_context.cc " +
"src\\core\\lib\\security\\credentials\\alts\\alts_credentials.cc " +
@ -1125,6 +1139,7 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\http\\server");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\max_age");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\message_size");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\server_config_selector");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\service_config");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\transport");
@ -1177,6 +1192,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\rbac\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\network");
@ -1261,6 +1278,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\metrics\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\rbac\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\route");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\trace");
@ -1276,6 +1295,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\rbac\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\network");
@ -1311,6 +1332,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\api");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\api\\expr");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\protobuf");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\rpc");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\udpa");

28
gRPC-C++.podspec generated
Unescape View File

@ -271,6 +271,8 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.h',
'src/core/ext/service_config/service_config.h',
@ -385,6 +387,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h',
@ -485,6 +488,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h',
@ -492,6 +496,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h',
@ -523,6 +528,11 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h',
@ -563,6 +573,7 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_endpoint.h',
'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.h',
'src/core/ext/xds/xds_resource_type_impl.h',
@ -739,6 +750,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
@ -1012,6 +1026,8 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.h',
'src/core/ext/service_config/service_config.h',
@ -1108,6 +1124,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h',
@ -1208,6 +1225,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h',
@ -1215,6 +1233,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h',
@ -1246,6 +1265,11 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h',
@ -1286,6 +1310,7 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_endpoint.h',
'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.h',
'src/core/ext/xds/xds_resource_type_impl.h',
@ -1462,6 +1487,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',

50
gRPC-Core.podspec generated
Unescape View File

@ -322,6 +322,10 @@ Pod::Spec.new do |s|
'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.cc',
'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.cc',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.cc',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.cc',
'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc',
@ -479,6 +483,8 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c',
@ -679,6 +685,8 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c',
@ -693,6 +701,8 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c',
@ -755,6 +765,16 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c',
@ -832,6 +852,8 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.cc',
'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.cc',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.cc',
'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.cc',
@ -1194,6 +1216,12 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.cc',
@ -1565,6 +1593,8 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.h',
'src/core/ext/service_config/service_config.h',
@ -1641,6 +1671,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h',
@ -1741,6 +1772,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h',
@ -1748,6 +1780,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h',
@ -1779,6 +1812,11 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h',
@ -1819,6 +1857,7 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_endpoint.h',
'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.h',
'src/core/ext/xds/xds_resource_type_impl.h',
@ -1995,6 +2034,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
@ -2187,14 +2229,8 @@ Pod::Spec.new do |s|
ss.dependency 'abseil/debugging/stacktrace', abseil_version
ss.dependency 'abseil/debugging/symbolize', abseil_version
ss.source_files = 'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/grpc_authorization_policy_provider.cc',
ss.source_files = 'src/core/lib/security/authorization/grpc_authorization_policy_provider.cc',
'src/core/lib/security/authorization/grpc_authorization_policy_provider.h',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/rbac_translator.cc',
'src/core/lib/security/authorization/rbac_translator.h',
'test/core/compression/args_utils.cc',

28
grpc.gemspec generated
Unescape View File

@ -241,6 +241,10 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/max_age/max_age_filter.h )
s.files += %w( src/core/ext/filters/message_size/message_size_filter.cc )
s.files += %w( src/core/ext/filters/message_size/message_size_filter.h )
s.files += %w( src/core/ext/filters/rbac/rbac_filter.cc )
s.files += %w( src/core/ext/filters/rbac/rbac_filter.h )
s.files += %w( src/core/ext/filters/rbac/rbac_service_config_parser.cc )
s.files += %w( src/core/ext/filters/rbac/rbac_service_config_parser.h )
s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector.cc )
s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector.h )
s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector_filter.cc )
@ -398,6 +402,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c )
@ -598,6 +604,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c )
@ -612,6 +620,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c )
@ -674,6 +684,16 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/http.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/http.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c )
@ -751,6 +771,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/xds/xds_http_fault_filter.h )
s.files += %w( src/core/ext/xds/xds_http_filters.cc )
s.files += %w( src/core/ext/xds/xds_http_filters.h )
s.files += %w( src/core/ext/xds/xds_http_rbac_filter.cc )
s.files += %w( src/core/ext/xds/xds_http_rbac_filter.h )
s.files += %w( src/core/ext/xds/xds_listener.cc )
s.files += %w( src/core/ext/xds/xds_listener.h )
s.files += %w( src/core/ext/xds/xds_resource_type.cc )
@ -1113,6 +1135,12 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/authorization/authorization_policy_provider_vtable.cc )
s.files += %w( src/core/lib/security/authorization/evaluate_args.cc )
s.files += %w( src/core/lib/security/authorization/evaluate_args.h )
s.files += %w( src/core/lib/security/authorization/grpc_authorization_engine.cc )
s.files += %w( src/core/lib/security/authorization/grpc_authorization_engine.h )
s.files += %w( src/core/lib/security/authorization/matchers.cc )
s.files += %w( src/core/lib/security/authorization/matchers.h )
s.files += %w( src/core/lib/security/authorization/rbac_policy.cc )
s.files += %w( src/core/lib/security/authorization/rbac_policy.h )
s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.cc )
s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.h )
s.files += %w( src/core/lib/security/context/security_context.cc )

17
grpc.gyp generated
Unescape View File

@ -286,10 +286,7 @@
'grpc_test_util',
],
'sources': [
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/grpc_authorization_policy_provider.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/rbac_translator.cc',
'test/core/compression/args_utils.cc',
'test/core/end2end/cq_verifier.cc',
@ -547,6 +544,8 @@
'src/core/ext/filters/http/server/http_server_filter.cc',
'src/core/ext/filters/max_age/max_age_filter.cc',
'src/core/ext/filters/message_size/message_size_filter.cc',
'src/core/ext/filters/rbac/rbac_filter.cc',
'src/core/ext/filters/rbac/rbac_service_config_parser.cc',
'src/core/ext/filters/server_config_selector/server_config_selector.cc',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc',
'src/core/ext/service_config/service_config.cc',
@ -628,6 +627,7 @@
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c',
@ -728,6 +728,7 @@
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c',
@ -735,6 +736,7 @@
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c',
@ -766,6 +768,11 @@
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c',
@ -803,6 +810,7 @@
'src/core/ext/xds/xds_endpoint.cc',
'src/core/ext/xds/xds_http_fault_filter.cc',
'src/core/ext/xds/xds_http_filters.cc',
'src/core/ext/xds/xds_http_rbac_filter.cc',
'src/core/ext/xds/xds_listener.cc',
'src/core/ext/xds/xds_resource_type.cc',
'src/core/ext/xds/xds_route_config.cc',
@ -945,6 +953,9 @@
'src/core/lib/resource_quota/trace.cc',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc',

28
package.xml generated
Unescape View File

@ -221,6 +221,10 @@
<file baseinstalldir="/" name="src/core/ext/filters/max_age/max_age_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/message_size/message_size_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/message_size/message_size_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_service_config_parser.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_service_config_parser.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector_filter.cc" role="src" />
@ -378,6 +382,8 @@
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c" role="src" />
@ -578,6 +584,8 @@
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c" role="src" />
@ -592,6 +600,8 @@
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c" role="src" />
@ -654,6 +664,16 @@
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/http.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/http.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c" role="src" />
@ -731,6 +751,8 @@
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_fault_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_filters.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_filters.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_rbac_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_rbac_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_listener.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_listener.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_resource_type.cc" role="src" />
@ -1093,6 +1115,12 @@
<file baseinstalldir="/" name="src/core/lib/security/authorization/authorization_policy_provider_vtable.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/grpc_authorization_engine.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/grpc_authorization_engine.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/matchers.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/matchers.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/rbac_policy.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/rbac_policy.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/sdk_server_authz_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/sdk_server_authz_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" />

157
src/core/ext/filters/rbac/rbac_filter.cc
Unescape View File

@ -0,0 +1,157 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <grpc/support/port_platform.h>
#include "src/core/ext/filters/rbac/rbac_filter.h"
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include "src/core/ext/service_config/service_config_call_data.h"
#include "src/core/lib/security/authorization/grpc_authorization_engine.h"
#include "src/core/lib/transport/metadata_batch.h"
namespace grpc_core {
//
// RbacFilter::CallData
//
// CallData
grpc_error_handle RbacFilter::CallData::Init(
grpc_call_element* elem, const grpc_call_element_args* args) {
new (elem->call_data) CallData(elem, *args);
return GRPC_ERROR_NONE;
}
void RbacFilter::CallData::Destroy(grpc_call_element* elem,
const grpc_call_final_info* /*final_info*/,
grpc_closure* /*then_schedule_closure*/) {
auto* calld = static_cast<CallData*>(elem->call_data);
calld->~CallData();
}
void RbacFilter::CallData::StartTransportStreamOpBatch(
grpc_call_element* elem, grpc_transport_stream_op_batch* op) {
CallData* calld = static_cast<CallData*>(elem->call_data);
if (op->recv_initial_metadata) {
calld->recv_initial_metadata_ =
op->payload->recv_initial_metadata.recv_initial_metadata;
calld->original_recv_initial_metadata_ready_ =
op->payload->recv_initial_metadata.recv_initial_metadata_ready;
op->payload->recv_initial_metadata.recv_initial_metadata_ready =
&calld->recv_initial_metadata_ready_;
}
// Chain to the next filter.
grpc_call_next_op(elem, op);
}
RbacFilter::CallData::CallData(grpc_call_element* elem,
const grpc_call_element_args& args)
: call_context_(args.context) {
GRPC_CLOSURE_INIT(&recv_initial_metadata_ready_, RecvInitialMetadataReady,
elem, grpc_schedule_on_exec_ctx);
}
void RbacFilter::CallData::RecvInitialMetadataReady(void* user_data,
grpc_error_handle error) {
grpc_call_element* elem = static_cast<grpc_call_element*>(user_data);
CallData* calld = static_cast<CallData*>(elem->call_data);
if (error == GRPC_ERROR_NONE) {
// Fetch and apply the rbac policy from the service config.
auto* service_config_call_data = static_cast<ServiceConfigCallData*>(
calld->call_context_[GRPC_CONTEXT_SERVICE_CONFIG_CALL_DATA].value);
auto* method_params = static_cast<RbacMethodParsedConfig*>(
service_config_call_data->GetMethodParsedConfig(
RbacServiceConfigParser::ParserIndex()));
if (method_params == nullptr) {
error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("No RBAC policy found.");
} else {
RbacFilter* chand = static_cast<RbacFilter*>(elem->channel_data);
auto* authorization_engine =
method_params->authorization_engine(chand->index_);
if (authorization_engine
->Evaluate(EvaluateArgs(calld->recv_initial_metadata_,
&chand->per_channel_evaluate_args_))
.type == AuthorizationEngine::Decision::Type::kDeny) {
error =
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unauthorized RPC rejected");
}
}
if (error != GRPC_ERROR_NONE) {
error = grpc_error_set_int(error, GRPC_ERROR_INT_GRPC_STATUS,
GRPC_STATUS_PERMISSION_DENIED);
}
} else {
GRPC_ERROR_REF(error);
}
grpc_closure* closure = calld->original_recv_initial_metadata_ready_;
calld->original_recv_initial_metadata_ready_ = nullptr;
Closure::Run(DEBUG_LOCATION, closure, error);
}
//
// RbacFilter
//
const grpc_channel_filter RbacFilter::kFilterVtable = {
RbacFilter::CallData::StartTransportStreamOpBatch,
grpc_channel_next_op,
sizeof(RbacFilter::CallData),
RbacFilter::CallData::Init,
grpc_call_stack_ignore_set_pollset_or_pollset_set,
RbacFilter::CallData::Destroy,
sizeof(RbacFilter),
RbacFilter::Init,
RbacFilter::Destroy,
grpc_channel_next_get_info,
"rbac_filter",
};
RbacFilter::RbacFilter(size_t index,
EvaluateArgs::PerChannelArgs per_channel_evaluate_args)
: index_(index),
per_channel_evaluate_args_(std::move(per_channel_evaluate_args)) {}
grpc_error_handle RbacFilter::Init(grpc_channel_element* elem,
grpc_channel_element_args* args) {
GPR_ASSERT(elem->filter == &kFilterVtable);
auto* auth_context = grpc_find_auth_context_in_args(args->channel_args);
if (auth_context == nullptr) {
return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No auth context found");
}
if (args->optional_transport == nullptr) {
// This should never happen since the transport is always set on the server
// side.
return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No transport configured");
}
new (elem->channel_data) RbacFilter(
grpc_channel_stack_filter_instance_number(args->channel_stack, elem),
EvaluateArgs::PerChannelArgs(
auth_context, grpc_transport_get_endpoint(args->optional_transport)));
return GRPC_ERROR_NONE;
}
void RbacFilter::Destroy(grpc_channel_element* elem) {
auto* chand = static_cast<RbacFilter*>(elem->channel_data);
chand->~RbacFilter();
}
void RbacFilterInit(void) { RbacServiceConfigParser::Register(); }
void RbacFilterShutdown(void) {}
} // namespace grpc_core

74
src/core/ext/filters/rbac/rbac_filter.h
Unescape View File

@ -0,0 +1,74 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#ifndef GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
#define GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
#include <grpc/support/port_platform.h>
#include "src/core/lib/channel/channel_stack.h"
#include "src/core/lib/security/authorization/evaluate_args.h"
namespace grpc_core {
// Filter used when xDS server config fetcher provides a configuration with an
// HTTP RBAC filter. Also serves as the type for channel data for the filter.
class RbacFilter {
public:
// This channel filter is intended to be used by connections on xDS enabled
// servers configured with RBAC. The RBAC filter fetches the RBAC policy from
// the method config of service config returned by the ServerConfigSelector,
// and enforces the RBAC policy.
static const grpc_channel_filter kFilterVtable;
private:
class CallData {
public:
static grpc_error_handle Init(grpc_call_element* elem,
const grpc_call_element_args* args);
static void Destroy(grpc_call_element* elem,
const grpc_call_final_info* /* final_info */,
grpc_closure* /* then_schedule_closure */);
static void StartTransportStreamOpBatch(grpc_call_element* elem,
grpc_transport_stream_op_batch* op);
private:
CallData(grpc_call_element* elem, const grpc_call_element_args& args);
static void RecvInitialMetadataReady(void* user_data,
grpc_error_handle error);
grpc_call_context_element* call_context_;
// State for keeping track of recv_initial_metadata
grpc_metadata_batch* recv_initial_metadata_ = nullptr;
grpc_closure* original_recv_initial_metadata_ready_ = nullptr;
grpc_closure recv_initial_metadata_ready_;
};
RbacFilter(size_t index,
EvaluateArgs::PerChannelArgs per_channel_evaluate_args);
static grpc_error_handle Init(grpc_channel_element* elem,
grpc_channel_element_args* args);
static void Destroy(grpc_channel_element* elem);
// The index of this filter instance among instances of the same filter.
size_t index_;
// Per channel args used for authorization.
EvaluateArgs::PerChannelArgs per_channel_evaluate_args_;
};
} // namespace grpc_core
#endif // GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H

604
src/core/ext/filters/rbac/rbac_service_config_parser.cc
Unescape View File

@ -0,0 +1,604 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <grpc/support/port_platform.h>
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include "absl/strings/str_format.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/json/json_util.h"
#include "src/core/lib/transport/error_utils.h"
namespace grpc_core {
namespace {
size_t g_rbac_parser_index;
std::string ParseRegexMatcher(const Json::Object& regex_matcher_json,
std::vector<grpc_error_handle>* error_list) {
std::string regex;
ParseJsonObjectField(regex_matcher_json, "regex", &regex, error_list);
return regex;
}
absl::StatusOr<HeaderMatcher> ParseHeaderMatcher(
const Json::Object& header_matcher_json,
std::vector<grpc_error_handle>* error_list) {
std::string name;
ParseJsonObjectField(header_matcher_json, "name", &name, error_list);
std::string match;
HeaderMatcher::Type type = HeaderMatcher::Type();
const Json::Object* inner_json;
int64_t start = 0;
int64_t end = 0;
bool present_match = false;
bool invert_match = false;
ParseJsonObjectField(header_matcher_json, "invertMatch", &invert_match,
error_list, /*required=*/false);
if (ParseJsonObjectField(header_matcher_json, "exactMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kExact;
} else if (ParseJsonObjectField(header_matcher_json, "safeRegexMatch",
&inner_json, error_list,
/*required=*/false)) {
type = HeaderMatcher::Type::kSafeRegex;
std::vector<grpc_error_handle> safe_regex_matcher_error_list;
match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
if (!safe_regex_matcher_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"safeRegexMatch", &safe_regex_matcher_error_list));
}
} else if (ParseJsonObjectField(header_matcher_json, "rangeMatch",
&inner_json, error_list,
/*required=*/false)) {
type = HeaderMatcher::Type::kRange;
std::vector<grpc_error_handle> range_error_list;
ParseJsonObjectField(*inner_json, "start", &start, &range_error_list);
ParseJsonObjectField(*inner_json, "end", &end, &range_error_list);
if (!range_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("rangeMatch", &range_error_list));
}
} else if (ParseJsonObjectField(header_matcher_json, "presentMatch",
&present_match, error_list,
/*required=*/false)) {
type = HeaderMatcher::Type::kPresent;
} else if (ParseJsonObjectField(header_matcher_json, "prefixMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kPrefix;
} else if (ParseJsonObjectField(header_matcher_json, "suffixMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kSuffix;
} else if (ParseJsonObjectField(header_matcher_json, "containsMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kContains;
} else {
return absl::InvalidArgumentError("No valid matcher found");
}
return HeaderMatcher::Create(name, type, match, start, end, present_match,
invert_match);
}
absl::StatusOr<StringMatcher> ParseStringMatcher(
const Json::Object& string_matcher_json,
std::vector<grpc_error_handle>* error_list) {
std::string match;
StringMatcher::Type type = StringMatcher::Type();
const Json::Object* inner_json;
bool ignore_case = false;
ParseJsonObjectField(string_matcher_json, "ignoreCase", &ignore_case,
error_list, /*required=*/false);
if (ParseJsonObjectField(string_matcher_json, "exact", &match, error_list,
/*required=*/false)) {
type = StringMatcher::Type::kExact;
} else if (ParseJsonObjectField(string_matcher_json, "prefix", &match,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kPrefix;
} else if (ParseJsonObjectField(string_matcher_json, "suffix", &match,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kSuffix;
} else if (ParseJsonObjectField(string_matcher_json, "safeRegex", &inner_json,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kSafeRegex;
std::vector<grpc_error_handle> safe_regex_matcher_error_list;
match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
if (!safe_regex_matcher_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"safeRegex", &safe_regex_matcher_error_list));
}
} else if (ParseJsonObjectField(string_matcher_json, "contains", &match,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kContains;
} else {
return absl::InvalidArgumentError("No valid matcher found");
}
return StringMatcher::Create(type, match, ignore_case);
}
absl::StatusOr<StringMatcher> ParsePathMatcher(
const Json::Object& path_matcher_json,
std::vector<grpc_error_handle>* error_list) {
const Json::Object* string_matcher_json;
if (ParseJsonObjectField(path_matcher_json, "path", &string_matcher_json,
error_list)) {
std::vector<grpc_error_handle> sub_error_list;
auto matcher = ParseStringMatcher(*string_matcher_json, &sub_error_list);
if (!sub_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("path", &sub_error_list));
}
return matcher;
}
return absl::InvalidArgumentError("No path found");
}
Rbac::CidrRange ParseCidrRange(const Json::Object& cidr_range_json,
std::vector<grpc_error_handle>* error_list) {
std::string address_prefix;
ParseJsonObjectField(cidr_range_json, "addressPrefix", &address_prefix,
error_list);
const Json::Object* uint32_json;
uint32_t prefix_len = 0; // default value
if (ParseJsonObjectField(cidr_range_json, "prefixLen", &uint32_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> sub_error_list;
ParseJsonObjectField(*uint32_json, "value", &prefix_len, &sub_error_list);
if (!sub_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("prefixLen", &sub_error_list));
}
}
return Rbac::CidrRange(std::move(address_prefix), prefix_len);
}
Rbac::Permission ParsePermission(const Json::Object& permission_json,
std::vector<grpc_error_handle>* error_list) {
auto parse_permission_set = [](const Json::Object& permission_set_json,
std::vector<grpc_error_handle>* error_list) {
const Json::Array* rules_json;
std::vector<std::unique_ptr<Rbac::Permission>> permissions;
if (ParseJsonObjectField(permission_set_json, "rules", &rules_json,
error_list)) {
for (size_t i = 0; i < rules_json->size(); ++i) {
const Json::Object* permission_json;
if (!ExtractJsonType((*rules_json)[i],
absl::StrFormat("rules[%d]", i).c_str(),
&permission_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> permission_error_list;
permissions.emplace_back(absl::make_unique<Rbac::Permission>(
ParsePermission(*permission_json, &permission_error_list)));
if (!permission_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("rules[%d]", i), &permission_error_list));
}
}
}
return permissions;
};
Rbac::Permission permission;
const Json::Object* inner_json;
bool any;
int port;
if (ParseJsonObjectField(permission_json, "andRules", &inner_json, error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> and_rules_error_list;
permission = Rbac::Permission(
Rbac::Permission::RuleType::kAnd,
parse_permission_set(*inner_json, &and_rules_error_list));
if (!and_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("andRules", &and_rules_error_list));
}
} else if (ParseJsonObjectField(permission_json, "orRules", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> or_rules_error_list;
permission = Rbac::Permission(
Rbac::Permission::RuleType::kOr,
parse_permission_set(*inner_json, &or_rules_error_list));
if (!or_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("orRules", &or_rules_error_list));
}
} else if (ParseJsonObjectField(permission_json, "any", &any, error_list,
/*required=*/false) &&
any) {
permission = Rbac::Permission(Rbac::Permission::RuleType::kAny);
} else if (ParseJsonObjectField(permission_json, "header", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> header_error_list;
auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
if (matcher.ok()) {
permission =
Rbac::Permission(Rbac::Permission::RuleType::kHeader, *matcher);
} else {
header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
}
if (!header_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
}
} else if (ParseJsonObjectField(permission_json, "urlPath", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> url_path_error_list;
auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
if (matcher.ok()) {
permission =
Rbac::Permission(Rbac::Permission::RuleType::kPath, *matcher);
} else {
url_path_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!url_path_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
}
} else if (ParseJsonObjectField(permission_json, "destinationIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> destination_ip_error_list;
permission = Rbac::Permission(
Rbac::Permission::RuleType::kDestIp,
ParseCidrRange(*inner_json, &destination_ip_error_list));
if (!destination_ip_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"destinationIp", &destination_ip_error_list));
}
} else if (ParseJsonObjectField(permission_json, "destinationPort", &port,
error_list, /*required=*/false)) {
permission = Rbac::Permission(Rbac::Permission::RuleType::kDestPort, port);
} else if (ParseJsonObjectField(permission_json, "metadata", &inner_json,
error_list, /*required=*/false)) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Cannot handle metadata"));
} else if (ParseJsonObjectField(permission_json, "notRule", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> not_rule_error_list;
permission =
Rbac::Permission(Rbac::Permission::RuleType::kNot,
ParsePermission(*inner_json, &not_rule_error_list));
if (!not_rule_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("notRule", &not_rule_error_list));
}
} else if (ParseJsonObjectField(permission_json, "requestedServerName",
&inner_json, error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> req_server_name_error_list;
auto matcher = ParseStringMatcher(*inner_json, &req_server_name_error_list);
if (matcher.ok()) {
permission = Rbac::Permission(Rbac::Permission::RuleType::kReqServerName,
*matcher);
} else {
req_server_name_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!req_server_name_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"requestedServerName", &req_server_name_error_list));
}
} else {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid rule found"));
}
return permission;
}
Rbac::Principal ParsePrincipal(const Json::Object& principal_json,
std::vector<grpc_error_handle>* error_list) {
auto parse_principal_set = [](const Json::Object& principal_set_json,
std::vector<grpc_error_handle>* error_list) {
const Json::Array* rules_json;
std::vector<std::unique_ptr<Rbac::Principal>> principals;
if (ParseJsonObjectField(principal_set_json, "ids", &rules_json,
error_list)) {
for (size_t i = 0; i < rules_json->size(); ++i) {
const Json::Object* principal_json;
if (!ExtractJsonType((*rules_json)[i],
absl::StrFormat("ids[%d]", i).c_str(),
&principal_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> principal_error_list;
principals.emplace_back(absl::make_unique<Rbac::Principal>(
ParsePrincipal(*principal_json, &principal_error_list)));
if (!principal_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("ids[%d]", i), &principal_error_list));
}
}
}
return principals;
};
Rbac::Principal principal;
const Json::Object* inner_json;
bool any;
if (ParseJsonObjectField(principal_json, "andIds", &inner_json, error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> and_rules_error_list;
principal = Rbac::Principal(
Rbac::Principal::RuleType::kAnd,
parse_principal_set(*inner_json, &and_rules_error_list));
if (!and_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("andIds", &and_rules_error_list));
}
} else if (ParseJsonObjectField(principal_json, "orIds", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> or_rules_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kOr,
parse_principal_set(*inner_json, &or_rules_error_list));
if (!or_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("orIds", &or_rules_error_list));
}
} else if (ParseJsonObjectField(principal_json, "any", &any, error_list,
/*required=*/false) &&
any) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kAny);
} else if (ParseJsonObjectField(principal_json, "authenticated", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> authenticated_error_list;
const Json::Object* principal_name_json;
if (ParseJsonObjectField(*inner_json, "principalName", &principal_name_json,
&authenticated_error_list, /*required=*/false)) {
std::vector<grpc_error_handle> principal_name_error_list;
auto matcher =
ParseStringMatcher(*principal_name_json, &principal_name_error_list);
if (matcher.ok()) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kPrincipalName,
*matcher);
} else {
principal_name_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!principal_name_error_list.empty()) {
authenticated_error_list.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"principalName", &principal_name_error_list));
}
} else if (authenticated_error_list.empty()) {
// No principalName found. Match for all users.
principal = Rbac::Principal(Rbac::Principal::RuleType::kAny);
} else {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"authenticated", &authenticated_error_list));
}
} else if (ParseJsonObjectField(principal_json, "sourceIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> source_ip_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kSourceIp,
ParseCidrRange(*inner_json, &source_ip_error_list));
if (!source_ip_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("sourceIp", &source_ip_error_list));
}
} else if (ParseJsonObjectField(principal_json, "directRemoteIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> direct_remote_ip_error_list;
principal = Rbac::Principal(
Rbac::Principal::RuleType::kDirectRemoteIp,
ParseCidrRange(*inner_json, &direct_remote_ip_error_list));
if (!direct_remote_ip_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"directRemoteIp", &direct_remote_ip_error_list));
}
} else if (ParseJsonObjectField(principal_json, "remoteIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> remote_ip_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kRemoteIp,
ParseCidrRange(*inner_json, &remote_ip_error_list));
if (!remote_ip_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("remoteIp", &remote_ip_error_list));
}
} else if (ParseJsonObjectField(principal_json, "header", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> header_error_list;
auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
if (matcher.ok()) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kHeader, *matcher);
} else {
header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
}
if (!header_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
}
} else if (ParseJsonObjectField(principal_json, "urlPath", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> url_path_error_list;
auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
if (matcher.ok()) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kPath, *matcher);
} else {
url_path_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!url_path_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
}
} else if (ParseJsonObjectField(principal_json, "metadata", &inner_json,
error_list, /*required=*/false)) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Cannot handle metadata"));
} else if (ParseJsonObjectField(principal_json, "notId", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> not_rule_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kNot,
ParsePrincipal(*inner_json, &not_rule_error_list));
if (!not_rule_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("notId", &not_rule_error_list));
}
} else {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid id found"));
}
return principal;
}
Rbac::Policy ParsePolicy(const Json::Object& policy_json,
std::vector<grpc_error_handle>* error_list) {
Rbac::Policy policy;
const Json::Array* permissions_json_array;
std::vector<std::unique_ptr<Rbac::Permission>> permissions;
if (ParseJsonObjectField(policy_json, "permissions", &permissions_json_array,
error_list)) {
for (size_t i = 0; i < permissions_json_array->size(); ++i) {
const Json::Object* permission_json;
if (!ExtractJsonType((*permissions_json_array)[i],
absl::StrFormat("permissions[%d]", i),
&permission_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> permission_error_list;
permissions.emplace_back(absl::make_unique<Rbac::Permission>(
ParsePermission(*permission_json, &permission_error_list)));
if (!permission_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("permissions[%d]", i), &permission_error_list));
}
}
}
const Json::Array* principals_json_array;
std::vector<std::unique_ptr<Rbac::Principal>> principals;
if (ParseJsonObjectField(policy_json, "principals", &principals_json_array,
error_list)) {
for (size_t i = 0; i < principals_json_array->size(); ++i) {
const Json::Object* principal_json;
if (!ExtractJsonType((*principals_json_array)[i],
absl::StrFormat("principals[%d]", i),
&principal_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> principal_error_list;
principals.emplace_back(absl::make_unique<Rbac::Principal>(
ParsePrincipal(*principal_json, &principal_error_list)));
if (!principal_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("principals[%d]", i), &principal_error_list));
}
}
}
policy.permissions =
Rbac::Permission(Rbac::Permission::RuleType::kOr, std::move(permissions));
policy.principals =
Rbac::Principal(Rbac::Principal::RuleType::kOr, std::move(principals));
return policy;
}
Rbac ParseRbac(const Json::Object& rbac_json,
std::vector<grpc_error_handle>* error_list) {
Rbac rbac;
const Json::Object* rules_json;
if (!ParseJsonObjectField(rbac_json, "rules", &rules_json, error_list,
/*required=*/false)) {
// No enforcing to be applied. An empty deny policy with an empty map is
// equivalent to no enforcing.
return Rbac(Rbac::Action::kDeny, {});
}
int action;
if (ParseJsonObjectField(*rules_json, "action", &action, error_list)) {
if (action > 1) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unknown action"));
}
}
rbac.action = static_cast<Rbac::Action>(action);
const Json::Object* policies_json;
if (ParseJsonObjectField(*rules_json, "policies", &policies_json, error_list,
/*required=*/false)) {
for (const auto& entry : *policies_json) {
std::vector<grpc_error_handle> policy_error_list;
rbac.policies.emplace(
entry.first,
ParsePolicy(entry.second.object_value(), &policy_error_list));
if (!policy_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("policies key:'%s'", entry.first.c_str()),
&policy_error_list));
}
}
}
return rbac;
}
std::vector<Rbac> ParseRbacArray(const Json::Array& policies_json_array,
std::vector<grpc_error_handle>* error_list) {
std::vector<Rbac> policies;
for (size_t i = 0; i < policies_json_array.size(); ++i) {
const Json::Object* rbac_json;
if (!ExtractJsonType(policies_json_array[i],
absl::StrFormat("rbacPolicy[%d]", i), &rbac_json,
error_list)) {
continue;
}
std::vector<grpc_error_handle> rbac_policy_error_list;
policies.emplace_back(ParseRbac(*rbac_json, &rbac_policy_error_list));
if (!rbac_policy_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("rbacPolicy[%d]", i), &rbac_policy_error_list));
}
}
return policies;
}
} // namespace
std::unique_ptr<ServiceConfigParser::ParsedConfig>
RbacServiceConfigParser::ParsePerMethodParams(const grpc_channel_args* args,
const Json& json,
grpc_error_handle* error) {
GPR_DEBUG_ASSERT(error != nullptr && *error == GRPC_ERROR_NONE);
// Only parse rbac policy if the channel arg is present
if (!grpc_channel_args_find_bool(args, GRPC_ARG_PARSE_RBAC_METHOD_CONFIG,
false)) {
return nullptr;
}
std::vector<Rbac> rbac_policies;
std::vector<grpc_error_handle> error_list;
const Json::Array* policies_json_array;
if (ParseJsonObjectField(json.object_value(), "rbacPolicy",
&policies_json_array, &error_list)) {
rbac_policies = ParseRbacArray(*policies_json_array, &error_list);
}
*error = GRPC_ERROR_CREATE_FROM_VECTOR("Rbac parser", &error_list);
if (*error != GRPC_ERROR_NONE || rbac_policies.empty()) {
return nullptr;
}
return absl::make_unique<RbacMethodParsedConfig>(std::move(rbac_policies));
}
void RbacServiceConfigParser::Register() {
g_rbac_parser_index = ServiceConfigParser::RegisterParser(
absl::make_unique<RbacServiceConfigParser>());
}
size_t RbacServiceConfigParser::ParserIndex() { return g_rbac_parser_index; }
} // namespace grpc_core

70
src/core/ext/filters/rbac/rbac_service_config_parser.h
Unescape View File

@ -0,0 +1,70 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#ifndef GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H
#define GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H
#include <grpc/support/port_platform.h>
#include <vector>
#include "src/core/ext/service_config/service_config_parser.h"
#include "src/core/lib/security/authorization/grpc_authorization_engine.h"
namespace grpc_core {
// Channel arg key for enabling parsing RBAC via method config.
#define GRPC_ARG_PARSE_RBAC_METHOD_CONFIG \
"grpc.internal.parse_rbac_method_config"
class RbacMethodParsedConfig : public ServiceConfigParser::ParsedConfig {
public:
explicit RbacMethodParsedConfig(std::vector<Rbac> rbac_policies) {
for (auto& rbac_policy : rbac_policies) {
authorization_engines_.emplace_back(std::move(rbac_policy));
}
}
// Returns the authorization engine for a rbac policy at a certain index. For
// a connection on the server, multiple RBAC policies might be active. The
// RBAC filter uses this method to get the RBAC policy configured for a
// instance at a particular instance.
const GrpcAuthorizationEngine* authorization_engine(int index) const {
if (static_cast<size_t>(index) >= authorization_engines_.size()) {
return nullptr;
}
return &authorization_engines_[index];
}
private:
std::vector<GrpcAuthorizationEngine> authorization_engines_;
};
class RbacServiceConfigParser : public ServiceConfigParser::Parser {
public:
// Parses the per-method service config for rbac filter.
std::unique_ptr<ServiceConfigParser::ParsedConfig> ParsePerMethodParams(
const grpc_channel_args* args, const Json& json,
grpc_error_handle* error) override;
// Returns the parser index for RbacServiceConfigParser.
static size_t ParserIndex();
// Registers RbacServiceConfigParser to ServiceConfigParser.
static void Register();
};
} // namespace grpc_core
#endif // GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H

3
src/core/ext/filters/server_config_selector/server_config_selector.h
Unescape View File

@ -22,6 +22,7 @@
#include "absl/status/statusor.h"
#include "src/core/ext/service_config/service_config.h"
#include "src/core/lib/gprpp/dual_ref_counted.h"
#include "src/core/lib/transport/metadata_batch.h"
namespace grpc_core {
@ -45,7 +46,7 @@ class ServerConfigSelector : public RefCounted<ServerConfigSelector> {
// ServerConfigSelectorProvider allows for subscribers to watch for updates on
// ServerConfigSelector. It is propagated via channel args.
class ServerConfigSelectorProvider
: public RefCounted<ServerConfigSelectorProvider> {
: public DualRefCounted<ServerConfigSelectorProvider> {
public:
class ServerConfigSelectorWatcher {
public:

15
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc
Unescape View File

@ -36,7 +36,7 @@ class ChannelData {
absl::StatusOr<RefCountedPtr<ServerConfigSelector>> config_selector() {
MutexLock lock(&mu_);
return config_selector_;
return config_selector_.value();
}
private:
@ -60,8 +60,8 @@ class ChannelData {
RefCountedPtr<ServerConfigSelectorProvider> server_config_selector_provider_;
Mutex mu_;
absl::StatusOr<RefCountedPtr<ServerConfigSelector>> config_selector_
ABSL_GUARDED_BY(mu_);
absl::optional<absl::StatusOr<RefCountedPtr<ServerConfigSelector>>>
config_selector_ ABSL_GUARDED_BY(mu_);
};
class CallData {
@ -103,7 +103,7 @@ class CallData {
grpc_error_handle ChannelData::Init(grpc_channel_element* elem,
grpc_channel_element_args* args) {
GPR_ASSERT(elem->filter = &kServerConfigSelectorFilter);
GPR_ASSERT(elem->filter == &kServerConfigSelectorFilter);
RefCountedPtr<ServerConfigSelectorProvider> server_config_selector_provider =
ServerConfigSelectorProvider::GetFromChannelArgs(*args->channel_args);
if (server_config_selector_provider == nullptr) {
@ -127,8 +127,13 @@ ChannelData::ChannelData(
GPR_ASSERT(server_config_selector_provider_ != nullptr);
auto server_config_selector_watcher =
absl::make_unique<ServerConfigSelectorWatcher>(this);
config_selector_ = server_config_selector_provider_->Watch(
auto config_selector = server_config_selector_provider_->Watch(
std::move(server_config_selector_watcher));
MutexLock lock(&mu_);
// It's possible for the watcher to have already updated config_selector_
if (!config_selector_.has_value()) {
config_selector_ = std::move(config_selector);
}
}
ChannelData::~ChannelData() { server_config_selector_provider_->CancelWatch(); }

31
src/core/ext/transport/chttp2/server/chttp2_server.cc
Unescape View File

@ -174,7 +174,8 @@ class Chttp2ServerListener : public Server::ListenerInterface {
grpc_closure on_close_;
grpc_timer drain_grace_timer_;
grpc_closure on_drain_grace_time_expiry_;
bool drain_grace_timer_expiry_callback_pending_ = false;
bool drain_grace_timer_expiry_callback_pending_ ABSL_GUARDED_BY(&mu_) =
false;
bool shutdown_ ABSL_GUARDED_BY(&mu_) = false;
};
@ -547,24 +548,27 @@ void Chttp2ServerListener::ActiveConnection::SendGoAway() {
grpc_chttp2_transport* transport = nullptr;
{
MutexLock lock(&mu_);
transport = transport_;
if (transport_ != nullptr && !shutdown_) {
transport = transport_;
Ref().release(); // Ref held by OnDrainGraceTimeExpiry
GRPC_CLOSURE_INIT(&on_drain_grace_time_expiry_, OnDrainGraceTimeExpiry,
this, nullptr);
grpc_timer_init(&drain_grace_timer_,
ExecCtx::Get()->Now() +
grpc_channel_args_find_integer(
listener_->args_,
GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS,
{10 * 60 * GPR_MS_PER_SEC, 0, INT_MAX}),
&on_drain_grace_time_expiry_);
drain_grace_timer_expiry_callback_pending_ = true;
shutdown_ = true;
}
}
if (transport != nullptr) {
grpc_transport_op* op = grpc_make_transport_op(nullptr);
op->goaway_error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"Server is stopping to serve requests.");
grpc_transport_perform_op(&transport->base, op);
Ref().release(); // Ref held by OnDrainGraceTimeExpiry
GRPC_CLOSURE_INIT(&on_drain_grace_time_expiry_, OnDrainGraceTimeExpiry,
this, nullptr);
grpc_timer_init(&drain_grace_timer_,
ExecCtx::Get()->Now() +
grpc_channel_args_find_integer(
listener_->args_,
GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS,
{10 * 60 * GPR_MS_PER_SEC, 0, INT_MAX}),
&on_drain_grace_time_expiry_);
drain_grace_timer_expiry_callback_pending_ = true;
}
}
@ -598,6 +602,7 @@ void Chttp2ServerListener::ActiveConnection::OnClose(
connection = std::move(it->second);
self->listener_->connections_.erase(it);
}
self->shutdown_ = true;
}
// Cancel the drain_grace_timer_ if needed.
if (self->drain_grace_timer_expiry_callback_pending_) {

61
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c generated
Unescape View File

@ -0,0 +1,61 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include <stddef.h>
#include "upb/msg_internal.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h"
#include "envoy/config/rbac/v3/rbac.upb.h"
#include "udpa/annotations/status.upb.h"
#include "udpa/annotations/versioning.upb.h"
#include "upb/port_def.inc"
static const upb_msglayout_sub envoy_extensions_filters_http_rbac_v3_RBAC_submsgs[1] = {
{.submsg = &envoy_config_rbac_v3_RBAC_msginit},
};
static const upb_msglayout_field envoy_extensions_filters_http_rbac_v3_RBAC__fields[3] = {
{1, UPB_SIZE(12, 24), 1, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)},
{2, UPB_SIZE(16, 32), 2, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)},
{3, UPB_SIZE(4, 8), 0, 0, 9, _UPB_MODE_SCALAR | (_UPB_REP_STRVIEW << _UPB_REP_SHIFT)},
};
const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBAC_msginit = {
&envoy_extensions_filters_http_rbac_v3_RBAC_submsgs[0],
&envoy_extensions_filters_http_rbac_v3_RBAC__fields[0],
UPB_SIZE(24, 48), 3, _UPB_MSGEXT_NONE, 3, 255,
};
static const upb_msglayout_sub envoy_extensions_filters_http_rbac_v3_RBACPerRoute_submsgs[1] = {
{.submsg = &envoy_extensions_filters_http_rbac_v3_RBAC_msginit},
};
static const upb_msglayout_field envoy_extensions_filters_http_rbac_v3_RBACPerRoute__fields[1] = {
{2, UPB_SIZE(4, 8), 1, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)},
};
const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit = {
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_submsgs[0],
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute__fields[0],
UPB_SIZE(8, 16), 1, _UPB_MSGEXT_NONE, 0, 255,
};
static const upb_msglayout *messages_layout[2] = {
&envoy_extensions_filters_http_rbac_v3_RBAC_msginit,
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit,
};
const upb_msglayout_file envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout = {
messages_layout,
NULL,
2,
0,
};
#include "upb/port_undef.inc"

146
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h generated
Unescape View File

@ -0,0 +1,146 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_
#define ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_
#include "upb/msg_internal.h"
#include "upb/decode.h"
#include "upb/decode_fast.h"
#include "upb/encode.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
struct envoy_extensions_filters_http_rbac_v3_RBAC;
struct envoy_extensions_filters_http_rbac_v3_RBACPerRoute;
typedef struct envoy_extensions_filters_http_rbac_v3_RBAC envoy_extensions_filters_http_rbac_v3_RBAC;
typedef struct envoy_extensions_filters_http_rbac_v3_RBACPerRoute envoy_extensions_filters_http_rbac_v3_RBACPerRoute;
extern const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBAC_msginit;
extern const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit;
struct envoy_config_rbac_v3_RBAC;
extern const upb_msglayout envoy_config_rbac_v3_RBAC_msginit;
/* envoy.extensions.filters.http.rbac.v3.RBAC */
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_new(upb_arena *arena) {
return (envoy_extensions_filters_http_rbac_v3_RBAC *)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena);
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_parse(const char *buf, size_t size,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBAC *ret = envoy_extensions_filters_http_rbac_v3_RBAC_new(arena);
if (!ret) return NULL;
if (!upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena)) return NULL;
return ret;
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_parse_ex(const char *buf, size_t size,
const upb_extreg *extreg, int options,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBAC *ret = envoy_extensions_filters_http_rbac_v3_RBAC_new(arena);
if (!ret) return NULL;
if (!_upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, extreg, options, arena)) {
return NULL;
}
return ret;
}
UPB_INLINE char *envoy_extensions_filters_http_rbac_v3_RBAC_serialize(const envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena, size_t *len) {
return upb_encode(msg, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena, len);
}
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBAC_has_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return _upb_hasbit(msg, 1); }
UPB_INLINE const struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(12, 24), const struct envoy_config_rbac_v3_RBAC*); }
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBAC_has_shadow_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return _upb_hasbit(msg, 2); }
UPB_INLINE const struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(16, 32), const struct envoy_config_rbac_v3_RBAC*); }
UPB_INLINE upb_strview envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules_stat_prefix(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(4, 8), upb_strview); }
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, struct envoy_config_rbac_v3_RBAC* value) {
_upb_sethas(msg, 1);
*UPB_PTR_AT(msg, UPB_SIZE(12, 24), struct envoy_config_rbac_v3_RBAC*) = value;
}
UPB_INLINE struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_mutable_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena) {
struct envoy_config_rbac_v3_RBAC* sub = (struct envoy_config_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBAC_rules(msg);
if (sub == NULL) {
sub = (struct envoy_config_rbac_v3_RBAC*)_upb_msg_new(&envoy_config_rbac_v3_RBAC_msginit, arena);
if (!sub) return NULL;
envoy_extensions_filters_http_rbac_v3_RBAC_set_rules(msg, sub);
}
return sub;
}
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, struct envoy_config_rbac_v3_RBAC* value) {
_upb_sethas(msg, 2);
*UPB_PTR_AT(msg, UPB_SIZE(16, 32), struct envoy_config_rbac_v3_RBAC*) = value;
}
UPB_INLINE struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_mutable_shadow_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena) {
struct envoy_config_rbac_v3_RBAC* sub = (struct envoy_config_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules(msg);
if (sub == NULL) {
sub = (struct envoy_config_rbac_v3_RBAC*)_upb_msg_new(&envoy_config_rbac_v3_RBAC_msginit, arena);
if (!sub) return NULL;
envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules(msg, sub);
}
return sub;
}
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules_stat_prefix(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_strview value) {
*UPB_PTR_AT(msg, UPB_SIZE(4, 8), upb_strview) = value;
}
/* envoy.extensions.filters.http.rbac.v3.RBACPerRoute */
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(upb_arena *arena) {
return (envoy_extensions_filters_http_rbac_v3_RBACPerRoute *)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena);
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse(const char *buf, size_t size,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBACPerRoute *ret = envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(arena);
if (!ret) return NULL;
if (!upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena)) return NULL;
return ret;
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse_ex(const char *buf, size_t size,
const upb_extreg *extreg, int options,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBACPerRoute *ret = envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(arena);
if (!ret) return NULL;
if (!_upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, extreg, options, arena)) {
return NULL;
}
return ret;
}
UPB_INLINE char *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_serialize(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, upb_arena *arena, size_t *len) {
return upb_encode(msg, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena, len);
}
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBACPerRoute_has_rbac(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg) { return _upb_hasbit(msg, 1); }
UPB_INLINE const envoy_extensions_filters_http_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(4, 8), const envoy_extensions_filters_http_rbac_v3_RBAC*); }
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBACPerRoute_set_rbac(envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, envoy_extensions_filters_http_rbac_v3_RBAC* value) {
_upb_sethas(msg, 1);
*UPB_PTR_AT(msg, UPB_SIZE(4, 8), envoy_extensions_filters_http_rbac_v3_RBAC*) = value;
}
UPB_INLINE struct envoy_extensions_filters_http_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBACPerRoute_mutable_rbac(envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, upb_arena *arena) {
struct envoy_extensions_filters_http_rbac_v3_RBAC* sub = (struct envoy_extensions_filters_http_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(msg);
if (sub == NULL) {
sub = (struct envoy_extensions_filters_http_rbac_v3_RBAC*)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena);
if (!sub) return NULL;
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_set_rbac(msg, sub);
}
return sub;
}
extern const upb_msglayout_file envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout;
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_ */

56
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c generated
Unescape View File

@ -0,0 +1,56 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h"
extern upb_def_init envoy_config_rbac_v3_rbac_proto_upbdefinit;
extern upb_def_init udpa_annotations_status_proto_upbdefinit;
extern upb_def_init udpa_annotations_versioning_proto_upbdefinit;
static const char descriptor[639] = {'\n', '0', 'e', 'n', 'v', 'o', 'y', '/', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '/', 'f', 'i', 'l', 't', 'e', 'r',
's', '/', 'h', 't', 't', 'p', '/', 'r', 'b', 'a', 'c', '/', 'v', '3', '/', 'r', 'b', 'a', 'c', '.', 'p', 'r', 'o', 't', 'o',
'\022', '%', 'e', 'n', 'v', 'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r',
's', '.', 'h', 't', 't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '\032', '\037', 'e', 'n', 'v', 'o', 'y', '/', 'c', 'o', 'n',
'f', 'i', 'g', '/', 'r', 'b', 'a', 'c', '/', 'v', '3', '/', 'r', 'b', 'a', 'c', '.', 'p', 'r', 'o', 't', 'o', '\032', '\035', 'u',
'd', 'p', 'a', '/', 'a', 'n', 'n', 'o', 't', 'a', 't', 'i', 'o', 'n', 's', '/', 's', 't', 'a', 't', 'u', 's', '.', 'p', 'r',
'o', 't', 'o', '\032', '!', 'u', 'd', 'p', 'a', '/', 'a', 'n', 'n', 'o', 't', 'a', 't', 'i', 'o', 'n', 's', '/', 'v', 'e', 'r',
's', 'i', 'o', 'n', 'i', 'n', 'g', '.', 'p', 'r', 'o', 't', 'o', '\"', '\336', '\001', '\n', '\004', 'R', 'B', 'A', 'C', '\022', '0', '\n',
'\005', 'r', 'u', 'l', 'e', 's', '\030', '\001', ' ', '\001', '(', '\013', '2', '\032', '.', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f',
'i', 'g', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\005', 'r', 'u', 'l', 'e', 's', '\022', '=', '\n',
'\014', 's', 'h', 'a', 'd', 'o', 'w', '_', 'r', 'u', 'l', 'e', 's', '\030', '\002', ' ', '\001', '(', '\013', '2', '\032', '.', 'e', 'n', 'v',
'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\013', 's',
'h', 'a', 'd', 'o', 'w', 'R', 'u', 'l', 'e', 's', '\022', '7', '\n', '\030', 's', 'h', 'a', 'd', 'o', 'w', '_', 'r', 'u', 'l', 'e',
's', '_', 's', 't', 'a', 't', '_', 'p', 'r', 'e', 'f', 'i', 'x', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\025', 's', 'h', 'a', 'd',
'o', 'w', 'R', 'u', 'l', 'e', 's', 'S', 't', 'a', 't', 'P', 'r', 'e', 'f', 'i', 'x', ':', ',', '\232', '\305', '\210', '\036', '\'', '\n',
'%', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'f', 'i', 'l', 't', 'e', 'r', '.', 'h', 't', 't', 'p',
'.', 'r', 'b', 'a', 'c', '.', 'v', '2', '.', 'R', 'B', 'A', 'C', '\"', '\213', '\001', '\n', '\014', 'R', 'B', 'A', 'C', 'P', 'e', 'r',
'R', 'o', 'u', 't', 'e', '\022', '?', '\n', '\004', 'r', 'b', 'a', 'c', '\030', '\002', ' ', '\001', '(', '\013', '2', '+', '.', 'e', 'n', 'v',
'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r', 's', '.', 'h', 't', 't',
'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\004', 'r', 'b', 'a', 'c', ':', '4', '\232', '\305', '\210',
'\036', '/', '\n', '-', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'f', 'i', 'l', 't', 'e', 'r', '.', 'h',
't', 't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '2', '.', 'R', 'B', 'A', 'C', 'P', 'e', 'r', 'R', 'o', 'u', 't', 'e', 'J',
'\004', '\010', '\001', '\020', '\002', 'B', 'J', '\n', '3', 'i', 'o', '.', 'e', 'n', 'v', 'o', 'y', 'p', 'r', 'o', 'x', 'y', '.', 'e', 'n',
'v', 'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r', 's', '.', 'h', 't',
't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', 'B', '\t', 'R', 'b', 'a', 'c', 'P', 'r', 'o', 't', 'o', 'P', '\001', '\272', '\200',
'\310', '\321', '\006', '\002', '\020', '\002', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[4] = {
&envoy_config_rbac_v3_rbac_proto_upbdefinit,
&udpa_annotations_status_proto_upbdefinit,
&udpa_annotations_versioning_proto_upbdefinit,
NULL
};
upb_def_init envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit = {
deps,
&envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout,
"envoy/extensions/filters/http/rbac/v3/rbac.proto",
UPB_STRVIEW_INIT(descriptor, 639)
};

40
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h generated
Unescape View File

@ -0,0 +1,40 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_
#define ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit;
UPB_INLINE const upb_msgdef *envoy_extensions_filters_http_rbac_v3_RBAC_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "envoy.extensions.filters.http.rbac.v3.RBAC");
}
UPB_INLINE const upb_msgdef *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "envoy.extensions.filters.http.rbac.v3.RBACPerRoute");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_ */

154
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c generated
Unescape View File

@ -0,0 +1,154 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/checked.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/checked.upbdefs.h"
#include "google/api/expr/v1alpha1/checked.upb.h"
extern upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit;
extern upb_def_init google_protobuf_empty_proto_upbdefinit;
extern upb_def_init google_protobuf_struct_proto_upbdefinit;
static const char descriptor[3089] = {'\n', '&', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'c', 'h', 'e', 'c', 'k', 'e', 'd', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '%', 'g', 'o', 'o', 'g', 'l', 'e', '/',
'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 's', 'y', 'n', 't', 'a', 'x', '.',
'p', 'r', 'o', 't', 'o', '\032', '\033', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 'e', 'm',
'p', 't', 'y', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u',
'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o', 't', 'o', '\"', '\367', '\003', '\n', '\013', 'C', 'h', 'e', 'c', 'k', 'e',
'd', 'E', 'x', 'p', 'r', '\022', '\\', '\n', '\r', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '_', 'm', 'a', 'p', '\030', '\002', ' ',
'\003', '(', '\013', '2', '7', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
'l', 'p', 'h', 'a', '1', '.', 'C', 'h', 'e', 'c', 'k', 'e', 'd', 'E', 'x', 'p', 'r', '.', 'R', 'e', 'f', 'e', 'r', 'e', 'n',
'c', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', 'R', '\014', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'M', 'a', 'p', '\022',
'M', '\n', '\010', 't', 'y', 'p', 'e', '_', 'm', 'a', 'p', '\030', '\003', ' ', '\003', '(', '\013', '2', '2', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'h', 'e', 'c', 'k',
'e', 'd', 'E', 'x', 'p', 'r', '.', 'T', 'y', 'p', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', 'R', '\007', 't', 'y', 'p', 'e',
'M', 'a', 'p', '\022', 'E', '\n', '\013', 's', 'o', 'u', 'r', 'c', 'e', '_', 'i', 'n', 'f', 'o', '\030', '\005', ' ', '\001', '(', '\013', '2',
'$', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', 'R', '\n', 's', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\022',
'2', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'e', 'x', 'p',
'r', '\032', 'd', '\n', '\021', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n',
'\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '9', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030',
'\002', ' ', '\001', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v',
'1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':',
'\002', '8', '\001', '\032', 'Z', '\n', '\014', 'T', 'y', 'p', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n', '\003', 'k', 'e',
'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001',
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':', '\002', '8', '\001', '\"', '\310', '\013', '\n', '\004',
'T', 'y', 'p', 'e', '\022', '*', '\n', '\003', 'd', 'y', 'n', '\030', '\001', ' ', '\001', '(', '\013', '2', '\026', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'E', 'm', 'p', 't', 'y', 'H', '\000', 'R', '\003', 'd', 'y', 'n', '\022', '0',
'\n', '\004', 'n', 'u', 'l', 'l', '\030', '\002', ' ', '\001', '(', '\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o',
't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\004', 'n', 'u', 'l', 'l', '\022', 'L',
'\n', '\t', 'p', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', '\030', '\003', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.',
'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\t', 'p', 'r', 'i', 'm', 'i', 't', 'i', 'v',
'e', '\022', 'H', '\n', '\007', 'w', 'r', 'a', 'p', 'p', 'e', 'r', '\030', '\004', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e',
'.', 'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\007', 'w', 'r', 'a', 'p', 'p', 'e', 'r',
'\022', 'M', '\n', '\n', 'w', 'e', 'l', 'l', '_', 'k', 'n', 'o', 'w', 'n', '\030', '\005', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o',
'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y',
'p', 'e', '.', 'W', 'e', 'l', 'l', 'K', 'n', 'o', 'w', 'n', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\t', 'w', 'e', 'l', 'l', 'K',
'n', 'o', 'w', 'n', '\022', 'F', '\n', '\t', 'l', 'i', 's', 't', '_', 't', 'y', 'p', 'e', '\030', '\006', ' ', '\001', '(', '\013', '2', '\'',
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1',
'.', 'T', 'y', 'p', 'e', '.', 'L', 'i', 's', 't', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\010', 'l', 'i', 's', 't', 'T', 'y', 'p',
'e', '\022', 'C', '\n', '\010', 'm', 'a', 'p', '_', 't', 'y', 'p', 'e', '\030', '\007', ' ', '\001', '(', '\013', '2', '&', '.', 'g', 'o', 'o',
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p',
'e', '.', 'M', 'a', 'p', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\007', 'm', 'a', 'p', 'T', 'y', 'p', 'e', '\022', 'I', '\n', '\010', 'f',
'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\010', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.', 'F', 'u', 'n', 'c',
't', 'i', 'o', 'n', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '#', '\n', '\014', 'm',
'e', 's', 's', 'a', 'g', 'e', '_', 't', 'y', 'p', 'e', '\030', '\t', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 'm', 'e', 's', 's',
'a', 'g', 'e', 'T', 'y', 'p', 'e', '\022', '\037', '\n', '\n', 't', 'y', 'p', 'e', '_', 'p', 'a', 'r', 'a', 'm', '\030', '\n', ' ', '\001',
'(', '\t', 'H', '\000', 'R', '\t', 't', 'y', 'p', 'e', 'P', 'a', 'r', 'a', 'm', '\022', '4', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\013',
' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\004', 't', 'y', 'p', 'e', '\022', '.', '\n', '\005', 'e', 'r',
'r', 'o', 'r', '\030', '\014', ' ', '\001', '(', '\013', '2', '\026', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b',
'u', 'f', '.', 'E', 'm', 'p', 't', 'y', 'H', '\000', 'R', '\005', 'e', 'r', 'r', 'o', 'r', '\022', 'R', '\n', '\r', 'a', 'b', 's', 't',
'r', 'a', 'c', 't', '_', 't', 'y', 'p', 'e', '\030', '\016', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.', 'A', 'b',
's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\014', 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p',
'e', '\032', 'G', '\n', '\010', 'L', 'i', 's', 't', 'T', 'y', 'p', 'e', '\022', ';', '\n', '\t', 'e', 'l', 'e', 'm', '_', 't', 'y', 'p',
'e', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\010', 'e', 'l', 'e', 'm', 'T', 'y', 'p', 'e', '\032',
'\203', '\001', '\n', '\007', 'M', 'a', 'p', 'T', 'y', 'p', 'e', '\022', '9', '\n', '\010', 'k', 'e', 'y', '_', 't', 'y', 'p', 'e', '\030', '\001',
' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\007', 'k', 'e', 'y', 'T', 'y', 'p', 'e', '\022', '=', '\n', '\n', 'v',
'a', 'l', 'u', 'e', '_', 't', 'y', 'p', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\t', 'v',
'a', 'l', 'u', 'e', 'T', 'y', 'p', 'e', '\032', '\214', '\001', '\n', '\014', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'T', 'y', 'p', 'e',
'\022', '?', '\n', '\013', 'r', 'e', 's', 'u', 'l', 't', '_', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g',
'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T',
'y', 'p', 'e', 'R', '\n', 'r', 'e', 's', 'u', 'l', 't', 'T', 'y', 'p', 'e', '\022', ';', '\n', '\t', 'a', 'r', 'g', '_', 't', 'y',
'p', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\010', 'a', 'r', 'g', 'T', 'y', 'p', 'e',
's', '\032', 'k', '\n', '\014', 'A', 'b', 's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p', 'e', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e',
'\030', '\001', ' ', '\001', '(', '\t', 'R', '\004', 'n', 'a', 'm', 'e', '\022', 'G', '\n', '\017', 'p', 'a', 'r', 'a', 'm', 'e', 't', 'e', 'r',
'_', 't', 'y', 'p', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\016', 'p', 'a', 'r', 'a',
'm', 'e', 't', 'e', 'r', 'T', 'y', 'p', 'e', 's', '\"', 's', '\n', '\r', 'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y',
'p', 'e', '\022', '\036', '\n', '\032', 'P', 'R', 'I', 'M', 'I', 'T', 'I', 'V', 'E', '_', 'T', 'Y', 'P', 'E', '_', 'U', 'N', 'S', 'P',
'E', 'C', 'I', 'F', 'I', 'E', 'D', '\020', '\000', '\022', '\010', '\n', '\004', 'B', 'O', 'O', 'L', '\020', '\001', '\022', '\t', '\n', '\005', 'I', 'N',
'T', '6', '4', '\020', '\002', '\022', '\n', '\n', '\006', 'U', 'I', 'N', 'T', '6', '4', '\020', '\003', '\022', '\n', '\n', '\006', 'D', 'O', 'U', 'B',
'L', 'E', '\020', '\004', '\022', '\n', '\n', '\006', 'S', 'T', 'R', 'I', 'N', 'G', '\020', '\005', '\022', '\t', '\n', '\005', 'B', 'Y', 'T', 'E', 'S',
'\020', '\006', '\"', 'V', '\n', '\r', 'W', 'e', 'l', 'l', 'K', 'n', 'o', 'w', 'n', 'T', 'y', 'p', 'e', '\022', '\037', '\n', '\033', 'W', 'E',
'L', 'L', '_', 'K', 'N', 'O', 'W', 'N', '_', 'T', 'Y', 'P', 'E', '_', 'U', 'N', 'S', 'P', 'E', 'C', 'I', 'F', 'I', 'E', 'D',
'\020', '\000', '\022', '\007', '\n', '\003', 'A', 'N', 'Y', '\020', '\001', '\022', '\r', '\n', '\t', 'T', 'I', 'M', 'E', 'S', 'T', 'A', 'M', 'P', '\020',
'\002', '\022', '\014', '\n', '\010', 'D', 'U', 'R', 'A', 'T', 'I', 'O', 'N', '\020', '\003', 'B', '\013', '\n', '\t', 't', 'y', 'p', 'e', '_', 'k',
'i', 'n', 'd', '\"', '\263', '\005', '\n', '\004', 'D', 'e', 'c', 'l', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(',
'\t', 'R', '\004', 'n', 'a', 'm', 'e', '\022', '@', '\n', '\005', 'i', 'd', 'e', 'n', 't', '\030', '\002', ' ', '\001', '(', '\013', '2', '(', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'D', 'e', 'c', 'l', '.', 'I', 'd', 'e', 'n', 't', 'D', 'e', 'c', 'l', 'H', '\000', 'R', '\005', 'i', 'd', 'e', 'n', 't', '\022', 'I',
'\n', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\003', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e',
'.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'D', 'e', 'c', 'l', '.', 'F',
'u', 'n', 'c', 't', 'i', 'o', 'n', 'D', 'e', 'c', 'l', 'H', '\000', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\032', '\213',
'\001', '\n', '\t', 'I', 'd', 'e', 'n', 't', 'D', 'e', 'c', 'l', '\022', '2', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(',
'\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\004', 't', 'y', 'p', 'e', '\022', '8', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002',
' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\022', '\020', '\n',
'\003', 'd', 'o', 'c', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\003', 'd', 'o', 'c', '\032', '\356', '\002', '\n', '\014', 'F', 'u', 'n', 'c', 't',
'i', 'o', 'n', 'D', 'e', 'c', 'l', '\022', 'R', '\n', '\t', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 's', '\030', '\001', ' ', '\003', '(',
'\013', '2', '4', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'D', 'e', 'c', 'l', '.', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'D', 'e', 'c', 'l', '.', 'O', 'v', 'e',
'r', 'l', 'o', 'a', 'd', 'R', '\t', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 's', '\032', '\211', '\002', '\n', '\010', 'O', 'v', 'e', 'r',
'l', 'o', 'a', 'd', '\022', '\037', '\n', '\013', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '_', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\t',
'R', '\n', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 'I', 'd', '\022', '6', '\n', '\006', 'p', 'a', 'r', 'a', 'm', 's', '\030', '\002', ' ',
'\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\006', 'p', 'a', 'r', 'a', 'm', 's', '\022', '\037', '\n', '\013', 't', 'y', 'p',
'e', '_', 'p', 'a', 'r', 'a', 'm', 's', '\030', '\003', ' ', '\003', '(', '\t', 'R', '\n', 't', 'y', 'p', 'e', 'P', 'a', 'r', 'a', 'm',
's', '\022', '?', '\n', '\013', 'r', 'e', 's', 'u', 'l', 't', '_', 't', 'y', 'p', 'e', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'T', 'y', 'p', 'e', 'R', '\n', 'r', 'e', 's', 'u', 'l', 't', 'T', 'y', 'p', 'e', '\022', '0', '\n', '\024', 'i', 's', '_', 'i', 'n',
's', 't', 'a', 'n', 'c', 'e', '_', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\005', ' ', '\001', '(', '\010', 'R', '\022', 'i', 's',
'I', 'n', 's', 't', 'a', 'n', 'c', 'e', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '\020', '\n', '\003', 'd', 'o', 'c', '\030', '\006',
' ', '\001', '(', '\t', 'R', '\003', 'd', 'o', 'c', 'B', '\013', '\n', '\t', 'd', 'e', 'c', 'l', '_', 'k', 'i', 'n', 'd', '\"', 'z', '\n',
'\t', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R',
'\004', 'n', 'a', 'm', 'e', '\022', '\037', '\n', '\013', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '_', 'i', 'd', '\030', '\003', ' ', '\003', '(',
'\t', 'R', '\n', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 'I', 'd', '\022', '8', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\004', ' ',
'\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', 'l', '\n', '\034',
'c', 'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', 'B', '\t', 'D', 'e', 'c', 'l', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'g', 'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l',
'e', 'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e',
'x', 'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[4] = {
&google_api_expr_v1alpha1_syntax_proto_upbdefinit,
&google_protobuf_empty_proto_upbdefinit,
&google_protobuf_struct_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_checked_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_checked_proto_upb_file_layout,
"google/api/expr/v1alpha1/checked.proto",
UPB_STRVIEW_INIT(descriptor, 3089)
};

95
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h generated
Unescape View File

@ -0,0 +1,95 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/checked.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_checked_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_ReferenceMapEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr.ReferenceMapEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_TypeMapEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr.TypeMapEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_ListType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.ListType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_MapType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.MapType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_FunctionType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.FunctionType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_AbstractType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.AbstractType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_IdentDecl_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.IdentDecl");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_FunctionDecl_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.FunctionDecl");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_FunctionDecl_Overload_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.FunctionDecl.Overload");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Reference_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Reference");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_ */

58
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c generated
Unescape View File

@ -0,0 +1,58 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/eval.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/eval.upbdefs.h"
#include "google/api/expr/v1alpha1/eval.upb.h"
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit;
extern upb_def_init google_rpc_status_proto_upbdefinit;
static const char descriptor[738] = {'\n', '#', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'e', 'v', 'a', 'l', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.',
'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i',
'/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p', 'r', 'o', 't',
'o', '\032', '\027', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'r', 'p', 'c', '/', 's', 't', 'a', 't', 'u', 's', '.', 'p', 'r', 'o', 't',
'o', '\"', '\302', '\001', '\n', '\t', 'E', 'v', 'a', 'l', 'S', 't', 'a', 't', 'e', '\022', ';', '\n', '\006', 'v', 'a', 'l', 'u', 'e', 's',
'\030', '\001', ' ', '\003', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e',
's', '\022', 'D', '\n', '\007', 'r', 'e', 's', 'u', 'l', 't', 's', '\030', '\003', ' ', '\003', '(', '\013', '2', '*', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'v', 'a', 'l',
'S', 't', 'a', 't', 'e', '.', 'R', 'e', 's', 'u', 'l', 't', 'R', '\007', 'r', 'e', 's', 'u', 'l', 't', 's', '\032', '2', '\n', '\006',
'R', 'e', 's', 'u', 'l', 't', '\022', '\022', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\004', 'e', 'x', 'p',
'r', '\022', '\024', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\003', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\"', '\312',
'\001', '\n', '\t', 'E', 'x', 'p', 'r', 'V', 'a', 'l', 'u', 'e', '\022', '7', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001',
'(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\022', ':', '\n', '\005', 'e', 'r',
'r', 'o', 'r', '\030', '\002', ' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'r', 'r', 'o', 'r', 'S', 'e', 't', 'H', '\000', 'R', '\005', 'e',
'r', 'r', 'o', 'r', '\022', '@', '\n', '\007', 'u', 'n', 'k', 'n', 'o', 'w', 'n', '\030', '\003', ' ', '\001', '(', '\013', '2', '$', '.', 'g',
'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'U',
'n', 'k', 'n', 'o', 'w', 'n', 'S', 'e', 't', 'H', '\000', 'R', '\007', 'u', 'n', 'k', 'n', 'o', 'w', 'n', 'B', '\006', '\n', '\004', 'k',
'i', 'n', 'd', '\"', '6', '\n', '\010', 'E', 'r', 'r', 'o', 'r', 'S', 'e', 't', '\022', '*', '\n', '\006', 'e', 'r', 'r', 'o', 'r', 's',
'\030', '\001', ' ', '\003', '(', '\013', '2', '\022', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'r', 'p', 'c', '.', 'S', 't', 'a', 't', 'u',
's', 'R', '\006', 'e', 'r', 'r', 'o', 'r', 's', '\"', '\"', '\n', '\n', 'U', 'n', 'k', 'n', 'o', 'w', 'n', 'S', 'e', 't', '\022', '\024',
'\n', '\005', 'e', 'x', 'p', 'r', 's', '\030', '\001', ' ', '\003', '(', '\003', 'R', '\005', 'e', 'x', 'p', 'r', 's', 'B', 'l', '\n', '\034', 'c',
'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h',
'a', '1', 'B', '\t', 'E', 'v', 'a', 'l', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g',
'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e',
'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x',
'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[3] = {
&google_api_expr_v1alpha1_value_proto_upbdefinit,
&google_rpc_status_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_eval_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_eval_proto_upb_file_layout,
"google/api/expr/v1alpha1/eval.proto",
UPB_STRVIEW_INIT(descriptor, 738)
};

55
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h generated
Unescape View File

@ -0,0 +1,55 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/eval.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_eval_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EvalState_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EvalState");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EvalState_Result_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EvalState.Result");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ExprValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ExprValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ErrorSet_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ErrorSet");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_UnknownSet_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.UnknownSet");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_ */

44
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c generated
Unescape View File

@ -0,0 +1,44 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/explain.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/explain.upbdefs.h"
#include "google/api/expr/v1alpha1/explain.upb.h"
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit;
static const char descriptor[434] = {'\n', '&', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'e', 'x', 'p', 'l', 'a', 'i', 'n', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/',
'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p',
'r', 'o', 't', 'o', '\"', '\316', '\001', '\n', '\007', 'E', 'x', 'p', 'l', 'a', 'i', 'n', '\022', '7', '\n', '\006', 'v', 'a', 'l', 'u', 'e',
's', '\030', '\001', ' ', '\003', '(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\022', 'I',
'\n', '\n', 'e', 'x', 'p', 'r', '_', 's', 't', 'e', 'p', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '*', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'l',
'a', 'i', 'n', '.', 'E', 'x', 'p', 'r', 'S', 't', 'e', 'p', 'R', '\t', 'e', 'x', 'p', 'r', 'S', 't', 'e', 'p', 's', '\032', ';',
'\n', '\010', 'E', 'x', 'p', 'r', 'S', 't', 'e', 'p', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\002', 'i',
'd', '\022', '\037', '\n', '\013', 'v', 'a', 'l', 'u', 'e', '_', 'i', 'n', 'd', 'e', 'x', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\n', 'v',
'a', 'l', 'u', 'e', 'I', 'n', 'd', 'e', 'x', ':', '\002', '\030', '\001', 'B', 'o', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\014', 'E', 'x', 'p',
'l', 'a', 'i', 'n', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n',
'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's',
'/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001',
'\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[2] = {
&google_api_expr_v1alpha1_value_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_explain_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_explain_proto_upb_file_layout,
"google/api/expr/v1alpha1/explain.proto",
UPB_STRVIEW_INIT(descriptor, 434)
};

40
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h generated
Unescape View File

@ -0,0 +1,40 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/explain.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_explain_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Explain_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_explain_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Explain");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Explain_ExprStep_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_explain_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Explain.ExprStep");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_ */

153
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c generated
Unescape View File

@ -0,0 +1,153 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/syntax.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/syntax.upbdefs.h"
#include "google/api/expr/v1alpha1/syntax.upb.h"
extern upb_def_init google_protobuf_duration_proto_upbdefinit;
extern upb_def_init google_protobuf_struct_proto_upbdefinit;
extern upb_def_init google_protobuf_timestamp_proto_upbdefinit;
static const char descriptor[3059] = {'\n', '%', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 's', 'y', 'n', 't', 'a', 'x', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '\036', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p',
'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 'd', 'u', 'r', 'a', 't', 'i', 'o', 'n', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g',
'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o',
't', 'o', '\032', '\037', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 't', 'i', 'm', 'e', 's',
't', 'a', 'm', 'p', '.', 'p', 'r', 'o', 't', 'o', '\"', '\207', '\001', '\n', '\n', 'P', 'a', 'r', 's', 'e', 'd', 'E', 'x', 'p', 'r',
'\022', '2', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'e', 'x',
'p', 'r', '\022', 'E', '\n', '\013', 's', 'o', 'u', 'r', 'c', 'e', '_', 'i', 'n', 'f', 'o', '\030', '\003', ' ', '\001', '(', '\013', '2', '$',
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1',
'.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', 'R', '\n', 's', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\"', '\334',
'\014', '\n', '\004', 'E', 'x', 'p', 'r', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\002', ' ', '\001', '(', '\003', 'R', '\002', 'i', 'd', '\022', 'C',
'\n', '\n', 'c', 'o', 'n', 's', 't', '_', 'e', 'x', 'p', 'r', '\030', '\003', ' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's',
't', 'a', 'n', 't', 'H', '\000', 'R', '\t', 'c', 'o', 'n', 's', 't', 'E', 'x', 'p', 'r', '\022', 'E', '\n', '\n', 'i', 'd', 'e', 'n',
't', '_', 'e', 'x', 'p', 'r', '\030', '\004', ' ', '\001', '(', '\013', '2', '$', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'I', 'd', 'e', 'n', 't',
'H', '\000', 'R', '\t', 'i', 'd', 'e', 'n', 't', 'E', 'x', 'p', 'r', '\022', 'H', '\n', '\013', 's', 'e', 'l', 'e', 'c', 't', '_', 'e',
'x', 'p', 'r', '\030', '\005', ' ', '\001', '(', '\013', '2', '%', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'S', 'e', 'l', 'e', 'c', 't', 'H', '\000',
'R', '\n', 's', 'e', 'l', 'e', 'c', 't', 'E', 'x', 'p', 'r', '\022', 'B', '\n', '\t', 'c', 'a', 'l', 'l', '_', 'e', 'x', 'p', 'r',
'\030', '\006', ' ', '\001', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'a', 'l', 'l', 'H', '\000', 'R', '\010', 'c', 'a', 'l',
'l', 'E', 'x', 'p', 'r', '\022', 'H', '\n', '\t', 'l', 'i', 's', 't', '_', 'e', 'x', 'p', 'r', '\030', '\007', ' ', '\001', '(', '\013', '2',
')', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r', 'e', 'a', 't', 'e', 'L', 'i', 's', 't', 'H', '\000', 'R', '\010', 'l', 'i', 's', 't',
'E', 'x', 'p', 'r', '\022', 'N', '\n', '\013', 's', 't', 'r', 'u', 'c', 't', '_', 'e', 'x', 'p', 'r', '\030', '\010', ' ', '\001', '(', '\013',
'2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h',
'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r', 'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', 'H', '\000', 'R', '\n', 's',
't', 'r', 'u', 'c', 't', 'E', 'x', 'p', 'r', '\022', ']', '\n', '\022', 'c', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o',
'n', '_', 'e', 'x', 'p', 'r', '\030', '\t', ' ', '\001', '(', '\013', '2', ',', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'o', 'm', 'p', 'r',
'e', 'h', 'e', 'n', 's', 'i', 'o', 'n', 'H', '\000', 'R', '\021', 'c', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o', 'n',
'E', 'x', 'p', 'r', '\032', '\033', '\n', '\005', 'I', 'd', 'e', 'n', 't', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001',
'(', '\t', 'R', '\004', 'n', 'a', 'm', 'e', '\032', 'u', '\n', '\006', 'S', 'e', 'l', 'e', 'c', 't', '\022', '8', '\n', '\007', 'o', 'p', 'e',
'r', 'a', 'n', 'd', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e',
'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\007', 'o', 'p', 'e', 'r', 'a', 'n',
'd', '\022', '\024', '\n', '\005', 'f', 'i', 'e', 'l', 'd', '\030', '\002', ' ', '\001', '(', '\t', 'R', '\005', 'f', 'i', 'e', 'l', 'd', '\022', '\033',
'\n', '\t', 't', 'e', 's', 't', '_', 'o', 'n', 'l', 'y', '\030', '\003', ' ', '\001', '(', '\010', 'R', '\010', 't', 'e', 's', 't', 'O', 'n',
'l', 'y', '\032', '\216', '\001', '\n', '\004', 'C', 'a', 'l', 'l', '\022', '6', '\n', '\006', 't', 'a', 'r', 'g', 'e', 't', '\030', '\001', ' ', '\001',
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\006', 't', 'a', 'r', 'g', 'e', 't', '\022', '\032', '\n', '\010', 'f', 'u', 'n', 'c',
't', 'i', 'o', 'n', '\030', '\002', ' ', '\001', '(', '\t', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '2', '\n', '\004', 'a',
'r', 'g', 's', '\030', '\003', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'a', 'r', 'g', 's', '\032', 'H', '\n',
'\n', 'C', 'r', 'e', 'a', 't', 'e', 'L', 'i', 's', 't', '\022', ':', '\n', '\010', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '\030', '\001',
' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\010', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '\032', '\264', '\002', '\n',
'\014', 'C', 'r', 'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', '\022', '!', '\n', '\014', 'm', 'e', 's', 's', 'a', 'g', 'e', '_',
'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\013', 'm', 'e', 's', 's', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '\022', 'K',
'\n', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '1', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r',
'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', '.', 'E', 'n', 't', 'r', 'y', 'R', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's',
'\032', '\263', '\001', '\n', '\005', 'E', 'n', 't', 'r', 'y', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\002', 'i',
'd', '\022', '\035', '\n', '\t', 'f', 'i', 'e', 'l', 'd', '_', 'k', 'e', 'y', '\030', '\002', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\010', 'f',
'i', 'e', 'l', 'd', 'K', 'e', 'y', '\022', '9', '\n', '\007', 'm', 'a', 'p', '_', 'k', 'e', 'y', '\030', '\003', ' ', '\001', '(', '\013', '2',
'\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '.', 'E', 'x', 'p', 'r', 'H', '\000', 'R', '\006', 'm', 'a', 'p', 'K', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u', 'e',
'\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', '\n', '\n', '\010', 'k',
'e', 'y', '_', 'k', 'i', 'n', 'd', '\032', '\375', '\002', '\n', '\r', 'C', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o', 'n',
'\022', '\031', '\n', '\010', 'i', 't', 'e', 'r', '_', 'v', 'a', 'r', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\007', 'i', 't', 'e', 'r', 'V',
'a', 'r', '\022', '=', '\n', '\n', 'i', 't', 'e', 'r', '_', 'r', 'a', 'n', 'g', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'E', 'x', 'p', 'r', 'R', '\t', 'i', 't', 'e', 'r', 'R', 'a', 'n', 'g', 'e', '\022', '\031', '\n', '\010', 'a', 'c', 'c', 'u', '_', 'v',
'a', 'r', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\007', 'a', 'c', 'c', 'u', 'V', 'a', 'r', '\022', ';', '\n', '\t', 'a', 'c', 'c', 'u',
'_', 'i', 'n', 'i', 't', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.',
'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\010', 'a', 'c', 'c', 'u', 'I',
'n', 'i', 't', '\022', 'E', '\n', '\016', 'l', 'o', 'o', 'p', '_', 'c', 'o', 'n', 'd', 'i', 't', 'i', 'o', 'n', '\030', '\005', ' ', '\001',
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\r', 'l', 'o', 'o', 'p', 'C', 'o', 'n', 'd', 'i', 't', 'i', 'o', 'n', '\022',
';', '\n', '\t', 'l', 'o', 'o', 'p', '_', 's', 't', 'e', 'p', '\030', '\006', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r',
'R', '\010', 'l', 'o', 'o', 'p', 'S', 't', 'e', 'p', '\022', '6', '\n', '\006', 'r', 'e', 's', 'u', 'l', 't', '\030', '\007', ' ', '\001', '(',
'\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\006', 'r', 'e', 's', 'u', 'l', 't', 'B', '\013', '\n', '\t', 'e', 'x', 'p', 'r', '_',
'k', 'i', 'n', 'd', '\"', '\301', '\003', '\n', '\010', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', '\022', ';', '\n', '\n', 'n', 'u', 'l', 'l',
'_', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001', '(', '\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o',
't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'n', 'u', 'l', 'l', 'V', 'a',
'l', 'u', 'e', '\022', '\037', '\n', '\n', 'b', 'o', 'o', 'l', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\010', 'H', '\000',
'R', '\t', 'b', 'o', 'o', 'l', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u',
'e', '\030', '\003', ' ', '\001', '(', '\003', 'H', '\000', 'R', '\n', 'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014',
'u', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\004', ' ', '\001', '(', '\004', 'H', '\000', 'R', '\013', 'u', 'i', 'n',
't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 'd', 'o', 'u', 'b', 'l', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030',
'\005', ' ', '\001', '(', '\001', 'H', '\000', 'R', '\013', 'd', 'o', 'u', 'b', 'l', 'e', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 's',
't', 'r', 'i', 'n', 'g', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\006', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 's', 't', 'r', 'i',
'n', 'g', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013', 'b', 'y', 't', 'e', 's', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\007', ' ',
'\001', '(', '\014', 'H', '\000', 'R', '\n', 'b', 'y', 't', 'e', 's', 'V', 'a', 'l', 'u', 'e', '\022', 'F', '\n', '\016', 'd', 'u', 'r', 'a',
't', 'i', 'o', 'n', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\010', ' ', '\001', '(', '\013', '2', '\031', '.', 'g', 'o', 'o', 'g', 'l', 'e',
'.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'D', 'u', 'r', 'a', 't', 'i', 'o', 'n', 'B', '\002', '\030', '\001', 'H', '\000', 'R',
'\r', 'd', 'u', 'r', 'a', 't', 'i', 'o', 'n', 'V', 'a', 'l', 'u', 'e', '\022', 'I', '\n', '\017', 't', 'i', 'm', 'e', 's', 't', 'a',
'm', 'p', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\t', ' ', '\001', '(', '\013', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p',
'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'T', 'i', 'm', 'e', 's', 't', 'a', 'm', 'p', 'B', '\002', '\030', '\001', 'H', '\000', 'R', '\016',
't', 'i', 'm', 'e', 's', 't', 'a', 'm', 'p', 'V', 'a', 'l', 'u', 'e', 'B', '\017', '\n', '\r', 'c', 'o', 'n', 's', 't', 'a', 'n',
't', '_', 'k', 'i', 'n', 'd', '\"', '\271', '\003', '\n', '\n', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\022', '%', '\n', '\016',
's', 'y', 'n', 't', 'a', 'x', '_', 'v', 'e', 'r', 's', 'i', 'o', 'n', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\r', 's', 'y', 'n',
't', 'a', 'x', 'V', 'e', 'r', 's', 'i', 'o', 'n', '\022', '\032', '\n', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\030', '\002', ' ',
'\001', '(', '\t', 'R', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\022', '!', '\n', '\014', 'l', 'i', 'n', 'e', '_', 'o', 'f', 'f',
's', 'e', 't', 's', '\030', '\003', ' ', '\003', '(', '\005', 'R', '\013', 'l', 'i', 'n', 'e', 'O', 'f', 'f', 's', 'e', 't', 's', '\022', 'Q',
'\n', '\t', 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 's', '\030', '\004', ' ', '\003', '(', '\013', '2', '3', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'S', 'o', 'u', 'r', 'c',
'e', 'I', 'n', 'f', 'o', '.', 'P', 'o', 's', 'i', 't', 'i', 'o', 'n', 's', 'E', 'n', 't', 'r', 'y', 'R', '\t', 'p', 'o', 's',
'i', 't', 'i', 'o', 'n', 's', '\022', 'U', '\n', '\013', 'm', 'a', 'c', 'r', 'o', '_', 'c', 'a', 'l', 'l', 's', '\030', '\005', ' ', '\003',
'(', '\013', '2', '4', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '.', 'M', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l',
's', 'E', 'n', 't', 'r', 'y', 'R', '\n', 'm', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l', 's', '\032', '<', '\n', '\016', 'P', 'o', 's',
'i', 't', 'i', 'o', 'n', 's', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R',
'\003', 'k', 'e', 'y', '\022', '\024', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\005', 'v', 'a', 'l', 'u',
'e', ':', '\002', '8', '\001', '\032', ']', '\n', '\017', 'M', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l', 's', 'E', 'n', 't', 'r', 'y', '\022',
'\020', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u',
'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':', '\002', '8', '\001',
'\"', 'p', '\n', '\016', 'S', 'o', 'u', 'r', 'c', 'e', 'P', 'o', 's', 'i', 't', 'i', 'o', 'n', '\022', '\032', '\n', '\010', 'l', 'o', 'c',
'a', 't', 'i', 'o', 'n', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\022', '\026', '\n', '\006',
'o', 'f', 'f', 's', 'e', 't', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\006', 'o', 'f', 'f', 's', 'e', 't', '\022', '\022', '\n', '\004', 'l',
'i', 'n', 'e', '\030', '\003', ' ', '\001', '(', '\005', 'R', '\004', 'l', 'i', 'n', 'e', '\022', '\026', '\n', '\006', 'c', 'o', 'l', 'u', 'm', 'n',
'\030', '\004', ' ', '\001', '(', '\005', 'R', '\006', 'c', 'o', 'l', 'u', 'm', 'n', 'B', 'n', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o',
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\013', 'S', 'y',
'n', 't', 'a', 'x', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n',
'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's',
'/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001',
'\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[4] = {
&google_protobuf_duration_proto_upbdefinit,
&google_protobuf_struct_proto_upbdefinit,
&google_protobuf_timestamp_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_syntax_proto_upb_file_layout,
"google/api/expr/v1alpha1/syntax.proto",
UPB_STRVIEW_INIT(descriptor, 3059)
};

100
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h generated
Unescape View File

@ -0,0 +1,100 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/syntax.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ParsedExpr_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ParsedExpr");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Ident_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Ident");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Select_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Select");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Call_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Call");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateList_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateList");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateStruct_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateStruct");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateStruct_Entry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateStruct.Entry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Comprehension_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Comprehension");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Constant_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Constant");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_PositionsEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo.PositionsEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_MacroCallsEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo.MacroCallsEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourcePosition_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourcePosition");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_ */

75
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c generated
Unescape View File

@ -0,0 +1,75 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/value.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/value.upbdefs.h"
#include "google/api/expr/v1alpha1/value.upb.h"
extern upb_def_init google_protobuf_any_proto_upbdefinit;
extern upb_def_init google_protobuf_struct_proto_upbdefinit;
static const char descriptor[1153] = {'\n', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '\031', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r',
'o', 't', 'o', 'b', 'u', 'f', '/', 'a', 'n', 'y', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g', 'o', 'o', 'g', 'l', 'e', '/',
'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o', 't', 'o', '\"', '\315', '\004', '\n',
'\005', 'V', 'a', 'l', 'u', 'e', '\022', ';', '\n', '\n', 'n', 'u', 'l', 'l', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001', '(',
'\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V',
'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'n', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', '\022', '\037', '\n', '\n', 'b', 'o', 'o', 'l',
'_', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\010', 'H', '\000', 'R', '\t', 'b', 'o', 'o', 'l', 'V', 'a', 'l', 'u', 'e',
'\022', '!', '\n', '\013', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\003', ' ', '\001', '(', '\003', 'H', '\000', 'R', '\n',
'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 'u', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u',
'e', '\030', '\004', ' ', '\001', '(', '\004', 'H', '\000', 'R', '\013', 'u', 'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n',
'\014', 'd', 'o', 'u', 'b', 'l', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\005', ' ', '\001', '(', '\001', 'H', '\000', 'R', '\013', 'd', 'o',
'u', 'b', 'l', 'e', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 's', 't', 'r', 'i', 'n', 'g', '_', 'v', 'a', 'l', 'u', 'e',
'\030', '\006', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 's', 't', 'r', 'i', 'n', 'g', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013',
'b', 'y', 't', 'e', 's', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\007', ' ', '\001', '(', '\014', 'H', '\000', 'R', '\n', 'b', 'y', 't', 'e',
's', 'V', 'a', 'l', 'u', 'e', '\022', 'D', '\n', '\n', 'e', 'n', 'u', 'm', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\t', ' ', '\001', '(',
'\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'E', 'n', 'u', 'm', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'e', 'n', 'u', 'm', 'V', 'a', 'l', 'u',
'e', '\022', '9', '\n', '\014', 'o', 'b', 'j', 'e', 'c', 't', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\n', ' ', '\001', '(', '\013', '2', '\024',
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'A', 'n', 'y', 'H', '\000', 'R', '\013', 'o',
'b', 'j', 'e', 'c', 't', 'V', 'a', 'l', 'u', 'e', '\022', 'A', '\n', '\t', 'm', 'a', 'p', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\013',
' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'M', 'a', 'p', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\010', 'm', 'a', 'p', 'V', 'a', 'l',
'u', 'e', '\022', 'D', '\n', '\n', 'l', 'i', 's', 't', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\014', ' ', '\001', '(', '\013', '2', '#', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'L', 'i', 's', 't', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'l', 'i', 's', 't', 'V', 'a', 'l', 'u', 'e', '\022', '\037', '\n',
'\n', 't', 'y', 'p', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\017', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\t', 't', 'y', 'p', 'e',
'V', 'a', 'l', 'u', 'e', 'B', '\006', '\n', '\004', 'k', 'i', 'n', 'd', '\"', '5', '\n', '\t', 'E', 'n', 'u', 'm', 'V', 'a', 'l', 'u',
'e', '\022', '\022', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\004', 't', 'y', 'p', 'e', '\022', '\024', '\n', '\005',
'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\"', 'D', '\n', '\t', 'L', 'i', 's',
't', 'V', 'a', 'l', 'u', 'e', '\022', '7', '\n', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\030', '\001', ' ', '\003', '(', '\013', '2', '\037', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\"', '\301', '\001', '\n', '\010', 'M', 'a', 'p', 'V', 'a', 'l', 'u',
'e', '\022', 'B', '\n', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\030', '\001', ' ', '\003', '(', '\013', '2', '(', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'M', 'a', 'p', 'V',
'a', 'l', 'u', 'e', '.', 'E', 'n', 't', 'r', 'y', 'R', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\032', 'q', '\n', '\005', 'E', 'n',
't', 'r', 'y', '\022', '1', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e',
'.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'R',
'\003', 'k', 'e', 'y', '\022', '5', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\037', '.', 'g', 'o', 'o',
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l',
'u', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', 'm', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\n', 'V', 'a', 'l', 'u', 'e', 'P', 'r',
'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/',
'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e',
'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o',
't', 'o', '3',
};
static upb_def_init *deps[3] = {
&google_protobuf_any_proto_upbdefinit,
&google_protobuf_struct_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_value_proto_upb_file_layout,
"google/api/expr/v1alpha1/value.proto",
UPB_STRVIEW_INIT(descriptor, 1153)
};

55
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h generated
Unescape View File

@ -0,0 +1,55 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/value.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Value_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Value");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EnumValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EnumValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ListValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ListValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_MapValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.MapValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_MapValue_Entry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.MapValue.Entry");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_ */

5
src/core/ext/xds/xds_http_filters.cc
Unescape View File

@ -22,6 +22,7 @@
#include "envoy/extensions/filters/http/router/v3/router.upbdefs.h"
#include "src/core/ext/xds/xds_http_fault_filter.h"
#include "src/core/ext/xds/xds_http_rbac_filter.h"
namespace grpc_core {
@ -106,6 +107,10 @@ void XdsHttpFilterRegistry::Init() {
{kXdsHttpRouterFilterConfigName});
RegisterFilter(absl::make_unique<XdsHttpFaultFilter>(),
{kXdsHttpFaultFilterConfigName});
RegisterFilter(absl::make_unique<XdsHttpRbacFilter>(),
{kXdsHttpRbacFilterConfigName});
RegisterFilter(absl::make_unique<XdsHttpRbacFilter>(),
{kXdsHttpRbacFilterConfigOverrideName});
}
void XdsHttpFilterRegistry::Shutdown() {

551
src/core/ext/xds/xds_http_rbac_filter.cc
Unescape View File

@ -0,0 +1,551 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <grpc/support/port_platform.h>
#include "src/core/ext/xds/xds_http_rbac_filter.h"
#include "absl/strings/str_format.h"
#include "envoy/config/core/v3/address.upb.h"
#include "envoy/config/rbac/v3/rbac.upb.h"
#include "envoy/config/route/v3/route_components.upb.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h"
#include "envoy/type/matcher/v3/path.upb.h"
#include "envoy/type/matcher/v3/regex.upb.h"
#include "envoy/type/matcher/v3/string.upb.h"
#include "envoy/type/v3/range.upb.h"
#include "google/protobuf/wrappers.upb.h"
#include "src/core/ext/filters/rbac/rbac_filter.h"
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include "src/core/ext/xds/upb_utils.h"
#include "src/core/lib/channel/channel_args.h"
namespace grpc_core {
const char* kXdsHttpRbacFilterConfigName =
"envoy.extensions.filters.http.rbac.v3.RBAC";
const char* kXdsHttpRbacFilterConfigOverrideName =
"envoy.extensions.filters.http.rbac.v3.RBACPerRoute";
namespace {
Json ParseRegexMatcherToJson(
const envoy_type_matcher_v3_RegexMatcher* regex_matcher) {
return Json::Object(
{{"regex", UpbStringToStdString(envoy_type_matcher_v3_RegexMatcher_regex(
regex_matcher))}});
}
Json ParseInt64RangeToJson(const envoy_type_v3_Int64Range* range) {
return Json::Object{{"start", envoy_type_v3_Int64Range_start(range)},
{"end", envoy_type_v3_Int64Range_end(range)}};
}
absl::StatusOr<Json> ParseHeaderMatcherToJson(
const envoy_config_route_v3_HeaderMatcher* header) {
Json::Object header_json;
std::vector<absl::Status> error_list;
std::string name =
UpbStringToStdString(envoy_config_route_v3_HeaderMatcher_name(header));
if (name == ":scheme") {
error_list.push_back(
absl::InvalidArgumentError("':scheme' not allowed in header"));
} else if (absl::StartsWith(name, "grpc-")) {
error_list.push_back(
absl::InvalidArgumentError("'grpc-' prefixes not allowed in header"));
}
header_json.emplace("name", std::move(name));
if (envoy_config_route_v3_HeaderMatcher_has_exact_match(header)) {
header_json.emplace(
"exactMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_exact_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_safe_regex_match(header)) {
header_json.emplace(
"safeRegexMatch",
ParseRegexMatcherToJson(
envoy_config_route_v3_HeaderMatcher_safe_regex_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_range_match(header)) {
header_json.emplace(
"rangeMatch",
ParseInt64RangeToJson(
envoy_config_route_v3_HeaderMatcher_range_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_present_match(header)) {
header_json.emplace(
"presentMatch",
envoy_config_route_v3_HeaderMatcher_present_match(header));
} else if (envoy_config_route_v3_HeaderMatcher_has_prefix_match(header)) {
header_json.emplace(
"prefixMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_prefix_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_suffix_match(header)) {
header_json.emplace(
"suffixMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_suffix_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_contains_match(header)) {
header_json.emplace(
"containsMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_contains_match(header)));
} else {
error_list.push_back(
absl::InvalidArgumentError("Invalid route header matcher specified."));
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing HeaderMatcher", DEBUG_LOCATION,
std::move(error_list));
}
header_json.emplace("invertMatch",
envoy_config_route_v3_HeaderMatcher_invert_match(header));
return header_json;
}
absl::StatusOr<Json> ParseStringMatcherToJson(
const envoy_type_matcher_v3_StringMatcher* matcher) {
Json::Object json;
if (envoy_type_matcher_v3_StringMatcher_has_exact(matcher)) {
json.emplace("exact",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_exact(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_prefix(matcher)) {
json.emplace("prefix",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_prefix(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_suffix(matcher)) {
json.emplace("suffix",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_suffix(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_safe_regex(matcher)) {
json.emplace("safeRegex",
ParseRegexMatcherToJson(
envoy_type_matcher_v3_StringMatcher_safe_regex(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_contains(matcher)) {
json.emplace("contains",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_contains(matcher)));
} else {
return absl::InvalidArgumentError("StringMatcher: Invalid match pattern");
}
json.emplace("ignoreCase",
envoy_type_matcher_v3_StringMatcher_ignore_case(matcher));
return json;
}
absl::StatusOr<Json> ParsePathMatcherToJson(
const envoy_type_matcher_v3_PathMatcher* matcher) {
const auto* path = envoy_type_matcher_v3_PathMatcher_path(matcher);
if (path == nullptr) {
return absl::InvalidArgumentError("PathMatcher has empty path");
}
Json::Object json;
auto path_json = ParseStringMatcherToJson(path);
if (!path_json.ok()) {
return path_json;
}
json.emplace("path", std::move(*path_json));
return json;
}
Json ParseUInt32ValueToJson(const google_protobuf_UInt32Value* value) {
return Json::Object{{"value", google_protobuf_UInt32Value_value(value)}};
}
Json ParseCidrRangeToJson(const envoy_config_core_v3_CidrRange* range) {
Json::Object json;
json.emplace("addressPrefix",
UpbStringToStdString(
envoy_config_core_v3_CidrRange_address_prefix(range)));
const auto* prefix_len = envoy_config_core_v3_CidrRange_prefix_len(range);
if (prefix_len != nullptr) {
json.emplace("prefixLen", ParseUInt32ValueToJson(prefix_len));
}
return json;
}
absl::StatusOr<Json> ParsePermissionToJson(
const envoy_config_rbac_v3_Permission* permission) {
Json::Object permission_json;
// Helper function to parse Permission::Set to JSON. Used by `and_rules` and
// `or_rules`.
auto parse_permission_set_to_json =
[](const envoy_config_rbac_v3_Permission_Set* set)
-> absl::StatusOr<Json> {
std::vector<absl::Status> error_list;
Json::Array rules_json;
size_t size;
const envoy_config_rbac_v3_Permission* const* rules =
envoy_config_rbac_v3_Permission_Set_rules(set, &size);
for (size_t i = 0; i < size; ++i) {
auto permission_json = ParsePermissionToJson(rules[i]);
if (!permission_json.ok()) {
error_list.push_back(permission_json.status());
} else {
rules_json.emplace_back(std::move(*permission_json));
}
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing Set", DEBUG_LOCATION,
std::move(error_list));
}
return Json::Object({{"rules", std::move(rules_json)}});
};
if (envoy_config_rbac_v3_Permission_has_and_rules(permission)) {
const auto* and_rules =
envoy_config_rbac_v3_Permission_and_rules(permission);
auto permission_set_json = parse_permission_set_to_json(and_rules);
if (!permission_set_json.ok()) {
return permission_set_json;
}
permission_json.emplace("andRules", std::move(*permission_set_json));
} else if (envoy_config_rbac_v3_Permission_has_or_rules(permission)) {
const auto* or_rules = envoy_config_rbac_v3_Permission_or_rules(permission);
auto permission_set_json = parse_permission_set_to_json(or_rules);
if (!permission_set_json.ok()) {
return permission_set_json;
}
permission_json.emplace("orRules", std::move(*permission_set_json));
} else if (envoy_config_rbac_v3_Permission_has_any(permission)) {
permission_json.emplace("any",
envoy_config_rbac_v3_Permission_any(permission));
} else if (envoy_config_rbac_v3_Permission_has_header(permission)) {
auto header_json = ParseHeaderMatcherToJson(
envoy_config_rbac_v3_Permission_header(permission));
if (!header_json.ok()) {
return header_json;
}
permission_json.emplace("header", std::move(*header_json));
} else if (envoy_config_rbac_v3_Permission_has_url_path(permission)) {
auto url_path_json = ParsePathMatcherToJson(
envoy_config_rbac_v3_Permission_url_path(permission));
if (!url_path_json.ok()) {
return url_path_json;
}
permission_json.emplace("urlPath", std::move(*url_path_json));
} else if (envoy_config_rbac_v3_Permission_has_destination_ip(permission)) {
permission_json.emplace(
"destinationIp",
ParseCidrRangeToJson(
envoy_config_rbac_v3_Permission_destination_ip(permission)));
} else if (envoy_config_rbac_v3_Permission_has_destination_port(permission)) {
permission_json.emplace(
"destinationPort",
envoy_config_rbac_v3_Permission_destination_port(permission));
} else if (envoy_config_rbac_v3_Permission_has_metadata(permission)) {
// Not parsing metadata even if its present since it is not relevant to
// gRPC.
permission_json.emplace("metadata", Json::Object());
} else if (envoy_config_rbac_v3_Permission_has_not_rule(permission)) {
auto not_rule_json = ParsePermissionToJson(
envoy_config_rbac_v3_Permission_not_rule(permission));
if (!not_rule_json.ok()) {
return not_rule_json;
}
permission_json.emplace("notRule", std::move(*not_rule_json));
} else if (envoy_config_rbac_v3_Permission_has_requested_server_name(
permission)) {
auto requested_server_name_json = ParseStringMatcherToJson(
envoy_config_rbac_v3_Permission_requested_server_name(permission));
if (!requested_server_name_json.ok()) {
return requested_server_name_json;
}
permission_json.emplace("requestedServerName",
std::move(*requested_server_name_json));
} else {
return absl::InvalidArgumentError("Permission: Invalid rule");
}
return permission_json;
}
absl::StatusOr<Json> ParsePrincipalToJson(
const envoy_config_rbac_v3_Principal* principal) {
Json::Object principal_json;
// Helper function to parse Principal::Set to JSON. Used by `and_ids` and
// `or_ids`.
auto parse_principal_set_to_json =
[](const envoy_config_rbac_v3_Principal_Set* set)
-> absl::StatusOr<Json> {
Json::Object json;
std::vector<absl::Status> error_list;
Json::Array ids_json;
size_t size;
const envoy_config_rbac_v3_Principal* const* ids =
envoy_config_rbac_v3_Principal_Set_ids(set, &size);
for (size_t i = 0; i < size; ++i) {
auto principal_json = ParsePrincipalToJson(ids[i]);
if (!principal_json.ok()) {
error_list.push_back(principal_json.status());
} else {
ids_json.emplace_back(std::move(*principal_json));
}
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing Set", DEBUG_LOCATION,
std::move(error_list));
}
return Json::Object({{"ids", std::move(ids_json)}});
};
if (envoy_config_rbac_v3_Principal_has_and_ids(principal)) {
const auto* and_rules = envoy_config_rbac_v3_Principal_and_ids(principal);
auto principal_set_json = parse_principal_set_to_json(and_rules);
if (!principal_set_json.ok()) {
return principal_set_json;
}
principal_json.emplace("andIds", std::move(*principal_set_json));
} else if (envoy_config_rbac_v3_Principal_has_or_ids(principal)) {
const auto* or_rules = envoy_config_rbac_v3_Principal_or_ids(principal);
auto principal_set_json = parse_principal_set_to_json(or_rules);
if (!principal_set_json.ok()) {
return principal_set_json;
}
principal_json.emplace("orIds", std::move(*principal_set_json));
} else if (envoy_config_rbac_v3_Principal_has_any(principal)) {
principal_json.emplace("any",
envoy_config_rbac_v3_Principal_any(principal));
} else if (envoy_config_rbac_v3_Principal_has_authenticated(principal)) {
auto* authenticated_json =
principal_json.emplace("authenticated", Json::Object())
.first->second.mutable_object();
const auto* principal_name =
envoy_config_rbac_v3_Principal_Authenticated_principal_name(
envoy_config_rbac_v3_Principal_authenticated(principal));
if (principal_name != nullptr) {
auto principal_name_json = ParseStringMatcherToJson(principal_name);
if (!principal_name_json.ok()) {
return principal_name_json;
}
authenticated_json->emplace("principalName",
std::move(*principal_name_json));
}
} else if (envoy_config_rbac_v3_Principal_has_source_ip(principal)) {
principal_json.emplace(
"sourceIp", ParseCidrRangeToJson(
envoy_config_rbac_v3_Principal_source_ip(principal)));
} else if (envoy_config_rbac_v3_Principal_has_direct_remote_ip(principal)) {
principal_json.emplace(
"directRemoteIp",
ParseCidrRangeToJson(
envoy_config_rbac_v3_Principal_direct_remote_ip(principal)));
} else if (envoy_config_rbac_v3_Principal_has_remote_ip(principal)) {
principal_json.emplace(
"remoteIp", ParseCidrRangeToJson(
envoy_config_rbac_v3_Principal_remote_ip(principal)));
} else if (envoy_config_rbac_v3_Principal_has_header(principal)) {
auto header_json = ParseHeaderMatcherToJson(
envoy_config_rbac_v3_Principal_header(principal));
if (!header_json.ok()) {
return header_json;
}
principal_json.emplace("header", std::move(*header_json));
} else if (envoy_config_rbac_v3_Principal_has_url_path(principal)) {
auto url_path_json = ParsePathMatcherToJson(
envoy_config_rbac_v3_Principal_url_path(principal));
if (!url_path_json.ok()) {
return url_path_json;
}
principal_json.emplace("urlPath", std::move(*url_path_json));
} else if (envoy_config_rbac_v3_Principal_has_metadata(principal)) {
// Not parsing metadata even if its present since it is not relevant to
// gRPC.
principal_json.emplace("metadata", Json::Object());
} else if (envoy_config_rbac_v3_Principal_has_not_id(principal)) {
auto not_id_json =
ParsePrincipalToJson(envoy_config_rbac_v3_Principal_not_id(principal));
if (!not_id_json.ok()) {
return not_id_json;
}
principal_json.emplace("notId", std::move(*not_id_json));
} else {
return absl::InvalidArgumentError("Principal: Invalid rule");
}
return principal_json;
}
absl::StatusOr<Json> ParsePolicyToJson(
const envoy_config_rbac_v3_Policy* policy) {
Json::Object policy_json;
std::vector<absl::Status> error_list;
size_t size;
Json::Array permissions_json;
const envoy_config_rbac_v3_Permission* const* permissions =
envoy_config_rbac_v3_Policy_permissions(policy, &size);
for (size_t i = 0; i < size; ++i) {
auto permission_json = ParsePermissionToJson(permissions[i]);
if (!permission_json.ok()) {
error_list.push_back(permission_json.status());
} else {
permissions_json.emplace_back(std::move(*permission_json));
}
}
policy_json.emplace("permissions", std::move(permissions_json));
Json::Array principals_json;
const envoy_config_rbac_v3_Principal* const* principals =
envoy_config_rbac_v3_Policy_principals(policy, &size);
for (size_t i = 0; i < size; ++i) {
auto principal_json = ParsePrincipalToJson(principals[i]);
if (!principal_json.ok()) {
error_list.push_back(principal_json.status());
} else {
principals_json.emplace_back(std::move(*principal_json));
}
}
policy_json.emplace("principals", std::move(principals_json));
if (envoy_config_rbac_v3_Policy_has_condition(policy)) {
error_list.push_back(
absl::InvalidArgumentError("Policy: condition not supported"));
}
if (envoy_config_rbac_v3_Policy_has_checked_condition(policy)) {
error_list.push_back(
absl::InvalidArgumentError("Policy: checked condition not supported"));
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing Policy", DEBUG_LOCATION,
std::move(error_list));
}
return policy_json;
}
absl::StatusOr<Json> ParseHttpRbacToJson(
const envoy_extensions_filters_http_rbac_v3_RBAC* rbac) {
Json::Object rbac_json;
std::vector<absl::Status> error_list;
const auto* rules = envoy_extensions_filters_http_rbac_v3_RBAC_rules(rbac);
if (rules != nullptr) {
int action = envoy_config_rbac_v3_RBAC_action(rules);
// Treat Log action as RBAC being absent
if (action == envoy_config_rbac_v3_RBAC_LOG) {
return rbac_json;
}
Json::Object inner_rbac_json;
inner_rbac_json.emplace("action", envoy_config_rbac_v3_RBAC_action(rules));
if (envoy_config_rbac_v3_RBAC_has_policies(rules)) {
Json::Object policies_object;
size_t iter = UPB_MAP_BEGIN;
while (true) {
auto* entry = envoy_config_rbac_v3_RBAC_policies_next(rules, &iter);
if (entry == nullptr) {
break;
}
auto policy = ParsePolicyToJson(
envoy_config_rbac_v3_RBAC_PoliciesEntry_value(entry));
if (!policy.ok()) {
error_list.push_back(StatusCreate(
absl::StatusCode::kInvalidArgument,
absl::StrFormat(
"RBAC PoliciesEntry key:%s",
UpbStringToStdString(
envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry))),
DEBUG_LOCATION, {policy.status()}));
} else {
policies_object.emplace(
UpbStringToStdString(
envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry)),
std::move(*policy));
}
}
inner_rbac_json.emplace("policies", std::move(policies_object));
}
rbac_json.emplace("rules", std::move(inner_rbac_json));
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing RBAC", DEBUG_LOCATION,
std::move(error_list));
}
return rbac_json;
}
} // namespace
void XdsHttpRbacFilter::PopulateSymtab(upb_symtab* symtab) const {
envoy_extensions_filters_http_rbac_v3_RBAC_getmsgdef(symtab);
}
absl::StatusOr<XdsHttpFilterImpl::FilterConfig>
XdsHttpRbacFilter::GenerateFilterConfig(upb_strview serialized_filter_config,
upb_arena* arena) const {
absl::StatusOr<Json> rbac_json;
auto* rbac = envoy_extensions_filters_http_rbac_v3_RBAC_parse(
serialized_filter_config.data, serialized_filter_config.size, arena);
if (rbac == nullptr) {
return absl::InvalidArgumentError(
"could not parse HTTP RBAC filter config");
}
rbac_json = ParseHttpRbacToJson(rbac);
if (!rbac_json.ok()) {
return rbac_json.status();
}
return FilterConfig{kXdsHttpRbacFilterConfigName, std::move(*rbac_json)};
}
absl::StatusOr<XdsHttpFilterImpl::FilterConfig>
XdsHttpRbacFilter::GenerateFilterConfigOverride(
upb_strview serialized_filter_config, upb_arena* arena) const {
auto* rbac_per_route =
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse(
serialized_filter_config.data, serialized_filter_config.size, arena);
if (rbac_per_route == nullptr) {
return absl::InvalidArgumentError("could not parse RBACPerRoute");
}
absl::StatusOr<Json> rbac_json;
const auto* rbac =
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(rbac_per_route);
if (rbac == nullptr) {
rbac_json = Json::Object();
} else {
rbac_json = ParseHttpRbacToJson(rbac);
if (!rbac_json.ok()) {
return rbac_json.status();
}
}
return FilterConfig{kXdsHttpRbacFilterConfigOverrideName,
std::move(*rbac_json)};
}
const grpc_channel_filter* XdsHttpRbacFilter::channel_filter() const {
return &RbacFilter::kFilterVtable;
}
grpc_channel_args* XdsHttpRbacFilter::ModifyChannelArgs(
grpc_channel_args* args) const {
grpc_arg arg_to_add = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args* new_args =
grpc_channel_args_copy_and_add(args, &arg_to_add, 1);
grpc_channel_args_destroy(args);
return new_args;
}
absl::StatusOr<XdsHttpFilterImpl::ServiceConfigJsonEntry>
XdsHttpRbacFilter::GenerateServiceConfig(
const FilterConfig& hcm_filter_config,
const FilterConfig* filter_config_override) const {
Json policy_json = filter_config_override != nullptr
? filter_config_override->config
: hcm_filter_config.config;
// The policy JSON may be empty, that's allowed.
return ServiceConfigJsonEntry{"rbacPolicy", policy_json.Dump()};
}
} // namespace grpc_core

54
src/core/ext/xds/xds_http_rbac_filter.h
Unescape View File

@ -0,0 +1,54 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#ifndef GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H
#define GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H
#include <grpc/support/port_platform.h>
#include "src/core/ext/xds/xds_http_filters.h"
namespace grpc_core {
extern const char* kXdsHttpRbacFilterConfigName;
extern const char* kXdsHttpRbacFilterConfigOverrideName;
class XdsHttpRbacFilter : public XdsHttpFilterImpl {
public:
void PopulateSymtab(upb_symtab* symtab) const override;
absl::StatusOr<FilterConfig> GenerateFilterConfig(
upb_strview serialized_filter_config, upb_arena* arena) const override;
absl::StatusOr<FilterConfig> GenerateFilterConfigOverride(
upb_strview serialized_filter_config, upb_arena* arena) const override;
const grpc_channel_filter* channel_filter() const override;
grpc_channel_args* ModifyChannelArgs(grpc_channel_args* args) const override;
absl::StatusOr<ServiceConfigJsonEntry> GenerateServiceConfig(
const FilterConfig& hcm_filter_config,
const FilterConfig* filter_config_override) const override;
bool IsSupportedOnClients() const override { return false; }
bool IsSupportedOnServers() const override { return true; }
};
} // namespace grpc_core
#endif // GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H

15
src/core/ext/xds/xds_listener.cc
Unescape View File

@ -271,6 +271,19 @@ grpc_error_handle HttpConnectionManagerParse(
bool is_v2,
XdsListenerResource::HttpConnectionManager* http_connection_manager) {
MaybeLogHttpConnectionManager(context, http_connection_manager_proto);
// NACK a non-zero `xff_num_trusted_hops` and a `non-empty
// original_ip_detection_extensions` as mentioned in
// https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_xff_num_trusted_hops(
http_connection_manager_proto) != 0) {
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"'xff_num_trusted_hops' must be zero");
}
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_has_original_ip_detection_extensions(
http_connection_manager_proto)) {
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"'original_ip_detection_extensions' must be empty");
}
// Obtain max_stream_duration from Http Protocol Options.
const envoy_config_core_v3_HttpProtocolOptions* options =
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_common_http_protocol_options(
@ -339,7 +352,7 @@ grpc_error_handle HttpConnectionManagerParse(
if (!filter_config.ok()) {
return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
"filter config for type ", filter_type,
" failed to parse: ", filter_config.status().ToString()));
" failed to parse: ", StatusToString(filter_config.status())));
}
http_connection_manager->http_filters.emplace_back(
XdsListenerResource::HttpConnectionManager::HttpFilter{

2
src/core/ext/xds/xds_route_config.cc
Unescape View File

@ -538,7 +538,7 @@ grpc_error_handle ParseTypedPerFilterConfig(
if (!filter_config.ok()) {
return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
"filter config for type ", filter_type,
" failed to parse: ", filter_config.status().ToString()));
" failed to parse: ", StatusToString(filter_config.status())));
}
(*typed_per_filter_config)[std::string(key)] = std::move(*filter_config);
}

82
src/core/ext/xds/xds_server_config_fetcher.cc
Unescape View File

@ -200,9 +200,8 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager
// This ref is only kept around till the FilterChainMatchManager becomes
// ready.
RefCountedPtr<ListenerWatcher> listener_watcher_;
const XdsListenerResource::FilterChainMap filter_chain_map_;
const absl::optional<XdsListenerResource::FilterChainData>
default_filter_chain_;
XdsListenerResource::FilterChainMap filter_chain_map_;
absl::optional<XdsListenerResource::FilterChainData> default_filter_chain_;
Mutex mu_;
size_t rds_resources_yet_to_fetch_ ABSL_GUARDED_BY(mu_) = 0;
std::map<std::string /* resource_name */, RdsUpdateState> rds_map_
@ -334,6 +333,8 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
http_filters_);
}
void Orphan() override {}
void CancelWatch() override { watcher_.reset(); }
private:
@ -356,6 +357,8 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
std::vector<XdsListenerResource::HttpConnectionManager::HttpFilter>
http_filters);
void Orphan() override;
absl::StatusOr<RefCountedPtr<ServerConfigSelector>> Watch(
std::unique_ptr<ServerConfigSelectorProvider::ServerConfigSelectorWatcher>
watcher) override;
@ -386,7 +389,7 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
: public XdsRouteConfigResourceType::WatcherInterface {
public:
explicit RouteConfigWatcher(
RefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent)
WeakRefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent)
: parent_(std::move(parent)) {}
void OnResourceChanged(XdsRouteConfigResource route_config) override {
@ -398,7 +401,7 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
void OnResourceDoesNotExist() override { parent_->OnResourceDoesNotExist(); }
private:
RefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent_;
WeakRefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent_;
};
//
@ -591,8 +594,11 @@ XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
StartRdsWatch(RefCountedPtr<ListenerWatcher> listener_watcher) {
// Get the set of RDS resources to watch on
// Get the set of RDS resources to watch on. Also get the set of
// FilterChainData so that we can reverse the list of HTTP filters since
// received data moves *up* the stack in Core.
std::set<std::string> resource_names;
std::set<XdsListenerResource::FilterChainData*> filter_chain_data_set;
for (const auto& destination_ip : filter_chain_map_.destination_ip_vector) {
for (const auto& source_type : destination_ip.source_types_array) {
for (const auto& source_ip : source_type) {
@ -603,17 +609,34 @@ void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
source_port_pair.second.data->http_connection_manager
.route_config_name);
}
filter_chain_data_set.insert(source_port_pair.second.data.get());
}
}
}
}
if (default_filter_chain_.has_value() &&
!default_filter_chain_->http_connection_manager.route_config_name
.empty()) {
resource_names.insert(
default_filter_chain_->http_connection_manager.route_config_name);
if (default_filter_chain_.has_value()) {
if (!default_filter_chain_->http_connection_manager.route_config_name
.empty()) {
resource_names.insert(
default_filter_chain_->http_connection_manager.route_config_name);
}
std::reverse(
default_filter_chain_->http_connection_manager.http_filters.begin(),
default_filter_chain_->http_connection_manager.http_filters.end());
}
// Reverse the lists of HTTP filters in all the filter chains
for (auto* filter_chain_data : filter_chain_data_set) {
std::reverse(
filter_chain_data->http_connection_manager.http_filters.begin(),
filter_chain_data->http_connection_manager.http_filters.end());
}
// Start watching on referenced RDS resources
struct WatcherToStart {
std::string resource_name;
RefCountedPtr<RouteConfigWatcher> watcher;
};
std::vector<WatcherToStart> watchers_to_start;
watchers_to_start.reserve(resource_names.size());
{
MutexLock lock(&mu_);
for (const auto& resource_name : resource_names) {
@ -622,14 +645,19 @@ void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
MakeRefCounted<RouteConfigWatcher>(resource_name, WeakRef());
rds_map_.emplace(resource_name, RdsUpdateState{route_config_watcher.get(),
absl::nullopt});
XdsRouteConfigResourceType::StartWatch(xds_client_.get(), resource_name,
std::move(route_config_watcher));
watchers_to_start.push_back(
WatcherToStart{resource_name, std::move(route_config_watcher)});
}
if (rds_resources_yet_to_fetch_ != 0) {
listener_watcher_ = std::move(listener_watcher);
listener_watcher = nullptr;
}
}
for (auto& watcher_to_start : watchers_to_start) {
XdsRouteConfigResourceType::StartWatch(xds_client_.get(),
watcher_to_start.resource_name,
std::move(watcher_to_start.watcher));
}
// Promote this filter chain match manager if all referenced resources are
// fetched.
if (listener_watcher != nullptr) {
@ -967,16 +995,13 @@ absl::StatusOr<grpc_channel_args*> XdsServerConfigFetcher::ListenerWatcher::
std::vector<const grpc_channel_filter*> filters;
// Iterate the list of HTTP filters in reverse since in Core, received data
// flows *up* the stack.
for (auto reverse_iterator =
filter_chain->http_connection_manager.http_filters.rbegin();
reverse_iterator !=
filter_chain->http_connection_manager.http_filters.rend();
++reverse_iterator) {
for (const auto& http_filter :
filter_chain->http_connection_manager.http_filters) {
// Find filter. This is guaranteed to succeed, because it's checked
// at config validation time in the XdsApi code.
const XdsHttpFilterImpl* filter_impl =
XdsHttpFilterRegistry::GetFilterForType(
reverse_iterator->config.config_proto_type_name);
http_filter.config.config_proto_type_name);
GPR_ASSERT(filter_impl != nullptr);
// Some filters like the router filter are no-op filters and do not have
// an implementation.
@ -1162,12 +1187,22 @@ XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
http_filters_(std::move(http_filters)),
resource_(std::move(initial_resource)) {
GPR_ASSERT(!resource_name_.empty());
auto route_config_watcher = MakeRefCounted<RouteConfigWatcher>(Ref());
// RouteConfigWatcher is being created here instead of in Watch() to avoid
// deadlocks from invoking XdsRouteConfigResourceType::StartWatch whilst in a
// critical region.
auto route_config_watcher = MakeRefCounted<RouteConfigWatcher>(WeakRef());
route_config_watcher_ = route_config_watcher.get();
XdsRouteConfigResourceType::StartWatch(xds_client_.get(), resource_name_,
std::move(route_config_watcher));
}
void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
DynamicXdsServerConfigSelectorProvider::Orphan() {
XdsRouteConfigResourceType::CancelWatch(xds_client_.get(), resource_name_,
route_config_watcher_,
false /* delay_unsubscription */);
}
absl::StatusOr<RefCountedPtr<ServerConfigSelector>>
XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
DynamicXdsServerConfigSelectorProvider::Watch(
@ -1189,9 +1224,6 @@ XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
DynamicXdsServerConfigSelectorProvider::CancelWatch() {
XdsRouteConfigResourceType::CancelWatch(xds_client_.get(), resource_name_,
route_config_watcher_,
false /* delay_unsubscription */);
MutexLock lock(&mu_);
watcher_.reset();
}
@ -1204,6 +1236,10 @@ void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
if (watcher_ == nullptr) {
return;
}
// Currently server_config_selector_filter does not call into
// DynamicXdsServerConfigSelectorProvider while holding a lock, but if that
// ever changes, we would want to invoke the update outside the critical
// region with the use of a WorkSerializer.
watcher_->OnServerConfigSelectorUpdate(
XdsServerConfigSelector::Create(*resource_, http_filters_));
}

2
src/core/lib/gprpp/status_helper.cc
Unescape View File

@ -159,7 +159,7 @@ std::vector<absl::Status> ParseChildren(absl::Cord children) {
absl::Status StatusCreate(absl::StatusCode code, absl::string_view msg,
const DebugLocation& location,
std::initializer_list<absl::Status> children) {
std::vector<absl::Status> children) {
absl::Status s(code, msg);
if (location.file() != nullptr) {
StatusSetStr(&s, StatusStrProperty::kFile, location.file());

2
src/core/lib/gprpp/status_helper.h
Unescape View File

@ -110,7 +110,7 @@ enum class StatusTimeProperty {
/// Creates a status with given additional information
absl::Status StatusCreate(
absl::StatusCode code, absl::string_view msg, const DebugLocation& location,
std::initializer_list<absl::Status> children) GRPC_MUST_USE_RESULT;
std::vector<absl::Status> children) GRPC_MUST_USE_RESULT;
/// Sets the int property to the status
void StatusSetInt(absl::Status* status, StatusIntProperty key, intptr_t value);

11
src/core/lib/security/authorization/grpc_authorization_engine.cc
Unescape View File

@ -29,6 +29,17 @@ GrpcAuthorizationEngine::GrpcAuthorizationEngine(Rbac policy)
}
}
GrpcAuthorizationEngine::GrpcAuthorizationEngine(
GrpcAuthorizationEngine&& other) noexcept
: action_(other.action_), policies_(std::move(other.policies_)) {}
GrpcAuthorizationEngine& GrpcAuthorizationEngine::operator=(
GrpcAuthorizationEngine&& other) noexcept {
action_ = other.action_;
policies_ = std::move(other.policies_);
return *this;
}
AuthorizationEngine::Decision GrpcAuthorizationEngine::Evaluate(
const EvaluateArgs& args) const {
Decision decision;

8
src/core/lib/security/authorization/grpc_authorization_engine.h
Unescape View File

@ -36,10 +36,13 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
// Builds GrpcAuthorizationEngine with allow/deny RBAC policy.
explicit GrpcAuthorizationEngine(Rbac policy);
Rbac::Action action() { return action_; }
GrpcAuthorizationEngine(GrpcAuthorizationEngine&& other) noexcept;
GrpcAuthorizationEngine& operator=(GrpcAuthorizationEngine&& other) noexcept;
Rbac::Action action() const { return action_; }
// Required only for testing purpose.
size_t num_policies() { return policies_.size(); }
size_t num_policies() const { return policies_.size(); }
// Evaluates incoming request against RBAC policy and makes a decision to
// whether allow/deny this request.
@ -50,7 +53,6 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
std::string name;
std::unique_ptr<AuthorizationMatcher> matcher;
};
Rbac::Action action_;
std::vector<Policy> policies_;
};

4
src/core/lib/security/authorization/rbac_policy.h
Unescape View File

@ -80,7 +80,7 @@ struct Rbac {
std::string ToString() const;
RuleType type;
RuleType type = RuleType::kAnd;
HeaderMatcher header_matcher;
StringMatcher string_matcher;
CidrRange ip;
@ -124,7 +124,7 @@ struct Rbac {
std::string ToString() const;
RuleType type;
RuleType type = RuleType::kAnd;
HeaderMatcher header_matcher;
StringMatcher string_matcher;
CidrRange ip;

4
src/core/plugin_registry/grpc_plugin_registry.cc
Unescape View File

@ -64,6 +64,8 @@ void ServiceConfigParserShutdown(void);
#ifndef GRPC_NO_XDS
namespace grpc_core {
void RbacFilterInit(void);
void RbacFilterShutdown(void);
void XdsClientGlobalInit();
void XdsClientGlobalShutdown();
} // namespace grpc_core
@ -128,6 +130,8 @@ void grpc_register_built_in_plugins(void) {
grpc_register_plugin(grpc_core::FaultInjectionFilterInit,
grpc_core::FaultInjectionFilterShutdown);
#ifndef GRPC_NO_XDS
// rbac_filter is being guarded with GRPC_NO_XDS to avoid a dependency on the re2 library by default
grpc_register_plugin(grpc_core::RbacFilterInit, grpc_core::RbacFilterShutdown);
grpc_register_plugin(grpc_core::XdsClientGlobalInit,
grpc_core::XdsClientGlobalShutdown);
grpc_register_plugin(grpc_certificate_provider_registry_init,

62
src/proto/grpc/testing/xds/v3/BUILD
Unescape View File

@ -112,6 +112,17 @@ grpc_proto_library(
well_known_protos = True,
)
grpc_proto_library(
name = "path_proto",
srcs = [
"path.proto",
],
well_known_protos = True,
deps = [
"string_proto",
],
)
grpc_proto_library(
name = "listener_proto",
srcs = [
@ -200,6 +211,7 @@ grpc_proto_library(
well_known_protos = True,
deps = [
"config_source_proto",
"extension_proto",
"protocol_proto",
"route_proto",
],
@ -291,6 +303,56 @@ grpc_proto_library(
],
)
grpc_proto_library(
name = "metadata_proto",
srcs = [
"metadata.proto",
],
well_known_protos = True,
)
grpc_proto_library(
name = "expr_proto",
srcs = [
"expr.proto",
],
well_known_protos = True,
)
cc_library(
name = "expr_lib",
deps = ["expr_cc_proto"],
)
grpc_proto_library(
name = "rbac_proto",
srcs = [
"rbac.proto",
],
well_known_protos = True,
deps = [
"address_proto",
"expr_proto",
"extension_proto",
"metadata_proto",
"path_proto",
"range_proto",
"route_proto",
"string_proto",
],
)
grpc_proto_library(
name = "http_filter_rbac_proto",
srcs = [
"http_filter_rbac.proto",
],
well_known_protos = True,
deps = [
"rbac_proto",
],
)
py_proto_library(
name = "csds_py_pb2",
deps = [":_csds_proto_only"],

23
src/proto/grpc/testing/xds/v3/expr.proto
Unescape View File

@ -0,0 +1,23 @@
// Copyright 2021 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// TODO(yashykt) : Figure out how to not need this
syntax = "proto3";
package google.api.expr.v1alpha1;
message Expr {}
message CheckedExpr {}

27
src/proto/grpc/testing/xds/v3/http_connection_manager.proto
Unescape View File

@ -21,6 +21,7 @@ package envoy.extensions.filters.network.http_connection_manager.v3;
import "google/protobuf/any.proto";
import "src/proto/grpc/testing/xds/v3/config_source.proto";
import "src/proto/grpc/testing/xds/v3/extension.proto";
import "src/proto/grpc/testing/xds/v3/protocol.proto";
import "src/proto/grpc/testing/xds/v3/route.proto";
@ -50,6 +51,32 @@ message HttpConnectionManager {
// Additional settings for HTTP requests handled by the connection manager. These will be
// applicable to both HTTP1 and HTTP2 requests.
config.core.v3.HttpProtocolOptions common_http_protocol_options = 35;
// The number of additional ingress proxy hops from the right side of the
// :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
// determining the origin client's IP address. The default is zero if this option
// is not specified. See the documentation for
// :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.
uint32 xff_num_trusted_hops = 19;
// The configuration for the original IP detection extensions.
//
// When configured the extensions will be called along with the request headers
// and information about the downstream connection, such as the directly connected address.
// Each extension will then use these parameters to decide the request's effective remote address.
// If an extension fails to detect the original IP address and isn't configured to reject
// the request, the HCM will try the remaining extensions until one succeeds or rejects
// the request. If the request isn't rejected nor any extension succeeds, the HCM will
// fallback to using the remote address.
//
// .. WARNING::
// Extensions cannot be used in conjunction with :ref:`use_remote_address
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
// nor :ref:`xff_num_trusted_hops
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.xff_num_trusted_hops>`.
//
// [#extension-category: envoy.http.original_ip_detection]
repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46;
}
message Rds {

41
src/proto/grpc/testing/xds/v3/http_filter_rbac.proto
Unescape View File

@ -0,0 +1,41 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.extensions.filters.http.rbac.v3;
import "src/proto/grpc/testing/xds/v3/rbac.proto";
// [#protodoc-title: RBAC]
// Role-Based Access Control :ref:`configuration overview <config_http_filters_rbac>`.
// [#extension: envoy.filters.http.rbac]
// RBAC filter config.
message RBAC {
// Specify the RBAC rules to be applied globally.
// If absent, no enforcing RBAC policy will be applied.
// If present and empty, DENY.
config.rbac.v3.RBAC rules = 1;
}
message RBACPerRoute {
// Override the global configuration of the filter with this new config.
// If absent, the global RBAC policy will be disabled for this route.
RBAC rbac = 2;
}

84
src/proto/grpc/testing/xds/v3/metadata.proto
Unescape View File

@ -0,0 +1,84 @@
// Copyright 2021 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.type.matcher.v3;
// [#protodoc-title: Metadata matcher]
// MetadataMatcher provides a general interface to check if a given value is matched in
// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses `filter` and `path` to retrieve the value
// from the Metadata and then check if it's matched to the specified value.
//
// For example, for the following Metadata:
//
// .. code-block:: yaml
//
// filter_metadata:
// envoy.filters.http.rbac:
// fields:
// a:
// struct_value:
// fields:
// b:
// struct_value:
// fields:
// c:
// string_value: pro
// t:
// list_value:
// values:
// - string_value: m
// - string_value: n
//
// The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro"
// from the Metadata which is matched to the specified prefix match.
//
// .. code-block:: yaml
//
// filter: envoy.filters.http.rbac
// path:
// - key: a
// - key: b
// - key: c
// value:
// string_match:
// prefix: pr
//
// The following MetadataMatcher is matched as the code will match one of the string values in the
// list at the path [a, t].
//
// .. code-block:: yaml
//
// filter: envoy.filters.http.rbac
// path:
// - key: a
// - key: t
// value:
// list_match:
// one_of:
// string_match:
// exact: m
//
// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to
// enforce access control based on dynamic metadata in a request. See :ref:`Permission
// <envoy_v3_api_msg_config.rbac.v3.Permission>` and :ref:`Principal
// <envoy_v3_api_msg_config.rbac.v3.Principal>`.
// [#next-major-version: MetadataMatcher should use StructMatcher]
message MetadataMatcher {
}

35
src/proto/grpc/testing/xds/v3/path.proto
Unescape View File

@ -0,0 +1,35 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.type.matcher.v3;
import "src/proto/grpc/testing/xds/v3/string.proto";
// [#protodoc-title: Path matcher]
// Specifies the way to match a path on HTTP request.
message PathMatcher {
oneof rule {
// The `path` must match the URL path portion of the :path header. The query and fragment
// string (if present) are removed in the URL path portion.
// For example, the path */data* will match the *:path* header */data#fragment?param=value*.
StringMatcher path = 1;
}
}

10
src/proto/grpc/testing/xds/v3/range.proto
Unescape View File

@ -29,3 +29,13 @@ message Int64Range {
// end of the range (exclusive)
int64 end = 2;
}
// Specifies the int32 start and end of the range using half-open interval semantics [start,
// end).
message Int32Range {
// start of the range (inclusive)
int32 start = 1;
// end of the range (exclusive)
int32 end = 2;
}

293
src/proto/grpc/testing/xds/v3/rbac.proto
Unescape View File

@ -0,0 +1,293 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.config.rbac.v3;
import "src/proto/grpc/testing/xds/v3/address.proto";
import "src/proto/grpc/testing/xds/v3/extension.proto";
import "src/proto/grpc/testing/xds/v3/route.proto";
import "src/proto/grpc/testing/xds/v3/metadata.proto";
import "src/proto/grpc/testing/xds/v3/path.proto";
import "src/proto/grpc/testing/xds/v3/string.proto";
import "src/proto/grpc/testing/xds/v3/range.proto";
import "src/proto/grpc/testing/xds/v3/expr.proto";
// [#protodoc-title: Role Based Access Control (RBAC)]
// Role Based Access Control (RBAC) provides service-level and method-level access control for a
// service. Requests are allowed or denied based on the `action` and whether a matching policy is
// found. For instance, if the action is ALLOW and a matching policy is found the request should be
// allowed.
//
// RBAC can also be used to make access logging decisions by communicating with access loggers
// through dynamic metadata. When the action is LOG and at least one policy matches, the
// `access_log_hint` value in the shared key namespace 'envoy.common' is set to `true` indicating
// the request should be logged.
//
// Here is an example of RBAC configuration. It has two policies:
//
// * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
// does "cluster.local/ns/default/sa/superuser".
//
// * Any user can read ("GET") the service at paths with prefix "/products", so long as the
// destination port is either 80 or 443.
//
// .. code-block:: yaml
//
// action: ALLOW
// policies:
// "service-admin":
// permissions:
// - any: true
// principals:
// - authenticated:
// principal_name:
// exact: "cluster.local/ns/default/sa/admin"
// - authenticated:
// principal_name:
// exact: "cluster.local/ns/default/sa/superuser"
// "product-viewer":
// permissions:
// - and_rules:
// rules:
// - header:
// name: ":method"
// string_match:
// exact: "GET"
// - url_path:
// path: { prefix: "/products" }
// - or_rules:
// rules:
// - destination_port: 80
// - destination_port: 443
// principals:
// - any: true
//
message RBAC {
// Should we do safe-list or block-list style access control?
enum Action {
// The policies grant access to principals. The rest are denied. This is safe-list style
// access control. This is the default type.
ALLOW = 0;
// The policies deny access to principals. The rest are allowed. This is block-list style
// access control.
DENY = 1;
// The policies set the `access_log_hint` dynamic metadata key based on if requests match.
// All requests are allowed.
LOG = 2;
}
// The action to take if a policy matches. Every action either allows or denies a request,
// and can also carry out action-specific operations.
//
// Actions:
//
// * ALLOW: Allows the request if and only if there is a policy that matches
// the request.
// * DENY: Allows the request if and only if there are no policies that
// match the request.
// * LOG: Allows all requests. If at least one policy matches, the dynamic
// metadata key `access_log_hint` is set to the value `true` under the shared
// key namespace 'envoy.common'. If no policies match, it is set to `false`.
// Other actions do not modify this key.
//
Action action = 1;
// Maps from policy name to policy. A match occurs when at least one policy matches the request.
// The policies are evaluated in lexicographic order of the policy name.
map<string, Policy> policies = 2;
}
// Policy specifies a role and the principals that are assigned/denied the role.
// A policy matches if and only if at least one of its permissions match the
// action taking place AND at least one of its principals match the downstream
// AND the condition is true if specified.
message Policy {
// Required. The set of permissions that define a role. Each permission is
// matched with OR semantics. To match all actions for this policy, a single
// Permission with the `any` field set to true should be used.
repeated Permission permissions = 1;
// Required. The set of principals that are assigned/denied the role based on
// action. Each principal is matched with OR semantics. To match all
// downstreams for this policy, a single Principal with the `any` field set to
// true should be used.
repeated Principal principals = 2;
// An optional symbolic expression specifying an access control
// :ref:`condition <arch_overview_condition>`. The condition is combined
// with the permissions and the principals as a clause with AND semantics.
// Only be used when checked_condition is not used.
google.api.expr.v1alpha1.Expr condition = 3;
// [#not-implemented-hide:]
// An optional symbolic expression that has been successfully type checked.
// Only be used when condition is not used.
google.api.expr.v1alpha1.CheckedExpr checked_condition = 4;
}
// Permission defines an action (or actions) that a principal can take.
// [#next-free-field: 13]
message Permission {
// Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context,
// each are applied with the associated behavior.
message Set {
repeated Permission rules = 1;
}
oneof rule {
// A set of rules that all must match in order to define the action.
Set and_rules = 1;
// A set of rules where at least one must match in order to define the action.
Set or_rules = 2;
// When any is set, it matches any action.
bool any = 3;
// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
// available for HTTP request.
// Note: the pseudo-header :path includes the query and fragment string. Use the `url_path`
// field if you want to match the URL path without the query and fragment string.
route.v3.HeaderMatcher header = 4;
// A URL path on the incoming HTTP request. Only available for HTTP.
type.matcher.v3.PathMatcher url_path = 10;
// A CIDR block that describes the destination IP.
core.v3.CidrRange destination_ip = 5;
// A port number that describes the destination port connecting to.
uint32 destination_port = 6;
// A port number range that describes a range of destination ports connecting to.
type.v3.Int32Range destination_port_range = 11;
// Metadata that describes additional information about the action.
type.matcher.v3.MetadataMatcher metadata = 7;
// Negates matching the provided permission. For instance, if the value of
// `not_rule` would match, this permission would not match. Conversely, if
// the value of `not_rule` would not match, this permission would match.
Permission not_rule = 8;
// The request server from the client's connection request. This is
// typically TLS SNI.
//
// .. attention::
//
// The behavior of this field may be affected by how Envoy is configured
// as explained below.
//
// * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
// filter is not added, and if a `FilterChainMatch` is not defined for
// the :ref:`server name
// <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
// a TLS connection's requested SNI server name will be treated as if it
// wasn't present.
//
// * A :ref:`listener filter <arch_overview_listener_filters>` may
// overwrite a connection's requested server name within Envoy.
//
// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to
// setup SNI.
type.matcher.v3.StringMatcher requested_server_name = 9;
// Extension for configuring custom matchers for RBAC.
// [#extension-category: envoy.rbac.matchers]
core.v3.TypedExtensionConfig matcher = 12;
}
}
// Principal defines an identity or a group of identities for a downstream
// subject.
// [#next-free-field: 12]
message Principal {
// Used in the `and_ids` and `or_ids` fields in the `identifier` oneof.
// Depending on the context, each are applied with the associated behavior.
message Set {
repeated Principal ids = 1;
}
// Authentication attributes for a downstream.
message Authenticated {
reserved 1;
// The name of the principal. If set, The URI SAN or DNS SAN in that order
// is used from the certificate, otherwise the subject field is used. If
// unset, it applies to any user that is authenticated.
type.matcher.v3.StringMatcher principal_name = 2;
}
oneof identifier {
// A set of identifiers that all must match in order to define the
// downstream.
Set and_ids = 1;
// A set of identifiers at least one must match in order to define the
// downstream.
Set or_ids = 2;
// When any is set, it matches any downstream.
bool any = 3;
// Authenticated attributes that identify the downstream.
Authenticated authenticated = 4;
// A CIDR block that describes the downstream IP.
// This address will honor proxy protocol, but will not honor XFF.
core.v3.CidrRange source_ip = 5;
// A CIDR block that describes the downstream remote/origin address.
// Note: This is always the physical peer even if the
// :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is
// inferred from for example the x-forwarder-for header, proxy protocol,
// etc.
core.v3.CidrRange direct_remote_ip = 10;
// A CIDR block that describes the downstream remote/origin address.
// Note: This may not be the physical peer and could be different from the
// :ref:`direct_remote_ip
// <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the
// remote ip is inferred from for example the x-forwarder-for header, proxy
// protocol, etc.
core.v3.CidrRange remote_ip = 11;
// A header (or pseudo-header such as :path or :method) on the incoming HTTP
// request. Only available for HTTP request. Note: the pseudo-header :path
// includes the query and fragment string. Use the `url_path` field if you
// want to match the URL path without the query and fragment string.
route.v3.HeaderMatcher header = 6;
// A URL path on the incoming HTTP request. Only available for HTTP.
type.matcher.v3.PathMatcher url_path = 9;
// Metadata that describes additional information about the principal.
type.matcher.v3.MetadataMatcher metadata = 7;
// Negates matching the provided principal. For instance, if the value of
// `not_id` would match, this principal would not match. Conversely, if the
// value of `not_id` would not match, this principal would match.
Principal not_id = 8;
}
}

14
src/python/grpcio/grpc_core_dependencies.py generated
Unescape View File

@ -89,6 +89,8 @@ CORE_SOURCE_FILES = [
'src/core/ext/filters/http/server/http_server_filter.cc',
'src/core/ext/filters/max_age/max_age_filter.cc',
'src/core/ext/filters/message_size/message_size_filter.cc',
'src/core/ext/filters/rbac/rbac_filter.cc',
'src/core/ext/filters/rbac/rbac_service_config_parser.cc',
'src/core/ext/filters/server_config_selector/server_config_selector.cc',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc',
'src/core/ext/service_config/service_config.cc',
@ -170,6 +172,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c',
@ -270,6 +273,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c',
@ -277,6 +281,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c',
@ -308,6 +313,11 @@ CORE_SOURCE_FILES = [
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c',
@ -345,6 +355,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/xds/xds_endpoint.cc',
'src/core/ext/xds/xds_http_fault_filter.cc',
'src/core/ext/xds/xds_http_filters.cc',
'src/core/ext/xds/xds_http_rbac_filter.cc',
'src/core/ext/xds/xds_listener.cc',
'src/core/ext/xds/xds_resource_type.cc',
'src/core/ext/xds/xds_route_config.cc',
@ -531,6 +542,9 @@ CORE_SOURCE_FILES = [
'src/core/lib/resource_quota/trace.cc',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc',

33
test/core/ext/filters/rbac/BUILD
Unescape View File

@ -0,0 +1,33 @@
# Copyright 2021 gRPC authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
load("//bazel:grpc_build_system.bzl", "grpc_cc_test", "grpc_package")
licenses(["notice"])
grpc_package(name = "test/core/ext/filters/rbac")
grpc_cc_test(
name = "rbac_service_config_parser_test",
srcs = ["rbac_service_config_parser_test.cc"],
external_deps = [
"gtest",
],
language = "c++",
uses_polling = False,
deps = [
"//:grpc_rbac_filter",
"//test/core/util:grpc_test_util",
],
)

652
test/core/ext/filters/rbac/rbac_service_config_parser_test.cc
Unescape View File

@ -0,0 +1,652 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include <gmock/gmock-matchers.h>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include "src/core/ext/service_config/service_config.h"
#include "test/core/util/test_config.h"
// A regular expression to enter referenced or child errors.
#ifdef GRPC_ERROR_IS_ABSEIL_STATUS
#define CHILD_ERROR_TAG ".*children.*"
#else
#define CHILD_ERROR_TAG ".*referenced_errors.*"
#endif
namespace grpc_core {
namespace testing {
namespace {
// Test basic parsing of RBAC policy
TEST(RbacServiceConfigParsingTest, EmptyRbacPolicy) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [ {\n"
" } ]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->action(),
Rbac::Action::kDeny);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 0);
}
// Test that RBAC policies are not parsed if the channel arg
// GRPC_ARG_PARSE_RBAC_METHOD_CONFIG is not present
TEST(RbacServiceConfigParsingTest, MissingChannelArg) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [ {\n"
" } ]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
auto svc_cfg = ServiceConfig::Create(nullptr, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_EQ(parsed_rbac_config, nullptr);
}
// Test an empty rbacPolicy array
TEST(RbacServiceConfigParsingTest, EmptyRbacPolicyArray) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": []"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_EQ(parsed_rbac_config, nullptr);
}
// Test presence of multiple RBAC policies in the array
TEST(RbacServiceConfigParsingTest, MultipleRbacPolicies) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [ {}, {}, {} ]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
for (auto i = 0; i < 3; ++i) {
ASSERT_NE(parsed_rbac_config->authorization_engine(i), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->action(),
Rbac::Action::kDeny);
EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->num_policies(), 0);
}
}
TEST(RbacServiceConfigParsingTest, BadRbacPolicyType) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": 1234"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"field:rbacPolicy error:type should be ARRAY"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, BadRulesType) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\"rules\":1}]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"field:rules error:type should be OBJECT"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, BadActionAndPolicyType) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":{},\n"
" \"policies\":123\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"field:action error:type should be NUMBER.*"
"field:policies error:type should be OBJECT"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, MissingPermissionAndPrincipals) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"field:permissions error:does not exist.*"
"field:principals error:does not exist"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, EmptyPrincipalAndPermission) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[{}],\n"
" \"principals\":[{}]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex(
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG "No valid rule found.*"
"principals\\[0\\]" CHILD_ERROR_TAG "No valid id found"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"andRules\":{\"rules\":[{\"any\":true}]}},\n"
" {\"orRules\":{\"rules\":[{\"any\":true}]}},\n"
" {\"any\":true},\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n"
" {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n"
" {\"destinationIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"destinationPort\":1234},\n"
" {\"notRule\":{\"any\":true}},\n"
" {\"requestedServerName\":{\"exact\":\"\"}}\n"
" ],\n"
" \"principals\":[\n"
" {\"andIds\":{\"ids\":[{\"any\":true}]}},\n"
" {\"orIds\":{\"ids\":[{\"any\":true}]}},\n"
" {\"any\":true},\n"
" {\"authenticated\":{\n"
" \"principalName\":{\"exact\":\"\"}}},\n"
" {\"sourceIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"directRemoteIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"remoteIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n"
" {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n"
" {\"notId\":{\"any\":true}}\n"
" ]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
}
TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsBadTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"andRules\":1234},\n"
" {\"orRules\":1234},\n"
" {\"any\":1234},\n"
" {\"header\":1234},\n"
" {\"urlPath\":1234},\n"
" {\"destinationIp\":1234},\n"
" {\"destinationPort\":\"port\"},\n"
" {\"notRule\":1234},\n"
" {\"requestedServerName\":1234}\n"
" ],\n"
" \"principals\":[\n"
" {\"andIds\":1234},\n"
" {\"orIds\":1234},\n"
" {\"any\":1234},\n"
" {\"authenticated\":1234},\n"
" {\"sourceIp\":1234},\n"
" {\"directRemoteIp\":1234},\n"
" {\"remoteIp\":1234},\n"
" {\"header\":1234},\n"
" {\"urlPath\":1234},\n"
" {\"notId\":1234}\n"
" ]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex(
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG
"field:andRules error:type should be OBJECT.*"
"permissions\\[1\\]" CHILD_ERROR_TAG
"field:orRules error:type should be OBJECT.*"
"permissions\\[2\\]" CHILD_ERROR_TAG
"field:any error:type should be BOOLEAN.*"
"permissions\\[3\\]" CHILD_ERROR_TAG
"field:header error:type should be OBJECT.*"
"permissions\\[4\\]" CHILD_ERROR_TAG
"field:urlPath error:type should be OBJECT.*"
"permissions\\[5\\]" CHILD_ERROR_TAG
"field:destinationIp error:type should be OBJECT.*"
"permissions\\[6\\]" CHILD_ERROR_TAG
"field:destinationPort error:type should be NUMBER.*"
"permissions\\[7\\]" CHILD_ERROR_TAG
"field:notRule error:type should be OBJECT.*"
"permissions\\[8\\]" CHILD_ERROR_TAG
"field:requestedServerName error:type should be OBJECT.*"
"principals\\[0\\]" CHILD_ERROR_TAG
"field:andIds error:type should be OBJECT.*"
"principals\\[1\\]" CHILD_ERROR_TAG
"field:orIds error:type should be OBJECT.*"
"principals\\[2\\]" CHILD_ERROR_TAG
"field:any error:type should be BOOLEAN.*"
"principals\\[3\\]" CHILD_ERROR_TAG
"field:authenticated error:type should be OBJECT.*"
"principals\\[4\\]" CHILD_ERROR_TAG
"field:sourceIp error:type should be OBJECT.*"
"principals\\[5\\]" CHILD_ERROR_TAG
"field:directRemoteIp error:type should be OBJECT.*"
"principals\\[6\\]" CHILD_ERROR_TAG
"field:remoteIp error:type should be OBJECT.*"
"principals\\[7\\]" CHILD_ERROR_TAG
"field:header error:type should be OBJECT.*"
"principals\\[8\\]" CHILD_ERROR_TAG
"field:urlPath error:type should be OBJECT.*"
"principals\\[9\\]" CHILD_ERROR_TAG
"field:notId error:type should be OBJECT.*"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, HeaderMatcherVariousTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\", \n"
" \"invertMatch\":true}},\n"
" {\"header\":{\"name\":\"name\", \"safeRegexMatch\":{\n"
" \"regex\":\"\"}}},\n"
" {\"header\":{\"name\":\"name\", \"rangeMatch\":{\n"
" \"start\":0, \"end\":1}}},\n"
" {\"header\":{\"name\":\"name\", \"presentMatch\":true}},\n"
" {\"header\":{\"name\":\"name\", \"prefixMatch\":\"\"}},\n"
" {\"header\":{\"name\":\"name\", \"suffixMatch\":\"\"}},\n"
" {\"header\":{\"name\":\"name\", \"containsMatch\":\"\"}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
}
TEST(RbacServiceConfigParsingTest, HeaderMatcherBadTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":1, \n"
" \"invertMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"safeRegexMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"rangeMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"presentMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"prefixMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"suffixMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"containsMatch\":1}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex(
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:invertMatch error:type should be BOOLEAN.*"
"field:exactMatch error:type should be STRING.*"
"permissions\\[1\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:safeRegexMatch error:type should be OBJECT.*"
"permissions\\[2\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:rangeMatch error:type should be OBJECT.*"
"permissions\\[3\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:presentMatch error:type should be BOOLEAN.*"
"permissions\\[4\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:prefixMatch error:type should be STRING.*"
"permissions\\[5\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:suffixMatch error:type should be STRING.*"
"permissions\\[6\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:containsMatch error:type should be STRING.*"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, StringMatcherVariousTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"requestedServerName\":{\"exact\":\"\", \n"
" \"ignoreCase\":true}},\n"
" {\"requestedServerName\":{\"prefix\":\"\"}},\n"
" {\"requestedServerName\":{\"suffix\":\"\"}},\n"
" {\"requestedServerName\":{\"safeRegex\":{\n"
" \"regex\":\"\"}}},\n"
" {\"requestedServerName\":{\"contains\":\"\"}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
}
TEST(RbacServiceConfigParsingTest, StringMatcherBadTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"requestedServerName\":{\"exact\":1, \n"
" \"ignoreCase\":1}},\n"
" {\"requestedServerName\":{\"prefix\":1}},\n"
" {\"requestedServerName\":{\"suffix\":1}},\n"
" {\"requestedServerName\":{\"safeRegex\":1}},\n"
" {\"requestedServerName\":{\"contains\":1}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:ignoreCase error:type should be BOOLEAN.*"
"field:exact error:type should be STRING.*"
"permissions\\[1\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:prefix error:type should be STRING.*"
"permissions\\[2\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:suffix error:type should be STRING.*"
"permissions\\[3\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:safeRegex error:type should be OBJECT.*"
"permissions\\[4\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:contains error:type should be STRING.*"));
GRPC_ERROR_UNREF(error);
}
} // namespace
} // namespace testing
} // namespace grpc_core
int main(int argc, char** argv) {
grpc::testing::TestEnvironment env(argc, argv);
::testing::InitGoogleTest(&argc, argv);
grpc_init();
int ret = RUN_ALL_TESTS();
grpc_shutdown();
return ret;
}

2
test/core/server_config_selector/server_config_selector_test.cc
Unescape View File

@ -39,6 +39,8 @@ class TestServerConfigSelectorProvider : public ServerConfigSelectorProvider {
return absl::UnavailableError("Test ServerConfigSelector");
}
void Orphan() override {}
void CancelWatch() override {}
};

1
test/cpp/end2end/xds/BUILD
Unescape View File

@ -89,6 +89,7 @@ grpc_cc_test(
"//src/proto/grpc/testing/xds/v3:fault_common_proto",
"//src/proto/grpc/testing/xds/v3:fault_proto",
"//src/proto/grpc/testing/xds/v3:http_connection_manager_proto",
"//src/proto/grpc/testing/xds/v3:http_filter_rbac_proto",
"//src/proto/grpc/testing/xds/v3:listener_proto",
"//src/proto/grpc/testing/xds/v3:route_proto",
"//src/proto/grpc/testing/xds/v3:router_proto",

1141
test/cpp/end2end/xds/xds_end2end_test.cc
View File

File diff suppressed because it is too large Load Diff

1
tools/codegen/core/gen_upb_api.sh
Unescape View File

@ -86,6 +86,7 @@ proto_files=( \
"envoy/extensions/clusters/aggregate/v3/cluster.proto" \
"envoy/extensions/filters/common/fault/v3/fault.proto" \
"envoy/extensions/filters/http/fault/v3/fault.proto" \
"envoy/extensions/filters/http/rbac/v3/rbac.proto" \
"envoy/extensions/filters/http/router/v3/router.proto" \
"envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto" \
"envoy/extensions/transport_sockets/tls/v3/cert.proto" \

28
tools/doxygen/Doxyfile.c++.internal generated
Unescape View File

@ -1182,6 +1182,10 @@ src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/max_age/max_age_filter.h \
src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/message_size/message_size_filter.h \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_filter.h \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.h \
src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector.h \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
@ -1377,6 +1381,8 @@ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
@ -1577,6 +1583,8 @@ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
@ -1591,6 +1599,8 @@ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.up
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
@ -1653,6 +1663,16 @@ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.h \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
@ -1730,6 +1750,8 @@ src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_fault_filter.h \
src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_filters.h \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_http_rbac_filter.h \
src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_listener.h \
src/core/ext/xds/xds_resource_type.cc \
@ -2092,6 +2114,12 @@ src/core/lib/security/authorization/authorization_policy_provider.h \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/grpc_authorization_engine.h \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/matchers.h \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/rbac_policy.h \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.h \
src/core/lib/security/context/security_context.cc \

28
tools/doxygen/Doxyfile.core.internal generated
Unescape View File

@ -1006,6 +1006,10 @@ src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/max_age/max_age_filter.h \
src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/message_size/message_size_filter.h \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_filter.h \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.h \
src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector.h \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
@ -1171,6 +1175,8 @@ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
@ -1371,6 +1377,8 @@ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
@ -1385,6 +1393,8 @@ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.up
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
@ -1447,6 +1457,16 @@ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.h \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
@ -1524,6 +1544,8 @@ src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_fault_filter.h \
src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_filters.h \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_http_rbac_filter.h \
src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_listener.h \
src/core/ext/xds/xds_resource_type.cc \
@ -1891,6 +1913,12 @@ src/core/lib/security/authorization/authorization_policy_provider.h \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/grpc_authorization_engine.h \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/matchers.h \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/rbac_policy.h \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.h \
src/core/lib/security/context/security_context.cc \

24
tools/run_tests/generated/tests.json generated
Unescape View File

@ -5863,6 +5863,30 @@
],
"uses_polling": true
},
{
"args": [],
"benchmark": false,
"ci_platforms": [
"linux",
"mac",
"posix",
"windows"
],
"cpu_cost": 1.0,
"exclude_configs": [],
"exclude_iomgrs": [],
"flaky": false,
"gtest": true,
"language": "c++",
"name": "rbac_service_config_parser_test",
"platforms": [
"linux",
"mac",
"posix",
"windows"
],
"uses_polling": false
},
{
"args": [],
"benchmark": false,

Write Preview
Loading…
Cancel
Save