mirror of https://github.com/grpc/grpc.git
xDS: Add support for RBAC HTTP filter (#28309)
* xDS: ADD RBAC HTTP filter support * sanity, upb regenerate files * Revert PerChannelArg changes * Reviewer comments * Reviewer comments * Reviewer comments * Remove unnecessary header * Fix sanity * Add RBAC service config parsing tests * Don't make a copy of the metadata batch * Revert expr_proto changes * Some more tests * Reviewer comments * Reviewer comments * No metadata changes needed * Fix leak of DynamicXdsServerConfigSelectorProvider * Fix deadlock issues * Fix test compilationpull/28435/head
parent
0dda706907
commit
6ea8214879
62 changed files with 5647 additions and 148 deletions
@ -0,0 +1,157 @@ |
|||||||
|
//
|
||||||
|
// Copyright 2021 gRPC authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include <grpc/support/port_platform.h> |
||||||
|
|
||||||
|
#include "src/core/ext/filters/rbac/rbac_filter.h" |
||||||
|
|
||||||
|
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h" |
||||||
|
#include "src/core/ext/service_config/service_config_call_data.h" |
||||||
|
#include "src/core/lib/security/authorization/grpc_authorization_engine.h" |
||||||
|
#include "src/core/lib/transport/metadata_batch.h" |
||||||
|
|
||||||
|
namespace grpc_core { |
||||||
|
|
||||||
|
//
|
||||||
|
// RbacFilter::CallData
|
||||||
|
//
|
||||||
|
|
||||||
|
// CallData
|
||||||
|
|
||||||
|
grpc_error_handle RbacFilter::CallData::Init( |
||||||
|
grpc_call_element* elem, const grpc_call_element_args* args) { |
||||||
|
new (elem->call_data) CallData(elem, *args); |
||||||
|
return GRPC_ERROR_NONE; |
||||||
|
} |
||||||
|
|
||||||
|
void RbacFilter::CallData::Destroy(grpc_call_element* elem, |
||||||
|
const grpc_call_final_info* /*final_info*/, |
||||||
|
grpc_closure* /*then_schedule_closure*/) { |
||||||
|
auto* calld = static_cast<CallData*>(elem->call_data); |
||||||
|
calld->~CallData(); |
||||||
|
} |
||||||
|
|
||||||
|
void RbacFilter::CallData::StartTransportStreamOpBatch( |
||||||
|
grpc_call_element* elem, grpc_transport_stream_op_batch* op) { |
||||||
|
CallData* calld = static_cast<CallData*>(elem->call_data); |
||||||
|
if (op->recv_initial_metadata) { |
||||||
|
calld->recv_initial_metadata_ = |
||||||
|
op->payload->recv_initial_metadata.recv_initial_metadata; |
||||||
|
calld->original_recv_initial_metadata_ready_ = |
||||||
|
op->payload->recv_initial_metadata.recv_initial_metadata_ready; |
||||||
|
op->payload->recv_initial_metadata.recv_initial_metadata_ready = |
||||||
|
&calld->recv_initial_metadata_ready_; |
||||||
|
} |
||||||
|
// Chain to the next filter.
|
||||||
|
grpc_call_next_op(elem, op); |
||||||
|
} |
||||||
|
|
||||||
|
RbacFilter::CallData::CallData(grpc_call_element* elem, |
||||||
|
const grpc_call_element_args& args) |
||||||
|
: call_context_(args.context) { |
||||||
|
GRPC_CLOSURE_INIT(&recv_initial_metadata_ready_, RecvInitialMetadataReady, |
||||||
|
elem, grpc_schedule_on_exec_ctx); |
||||||
|
} |
||||||
|
|
||||||
|
void RbacFilter::CallData::RecvInitialMetadataReady(void* user_data, |
||||||
|
grpc_error_handle error) { |
||||||
|
grpc_call_element* elem = static_cast<grpc_call_element*>(user_data); |
||||||
|
CallData* calld = static_cast<CallData*>(elem->call_data); |
||||||
|
if (error == GRPC_ERROR_NONE) { |
||||||
|
// Fetch and apply the rbac policy from the service config.
|
||||||
|
auto* service_config_call_data = static_cast<ServiceConfigCallData*>( |
||||||
|
calld->call_context_[GRPC_CONTEXT_SERVICE_CONFIG_CALL_DATA].value); |
||||||
|
auto* method_params = static_cast<RbacMethodParsedConfig*>( |
||||||
|
service_config_call_data->GetMethodParsedConfig( |
||||||
|
RbacServiceConfigParser::ParserIndex())); |
||||||
|
if (method_params == nullptr) { |
||||||
|
error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("No RBAC policy found."); |
||||||
|
} else { |
||||||
|
RbacFilter* chand = static_cast<RbacFilter*>(elem->channel_data); |
||||||
|
auto* authorization_engine = |
||||||
|
method_params->authorization_engine(chand->index_); |
||||||
|
if (authorization_engine |
||||||
|
->Evaluate(EvaluateArgs(calld->recv_initial_metadata_, |
||||||
|
&chand->per_channel_evaluate_args_)) |
||||||
|
.type == AuthorizationEngine::Decision::Type::kDeny) { |
||||||
|
error = |
||||||
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unauthorized RPC rejected"); |
||||||
|
} |
||||||
|
} |
||||||
|
if (error != GRPC_ERROR_NONE) { |
||||||
|
error = grpc_error_set_int(error, GRPC_ERROR_INT_GRPC_STATUS, |
||||||
|
GRPC_STATUS_PERMISSION_DENIED); |
||||||
|
} |
||||||
|
} else { |
||||||
|
GRPC_ERROR_REF(error); |
||||||
|
} |
||||||
|
grpc_closure* closure = calld->original_recv_initial_metadata_ready_; |
||||||
|
calld->original_recv_initial_metadata_ready_ = nullptr; |
||||||
|
Closure::Run(DEBUG_LOCATION, closure, error); |
||||||
|
} |
||||||
|
|
||||||
|
//
|
||||||
|
// RbacFilter
|
||||||
|
//
|
||||||
|
|
||||||
|
const grpc_channel_filter RbacFilter::kFilterVtable = { |
||||||
|
RbacFilter::CallData::StartTransportStreamOpBatch, |
||||||
|
grpc_channel_next_op, |
||||||
|
sizeof(RbacFilter::CallData), |
||||||
|
RbacFilter::CallData::Init, |
||||||
|
grpc_call_stack_ignore_set_pollset_or_pollset_set, |
||||||
|
RbacFilter::CallData::Destroy, |
||||||
|
sizeof(RbacFilter), |
||||||
|
RbacFilter::Init, |
||||||
|
RbacFilter::Destroy, |
||||||
|
grpc_channel_next_get_info, |
||||||
|
"rbac_filter", |
||||||
|
}; |
||||||
|
|
||||||
|
RbacFilter::RbacFilter(size_t index, |
||||||
|
EvaluateArgs::PerChannelArgs per_channel_evaluate_args) |
||||||
|
: index_(index), |
||||||
|
per_channel_evaluate_args_(std::move(per_channel_evaluate_args)) {} |
||||||
|
|
||||||
|
grpc_error_handle RbacFilter::Init(grpc_channel_element* elem, |
||||||
|
grpc_channel_element_args* args) { |
||||||
|
GPR_ASSERT(elem->filter == &kFilterVtable); |
||||||
|
auto* auth_context = grpc_find_auth_context_in_args(args->channel_args); |
||||||
|
if (auth_context == nullptr) { |
||||||
|
return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No auth context found"); |
||||||
|
} |
||||||
|
if (args->optional_transport == nullptr) { |
||||||
|
// This should never happen since the transport is always set on the server
|
||||||
|
// side.
|
||||||
|
return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No transport configured"); |
||||||
|
} |
||||||
|
new (elem->channel_data) RbacFilter( |
||||||
|
grpc_channel_stack_filter_instance_number(args->channel_stack, elem), |
||||||
|
EvaluateArgs::PerChannelArgs( |
||||||
|
auth_context, grpc_transport_get_endpoint(args->optional_transport))); |
||||||
|
return GRPC_ERROR_NONE; |
||||||
|
} |
||||||
|
|
||||||
|
void RbacFilter::Destroy(grpc_channel_element* elem) { |
||||||
|
auto* chand = static_cast<RbacFilter*>(elem->channel_data); |
||||||
|
chand->~RbacFilter(); |
||||||
|
} |
||||||
|
|
||||||
|
void RbacFilterInit(void) { RbacServiceConfigParser::Register(); } |
||||||
|
|
||||||
|
void RbacFilterShutdown(void) {} |
||||||
|
|
||||||
|
} // namespace grpc_core
|
@ -0,0 +1,74 @@ |
|||||||
|
//
|
||||||
|
// Copyright 2021 gRPC authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
//
|
||||||
|
|
||||||
|
#ifndef GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H |
||||||
|
#define GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H |
||||||
|
|
||||||
|
#include <grpc/support/port_platform.h> |
||||||
|
|
||||||
|
#include "src/core/lib/channel/channel_stack.h" |
||||||
|
#include "src/core/lib/security/authorization/evaluate_args.h" |
||||||
|
|
||||||
|
namespace grpc_core { |
||||||
|
|
||||||
|
// Filter used when xDS server config fetcher provides a configuration with an
|
||||||
|
// HTTP RBAC filter. Also serves as the type for channel data for the filter.
|
||||||
|
class RbacFilter { |
||||||
|
public: |
||||||
|
// This channel filter is intended to be used by connections on xDS enabled
|
||||||
|
// servers configured with RBAC. The RBAC filter fetches the RBAC policy from
|
||||||
|
// the method config of service config returned by the ServerConfigSelector,
|
||||||
|
// and enforces the RBAC policy.
|
||||||
|
static const grpc_channel_filter kFilterVtable; |
||||||
|
|
||||||
|
private: |
||||||
|
class CallData { |
||||||
|
public: |
||||||
|
static grpc_error_handle Init(grpc_call_element* elem, |
||||||
|
const grpc_call_element_args* args); |
||||||
|
static void Destroy(grpc_call_element* elem, |
||||||
|
const grpc_call_final_info* /* final_info */, |
||||||
|
grpc_closure* /* then_schedule_closure */); |
||||||
|
static void StartTransportStreamOpBatch(grpc_call_element* elem, |
||||||
|
grpc_transport_stream_op_batch* op); |
||||||
|
|
||||||
|
private: |
||||||
|
CallData(grpc_call_element* elem, const grpc_call_element_args& args); |
||||||
|
static void RecvInitialMetadataReady(void* user_data, |
||||||
|
grpc_error_handle error); |
||||||
|
|
||||||
|
grpc_call_context_element* call_context_; |
||||||
|
// State for keeping track of recv_initial_metadata
|
||||||
|
grpc_metadata_batch* recv_initial_metadata_ = nullptr; |
||||||
|
grpc_closure* original_recv_initial_metadata_ready_ = nullptr; |
||||||
|
grpc_closure recv_initial_metadata_ready_; |
||||||
|
}; |
||||||
|
|
||||||
|
RbacFilter(size_t index, |
||||||
|
EvaluateArgs::PerChannelArgs per_channel_evaluate_args); |
||||||
|
static grpc_error_handle Init(grpc_channel_element* elem, |
||||||
|
grpc_channel_element_args* args); |
||||||
|
static void Destroy(grpc_channel_element* elem); |
||||||
|
|
||||||
|
// The index of this filter instance among instances of the same filter.
|
||||||
|
size_t index_; |
||||||
|
// Per channel args used for authorization.
|
||||||
|
EvaluateArgs::PerChannelArgs per_channel_evaluate_args_; |
||||||
|
}; |
||||||
|
|
||||||
|
} // namespace grpc_core
|
||||||
|
|
||||||
|
#endif // GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
|
@ -0,0 +1,604 @@ |
|||||||
|
//
|
||||||
|
// Copyright 2021 gRPC authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include <grpc/support/port_platform.h> |
||||||
|
|
||||||
|
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h" |
||||||
|
|
||||||
|
#include "absl/strings/str_format.h" |
||||||
|
|
||||||
|
#include "src/core/lib/channel/channel_args.h" |
||||||
|
#include "src/core/lib/json/json_util.h" |
||||||
|
#include "src/core/lib/transport/error_utils.h" |
||||||
|
|
||||||
|
namespace grpc_core { |
||||||
|
|
||||||
|
namespace { |
||||||
|
|
||||||
|
size_t g_rbac_parser_index; |
||||||
|
|
||||||
|
std::string ParseRegexMatcher(const Json::Object& regex_matcher_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
std::string regex; |
||||||
|
ParseJsonObjectField(regex_matcher_json, "regex", ®ex, error_list); |
||||||
|
return regex; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<HeaderMatcher> ParseHeaderMatcher( |
||||||
|
const Json::Object& header_matcher_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
std::string name; |
||||||
|
ParseJsonObjectField(header_matcher_json, "name", &name, error_list); |
||||||
|
std::string match; |
||||||
|
HeaderMatcher::Type type = HeaderMatcher::Type(); |
||||||
|
const Json::Object* inner_json; |
||||||
|
int64_t start = 0; |
||||||
|
int64_t end = 0; |
||||||
|
bool present_match = false; |
||||||
|
bool invert_match = false; |
||||||
|
ParseJsonObjectField(header_matcher_json, "invertMatch", &invert_match, |
||||||
|
error_list, /*required=*/false); |
||||||
|
if (ParseJsonObjectField(header_matcher_json, "exactMatch", &match, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = HeaderMatcher::Type::kExact; |
||||||
|
} else if (ParseJsonObjectField(header_matcher_json, "safeRegexMatch", |
||||||
|
&inner_json, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
type = HeaderMatcher::Type::kSafeRegex; |
||||||
|
std::vector<grpc_error_handle> safe_regex_matcher_error_list; |
||||||
|
match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list); |
||||||
|
if (!safe_regex_matcher_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR( |
||||||
|
"safeRegexMatch", &safe_regex_matcher_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(header_matcher_json, "rangeMatch", |
||||||
|
&inner_json, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
type = HeaderMatcher::Type::kRange; |
||||||
|
std::vector<grpc_error_handle> range_error_list; |
||||||
|
ParseJsonObjectField(*inner_json, "start", &start, &range_error_list); |
||||||
|
ParseJsonObjectField(*inner_json, "end", &end, &range_error_list); |
||||||
|
if (!range_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("rangeMatch", &range_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(header_matcher_json, "presentMatch", |
||||||
|
&present_match, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
type = HeaderMatcher::Type::kPresent; |
||||||
|
} else if (ParseJsonObjectField(header_matcher_json, "prefixMatch", &match, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = HeaderMatcher::Type::kPrefix; |
||||||
|
} else if (ParseJsonObjectField(header_matcher_json, "suffixMatch", &match, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = HeaderMatcher::Type::kSuffix; |
||||||
|
} else if (ParseJsonObjectField(header_matcher_json, "containsMatch", &match, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = HeaderMatcher::Type::kContains; |
||||||
|
} else { |
||||||
|
return absl::InvalidArgumentError("No valid matcher found"); |
||||||
|
} |
||||||
|
return HeaderMatcher::Create(name, type, match, start, end, present_match, |
||||||
|
invert_match); |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<StringMatcher> ParseStringMatcher( |
||||||
|
const Json::Object& string_matcher_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
std::string match; |
||||||
|
StringMatcher::Type type = StringMatcher::Type(); |
||||||
|
const Json::Object* inner_json; |
||||||
|
bool ignore_case = false; |
||||||
|
ParseJsonObjectField(string_matcher_json, "ignoreCase", &ignore_case, |
||||||
|
error_list, /*required=*/false); |
||||||
|
if (ParseJsonObjectField(string_matcher_json, "exact", &match, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
type = StringMatcher::Type::kExact; |
||||||
|
} else if (ParseJsonObjectField(string_matcher_json, "prefix", &match, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = StringMatcher::Type::kPrefix; |
||||||
|
} else if (ParseJsonObjectField(string_matcher_json, "suffix", &match, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = StringMatcher::Type::kSuffix; |
||||||
|
} else if (ParseJsonObjectField(string_matcher_json, "safeRegex", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = StringMatcher::Type::kSafeRegex; |
||||||
|
std::vector<grpc_error_handle> safe_regex_matcher_error_list; |
||||||
|
match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list); |
||||||
|
if (!safe_regex_matcher_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR( |
||||||
|
"safeRegex", &safe_regex_matcher_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(string_matcher_json, "contains", &match, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
type = StringMatcher::Type::kContains; |
||||||
|
} else { |
||||||
|
return absl::InvalidArgumentError("No valid matcher found"); |
||||||
|
} |
||||||
|
return StringMatcher::Create(type, match, ignore_case); |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<StringMatcher> ParsePathMatcher( |
||||||
|
const Json::Object& path_matcher_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
const Json::Object* string_matcher_json; |
||||||
|
if (ParseJsonObjectField(path_matcher_json, "path", &string_matcher_json, |
||||||
|
error_list)) { |
||||||
|
std::vector<grpc_error_handle> sub_error_list; |
||||||
|
auto matcher = ParseStringMatcher(*string_matcher_json, &sub_error_list); |
||||||
|
if (!sub_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("path", &sub_error_list)); |
||||||
|
} |
||||||
|
return matcher; |
||||||
|
} |
||||||
|
return absl::InvalidArgumentError("No path found"); |
||||||
|
} |
||||||
|
|
||||||
|
Rbac::CidrRange ParseCidrRange(const Json::Object& cidr_range_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
std::string address_prefix; |
||||||
|
ParseJsonObjectField(cidr_range_json, "addressPrefix", &address_prefix, |
||||||
|
error_list); |
||||||
|
const Json::Object* uint32_json; |
||||||
|
uint32_t prefix_len = 0; // default value
|
||||||
|
if (ParseJsonObjectField(cidr_range_json, "prefixLen", &uint32_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> sub_error_list; |
||||||
|
ParseJsonObjectField(*uint32_json, "value", &prefix_len, &sub_error_list); |
||||||
|
if (!sub_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("prefixLen", &sub_error_list)); |
||||||
|
} |
||||||
|
} |
||||||
|
return Rbac::CidrRange(std::move(address_prefix), prefix_len); |
||||||
|
} |
||||||
|
|
||||||
|
Rbac::Permission ParsePermission(const Json::Object& permission_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
auto parse_permission_set = [](const Json::Object& permission_set_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
const Json::Array* rules_json; |
||||||
|
std::vector<std::unique_ptr<Rbac::Permission>> permissions; |
||||||
|
if (ParseJsonObjectField(permission_set_json, "rules", &rules_json, |
||||||
|
error_list)) { |
||||||
|
for (size_t i = 0; i < rules_json->size(); ++i) { |
||||||
|
const Json::Object* permission_json; |
||||||
|
if (!ExtractJsonType((*rules_json)[i], |
||||||
|
absl::StrFormat("rules[%d]", i).c_str(), |
||||||
|
&permission_json, error_list)) { |
||||||
|
continue; |
||||||
|
} |
||||||
|
std::vector<grpc_error_handle> permission_error_list; |
||||||
|
permissions.emplace_back(absl::make_unique<Rbac::Permission>( |
||||||
|
ParsePermission(*permission_json, &permission_error_list))); |
||||||
|
if (!permission_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING( |
||||||
|
absl::StrFormat("rules[%d]", i), &permission_error_list)); |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
return permissions; |
||||||
|
}; |
||||||
|
Rbac::Permission permission; |
||||||
|
const Json::Object* inner_json; |
||||||
|
bool any; |
||||||
|
int port; |
||||||
|
if (ParseJsonObjectField(permission_json, "andRules", &inner_json, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> and_rules_error_list; |
||||||
|
permission = Rbac::Permission( |
||||||
|
Rbac::Permission::RuleType::kAnd, |
||||||
|
parse_permission_set(*inner_json, &and_rules_error_list)); |
||||||
|
if (!and_rules_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("andRules", &and_rules_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(permission_json, "orRules", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> or_rules_error_list; |
||||||
|
permission = Rbac::Permission( |
||||||
|
Rbac::Permission::RuleType::kOr, |
||||||
|
parse_permission_set(*inner_json, &or_rules_error_list)); |
||||||
|
if (!or_rules_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("orRules", &or_rules_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(permission_json, "any", &any, error_list, |
||||||
|
/*required=*/false) && |
||||||
|
any) { |
||||||
|
permission = Rbac::Permission(Rbac::Permission::RuleType::kAny); |
||||||
|
} else if (ParseJsonObjectField(permission_json, "header", &inner_json, |
||||||
|
error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> header_error_list; |
||||||
|
auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list); |
||||||
|
if (matcher.ok()) { |
||||||
|
permission = |
||||||
|
Rbac::Permission(Rbac::Permission::RuleType::kHeader, *matcher); |
||||||
|
} else { |
||||||
|
header_error_list.push_back(absl_status_to_grpc_error(matcher.status())); |
||||||
|
} |
||||||
|
if (!header_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(permission_json, "urlPath", &inner_json, |
||||||
|
error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> url_path_error_list; |
||||||
|
auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list); |
||||||
|
if (matcher.ok()) { |
||||||
|
permission = |
||||||
|
Rbac::Permission(Rbac::Permission::RuleType::kPath, *matcher); |
||||||
|
} else { |
||||||
|
url_path_error_list.push_back( |
||||||
|
absl_status_to_grpc_error(matcher.status())); |
||||||
|
} |
||||||
|
if (!url_path_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(permission_json, "destinationIp", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> destination_ip_error_list; |
||||||
|
permission = Rbac::Permission( |
||||||
|
Rbac::Permission::RuleType::kDestIp, |
||||||
|
ParseCidrRange(*inner_json, &destination_ip_error_list)); |
||||||
|
if (!destination_ip_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR( |
||||||
|
"destinationIp", &destination_ip_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(permission_json, "destinationPort", &port, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
permission = Rbac::Permission(Rbac::Permission::RuleType::kDestPort, port); |
||||||
|
} else if (ParseJsonObjectField(permission_json, "metadata", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Cannot handle metadata")); |
||||||
|
} else if (ParseJsonObjectField(permission_json, "notRule", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> not_rule_error_list; |
||||||
|
permission = |
||||||
|
Rbac::Permission(Rbac::Permission::RuleType::kNot, |
||||||
|
ParsePermission(*inner_json, ¬_rule_error_list)); |
||||||
|
if (!not_rule_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("notRule", ¬_rule_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(permission_json, "requestedServerName", |
||||||
|
&inner_json, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> req_server_name_error_list; |
||||||
|
auto matcher = ParseStringMatcher(*inner_json, &req_server_name_error_list); |
||||||
|
if (matcher.ok()) { |
||||||
|
permission = Rbac::Permission(Rbac::Permission::RuleType::kReqServerName, |
||||||
|
*matcher); |
||||||
|
} else { |
||||||
|
req_server_name_error_list.push_back( |
||||||
|
absl_status_to_grpc_error(matcher.status())); |
||||||
|
} |
||||||
|
if (!req_server_name_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR( |
||||||
|
"requestedServerName", &req_server_name_error_list)); |
||||||
|
} |
||||||
|
} else { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid rule found")); |
||||||
|
} |
||||||
|
return permission; |
||||||
|
} |
||||||
|
|
||||||
|
Rbac::Principal ParsePrincipal(const Json::Object& principal_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
auto parse_principal_set = [](const Json::Object& principal_set_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
const Json::Array* rules_json; |
||||||
|
std::vector<std::unique_ptr<Rbac::Principal>> principals; |
||||||
|
if (ParseJsonObjectField(principal_set_json, "ids", &rules_json, |
||||||
|
error_list)) { |
||||||
|
for (size_t i = 0; i < rules_json->size(); ++i) { |
||||||
|
const Json::Object* principal_json; |
||||||
|
if (!ExtractJsonType((*rules_json)[i], |
||||||
|
absl::StrFormat("ids[%d]", i).c_str(), |
||||||
|
&principal_json, error_list)) { |
||||||
|
continue; |
||||||
|
} |
||||||
|
std::vector<grpc_error_handle> principal_error_list; |
||||||
|
principals.emplace_back(absl::make_unique<Rbac::Principal>( |
||||||
|
ParsePrincipal(*principal_json, &principal_error_list))); |
||||||
|
if (!principal_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING( |
||||||
|
absl::StrFormat("ids[%d]", i), &principal_error_list)); |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
return principals; |
||||||
|
}; |
||||||
|
Rbac::Principal principal; |
||||||
|
const Json::Object* inner_json; |
||||||
|
bool any; |
||||||
|
if (ParseJsonObjectField(principal_json, "andIds", &inner_json, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> and_rules_error_list; |
||||||
|
principal = Rbac::Principal( |
||||||
|
Rbac::Principal::RuleType::kAnd, |
||||||
|
parse_principal_set(*inner_json, &and_rules_error_list)); |
||||||
|
if (!and_rules_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("andIds", &and_rules_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "orIds", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> or_rules_error_list; |
||||||
|
principal = |
||||||
|
Rbac::Principal(Rbac::Principal::RuleType::kOr, |
||||||
|
parse_principal_set(*inner_json, &or_rules_error_list)); |
||||||
|
if (!or_rules_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("orIds", &or_rules_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "any", &any, error_list, |
||||||
|
/*required=*/false) && |
||||||
|
any) { |
||||||
|
principal = Rbac::Principal(Rbac::Principal::RuleType::kAny); |
||||||
|
} else if (ParseJsonObjectField(principal_json, "authenticated", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> authenticated_error_list; |
||||||
|
const Json::Object* principal_name_json; |
||||||
|
if (ParseJsonObjectField(*inner_json, "principalName", &principal_name_json, |
||||||
|
&authenticated_error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> principal_name_error_list; |
||||||
|
auto matcher = |
||||||
|
ParseStringMatcher(*principal_name_json, &principal_name_error_list); |
||||||
|
if (matcher.ok()) { |
||||||
|
principal = Rbac::Principal(Rbac::Principal::RuleType::kPrincipalName, |
||||||
|
*matcher); |
||||||
|
} else { |
||||||
|
principal_name_error_list.push_back( |
||||||
|
absl_status_to_grpc_error(matcher.status())); |
||||||
|
} |
||||||
|
if (!principal_name_error_list.empty()) { |
||||||
|
authenticated_error_list.push_back(GRPC_ERROR_CREATE_FROM_VECTOR( |
||||||
|
"principalName", &principal_name_error_list)); |
||||||
|
} |
||||||
|
} else if (authenticated_error_list.empty()) { |
||||||
|
// No principalName found. Match for all users.
|
||||||
|
principal = Rbac::Principal(Rbac::Principal::RuleType::kAny); |
||||||
|
} else { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR( |
||||||
|
"authenticated", &authenticated_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "sourceIp", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> source_ip_error_list; |
||||||
|
principal = |
||||||
|
Rbac::Principal(Rbac::Principal::RuleType::kSourceIp, |
||||||
|
ParseCidrRange(*inner_json, &source_ip_error_list)); |
||||||
|
if (!source_ip_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("sourceIp", &source_ip_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "directRemoteIp", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> direct_remote_ip_error_list; |
||||||
|
principal = Rbac::Principal( |
||||||
|
Rbac::Principal::RuleType::kDirectRemoteIp, |
||||||
|
ParseCidrRange(*inner_json, &direct_remote_ip_error_list)); |
||||||
|
if (!direct_remote_ip_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR( |
||||||
|
"directRemoteIp", &direct_remote_ip_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "remoteIp", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> remote_ip_error_list; |
||||||
|
principal = |
||||||
|
Rbac::Principal(Rbac::Principal::RuleType::kRemoteIp, |
||||||
|
ParseCidrRange(*inner_json, &remote_ip_error_list)); |
||||||
|
if (!remote_ip_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("remoteIp", &remote_ip_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "header", &inner_json, |
||||||
|
error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> header_error_list; |
||||||
|
auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list); |
||||||
|
if (matcher.ok()) { |
||||||
|
principal = Rbac::Principal(Rbac::Principal::RuleType::kHeader, *matcher); |
||||||
|
} else { |
||||||
|
header_error_list.push_back(absl_status_to_grpc_error(matcher.status())); |
||||||
|
} |
||||||
|
if (!header_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "urlPath", &inner_json, |
||||||
|
error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> url_path_error_list; |
||||||
|
auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list); |
||||||
|
if (matcher.ok()) { |
||||||
|
principal = Rbac::Principal(Rbac::Principal::RuleType::kPath, *matcher); |
||||||
|
} else { |
||||||
|
url_path_error_list.push_back( |
||||||
|
absl_status_to_grpc_error(matcher.status())); |
||||||
|
} |
||||||
|
if (!url_path_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list)); |
||||||
|
} |
||||||
|
} else if (ParseJsonObjectField(principal_json, "metadata", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Cannot handle metadata")); |
||||||
|
} else if (ParseJsonObjectField(principal_json, "notId", &inner_json, |
||||||
|
error_list, /*required=*/false)) { |
||||||
|
std::vector<grpc_error_handle> not_rule_error_list; |
||||||
|
principal = |
||||||
|
Rbac::Principal(Rbac::Principal::RuleType::kNot, |
||||||
|
ParsePrincipal(*inner_json, ¬_rule_error_list)); |
||||||
|
if (!not_rule_error_list.empty()) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_VECTOR("notId", ¬_rule_error_list)); |
||||||
|
} |
||||||
|
} else { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid id found")); |
||||||
|
} |
||||||
|
return principal; |
||||||
|
} |
||||||
|
|
||||||
|
Rbac::Policy ParsePolicy(const Json::Object& policy_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
Rbac::Policy policy; |
||||||
|
const Json::Array* permissions_json_array; |
||||||
|
std::vector<std::unique_ptr<Rbac::Permission>> permissions; |
||||||
|
if (ParseJsonObjectField(policy_json, "permissions", &permissions_json_array, |
||||||
|
error_list)) { |
||||||
|
for (size_t i = 0; i < permissions_json_array->size(); ++i) { |
||||||
|
const Json::Object* permission_json; |
||||||
|
if (!ExtractJsonType((*permissions_json_array)[i], |
||||||
|
absl::StrFormat("permissions[%d]", i), |
||||||
|
&permission_json, error_list)) { |
||||||
|
continue; |
||||||
|
} |
||||||
|
std::vector<grpc_error_handle> permission_error_list; |
||||||
|
permissions.emplace_back(absl::make_unique<Rbac::Permission>( |
||||||
|
ParsePermission(*permission_json, &permission_error_list))); |
||||||
|
if (!permission_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING( |
||||||
|
absl::StrFormat("permissions[%d]", i), &permission_error_list)); |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
const Json::Array* principals_json_array; |
||||||
|
std::vector<std::unique_ptr<Rbac::Principal>> principals; |
||||||
|
if (ParseJsonObjectField(policy_json, "principals", &principals_json_array, |
||||||
|
error_list)) { |
||||||
|
for (size_t i = 0; i < principals_json_array->size(); ++i) { |
||||||
|
const Json::Object* principal_json; |
||||||
|
if (!ExtractJsonType((*principals_json_array)[i], |
||||||
|
absl::StrFormat("principals[%d]", i), |
||||||
|
&principal_json, error_list)) { |
||||||
|
continue; |
||||||
|
} |
||||||
|
std::vector<grpc_error_handle> principal_error_list; |
||||||
|
principals.emplace_back(absl::make_unique<Rbac::Principal>( |
||||||
|
ParsePrincipal(*principal_json, &principal_error_list))); |
||||||
|
if (!principal_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING( |
||||||
|
absl::StrFormat("principals[%d]", i), &principal_error_list)); |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
policy.permissions = |
||||||
|
Rbac::Permission(Rbac::Permission::RuleType::kOr, std::move(permissions)); |
||||||
|
policy.principals = |
||||||
|
Rbac::Principal(Rbac::Principal::RuleType::kOr, std::move(principals)); |
||||||
|
return policy; |
||||||
|
} |
||||||
|
|
||||||
|
Rbac ParseRbac(const Json::Object& rbac_json, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
Rbac rbac; |
||||||
|
const Json::Object* rules_json; |
||||||
|
if (!ParseJsonObjectField(rbac_json, "rules", &rules_json, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
// No enforcing to be applied. An empty deny policy with an empty map is
|
||||||
|
// equivalent to no enforcing.
|
||||||
|
return Rbac(Rbac::Action::kDeny, {}); |
||||||
|
} |
||||||
|
int action; |
||||||
|
if (ParseJsonObjectField(*rules_json, "action", &action, error_list)) { |
||||||
|
if (action > 1) { |
||||||
|
error_list->push_back( |
||||||
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unknown action")); |
||||||
|
} |
||||||
|
} |
||||||
|
rbac.action = static_cast<Rbac::Action>(action); |
||||||
|
const Json::Object* policies_json; |
||||||
|
if (ParseJsonObjectField(*rules_json, "policies", &policies_json, error_list, |
||||||
|
/*required=*/false)) { |
||||||
|
for (const auto& entry : *policies_json) { |
||||||
|
std::vector<grpc_error_handle> policy_error_list; |
||||||
|
rbac.policies.emplace( |
||||||
|
entry.first, |
||||||
|
ParsePolicy(entry.second.object_value(), &policy_error_list)); |
||||||
|
if (!policy_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING( |
||||||
|
absl::StrFormat("policies key:'%s'", entry.first.c_str()), |
||||||
|
&policy_error_list)); |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
return rbac; |
||||||
|
} |
||||||
|
|
||||||
|
std::vector<Rbac> ParseRbacArray(const Json::Array& policies_json_array, |
||||||
|
std::vector<grpc_error_handle>* error_list) { |
||||||
|
std::vector<Rbac> policies; |
||||||
|
for (size_t i = 0; i < policies_json_array.size(); ++i) { |
||||||
|
const Json::Object* rbac_json; |
||||||
|
if (!ExtractJsonType(policies_json_array[i], |
||||||
|
absl::StrFormat("rbacPolicy[%d]", i), &rbac_json, |
||||||
|
error_list)) { |
||||||
|
continue; |
||||||
|
} |
||||||
|
std::vector<grpc_error_handle> rbac_policy_error_list; |
||||||
|
policies.emplace_back(ParseRbac(*rbac_json, &rbac_policy_error_list)); |
||||||
|
if (!rbac_policy_error_list.empty()) { |
||||||
|
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING( |
||||||
|
absl::StrFormat("rbacPolicy[%d]", i), &rbac_policy_error_list)); |
||||||
|
} |
||||||
|
} |
||||||
|
return policies; |
||||||
|
} |
||||||
|
|
||||||
|
} // namespace
|
||||||
|
|
||||||
|
std::unique_ptr<ServiceConfigParser::ParsedConfig> |
||||||
|
RbacServiceConfigParser::ParsePerMethodParams(const grpc_channel_args* args, |
||||||
|
const Json& json, |
||||||
|
grpc_error_handle* error) { |
||||||
|
GPR_DEBUG_ASSERT(error != nullptr && *error == GRPC_ERROR_NONE); |
||||||
|
// Only parse rbac policy if the channel arg is present
|
||||||
|
if (!grpc_channel_args_find_bool(args, GRPC_ARG_PARSE_RBAC_METHOD_CONFIG, |
||||||
|
false)) { |
||||||
|
return nullptr; |
||||||
|
} |
||||||
|
std::vector<Rbac> rbac_policies; |
||||||
|
std::vector<grpc_error_handle> error_list; |
||||||
|
const Json::Array* policies_json_array; |
||||||
|
if (ParseJsonObjectField(json.object_value(), "rbacPolicy", |
||||||
|
&policies_json_array, &error_list)) { |
||||||
|
rbac_policies = ParseRbacArray(*policies_json_array, &error_list); |
||||||
|
} |
||||||
|
*error = GRPC_ERROR_CREATE_FROM_VECTOR("Rbac parser", &error_list); |
||||||
|
if (*error != GRPC_ERROR_NONE || rbac_policies.empty()) { |
||||||
|
return nullptr; |
||||||
|
} |
||||||
|
return absl::make_unique<RbacMethodParsedConfig>(std::move(rbac_policies)); |
||||||
|
} |
||||||
|
|
||||||
|
void RbacServiceConfigParser::Register() { |
||||||
|
g_rbac_parser_index = ServiceConfigParser::RegisterParser( |
||||||
|
absl::make_unique<RbacServiceConfigParser>()); |
||||||
|
} |
||||||
|
|
||||||
|
size_t RbacServiceConfigParser::ParserIndex() { return g_rbac_parser_index; } |
||||||
|
|
||||||
|
} // namespace grpc_core
|
@ -0,0 +1,70 @@ |
|||||||
|
//
|
||||||
|
// Copyright 2021 gRPC authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
//
|
||||||
|
|
||||||
|
#ifndef GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H |
||||||
|
#define GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H |
||||||
|
|
||||||
|
#include <grpc/support/port_platform.h> |
||||||
|
|
||||||
|
#include <vector> |
||||||
|
|
||||||
|
#include "src/core/ext/service_config/service_config_parser.h" |
||||||
|
#include "src/core/lib/security/authorization/grpc_authorization_engine.h" |
||||||
|
|
||||||
|
namespace grpc_core { |
||||||
|
|
||||||
|
// Channel arg key for enabling parsing RBAC via method config.
|
||||||
|
#define GRPC_ARG_PARSE_RBAC_METHOD_CONFIG \ |
||||||
|
"grpc.internal.parse_rbac_method_config" |
||||||
|
|
||||||
|
class RbacMethodParsedConfig : public ServiceConfigParser::ParsedConfig { |
||||||
|
public: |
||||||
|
explicit RbacMethodParsedConfig(std::vector<Rbac> rbac_policies) { |
||||||
|
for (auto& rbac_policy : rbac_policies) { |
||||||
|
authorization_engines_.emplace_back(std::move(rbac_policy)); |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
// Returns the authorization engine for a rbac policy at a certain index. For
|
||||||
|
// a connection on the server, multiple RBAC policies might be active. The
|
||||||
|
// RBAC filter uses this method to get the RBAC policy configured for a
|
||||||
|
// instance at a particular instance.
|
||||||
|
const GrpcAuthorizationEngine* authorization_engine(int index) const { |
||||||
|
if (static_cast<size_t>(index) >= authorization_engines_.size()) { |
||||||
|
return nullptr; |
||||||
|
} |
||||||
|
return &authorization_engines_[index]; |
||||||
|
} |
||||||
|
|
||||||
|
private: |
||||||
|
std::vector<GrpcAuthorizationEngine> authorization_engines_; |
||||||
|
}; |
||||||
|
|
||||||
|
class RbacServiceConfigParser : public ServiceConfigParser::Parser { |
||||||
|
public: |
||||||
|
// Parses the per-method service config for rbac filter.
|
||||||
|
std::unique_ptr<ServiceConfigParser::ParsedConfig> ParsePerMethodParams( |
||||||
|
const grpc_channel_args* args, const Json& json, |
||||||
|
grpc_error_handle* error) override; |
||||||
|
// Returns the parser index for RbacServiceConfigParser.
|
||||||
|
static size_t ParserIndex(); |
||||||
|
// Registers RbacServiceConfigParser to ServiceConfigParser.
|
||||||
|
static void Register(); |
||||||
|
}; |
||||||
|
|
||||||
|
} // namespace grpc_core
|
||||||
|
|
||||||
|
#endif // GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H
|
@ -0,0 +1,61 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* envoy/extensions/filters/http/rbac/v3/rbac.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#include <stddef.h> |
||||||
|
#include "upb/msg_internal.h" |
||||||
|
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h" |
||||||
|
#include "envoy/config/rbac/v3/rbac.upb.h" |
||||||
|
#include "udpa/annotations/status.upb.h" |
||||||
|
#include "udpa/annotations/versioning.upb.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
static const upb_msglayout_sub envoy_extensions_filters_http_rbac_v3_RBAC_submsgs[1] = { |
||||||
|
{.submsg = &envoy_config_rbac_v3_RBAC_msginit}, |
||||||
|
}; |
||||||
|
|
||||||
|
static const upb_msglayout_field envoy_extensions_filters_http_rbac_v3_RBAC__fields[3] = { |
||||||
|
{1, UPB_SIZE(12, 24), 1, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)}, |
||||||
|
{2, UPB_SIZE(16, 32), 2, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)}, |
||||||
|
{3, UPB_SIZE(4, 8), 0, 0, 9, _UPB_MODE_SCALAR | (_UPB_REP_STRVIEW << _UPB_REP_SHIFT)}, |
||||||
|
}; |
||||||
|
|
||||||
|
const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBAC_msginit = { |
||||||
|
&envoy_extensions_filters_http_rbac_v3_RBAC_submsgs[0], |
||||||
|
&envoy_extensions_filters_http_rbac_v3_RBAC__fields[0], |
||||||
|
UPB_SIZE(24, 48), 3, _UPB_MSGEXT_NONE, 3, 255, |
||||||
|
}; |
||||||
|
|
||||||
|
static const upb_msglayout_sub envoy_extensions_filters_http_rbac_v3_RBACPerRoute_submsgs[1] = { |
||||||
|
{.submsg = &envoy_extensions_filters_http_rbac_v3_RBAC_msginit}, |
||||||
|
}; |
||||||
|
|
||||||
|
static const upb_msglayout_field envoy_extensions_filters_http_rbac_v3_RBACPerRoute__fields[1] = { |
||||||
|
{2, UPB_SIZE(4, 8), 1, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)}, |
||||||
|
}; |
||||||
|
|
||||||
|
const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit = { |
||||||
|
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_submsgs[0], |
||||||
|
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute__fields[0], |
||||||
|
UPB_SIZE(8, 16), 1, _UPB_MSGEXT_NONE, 0, 255, |
||||||
|
}; |
||||||
|
|
||||||
|
static const upb_msglayout *messages_layout[2] = { |
||||||
|
&envoy_extensions_filters_http_rbac_v3_RBAC_msginit, |
||||||
|
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, |
||||||
|
}; |
||||||
|
|
||||||
|
const upb_msglayout_file envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout = { |
||||||
|
messages_layout, |
||||||
|
NULL, |
||||||
|
2, |
||||||
|
0, |
||||||
|
}; |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
@ -0,0 +1,146 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* envoy/extensions/filters/http/rbac/v3/rbac.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#ifndef ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_ |
||||||
|
#define ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_ |
||||||
|
|
||||||
|
#include "upb/msg_internal.h" |
||||||
|
#include "upb/decode.h" |
||||||
|
#include "upb/decode_fast.h" |
||||||
|
#include "upb/encode.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
extern "C" { |
||||||
|
#endif |
||||||
|
|
||||||
|
struct envoy_extensions_filters_http_rbac_v3_RBAC; |
||||||
|
struct envoy_extensions_filters_http_rbac_v3_RBACPerRoute; |
||||||
|
typedef struct envoy_extensions_filters_http_rbac_v3_RBAC envoy_extensions_filters_http_rbac_v3_RBAC; |
||||||
|
typedef struct envoy_extensions_filters_http_rbac_v3_RBACPerRoute envoy_extensions_filters_http_rbac_v3_RBACPerRoute; |
||||||
|
extern const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBAC_msginit; |
||||||
|
extern const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit; |
||||||
|
struct envoy_config_rbac_v3_RBAC; |
||||||
|
extern const upb_msglayout envoy_config_rbac_v3_RBAC_msginit; |
||||||
|
|
||||||
|
|
||||||
|
/* envoy.extensions.filters.http.rbac.v3.RBAC */ |
||||||
|
|
||||||
|
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_new(upb_arena *arena) { |
||||||
|
return (envoy_extensions_filters_http_rbac_v3_RBAC *)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena); |
||||||
|
} |
||||||
|
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_parse(const char *buf, size_t size, |
||||||
|
upb_arena *arena) { |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBAC *ret = envoy_extensions_filters_http_rbac_v3_RBAC_new(arena); |
||||||
|
if (!ret) return NULL; |
||||||
|
if (!upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena)) return NULL; |
||||||
|
return ret; |
||||||
|
} |
||||||
|
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_parse_ex(const char *buf, size_t size, |
||||||
|
const upb_extreg *extreg, int options, |
||||||
|
upb_arena *arena) { |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBAC *ret = envoy_extensions_filters_http_rbac_v3_RBAC_new(arena); |
||||||
|
if (!ret) return NULL; |
||||||
|
if (!_upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, extreg, options, arena)) { |
||||||
|
return NULL; |
||||||
|
} |
||||||
|
return ret; |
||||||
|
} |
||||||
|
UPB_INLINE char *envoy_extensions_filters_http_rbac_v3_RBAC_serialize(const envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena, size_t *len) { |
||||||
|
return upb_encode(msg, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena, len); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBAC_has_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return _upb_hasbit(msg, 1); } |
||||||
|
UPB_INLINE const struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(12, 24), const struct envoy_config_rbac_v3_RBAC*); } |
||||||
|
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBAC_has_shadow_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return _upb_hasbit(msg, 2); } |
||||||
|
UPB_INLINE const struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(16, 32), const struct envoy_config_rbac_v3_RBAC*); } |
||||||
|
UPB_INLINE upb_strview envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules_stat_prefix(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(4, 8), upb_strview); } |
||||||
|
|
||||||
|
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, struct envoy_config_rbac_v3_RBAC* value) { |
||||||
|
_upb_sethas(msg, 1); |
||||||
|
*UPB_PTR_AT(msg, UPB_SIZE(12, 24), struct envoy_config_rbac_v3_RBAC*) = value; |
||||||
|
} |
||||||
|
UPB_INLINE struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_mutable_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena) { |
||||||
|
struct envoy_config_rbac_v3_RBAC* sub = (struct envoy_config_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBAC_rules(msg); |
||||||
|
if (sub == NULL) { |
||||||
|
sub = (struct envoy_config_rbac_v3_RBAC*)_upb_msg_new(&envoy_config_rbac_v3_RBAC_msginit, arena); |
||||||
|
if (!sub) return NULL; |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBAC_set_rules(msg, sub); |
||||||
|
} |
||||||
|
return sub; |
||||||
|
} |
||||||
|
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, struct envoy_config_rbac_v3_RBAC* value) { |
||||||
|
_upb_sethas(msg, 2); |
||||||
|
*UPB_PTR_AT(msg, UPB_SIZE(16, 32), struct envoy_config_rbac_v3_RBAC*) = value; |
||||||
|
} |
||||||
|
UPB_INLINE struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_mutable_shadow_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena) { |
||||||
|
struct envoy_config_rbac_v3_RBAC* sub = (struct envoy_config_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules(msg); |
||||||
|
if (sub == NULL) { |
||||||
|
sub = (struct envoy_config_rbac_v3_RBAC*)_upb_msg_new(&envoy_config_rbac_v3_RBAC_msginit, arena); |
||||||
|
if (!sub) return NULL; |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules(msg, sub); |
||||||
|
} |
||||||
|
return sub; |
||||||
|
} |
||||||
|
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules_stat_prefix(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_strview value) { |
||||||
|
*UPB_PTR_AT(msg, UPB_SIZE(4, 8), upb_strview) = value; |
||||||
|
} |
||||||
|
|
||||||
|
/* envoy.extensions.filters.http.rbac.v3.RBACPerRoute */ |
||||||
|
|
||||||
|
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(upb_arena *arena) { |
||||||
|
return (envoy_extensions_filters_http_rbac_v3_RBACPerRoute *)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena); |
||||||
|
} |
||||||
|
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse(const char *buf, size_t size, |
||||||
|
upb_arena *arena) { |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBACPerRoute *ret = envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(arena); |
||||||
|
if (!ret) return NULL; |
||||||
|
if (!upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena)) return NULL; |
||||||
|
return ret; |
||||||
|
} |
||||||
|
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse_ex(const char *buf, size_t size, |
||||||
|
const upb_extreg *extreg, int options, |
||||||
|
upb_arena *arena) { |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBACPerRoute *ret = envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(arena); |
||||||
|
if (!ret) return NULL; |
||||||
|
if (!_upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, extreg, options, arena)) { |
||||||
|
return NULL; |
||||||
|
} |
||||||
|
return ret; |
||||||
|
} |
||||||
|
UPB_INLINE char *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_serialize(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, upb_arena *arena, size_t *len) { |
||||||
|
return upb_encode(msg, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena, len); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBACPerRoute_has_rbac(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg) { return _upb_hasbit(msg, 1); } |
||||||
|
UPB_INLINE const envoy_extensions_filters_http_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(4, 8), const envoy_extensions_filters_http_rbac_v3_RBAC*); } |
||||||
|
|
||||||
|
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBACPerRoute_set_rbac(envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, envoy_extensions_filters_http_rbac_v3_RBAC* value) { |
||||||
|
_upb_sethas(msg, 1); |
||||||
|
*UPB_PTR_AT(msg, UPB_SIZE(4, 8), envoy_extensions_filters_http_rbac_v3_RBAC*) = value; |
||||||
|
} |
||||||
|
UPB_INLINE struct envoy_extensions_filters_http_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBACPerRoute_mutable_rbac(envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, upb_arena *arena) { |
||||||
|
struct envoy_extensions_filters_http_rbac_v3_RBAC* sub = (struct envoy_extensions_filters_http_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(msg); |
||||||
|
if (sub == NULL) { |
||||||
|
sub = (struct envoy_extensions_filters_http_rbac_v3_RBAC*)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena); |
||||||
|
if (!sub) return NULL; |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_set_rbac(msg, sub); |
||||||
|
} |
||||||
|
return sub; |
||||||
|
} |
||||||
|
|
||||||
|
extern const upb_msglayout_file envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout; |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
} /* extern "C" */ |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
||||||
|
#endif /* ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_ */ |
@ -0,0 +1,56 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* envoy/extensions/filters/http/rbac/v3/rbac.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h" |
||||||
|
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h" |
||||||
|
|
||||||
|
extern upb_def_init envoy_config_rbac_v3_rbac_proto_upbdefinit; |
||||||
|
extern upb_def_init udpa_annotations_status_proto_upbdefinit; |
||||||
|
extern upb_def_init udpa_annotations_versioning_proto_upbdefinit; |
||||||
|
static const char descriptor[639] = {'\n', '0', 'e', 'n', 'v', 'o', 'y', '/', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '/', 'f', 'i', 'l', 't', 'e', 'r',
|
||||||
|
's', '/', 'h', 't', 't', 'p', '/', 'r', 'b', 'a', 'c', '/', 'v', '3', '/', 'r', 'b', 'a', 'c', '.', 'p', 'r', 'o', 't', 'o',
|
||||||
|
'\022', '%', 'e', 'n', 'v', 'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r',
|
||||||
|
's', '.', 'h', 't', 't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '\032', '\037', 'e', 'n', 'v', 'o', 'y', '/', 'c', 'o', 'n',
|
||||||
|
'f', 'i', 'g', '/', 'r', 'b', 'a', 'c', '/', 'v', '3', '/', 'r', 'b', 'a', 'c', '.', 'p', 'r', 'o', 't', 'o', '\032', '\035', 'u',
|
||||||
|
'd', 'p', 'a', '/', 'a', 'n', 'n', 'o', 't', 'a', 't', 'i', 'o', 'n', 's', '/', 's', 't', 'a', 't', 'u', 's', '.', 'p', 'r',
|
||||||
|
'o', 't', 'o', '\032', '!', 'u', 'd', 'p', 'a', '/', 'a', 'n', 'n', 'o', 't', 'a', 't', 'i', 'o', 'n', 's', '/', 'v', 'e', 'r',
|
||||||
|
's', 'i', 'o', 'n', 'i', 'n', 'g', '.', 'p', 'r', 'o', 't', 'o', '\"', '\336', '\001', '\n', '\004', 'R', 'B', 'A', 'C', '\022', '0', '\n',
|
||||||
|
'\005', 'r', 'u', 'l', 'e', 's', '\030', '\001', ' ', '\001', '(', '\013', '2', '\032', '.', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f',
|
||||||
|
'i', 'g', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\005', 'r', 'u', 'l', 'e', 's', '\022', '=', '\n',
|
||||||
|
'\014', 's', 'h', 'a', 'd', 'o', 'w', '_', 'r', 'u', 'l', 'e', 's', '\030', '\002', ' ', '\001', '(', '\013', '2', '\032', '.', 'e', 'n', 'v',
|
||||||
|
'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\013', 's',
|
||||||
|
'h', 'a', 'd', 'o', 'w', 'R', 'u', 'l', 'e', 's', '\022', '7', '\n', '\030', 's', 'h', 'a', 'd', 'o', 'w', '_', 'r', 'u', 'l', 'e',
|
||||||
|
's', '_', 's', 't', 'a', 't', '_', 'p', 'r', 'e', 'f', 'i', 'x', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\025', 's', 'h', 'a', 'd',
|
||||||
|
'o', 'w', 'R', 'u', 'l', 'e', 's', 'S', 't', 'a', 't', 'P', 'r', 'e', 'f', 'i', 'x', ':', ',', '\232', '\305', '\210', '\036', '\'', '\n',
|
||||||
|
'%', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'f', 'i', 'l', 't', 'e', 'r', '.', 'h', 't', 't', 'p',
|
||||||
|
'.', 'r', 'b', 'a', 'c', '.', 'v', '2', '.', 'R', 'B', 'A', 'C', '\"', '\213', '\001', '\n', '\014', 'R', 'B', 'A', 'C', 'P', 'e', 'r',
|
||||||
|
'R', 'o', 'u', 't', 'e', '\022', '?', '\n', '\004', 'r', 'b', 'a', 'c', '\030', '\002', ' ', '\001', '(', '\013', '2', '+', '.', 'e', 'n', 'v',
|
||||||
|
'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r', 's', '.', 'h', 't', 't',
|
||||||
|
'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\004', 'r', 'b', 'a', 'c', ':', '4', '\232', '\305', '\210',
|
||||||
|
'\036', '/', '\n', '-', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'f', 'i', 'l', 't', 'e', 'r', '.', 'h',
|
||||||
|
't', 't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '2', '.', 'R', 'B', 'A', 'C', 'P', 'e', 'r', 'R', 'o', 'u', 't', 'e', 'J',
|
||||||
|
'\004', '\010', '\001', '\020', '\002', 'B', 'J', '\n', '3', 'i', 'o', '.', 'e', 'n', 'v', 'o', 'y', 'p', 'r', 'o', 'x', 'y', '.', 'e', 'n',
|
||||||
|
'v', 'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r', 's', '.', 'h', 't',
|
||||||
|
't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', 'B', '\t', 'R', 'b', 'a', 'c', 'P', 'r', 'o', 't', 'o', 'P', '\001', '\272', '\200',
|
||||||
|
'\310', '\321', '\006', '\002', '\020', '\002', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
|
||||||
|
}; |
||||||
|
|
||||||
|
static upb_def_init *deps[4] = { |
||||||
|
&envoy_config_rbac_v3_rbac_proto_upbdefinit, |
||||||
|
&udpa_annotations_status_proto_upbdefinit, |
||||||
|
&udpa_annotations_versioning_proto_upbdefinit, |
||||||
|
NULL |
||||||
|
}; |
||||||
|
|
||||||
|
upb_def_init envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit = { |
||||||
|
deps, |
||||||
|
&envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout, |
||||||
|
"envoy/extensions/filters/http/rbac/v3/rbac.proto", |
||||||
|
UPB_STRVIEW_INIT(descriptor, 639) |
||||||
|
}; |
@ -0,0 +1,40 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* envoy/extensions/filters/http/rbac/v3/rbac.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#ifndef ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_ |
||||||
|
#define ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "upb/port_def.inc" |
||||||
|
#ifdef __cplusplus |
||||||
|
extern "C" { |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
extern upb_def_init envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit; |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *envoy_extensions_filters_http_rbac_v3_RBAC_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "envoy.extensions.filters.http.rbac.v3.RBAC"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "envoy.extensions.filters.http.rbac.v3.RBACPerRoute"); |
||||||
|
} |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
} /* extern "C" */ |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
||||||
|
#endif /* ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_ */ |
@ -0,0 +1,154 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/checked.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "google/api/expr/v1alpha1/checked.upbdefs.h" |
||||||
|
#include "google/api/expr/v1alpha1/checked.upb.h" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit; |
||||||
|
extern upb_def_init google_protobuf_empty_proto_upbdefinit; |
||||||
|
extern upb_def_init google_protobuf_struct_proto_upbdefinit; |
||||||
|
static const char descriptor[3089] = {'\n', '&', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '/', 'c', 'h', 'e', 'c', 'k', 'e', 'd', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
|
||||||
|
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '%', 'g', 'o', 'o', 'g', 'l', 'e', '/',
|
||||||
|
'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 's', 'y', 'n', 't', 'a', 'x', '.',
|
||||||
|
'p', 'r', 'o', 't', 'o', '\032', '\033', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 'e', 'm',
|
||||||
|
'p', 't', 'y', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u',
|
||||||
|
'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o', 't', 'o', '\"', '\367', '\003', '\n', '\013', 'C', 'h', 'e', 'c', 'k', 'e',
|
||||||
|
'd', 'E', 'x', 'p', 'r', '\022', '\\', '\n', '\r', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '_', 'm', 'a', 'p', '\030', '\002', ' ',
|
||||||
|
'\003', '(', '\013', '2', '7', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
|
||||||
|
'l', 'p', 'h', 'a', '1', '.', 'C', 'h', 'e', 'c', 'k', 'e', 'd', 'E', 'x', 'p', 'r', '.', 'R', 'e', 'f', 'e', 'r', 'e', 'n',
|
||||||
|
'c', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', 'R', '\014', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'M', 'a', 'p', '\022',
|
||||||
|
'M', '\n', '\010', 't', 'y', 'p', 'e', '_', 'm', 'a', 'p', '\030', '\003', ' ', '\003', '(', '\013', '2', '2', '.', 'g', 'o', 'o', 'g', 'l',
|
||||||
|
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'h', 'e', 'c', 'k',
|
||||||
|
'e', 'd', 'E', 'x', 'p', 'r', '.', 'T', 'y', 'p', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', 'R', '\007', 't', 'y', 'p', 'e',
|
||||||
|
'M', 'a', 'p', '\022', 'E', '\n', '\013', 's', 'o', 'u', 'r', 'c', 'e', '_', 'i', 'n', 'f', 'o', '\030', '\005', ' ', '\001', '(', '\013', '2',
|
||||||
|
'$', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', 'R', '\n', 's', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\022',
|
||||||
|
'2', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
|
||||||
|
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'e', 'x', 'p',
|
||||||
|
'r', '\032', 'd', '\n', '\021', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n',
|
||||||
|
'\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '9', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030',
|
||||||
|
'\002', ' ', '\001', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v',
|
||||||
|
'1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':',
|
||||||
|
'\002', '8', '\001', '\032', 'Z', '\n', '\014', 'T', 'y', 'p', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n', '\003', 'k', 'e',
|
||||||
|
'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001',
|
||||||
|
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
|
||||||
|
'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':', '\002', '8', '\001', '\"', '\310', '\013', '\n', '\004',
|
||||||
|
'T', 'y', 'p', 'e', '\022', '*', '\n', '\003', 'd', 'y', 'n', '\030', '\001', ' ', '\001', '(', '\013', '2', '\026', '.', 'g', 'o', 'o', 'g', 'l',
|
||||||
|
'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'E', 'm', 'p', 't', 'y', 'H', '\000', 'R', '\003', 'd', 'y', 'n', '\022', '0',
|
||||||
|
'\n', '\004', 'n', 'u', 'l', 'l', '\030', '\002', ' ', '\001', '(', '\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o',
|
||||||
|
't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\004', 'n', 'u', 'l', 'l', '\022', 'L',
|
||||||
|
'\n', '\t', 'p', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', '\030', '\003', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o', 'o', 'g', 'l',
|
||||||
|
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.',
|
||||||
|
'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\t', 'p', 'r', 'i', 'm', 'i', 't', 'i', 'v',
|
||||||
|
'e', '\022', 'H', '\n', '\007', 'w', 'r', 'a', 'p', 'p', 'e', 'r', '\030', '\004', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o', 'o', 'g',
|
||||||
|
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e',
|
||||||
|
'.', 'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\007', 'w', 'r', 'a', 'p', 'p', 'e', 'r',
|
||||||
|
'\022', 'M', '\n', '\n', 'w', 'e', 'l', 'l', '_', 'k', 'n', 'o', 'w', 'n', '\030', '\005', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o',
|
||||||
|
'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y',
|
||||||
|
'p', 'e', '.', 'W', 'e', 'l', 'l', 'K', 'n', 'o', 'w', 'n', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\t', 'w', 'e', 'l', 'l', 'K',
|
||||||
|
'n', 'o', 'w', 'n', '\022', 'F', '\n', '\t', 'l', 'i', 's', 't', '_', 't', 'y', 'p', 'e', '\030', '\006', ' ', '\001', '(', '\013', '2', '\'',
|
||||||
|
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1',
|
||||||
|
'.', 'T', 'y', 'p', 'e', '.', 'L', 'i', 's', 't', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\010', 'l', 'i', 's', 't', 'T', 'y', 'p',
|
||||||
|
'e', '\022', 'C', '\n', '\010', 'm', 'a', 'p', '_', 't', 'y', 'p', 'e', '\030', '\007', ' ', '\001', '(', '\013', '2', '&', '.', 'g', 'o', 'o',
|
||||||
|
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p',
|
||||||
|
'e', '.', 'M', 'a', 'p', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\007', 'm', 'a', 'p', 'T', 'y', 'p', 'e', '\022', 'I', '\n', '\010', 'f',
|
||||||
|
'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\010', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
|
||||||
|
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.', 'F', 'u', 'n', 'c',
|
||||||
|
't', 'i', 'o', 'n', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '#', '\n', '\014', 'm',
|
||||||
|
'e', 's', 's', 'a', 'g', 'e', '_', 't', 'y', 'p', 'e', '\030', '\t', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 'm', 'e', 's', 's',
|
||||||
|
'a', 'g', 'e', 'T', 'y', 'p', 'e', '\022', '\037', '\n', '\n', 't', 'y', 'p', 'e', '_', 'p', 'a', 'r', 'a', 'm', '\030', '\n', ' ', '\001',
|
||||||
|
'(', '\t', 'H', '\000', 'R', '\t', 't', 'y', 'p', 'e', 'P', 'a', 'r', 'a', 'm', '\022', '4', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\013',
|
||||||
|
' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
|
||||||
|
'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\004', 't', 'y', 'p', 'e', '\022', '.', '\n', '\005', 'e', 'r',
|
||||||
|
'r', 'o', 'r', '\030', '\014', ' ', '\001', '(', '\013', '2', '\026', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b',
|
||||||
|
'u', 'f', '.', 'E', 'm', 'p', 't', 'y', 'H', '\000', 'R', '\005', 'e', 'r', 'r', 'o', 'r', '\022', 'R', '\n', '\r', 'a', 'b', 's', 't',
|
||||||
|
'r', 'a', 'c', 't', '_', 't', 'y', 'p', 'e', '\030', '\016', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
|
||||||
|
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.', 'A', 'b',
|
||||||
|
's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\014', 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p',
|
||||||
|
'e', '\032', 'G', '\n', '\010', 'L', 'i', 's', 't', 'T', 'y', 'p', 'e', '\022', ';', '\n', '\t', 'e', 'l', 'e', 'm', '_', 't', 'y', 'p',
|
||||||
|
'e', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
|
||||||
|
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\010', 'e', 'l', 'e', 'm', 'T', 'y', 'p', 'e', '\032',
|
||||||
|
'\203', '\001', '\n', '\007', 'M', 'a', 'p', 'T', 'y', 'p', 'e', '\022', '9', '\n', '\010', 'k', 'e', 'y', '_', 't', 'y', 'p', 'e', '\030', '\001',
|
||||||
|
' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
|
||||||
|
'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\007', 'k', 'e', 'y', 'T', 'y', 'p', 'e', '\022', '=', '\n', '\n', 'v',
|
||||||
|
'a', 'l', 'u', 'e', '_', 't', 'y', 'p', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
|
||||||
|
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\t', 'v',
|
||||||
|
'a', 'l', 'u', 'e', 'T', 'y', 'p', 'e', '\032', '\214', '\001', '\n', '\014', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'T', 'y', 'p', 'e',
|
||||||
|
'\022', '?', '\n', '\013', 'r', 'e', 's', 'u', 'l', 't', '_', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g',
|
||||||
|
'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T',
|
||||||
|
'y', 'p', 'e', 'R', '\n', 'r', 'e', 's', 'u', 'l', 't', 'T', 'y', 'p', 'e', '\022', ';', '\n', '\t', 'a', 'r', 'g', '_', 't', 'y',
|
||||||
|
'p', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
|
||||||
|
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\010', 'a', 'r', 'g', 'T', 'y', 'p', 'e',
|
||||||
|
's', '\032', 'k', '\n', '\014', 'A', 'b', 's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p', 'e', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e',
|
||||||
|
'\030', '\001', ' ', '\001', '(', '\t', 'R', '\004', 'n', 'a', 'm', 'e', '\022', 'G', '\n', '\017', 'p', 'a', 'r', 'a', 'm', 'e', 't', 'e', 'r',
|
||||||
|
'_', 't', 'y', 'p', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
|
||||||
|
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\016', 'p', 'a', 'r', 'a',
|
||||||
|
'm', 'e', 't', 'e', 'r', 'T', 'y', 'p', 'e', 's', '\"', 's', '\n', '\r', 'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y',
|
||||||
|
'p', 'e', '\022', '\036', '\n', '\032', 'P', 'R', 'I', 'M', 'I', 'T', 'I', 'V', 'E', '_', 'T', 'Y', 'P', 'E', '_', 'U', 'N', 'S', 'P',
|
||||||
|
'E', 'C', 'I', 'F', 'I', 'E', 'D', '\020', '\000', '\022', '\010', '\n', '\004', 'B', 'O', 'O', 'L', '\020', '\001', '\022', '\t', '\n', '\005', 'I', 'N',
|
||||||
|
'T', '6', '4', '\020', '\002', '\022', '\n', '\n', '\006', 'U', 'I', 'N', 'T', '6', '4', '\020', '\003', '\022', '\n', '\n', '\006', 'D', 'O', 'U', 'B',
|
||||||
|
'L', 'E', '\020', '\004', '\022', '\n', '\n', '\006', 'S', 'T', 'R', 'I', 'N', 'G', '\020', '\005', '\022', '\t', '\n', '\005', 'B', 'Y', 'T', 'E', 'S',
|
||||||
|
'\020', '\006', '\"', 'V', '\n', '\r', 'W', 'e', 'l', 'l', 'K', 'n', 'o', 'w', 'n', 'T', 'y', 'p', 'e', '\022', '\037', '\n', '\033', 'W', 'E',
|
||||||
|
'L', 'L', '_', 'K', 'N', 'O', 'W', 'N', '_', 'T', 'Y', 'P', 'E', '_', 'U', 'N', 'S', 'P', 'E', 'C', 'I', 'F', 'I', 'E', 'D',
|
||||||
|
'\020', '\000', '\022', '\007', '\n', '\003', 'A', 'N', 'Y', '\020', '\001', '\022', '\r', '\n', '\t', 'T', 'I', 'M', 'E', 'S', 'T', 'A', 'M', 'P', '\020',
|
||||||
|
'\002', '\022', '\014', '\n', '\010', 'D', 'U', 'R', 'A', 'T', 'I', 'O', 'N', '\020', '\003', 'B', '\013', '\n', '\t', 't', 'y', 'p', 'e', '_', 'k',
|
||||||
|
'i', 'n', 'd', '\"', '\263', '\005', '\n', '\004', 'D', 'e', 'c', 'l', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(',
|
||||||
|
'\t', 'R', '\004', 'n', 'a', 'm', 'e', '\022', '@', '\n', '\005', 'i', 'd', 'e', 'n', 't', '\030', '\002', ' ', '\001', '(', '\013', '2', '(', '.',
|
||||||
|
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
|
||||||
|
'D', 'e', 'c', 'l', '.', 'I', 'd', 'e', 'n', 't', 'D', 'e', 'c', 'l', 'H', '\000', 'R', '\005', 'i', 'd', 'e', 'n', 't', '\022', 'I',
|
||||||
|
'\n', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\003', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e',
|
||||||
|
'.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'D', 'e', 'c', 'l', '.', 'F',
|
||||||
|
'u', 'n', 'c', 't', 'i', 'o', 'n', 'D', 'e', 'c', 'l', 'H', '\000', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\032', '\213',
|
||||||
|
'\001', '\n', '\t', 'I', 'd', 'e', 'n', 't', 'D', 'e', 'c', 'l', '\022', '2', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(',
|
||||||
|
'\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
|
||||||
|
'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\004', 't', 'y', 'p', 'e', '\022', '8', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002',
|
||||||
|
' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
|
||||||
|
'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\022', '\020', '\n',
|
||||||
|
'\003', 'd', 'o', 'c', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\003', 'd', 'o', 'c', '\032', '\356', '\002', '\n', '\014', 'F', 'u', 'n', 'c', 't',
|
||||||
|
'i', 'o', 'n', 'D', 'e', 'c', 'l', '\022', 'R', '\n', '\t', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 's', '\030', '\001', ' ', '\003', '(',
|
||||||
|
'\013', '2', '4', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
|
||||||
|
'h', 'a', '1', '.', 'D', 'e', 'c', 'l', '.', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'D', 'e', 'c', 'l', '.', 'O', 'v', 'e',
|
||||||
|
'r', 'l', 'o', 'a', 'd', 'R', '\t', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 's', '\032', '\211', '\002', '\n', '\010', 'O', 'v', 'e', 'r',
|
||||||
|
'l', 'o', 'a', 'd', '\022', '\037', '\n', '\013', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '_', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\t',
|
||||||
|
'R', '\n', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 'I', 'd', '\022', '6', '\n', '\006', 'p', 'a', 'r', 'a', 'm', 's', '\030', '\002', ' ',
|
||||||
|
'\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
|
||||||
|
'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\006', 'p', 'a', 'r', 'a', 'm', 's', '\022', '\037', '\n', '\013', 't', 'y', 'p',
|
||||||
|
'e', '_', 'p', 'a', 'r', 'a', 'm', 's', '\030', '\003', ' ', '\003', '(', '\t', 'R', '\n', 't', 'y', 'p', 'e', 'P', 'a', 'r', 'a', 'm',
|
||||||
|
's', '\022', '?', '\n', '\013', 'r', 'e', 's', 'u', 'l', 't', '_', 't', 'y', 'p', 'e', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.',
|
||||||
|
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
|
||||||
|
'T', 'y', 'p', 'e', 'R', '\n', 'r', 'e', 's', 'u', 'l', 't', 'T', 'y', 'p', 'e', '\022', '0', '\n', '\024', 'i', 's', '_', 'i', 'n',
|
||||||
|
's', 't', 'a', 'n', 'c', 'e', '_', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\005', ' ', '\001', '(', '\010', 'R', '\022', 'i', 's',
|
||||||
|
'I', 'n', 's', 't', 'a', 'n', 'c', 'e', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '\020', '\n', '\003', 'd', 'o', 'c', '\030', '\006',
|
||||||
|
' ', '\001', '(', '\t', 'R', '\003', 'd', 'o', 'c', 'B', '\013', '\n', '\t', 'd', 'e', 'c', 'l', '_', 'k', 'i', 'n', 'd', '\"', 'z', '\n',
|
||||||
|
'\t', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R',
|
||||||
|
'\004', 'n', 'a', 'm', 'e', '\022', '\037', '\n', '\013', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '_', 'i', 'd', '\030', '\003', ' ', '\003', '(',
|
||||||
|
'\t', 'R', '\n', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 'I', 'd', '\022', '8', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\004', ' ',
|
||||||
|
'\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
|
||||||
|
'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', 'l', '\n', '\034',
|
||||||
|
'c', 'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
|
||||||
|
'h', 'a', '1', 'B', '\t', 'D', 'e', 'c', 'l', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.',
|
||||||
|
'g', 'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l',
|
||||||
|
'e', 'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e',
|
||||||
|
'x', 'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
|
||||||
|
}; |
||||||
|
|
||||||
|
static upb_def_init *deps[4] = { |
||||||
|
&google_api_expr_v1alpha1_syntax_proto_upbdefinit, |
||||||
|
&google_protobuf_empty_proto_upbdefinit, |
||||||
|
&google_protobuf_struct_proto_upbdefinit, |
||||||
|
NULL |
||||||
|
}; |
||||||
|
|
||||||
|
upb_def_init google_api_expr_v1alpha1_checked_proto_upbdefinit = { |
||||||
|
deps, |
||||||
|
&google_api_expr_v1alpha1_checked_proto_upb_file_layout, |
||||||
|
"google/api/expr/v1alpha1/checked.proto", |
||||||
|
UPB_STRVIEW_INIT(descriptor, 3089) |
||||||
|
}; |
@ -0,0 +1,95 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/checked.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#ifndef GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_ |
||||||
|
#define GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "upb/port_def.inc" |
||||||
|
#ifdef __cplusplus |
||||||
|
extern "C" { |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_checked_proto_upbdefinit; |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_ReferenceMapEntry_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr.ReferenceMapEntry"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_TypeMapEntry_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr.TypeMapEntry"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_ListType_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.ListType"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_MapType_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.MapType"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_FunctionType_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.FunctionType"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_AbstractType_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.AbstractType"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_IdentDecl_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.IdentDecl"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_FunctionDecl_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.FunctionDecl"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_FunctionDecl_Overload_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.FunctionDecl.Overload"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Reference_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Reference"); |
||||||
|
} |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
} /* extern "C" */ |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
||||||
|
#endif /* GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_ */ |
@ -0,0 +1,58 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/eval.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "google/api/expr/v1alpha1/eval.upbdefs.h" |
||||||
|
#include "google/api/expr/v1alpha1/eval.upb.h" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit; |
||||||
|
extern upb_def_init google_rpc_status_proto_upbdefinit; |
||||||
|
static const char descriptor[738] = {'\n', '#', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '/', 'e', 'v', 'a', 'l', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.',
|
||||||
|
'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i',
|
||||||
|
'/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p', 'r', 'o', 't',
|
||||||
|
'o', '\032', '\027', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'r', 'p', 'c', '/', 's', 't', 'a', 't', 'u', 's', '.', 'p', 'r', 'o', 't',
|
||||||
|
'o', '\"', '\302', '\001', '\n', '\t', 'E', 'v', 'a', 'l', 'S', 't', 'a', 't', 'e', '\022', ';', '\n', '\006', 'v', 'a', 'l', 'u', 'e', 's',
|
||||||
|
'\030', '\001', ' ', '\003', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
|
||||||
|
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e',
|
||||||
|
's', '\022', 'D', '\n', '\007', 'r', 'e', 's', 'u', 'l', 't', 's', '\030', '\003', ' ', '\003', '(', '\013', '2', '*', '.', 'g', 'o', 'o', 'g',
|
||||||
|
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'v', 'a', 'l',
|
||||||
|
'S', 't', 'a', 't', 'e', '.', 'R', 'e', 's', 'u', 'l', 't', 'R', '\007', 'r', 'e', 's', 'u', 'l', 't', 's', '\032', '2', '\n', '\006',
|
||||||
|
'R', 'e', 's', 'u', 'l', 't', '\022', '\022', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\004', 'e', 'x', 'p',
|
||||||
|
'r', '\022', '\024', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\003', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\"', '\312',
|
||||||
|
'\001', '\n', '\t', 'E', 'x', 'p', 'r', 'V', 'a', 'l', 'u', 'e', '\022', '7', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001',
|
||||||
|
'(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
|
||||||
|
'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\022', ':', '\n', '\005', 'e', 'r',
|
||||||
|
'r', 'o', 'r', '\030', '\002', ' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
|
||||||
|
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'r', 'r', 'o', 'r', 'S', 'e', 't', 'H', '\000', 'R', '\005', 'e',
|
||||||
|
'r', 'r', 'o', 'r', '\022', '@', '\n', '\007', 'u', 'n', 'k', 'n', 'o', 'w', 'n', '\030', '\003', ' ', '\001', '(', '\013', '2', '$', '.', 'g',
|
||||||
|
'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'U',
|
||||||
|
'n', 'k', 'n', 'o', 'w', 'n', 'S', 'e', 't', 'H', '\000', 'R', '\007', 'u', 'n', 'k', 'n', 'o', 'w', 'n', 'B', '\006', '\n', '\004', 'k',
|
||||||
|
'i', 'n', 'd', '\"', '6', '\n', '\010', 'E', 'r', 'r', 'o', 'r', 'S', 'e', 't', '\022', '*', '\n', '\006', 'e', 'r', 'r', 'o', 'r', 's',
|
||||||
|
'\030', '\001', ' ', '\003', '(', '\013', '2', '\022', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'r', 'p', 'c', '.', 'S', 't', 'a', 't', 'u',
|
||||||
|
's', 'R', '\006', 'e', 'r', 'r', 'o', 'r', 's', '\"', '\"', '\n', '\n', 'U', 'n', 'k', 'n', 'o', 'w', 'n', 'S', 'e', 't', '\022', '\024',
|
||||||
|
'\n', '\005', 'e', 'x', 'p', 'r', 's', '\030', '\001', ' ', '\003', '(', '\003', 'R', '\005', 'e', 'x', 'p', 'r', 's', 'B', 'l', '\n', '\034', 'c',
|
||||||
|
'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h',
|
||||||
|
'a', '1', 'B', '\t', 'E', 'v', 'a', 'l', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g',
|
||||||
|
'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e',
|
||||||
|
'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x',
|
||||||
|
'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
|
||||||
|
}; |
||||||
|
|
||||||
|
static upb_def_init *deps[3] = { |
||||||
|
&google_api_expr_v1alpha1_value_proto_upbdefinit, |
||||||
|
&google_rpc_status_proto_upbdefinit, |
||||||
|
NULL |
||||||
|
}; |
||||||
|
|
||||||
|
upb_def_init google_api_expr_v1alpha1_eval_proto_upbdefinit = { |
||||||
|
deps, |
||||||
|
&google_api_expr_v1alpha1_eval_proto_upb_file_layout, |
||||||
|
"google/api/expr/v1alpha1/eval.proto", |
||||||
|
UPB_STRVIEW_INIT(descriptor, 738) |
||||||
|
}; |
@ -0,0 +1,55 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/eval.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#ifndef GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_ |
||||||
|
#define GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "upb/port_def.inc" |
||||||
|
#ifdef __cplusplus |
||||||
|
extern "C" { |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_eval_proto_upbdefinit; |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EvalState_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EvalState"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EvalState_Result_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EvalState.Result"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ExprValue_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ExprValue"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ErrorSet_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ErrorSet"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_UnknownSet_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.UnknownSet"); |
||||||
|
} |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
} /* extern "C" */ |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
||||||
|
#endif /* GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_ */ |
@ -0,0 +1,44 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/explain.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "google/api/expr/v1alpha1/explain.upbdefs.h" |
||||||
|
#include "google/api/expr/v1alpha1/explain.upb.h" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit; |
||||||
|
static const char descriptor[434] = {'\n', '&', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '/', 'e', 'x', 'p', 'l', 'a', 'i', 'n', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
|
||||||
|
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/',
|
||||||
|
'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p',
|
||||||
|
'r', 'o', 't', 'o', '\"', '\316', '\001', '\n', '\007', 'E', 'x', 'p', 'l', 'a', 'i', 'n', '\022', '7', '\n', '\006', 'v', 'a', 'l', 'u', 'e',
|
||||||
|
's', '\030', '\001', ' ', '\003', '(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
|
||||||
|
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\022', 'I',
|
||||||
|
'\n', '\n', 'e', 'x', 'p', 'r', '_', 's', 't', 'e', 'p', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '*', '.', 'g', 'o', 'o', 'g',
|
||||||
|
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'l',
|
||||||
|
'a', 'i', 'n', '.', 'E', 'x', 'p', 'r', 'S', 't', 'e', 'p', 'R', '\t', 'e', 'x', 'p', 'r', 'S', 't', 'e', 'p', 's', '\032', ';',
|
||||||
|
'\n', '\010', 'E', 'x', 'p', 'r', 'S', 't', 'e', 'p', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\002', 'i',
|
||||||
|
'd', '\022', '\037', '\n', '\013', 'v', 'a', 'l', 'u', 'e', '_', 'i', 'n', 'd', 'e', 'x', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\n', 'v',
|
||||||
|
'a', 'l', 'u', 'e', 'I', 'n', 'd', 'e', 'x', ':', '\002', '\030', '\001', 'B', 'o', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o', 'g',
|
||||||
|
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\014', 'E', 'x', 'p',
|
||||||
|
'l', 'a', 'i', 'n', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n',
|
||||||
|
'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's',
|
||||||
|
'/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001',
|
||||||
|
'\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
|
||||||
|
}; |
||||||
|
|
||||||
|
static upb_def_init *deps[2] = { |
||||||
|
&google_api_expr_v1alpha1_value_proto_upbdefinit, |
||||||
|
NULL |
||||||
|
}; |
||||||
|
|
||||||
|
upb_def_init google_api_expr_v1alpha1_explain_proto_upbdefinit = { |
||||||
|
deps, |
||||||
|
&google_api_expr_v1alpha1_explain_proto_upb_file_layout, |
||||||
|
"google/api/expr/v1alpha1/explain.proto", |
||||||
|
UPB_STRVIEW_INIT(descriptor, 434) |
||||||
|
}; |
@ -0,0 +1,40 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/explain.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#ifndef GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_ |
||||||
|
#define GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "upb/port_def.inc" |
||||||
|
#ifdef __cplusplus |
||||||
|
extern "C" { |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_explain_proto_upbdefinit; |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Explain_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_explain_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Explain"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Explain_ExprStep_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_explain_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Explain.ExprStep"); |
||||||
|
} |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
} /* extern "C" */ |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
||||||
|
#endif /* GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_ */ |
@ -0,0 +1,153 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/syntax.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "google/api/expr/v1alpha1/syntax.upbdefs.h" |
||||||
|
#include "google/api/expr/v1alpha1/syntax.upb.h" |
||||||
|
|
||||||
|
extern upb_def_init google_protobuf_duration_proto_upbdefinit; |
||||||
|
extern upb_def_init google_protobuf_struct_proto_upbdefinit; |
||||||
|
extern upb_def_init google_protobuf_timestamp_proto_upbdefinit; |
||||||
|
static const char descriptor[3059] = {'\n', '%', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '/', 's', 'y', 'n', 't', 'a', 'x', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
|
||||||
|
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '\036', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p',
|
||||||
|
'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 'd', 'u', 'r', 'a', 't', 'i', 'o', 'n', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g',
|
||||||
|
'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o',
|
||||||
|
't', 'o', '\032', '\037', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 't', 'i', 'm', 'e', 's',
|
||||||
|
't', 'a', 'm', 'p', '.', 'p', 'r', 'o', 't', 'o', '\"', '\207', '\001', '\n', '\n', 'P', 'a', 'r', 's', 'e', 'd', 'E', 'x', 'p', 'r',
|
||||||
|
'\022', '2', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
|
||||||
|
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'e', 'x',
|
||||||
|
'p', 'r', '\022', 'E', '\n', '\013', 's', 'o', 'u', 'r', 'c', 'e', '_', 'i', 'n', 'f', 'o', '\030', '\003', ' ', '\001', '(', '\013', '2', '$',
|
||||||
|
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1',
|
||||||
|
'.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', 'R', '\n', 's', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\"', '\334',
|
||||||
|
'\014', '\n', '\004', 'E', 'x', 'p', 'r', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\002', ' ', '\001', '(', '\003', 'R', '\002', 'i', 'd', '\022', 'C',
|
||||||
|
'\n', '\n', 'c', 'o', 'n', 's', 't', '_', 'e', 'x', 'p', 'r', '\030', '\003', ' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g',
|
||||||
|
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's',
|
||||||
|
't', 'a', 'n', 't', 'H', '\000', 'R', '\t', 'c', 'o', 'n', 's', 't', 'E', 'x', 'p', 'r', '\022', 'E', '\n', '\n', 'i', 'd', 'e', 'n',
|
||||||
|
't', '_', 'e', 'x', 'p', 'r', '\030', '\004', ' ', '\001', '(', '\013', '2', '$', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
|
||||||
|
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'I', 'd', 'e', 'n', 't',
|
||||||
|
'H', '\000', 'R', '\t', 'i', 'd', 'e', 'n', 't', 'E', 'x', 'p', 'r', '\022', 'H', '\n', '\013', 's', 'e', 'l', 'e', 'c', 't', '_', 'e',
|
||||||
|
'x', 'p', 'r', '\030', '\005', ' ', '\001', '(', '\013', '2', '%', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
|
||||||
|
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'S', 'e', 'l', 'e', 'c', 't', 'H', '\000',
|
||||||
|
'R', '\n', 's', 'e', 'l', 'e', 'c', 't', 'E', 'x', 'p', 'r', '\022', 'B', '\n', '\t', 'c', 'a', 'l', 'l', '_', 'e', 'x', 'p', 'r',
|
||||||
|
'\030', '\006', ' ', '\001', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
|
||||||
|
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'a', 'l', 'l', 'H', '\000', 'R', '\010', 'c', 'a', 'l',
|
||||||
|
'l', 'E', 'x', 'p', 'r', '\022', 'H', '\n', '\t', 'l', 'i', 's', 't', '_', 'e', 'x', 'p', 'r', '\030', '\007', ' ', '\001', '(', '\013', '2',
|
||||||
|
')', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r', 'e', 'a', 't', 'e', 'L', 'i', 's', 't', 'H', '\000', 'R', '\010', 'l', 'i', 's', 't',
|
||||||
|
'E', 'x', 'p', 'r', '\022', 'N', '\n', '\013', 's', 't', 'r', 'u', 'c', 't', '_', 'e', 'x', 'p', 'r', '\030', '\010', ' ', '\001', '(', '\013',
|
||||||
|
'2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h',
|
||||||
|
'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r', 'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', 'H', '\000', 'R', '\n', 's',
|
||||||
|
't', 'r', 'u', 'c', 't', 'E', 'x', 'p', 'r', '\022', ']', '\n', '\022', 'c', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o',
|
||||||
|
'n', '_', 'e', 'x', 'p', 'r', '\030', '\t', ' ', '\001', '(', '\013', '2', ',', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
|
||||||
|
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'o', 'm', 'p', 'r',
|
||||||
|
'e', 'h', 'e', 'n', 's', 'i', 'o', 'n', 'H', '\000', 'R', '\021', 'c', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o', 'n',
|
||||||
|
'E', 'x', 'p', 'r', '\032', '\033', '\n', '\005', 'I', 'd', 'e', 'n', 't', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001',
|
||||||
|
'(', '\t', 'R', '\004', 'n', 'a', 'm', 'e', '\032', 'u', '\n', '\006', 'S', 'e', 'l', 'e', 'c', 't', '\022', '8', '\n', '\007', 'o', 'p', 'e',
|
||||||
|
'r', 'a', 'n', 'd', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e',
|
||||||
|
'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\007', 'o', 'p', 'e', 'r', 'a', 'n',
|
||||||
|
'd', '\022', '\024', '\n', '\005', 'f', 'i', 'e', 'l', 'd', '\030', '\002', ' ', '\001', '(', '\t', 'R', '\005', 'f', 'i', 'e', 'l', 'd', '\022', '\033',
|
||||||
|
'\n', '\t', 't', 'e', 's', 't', '_', 'o', 'n', 'l', 'y', '\030', '\003', ' ', '\001', '(', '\010', 'R', '\010', 't', 'e', 's', 't', 'O', 'n',
|
||||||
|
'l', 'y', '\032', '\216', '\001', '\n', '\004', 'C', 'a', 'l', 'l', '\022', '6', '\n', '\006', 't', 'a', 'r', 'g', 'e', 't', '\030', '\001', ' ', '\001',
|
||||||
|
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
|
||||||
|
'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\006', 't', 'a', 'r', 'g', 'e', 't', '\022', '\032', '\n', '\010', 'f', 'u', 'n', 'c',
|
||||||
|
't', 'i', 'o', 'n', '\030', '\002', ' ', '\001', '(', '\t', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '2', '\n', '\004', 'a',
|
||||||
|
'r', 'g', 's', '\030', '\003', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
|
||||||
|
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'a', 'r', 'g', 's', '\032', 'H', '\n',
|
||||||
|
'\n', 'C', 'r', 'e', 'a', 't', 'e', 'L', 'i', 's', 't', '\022', ':', '\n', '\010', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '\030', '\001',
|
||||||
|
' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
|
||||||
|
'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\010', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '\032', '\264', '\002', '\n',
|
||||||
|
'\014', 'C', 'r', 'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', '\022', '!', '\n', '\014', 'm', 'e', 's', 's', 'a', 'g', 'e', '_',
|
||||||
|
'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\013', 'm', 'e', 's', 's', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '\022', 'K',
|
||||||
|
'\n', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '1', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
|
||||||
|
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r',
|
||||||
|
'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', '.', 'E', 'n', 't', 'r', 'y', 'R', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's',
|
||||||
|
'\032', '\263', '\001', '\n', '\005', 'E', 'n', 't', 'r', 'y', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\002', 'i',
|
||||||
|
'd', '\022', '\035', '\n', '\t', 'f', 'i', 'e', 'l', 'd', '_', 'k', 'e', 'y', '\030', '\002', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\010', 'f',
|
||||||
|
'i', 'e', 'l', 'd', 'K', 'e', 'y', '\022', '9', '\n', '\007', 'm', 'a', 'p', '_', 'k', 'e', 'y', '\030', '\003', ' ', '\001', '(', '\013', '2',
|
||||||
|
'\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '.', 'E', 'x', 'p', 'r', 'H', '\000', 'R', '\006', 'm', 'a', 'p', 'K', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u', 'e',
|
||||||
|
'\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
|
||||||
|
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', '\n', '\n', '\010', 'k',
|
||||||
|
'e', 'y', '_', 'k', 'i', 'n', 'd', '\032', '\375', '\002', '\n', '\r', 'C', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o', 'n',
|
||||||
|
'\022', '\031', '\n', '\010', 'i', 't', 'e', 'r', '_', 'v', 'a', 'r', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\007', 'i', 't', 'e', 'r', 'V',
|
||||||
|
'a', 'r', '\022', '=', '\n', '\n', 'i', 't', 'e', 'r', '_', 'r', 'a', 'n', 'g', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.',
|
||||||
|
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
|
||||||
|
'E', 'x', 'p', 'r', 'R', '\t', 'i', 't', 'e', 'r', 'R', 'a', 'n', 'g', 'e', '\022', '\031', '\n', '\010', 'a', 'c', 'c', 'u', '_', 'v',
|
||||||
|
'a', 'r', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\007', 'a', 'c', 'c', 'u', 'V', 'a', 'r', '\022', ';', '\n', '\t', 'a', 'c', 'c', 'u',
|
||||||
|
'_', 'i', 'n', 'i', 't', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.',
|
||||||
|
'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\010', 'a', 'c', 'c', 'u', 'I',
|
||||||
|
'n', 'i', 't', '\022', 'E', '\n', '\016', 'l', 'o', 'o', 'p', '_', 'c', 'o', 'n', 'd', 'i', 't', 'i', 'o', 'n', '\030', '\005', ' ', '\001',
|
||||||
|
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
|
||||||
|
'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\r', 'l', 'o', 'o', 'p', 'C', 'o', 'n', 'd', 'i', 't', 'i', 'o', 'n', '\022',
|
||||||
|
';', '\n', '\t', 'l', 'o', 'o', 'p', '_', 's', 't', 'e', 'p', '\030', '\006', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g',
|
||||||
|
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r',
|
||||||
|
'R', '\010', 'l', 'o', 'o', 'p', 'S', 't', 'e', 'p', '\022', '6', '\n', '\006', 'r', 'e', 's', 'u', 'l', 't', '\030', '\007', ' ', '\001', '(',
|
||||||
|
'\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
|
||||||
|
'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\006', 'r', 'e', 's', 'u', 'l', 't', 'B', '\013', '\n', '\t', 'e', 'x', 'p', 'r', '_',
|
||||||
|
'k', 'i', 'n', 'd', '\"', '\301', '\003', '\n', '\010', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', '\022', ';', '\n', '\n', 'n', 'u', 'l', 'l',
|
||||||
|
'_', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001', '(', '\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o',
|
||||||
|
't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'n', 'u', 'l', 'l', 'V', 'a',
|
||||||
|
'l', 'u', 'e', '\022', '\037', '\n', '\n', 'b', 'o', 'o', 'l', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\010', 'H', '\000',
|
||||||
|
'R', '\t', 'b', 'o', 'o', 'l', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u',
|
||||||
|
'e', '\030', '\003', ' ', '\001', '(', '\003', 'H', '\000', 'R', '\n', 'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014',
|
||||||
|
'u', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\004', ' ', '\001', '(', '\004', 'H', '\000', 'R', '\013', 'u', 'i', 'n',
|
||||||
|
't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 'd', 'o', 'u', 'b', 'l', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030',
|
||||||
|
'\005', ' ', '\001', '(', '\001', 'H', '\000', 'R', '\013', 'd', 'o', 'u', 'b', 'l', 'e', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 's',
|
||||||
|
't', 'r', 'i', 'n', 'g', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\006', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 's', 't', 'r', 'i',
|
||||||
|
'n', 'g', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013', 'b', 'y', 't', 'e', 's', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\007', ' ',
|
||||||
|
'\001', '(', '\014', 'H', '\000', 'R', '\n', 'b', 'y', 't', 'e', 's', 'V', 'a', 'l', 'u', 'e', '\022', 'F', '\n', '\016', 'd', 'u', 'r', 'a',
|
||||||
|
't', 'i', 'o', 'n', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\010', ' ', '\001', '(', '\013', '2', '\031', '.', 'g', 'o', 'o', 'g', 'l', 'e',
|
||||||
|
'.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'D', 'u', 'r', 'a', 't', 'i', 'o', 'n', 'B', '\002', '\030', '\001', 'H', '\000', 'R',
|
||||||
|
'\r', 'd', 'u', 'r', 'a', 't', 'i', 'o', 'n', 'V', 'a', 'l', 'u', 'e', '\022', 'I', '\n', '\017', 't', 'i', 'm', 'e', 's', 't', 'a',
|
||||||
|
'm', 'p', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\t', ' ', '\001', '(', '\013', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p',
|
||||||
|
'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'T', 'i', 'm', 'e', 's', 't', 'a', 'm', 'p', 'B', '\002', '\030', '\001', 'H', '\000', 'R', '\016',
|
||||||
|
't', 'i', 'm', 'e', 's', 't', 'a', 'm', 'p', 'V', 'a', 'l', 'u', 'e', 'B', '\017', '\n', '\r', 'c', 'o', 'n', 's', 't', 'a', 'n',
|
||||||
|
't', '_', 'k', 'i', 'n', 'd', '\"', '\271', '\003', '\n', '\n', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\022', '%', '\n', '\016',
|
||||||
|
's', 'y', 'n', 't', 'a', 'x', '_', 'v', 'e', 'r', 's', 'i', 'o', 'n', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\r', 's', 'y', 'n',
|
||||||
|
't', 'a', 'x', 'V', 'e', 'r', 's', 'i', 'o', 'n', '\022', '\032', '\n', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\030', '\002', ' ',
|
||||||
|
'\001', '(', '\t', 'R', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\022', '!', '\n', '\014', 'l', 'i', 'n', 'e', '_', 'o', 'f', 'f',
|
||||||
|
's', 'e', 't', 's', '\030', '\003', ' ', '\003', '(', '\005', 'R', '\013', 'l', 'i', 'n', 'e', 'O', 'f', 'f', 's', 'e', 't', 's', '\022', 'Q',
|
||||||
|
'\n', '\t', 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 's', '\030', '\004', ' ', '\003', '(', '\013', '2', '3', '.', 'g', 'o', 'o', 'g', 'l',
|
||||||
|
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'S', 'o', 'u', 'r', 'c',
|
||||||
|
'e', 'I', 'n', 'f', 'o', '.', 'P', 'o', 's', 'i', 't', 'i', 'o', 'n', 's', 'E', 'n', 't', 'r', 'y', 'R', '\t', 'p', 'o', 's',
|
||||||
|
'i', 't', 'i', 'o', 'n', 's', '\022', 'U', '\n', '\013', 'm', 'a', 'c', 'r', 'o', '_', 'c', 'a', 'l', 'l', 's', '\030', '\005', ' ', '\003',
|
||||||
|
'(', '\013', '2', '4', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
|
||||||
|
'p', 'h', 'a', '1', '.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '.', 'M', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l',
|
||||||
|
's', 'E', 'n', 't', 'r', 'y', 'R', '\n', 'm', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l', 's', '\032', '<', '\n', '\016', 'P', 'o', 's',
|
||||||
|
'i', 't', 'i', 'o', 'n', 's', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R',
|
||||||
|
'\003', 'k', 'e', 'y', '\022', '\024', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\005', 'v', 'a', 'l', 'u',
|
||||||
|
'e', ':', '\002', '8', '\001', '\032', ']', '\n', '\017', 'M', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l', 's', 'E', 'n', 't', 'r', 'y', '\022',
|
||||||
|
'\020', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u',
|
||||||
|
'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
|
||||||
|
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':', '\002', '8', '\001',
|
||||||
|
'\"', 'p', '\n', '\016', 'S', 'o', 'u', 'r', 'c', 'e', 'P', 'o', 's', 'i', 't', 'i', 'o', 'n', '\022', '\032', '\n', '\010', 'l', 'o', 'c',
|
||||||
|
'a', 't', 'i', 'o', 'n', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\022', '\026', '\n', '\006',
|
||||||
|
'o', 'f', 'f', 's', 'e', 't', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\006', 'o', 'f', 'f', 's', 'e', 't', '\022', '\022', '\n', '\004', 'l',
|
||||||
|
'i', 'n', 'e', '\030', '\003', ' ', '\001', '(', '\005', 'R', '\004', 'l', 'i', 'n', 'e', '\022', '\026', '\n', '\006', 'c', 'o', 'l', 'u', 'm', 'n',
|
||||||
|
'\030', '\004', ' ', '\001', '(', '\005', 'R', '\006', 'c', 'o', 'l', 'u', 'm', 'n', 'B', 'n', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o',
|
||||||
|
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\013', 'S', 'y',
|
||||||
|
'n', 't', 'a', 'x', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n',
|
||||||
|
'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's',
|
||||||
|
'/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001',
|
||||||
|
'\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
|
||||||
|
}; |
||||||
|
|
||||||
|
static upb_def_init *deps[4] = { |
||||||
|
&google_protobuf_duration_proto_upbdefinit, |
||||||
|
&google_protobuf_struct_proto_upbdefinit, |
||||||
|
&google_protobuf_timestamp_proto_upbdefinit, |
||||||
|
NULL |
||||||
|
}; |
||||||
|
|
||||||
|
upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit = { |
||||||
|
deps, |
||||||
|
&google_api_expr_v1alpha1_syntax_proto_upb_file_layout, |
||||||
|
"google/api/expr/v1alpha1/syntax.proto", |
||||||
|
UPB_STRVIEW_INIT(descriptor, 3059) |
||||||
|
}; |
@ -0,0 +1,100 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/syntax.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#ifndef GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_ |
||||||
|
#define GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "upb/port_def.inc" |
||||||
|
#ifdef __cplusplus |
||||||
|
extern "C" { |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit; |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ParsedExpr_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ParsedExpr"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Ident_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Ident"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Select_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Select"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Call_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Call"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateList_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateList"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateStruct_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateStruct"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateStruct_Entry_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateStruct.Entry"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Comprehension_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Comprehension"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Constant_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Constant"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_PositionsEntry_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo.PositionsEntry"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_MacroCallsEntry_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo.MacroCallsEntry"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourcePosition_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourcePosition"); |
||||||
|
} |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
} /* extern "C" */ |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
||||||
|
#endif /* GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_ */ |
@ -0,0 +1,75 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/value.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "google/api/expr/v1alpha1/value.upbdefs.h" |
||||||
|
#include "google/api/expr/v1alpha1/value.upb.h" |
||||||
|
|
||||||
|
extern upb_def_init google_protobuf_any_proto_upbdefinit; |
||||||
|
extern upb_def_init google_protobuf_struct_proto_upbdefinit; |
||||||
|
static const char descriptor[1153] = {'\n', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
|
||||||
|
'1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
|
||||||
|
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '\031', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r',
|
||||||
|
'o', 't', 'o', 'b', 'u', 'f', '/', 'a', 'n', 'y', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g', 'o', 'o', 'g', 'l', 'e', '/',
|
||||||
|
'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o', 't', 'o', '\"', '\315', '\004', '\n',
|
||||||
|
'\005', 'V', 'a', 'l', 'u', 'e', '\022', ';', '\n', '\n', 'n', 'u', 'l', 'l', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001', '(',
|
||||||
|
'\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V',
|
||||||
|
'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'n', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', '\022', '\037', '\n', '\n', 'b', 'o', 'o', 'l',
|
||||||
|
'_', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\010', 'H', '\000', 'R', '\t', 'b', 'o', 'o', 'l', 'V', 'a', 'l', 'u', 'e',
|
||||||
|
'\022', '!', '\n', '\013', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\003', ' ', '\001', '(', '\003', 'H', '\000', 'R', '\n',
|
||||||
|
'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 'u', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u',
|
||||||
|
'e', '\030', '\004', ' ', '\001', '(', '\004', 'H', '\000', 'R', '\013', 'u', 'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n',
|
||||||
|
'\014', 'd', 'o', 'u', 'b', 'l', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\005', ' ', '\001', '(', '\001', 'H', '\000', 'R', '\013', 'd', 'o',
|
||||||
|
'u', 'b', 'l', 'e', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 's', 't', 'r', 'i', 'n', 'g', '_', 'v', 'a', 'l', 'u', 'e',
|
||||||
|
'\030', '\006', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 's', 't', 'r', 'i', 'n', 'g', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013',
|
||||||
|
'b', 'y', 't', 'e', 's', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\007', ' ', '\001', '(', '\014', 'H', '\000', 'R', '\n', 'b', 'y', 't', 'e',
|
||||||
|
's', 'V', 'a', 'l', 'u', 'e', '\022', 'D', '\n', '\n', 'e', 'n', 'u', 'm', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\t', ' ', '\001', '(',
|
||||||
|
'\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
|
||||||
|
'h', 'a', '1', '.', 'E', 'n', 'u', 'm', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'e', 'n', 'u', 'm', 'V', 'a', 'l', 'u',
|
||||||
|
'e', '\022', '9', '\n', '\014', 'o', 'b', 'j', 'e', 'c', 't', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\n', ' ', '\001', '(', '\013', '2', '\024',
|
||||||
|
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'A', 'n', 'y', 'H', '\000', 'R', '\013', 'o',
|
||||||
|
'b', 'j', 'e', 'c', 't', 'V', 'a', 'l', 'u', 'e', '\022', 'A', '\n', '\t', 'm', 'a', 'p', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\013',
|
||||||
|
' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
|
||||||
|
'a', 'l', 'p', 'h', 'a', '1', '.', 'M', 'a', 'p', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\010', 'm', 'a', 'p', 'V', 'a', 'l',
|
||||||
|
'u', 'e', '\022', 'D', '\n', '\n', 'l', 'i', 's', 't', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\014', ' ', '\001', '(', '\013', '2', '#', '.',
|
||||||
|
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
|
||||||
|
'L', 'i', 's', 't', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'l', 'i', 's', 't', 'V', 'a', 'l', 'u', 'e', '\022', '\037', '\n',
|
||||||
|
'\n', 't', 'y', 'p', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\017', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\t', 't', 'y', 'p', 'e',
|
||||||
|
'V', 'a', 'l', 'u', 'e', 'B', '\006', '\n', '\004', 'k', 'i', 'n', 'd', '\"', '5', '\n', '\t', 'E', 'n', 'u', 'm', 'V', 'a', 'l', 'u',
|
||||||
|
'e', '\022', '\022', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\004', 't', 'y', 'p', 'e', '\022', '\024', '\n', '\005',
|
||||||
|
'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\"', 'D', '\n', '\t', 'L', 'i', 's',
|
||||||
|
't', 'V', 'a', 'l', 'u', 'e', '\022', '7', '\n', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\030', '\001', ' ', '\003', '(', '\013', '2', '\037', '.',
|
||||||
|
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
|
||||||
|
'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\"', '\301', '\001', '\n', '\010', 'M', 'a', 'p', 'V', 'a', 'l', 'u',
|
||||||
|
'e', '\022', 'B', '\n', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\030', '\001', ' ', '\003', '(', '\013', '2', '(', '.', 'g', 'o', 'o', 'g',
|
||||||
|
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'M', 'a', 'p', 'V',
|
||||||
|
'a', 'l', 'u', 'e', '.', 'E', 'n', 't', 'r', 'y', 'R', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\032', 'q', '\n', '\005', 'E', 'n',
|
||||||
|
't', 'r', 'y', '\022', '1', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e',
|
||||||
|
'.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'R',
|
||||||
|
'\003', 'k', 'e', 'y', '\022', '5', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\037', '.', 'g', 'o', 'o',
|
||||||
|
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l',
|
||||||
|
'u', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', 'm', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
|
||||||
|
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\n', 'V', 'a', 'l', 'u', 'e', 'P', 'r',
|
||||||
|
'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/',
|
||||||
|
'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e',
|
||||||
|
'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o',
|
||||||
|
't', 'o', '3',
|
||||||
|
}; |
||||||
|
|
||||||
|
static upb_def_init *deps[3] = { |
||||||
|
&google_protobuf_any_proto_upbdefinit, |
||||||
|
&google_protobuf_struct_proto_upbdefinit, |
||||||
|
NULL |
||||||
|
}; |
||||||
|
|
||||||
|
upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit = { |
||||||
|
deps, |
||||||
|
&google_api_expr_v1alpha1_value_proto_upb_file_layout, |
||||||
|
"google/api/expr/v1alpha1/value.proto", |
||||||
|
UPB_STRVIEW_INIT(descriptor, 1153) |
||||||
|
}; |
@ -0,0 +1,55 @@ |
|||||||
|
/* This file was generated by upbc (the upb compiler) from the input
|
||||||
|
* file: |
||||||
|
* |
||||||
|
* google/api/expr/v1alpha1/value.proto |
||||||
|
* |
||||||
|
* Do not edit -- your changes will be discarded when the file is |
||||||
|
* regenerated. */ |
||||||
|
|
||||||
|
#ifndef GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_ |
||||||
|
#define GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_ |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
#include "upb/port_def.inc" |
||||||
|
#ifdef __cplusplus |
||||||
|
extern "C" { |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/def.h" |
||||||
|
|
||||||
|
#include "upb/port_def.inc" |
||||||
|
|
||||||
|
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit; |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Value_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Value"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EnumValue_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EnumValue"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ListValue_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ListValue"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_MapValue_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.MapValue"); |
||||||
|
} |
||||||
|
|
||||||
|
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_MapValue_Entry_getmsgdef(upb_symtab *s) { |
||||||
|
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit); |
||||||
|
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.MapValue.Entry"); |
||||||
|
} |
||||||
|
|
||||||
|
#ifdef __cplusplus |
||||||
|
} /* extern "C" */ |
||||||
|
#endif |
||||||
|
|
||||||
|
#include "upb/port_undef.inc" |
||||||
|
|
||||||
|
#endif /* GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_ */ |
@ -0,0 +1,551 @@ |
|||||||
|
//
|
||||||
|
// Copyright 2021 gRPC authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
//
|
||||||
|
|
||||||
|
#include <grpc/support/port_platform.h> |
||||||
|
|
||||||
|
#include "src/core/ext/xds/xds_http_rbac_filter.h" |
||||||
|
|
||||||
|
#include "absl/strings/str_format.h" |
||||||
|
#include "envoy/config/core/v3/address.upb.h" |
||||||
|
#include "envoy/config/rbac/v3/rbac.upb.h" |
||||||
|
#include "envoy/config/route/v3/route_components.upb.h" |
||||||
|
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h" |
||||||
|
#include "envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h" |
||||||
|
#include "envoy/type/matcher/v3/path.upb.h" |
||||||
|
#include "envoy/type/matcher/v3/regex.upb.h" |
||||||
|
#include "envoy/type/matcher/v3/string.upb.h" |
||||||
|
#include "envoy/type/v3/range.upb.h" |
||||||
|
#include "google/protobuf/wrappers.upb.h" |
||||||
|
|
||||||
|
#include "src/core/ext/filters/rbac/rbac_filter.h" |
||||||
|
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h" |
||||||
|
#include "src/core/ext/xds/upb_utils.h" |
||||||
|
#include "src/core/lib/channel/channel_args.h" |
||||||
|
|
||||||
|
namespace grpc_core { |
||||||
|
|
||||||
|
const char* kXdsHttpRbacFilterConfigName = |
||||||
|
"envoy.extensions.filters.http.rbac.v3.RBAC"; |
||||||
|
|
||||||
|
const char* kXdsHttpRbacFilterConfigOverrideName = |
||||||
|
"envoy.extensions.filters.http.rbac.v3.RBACPerRoute"; |
||||||
|
|
||||||
|
namespace { |
||||||
|
|
||||||
|
Json ParseRegexMatcherToJson( |
||||||
|
const envoy_type_matcher_v3_RegexMatcher* regex_matcher) { |
||||||
|
return Json::Object( |
||||||
|
{{"regex", UpbStringToStdString(envoy_type_matcher_v3_RegexMatcher_regex( |
||||||
|
regex_matcher))}}); |
||||||
|
} |
||||||
|
|
||||||
|
Json ParseInt64RangeToJson(const envoy_type_v3_Int64Range* range) { |
||||||
|
return Json::Object{{"start", envoy_type_v3_Int64Range_start(range)}, |
||||||
|
{"end", envoy_type_v3_Int64Range_end(range)}}; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<Json> ParseHeaderMatcherToJson( |
||||||
|
const envoy_config_route_v3_HeaderMatcher* header) { |
||||||
|
Json::Object header_json; |
||||||
|
std::vector<absl::Status> error_list; |
||||||
|
std::string name = |
||||||
|
UpbStringToStdString(envoy_config_route_v3_HeaderMatcher_name(header)); |
||||||
|
if (name == ":scheme") { |
||||||
|
error_list.push_back( |
||||||
|
absl::InvalidArgumentError("':scheme' not allowed in header")); |
||||||
|
} else if (absl::StartsWith(name, "grpc-")) { |
||||||
|
error_list.push_back( |
||||||
|
absl::InvalidArgumentError("'grpc-' prefixes not allowed in header")); |
||||||
|
} |
||||||
|
header_json.emplace("name", std::move(name)); |
||||||
|
if (envoy_config_route_v3_HeaderMatcher_has_exact_match(header)) { |
||||||
|
header_json.emplace( |
||||||
|
"exactMatch", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_config_route_v3_HeaderMatcher_exact_match(header))); |
||||||
|
} else if (envoy_config_route_v3_HeaderMatcher_has_safe_regex_match(header)) { |
||||||
|
header_json.emplace( |
||||||
|
"safeRegexMatch", |
||||||
|
ParseRegexMatcherToJson( |
||||||
|
envoy_config_route_v3_HeaderMatcher_safe_regex_match(header))); |
||||||
|
} else if (envoy_config_route_v3_HeaderMatcher_has_range_match(header)) { |
||||||
|
header_json.emplace( |
||||||
|
"rangeMatch", |
||||||
|
ParseInt64RangeToJson( |
||||||
|
envoy_config_route_v3_HeaderMatcher_range_match(header))); |
||||||
|
} else if (envoy_config_route_v3_HeaderMatcher_has_present_match(header)) { |
||||||
|
header_json.emplace( |
||||||
|
"presentMatch", |
||||||
|
envoy_config_route_v3_HeaderMatcher_present_match(header)); |
||||||
|
} else if (envoy_config_route_v3_HeaderMatcher_has_prefix_match(header)) { |
||||||
|
header_json.emplace( |
||||||
|
"prefixMatch", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_config_route_v3_HeaderMatcher_prefix_match(header))); |
||||||
|
} else if (envoy_config_route_v3_HeaderMatcher_has_suffix_match(header)) { |
||||||
|
header_json.emplace( |
||||||
|
"suffixMatch", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_config_route_v3_HeaderMatcher_suffix_match(header))); |
||||||
|
} else if (envoy_config_route_v3_HeaderMatcher_has_contains_match(header)) { |
||||||
|
header_json.emplace( |
||||||
|
"containsMatch", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_config_route_v3_HeaderMatcher_contains_match(header))); |
||||||
|
} else { |
||||||
|
error_list.push_back( |
||||||
|
absl::InvalidArgumentError("Invalid route header matcher specified.")); |
||||||
|
} |
||||||
|
if (!error_list.empty()) { |
||||||
|
return StatusCreate(absl::StatusCode::kInvalidArgument, |
||||||
|
"Error parsing HeaderMatcher", DEBUG_LOCATION, |
||||||
|
std::move(error_list)); |
||||||
|
} |
||||||
|
header_json.emplace("invertMatch", |
||||||
|
envoy_config_route_v3_HeaderMatcher_invert_match(header)); |
||||||
|
return header_json; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<Json> ParseStringMatcherToJson( |
||||||
|
const envoy_type_matcher_v3_StringMatcher* matcher) { |
||||||
|
Json::Object json; |
||||||
|
if (envoy_type_matcher_v3_StringMatcher_has_exact(matcher)) { |
||||||
|
json.emplace("exact", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_type_matcher_v3_StringMatcher_exact(matcher))); |
||||||
|
} else if (envoy_type_matcher_v3_StringMatcher_has_prefix(matcher)) { |
||||||
|
json.emplace("prefix", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_type_matcher_v3_StringMatcher_prefix(matcher))); |
||||||
|
} else if (envoy_type_matcher_v3_StringMatcher_has_suffix(matcher)) { |
||||||
|
json.emplace("suffix", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_type_matcher_v3_StringMatcher_suffix(matcher))); |
||||||
|
} else if (envoy_type_matcher_v3_StringMatcher_has_safe_regex(matcher)) { |
||||||
|
json.emplace("safeRegex", |
||||||
|
ParseRegexMatcherToJson( |
||||||
|
envoy_type_matcher_v3_StringMatcher_safe_regex(matcher))); |
||||||
|
} else if (envoy_type_matcher_v3_StringMatcher_has_contains(matcher)) { |
||||||
|
json.emplace("contains", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_type_matcher_v3_StringMatcher_contains(matcher))); |
||||||
|
} else { |
||||||
|
return absl::InvalidArgumentError("StringMatcher: Invalid match pattern"); |
||||||
|
} |
||||||
|
json.emplace("ignoreCase", |
||||||
|
envoy_type_matcher_v3_StringMatcher_ignore_case(matcher)); |
||||||
|
return json; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<Json> ParsePathMatcherToJson( |
||||||
|
const envoy_type_matcher_v3_PathMatcher* matcher) { |
||||||
|
const auto* path = envoy_type_matcher_v3_PathMatcher_path(matcher); |
||||||
|
if (path == nullptr) { |
||||||
|
return absl::InvalidArgumentError("PathMatcher has empty path"); |
||||||
|
} |
||||||
|
Json::Object json; |
||||||
|
auto path_json = ParseStringMatcherToJson(path); |
||||||
|
if (!path_json.ok()) { |
||||||
|
return path_json; |
||||||
|
} |
||||||
|
json.emplace("path", std::move(*path_json)); |
||||||
|
return json; |
||||||
|
} |
||||||
|
|
||||||
|
Json ParseUInt32ValueToJson(const google_protobuf_UInt32Value* value) { |
||||||
|
return Json::Object{{"value", google_protobuf_UInt32Value_value(value)}}; |
||||||
|
} |
||||||
|
|
||||||
|
Json ParseCidrRangeToJson(const envoy_config_core_v3_CidrRange* range) { |
||||||
|
Json::Object json; |
||||||
|
json.emplace("addressPrefix", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_config_core_v3_CidrRange_address_prefix(range))); |
||||||
|
const auto* prefix_len = envoy_config_core_v3_CidrRange_prefix_len(range); |
||||||
|
if (prefix_len != nullptr) { |
||||||
|
json.emplace("prefixLen", ParseUInt32ValueToJson(prefix_len)); |
||||||
|
} |
||||||
|
return json; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<Json> ParsePermissionToJson( |
||||||
|
const envoy_config_rbac_v3_Permission* permission) { |
||||||
|
Json::Object permission_json; |
||||||
|
// Helper function to parse Permission::Set to JSON. Used by `and_rules` and
|
||||||
|
// `or_rules`.
|
||||||
|
auto parse_permission_set_to_json = |
||||||
|
[](const envoy_config_rbac_v3_Permission_Set* set) |
||||||
|
-> absl::StatusOr<Json> { |
||||||
|
std::vector<absl::Status> error_list; |
||||||
|
Json::Array rules_json; |
||||||
|
size_t size; |
||||||
|
const envoy_config_rbac_v3_Permission* const* rules = |
||||||
|
envoy_config_rbac_v3_Permission_Set_rules(set, &size); |
||||||
|
for (size_t i = 0; i < size; ++i) { |
||||||
|
auto permission_json = ParsePermissionToJson(rules[i]); |
||||||
|
if (!permission_json.ok()) { |
||||||
|
error_list.push_back(permission_json.status()); |
||||||
|
} else { |
||||||
|
rules_json.emplace_back(std::move(*permission_json)); |
||||||
|
} |
||||||
|
} |
||||||
|
if (!error_list.empty()) { |
||||||
|
return StatusCreate(absl::StatusCode::kInvalidArgument, |
||||||
|
"Error parsing Set", DEBUG_LOCATION, |
||||||
|
std::move(error_list)); |
||||||
|
} |
||||||
|
return Json::Object({{"rules", std::move(rules_json)}}); |
||||||
|
}; |
||||||
|
if (envoy_config_rbac_v3_Permission_has_and_rules(permission)) { |
||||||
|
const auto* and_rules = |
||||||
|
envoy_config_rbac_v3_Permission_and_rules(permission); |
||||||
|
auto permission_set_json = parse_permission_set_to_json(and_rules); |
||||||
|
if (!permission_set_json.ok()) { |
||||||
|
return permission_set_json; |
||||||
|
} |
||||||
|
permission_json.emplace("andRules", std::move(*permission_set_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_or_rules(permission)) { |
||||||
|
const auto* or_rules = envoy_config_rbac_v3_Permission_or_rules(permission); |
||||||
|
auto permission_set_json = parse_permission_set_to_json(or_rules); |
||||||
|
if (!permission_set_json.ok()) { |
||||||
|
return permission_set_json; |
||||||
|
} |
||||||
|
permission_json.emplace("orRules", std::move(*permission_set_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_any(permission)) { |
||||||
|
permission_json.emplace("any", |
||||||
|
envoy_config_rbac_v3_Permission_any(permission)); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_header(permission)) { |
||||||
|
auto header_json = ParseHeaderMatcherToJson( |
||||||
|
envoy_config_rbac_v3_Permission_header(permission)); |
||||||
|
if (!header_json.ok()) { |
||||||
|
return header_json; |
||||||
|
} |
||||||
|
permission_json.emplace("header", std::move(*header_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_url_path(permission)) { |
||||||
|
auto url_path_json = ParsePathMatcherToJson( |
||||||
|
envoy_config_rbac_v3_Permission_url_path(permission)); |
||||||
|
if (!url_path_json.ok()) { |
||||||
|
return url_path_json; |
||||||
|
} |
||||||
|
permission_json.emplace("urlPath", std::move(*url_path_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_destination_ip(permission)) { |
||||||
|
permission_json.emplace( |
||||||
|
"destinationIp", |
||||||
|
ParseCidrRangeToJson( |
||||||
|
envoy_config_rbac_v3_Permission_destination_ip(permission))); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_destination_port(permission)) { |
||||||
|
permission_json.emplace( |
||||||
|
"destinationPort", |
||||||
|
envoy_config_rbac_v3_Permission_destination_port(permission)); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_metadata(permission)) { |
||||||
|
// Not parsing metadata even if its present since it is not relevant to
|
||||||
|
// gRPC.
|
||||||
|
permission_json.emplace("metadata", Json::Object()); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_not_rule(permission)) { |
||||||
|
auto not_rule_json = ParsePermissionToJson( |
||||||
|
envoy_config_rbac_v3_Permission_not_rule(permission)); |
||||||
|
if (!not_rule_json.ok()) { |
||||||
|
return not_rule_json; |
||||||
|
} |
||||||
|
permission_json.emplace("notRule", std::move(*not_rule_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Permission_has_requested_server_name( |
||||||
|
permission)) { |
||||||
|
auto requested_server_name_json = ParseStringMatcherToJson( |
||||||
|
envoy_config_rbac_v3_Permission_requested_server_name(permission)); |
||||||
|
if (!requested_server_name_json.ok()) { |
||||||
|
return requested_server_name_json; |
||||||
|
} |
||||||
|
permission_json.emplace("requestedServerName", |
||||||
|
std::move(*requested_server_name_json)); |
||||||
|
} else { |
||||||
|
return absl::InvalidArgumentError("Permission: Invalid rule"); |
||||||
|
} |
||||||
|
return permission_json; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<Json> ParsePrincipalToJson( |
||||||
|
const envoy_config_rbac_v3_Principal* principal) { |
||||||
|
Json::Object principal_json; |
||||||
|
// Helper function to parse Principal::Set to JSON. Used by `and_ids` and
|
||||||
|
// `or_ids`.
|
||||||
|
auto parse_principal_set_to_json = |
||||||
|
[](const envoy_config_rbac_v3_Principal_Set* set) |
||||||
|
-> absl::StatusOr<Json> { |
||||||
|
Json::Object json; |
||||||
|
std::vector<absl::Status> error_list; |
||||||
|
Json::Array ids_json; |
||||||
|
size_t size; |
||||||
|
const envoy_config_rbac_v3_Principal* const* ids = |
||||||
|
envoy_config_rbac_v3_Principal_Set_ids(set, &size); |
||||||
|
for (size_t i = 0; i < size; ++i) { |
||||||
|
auto principal_json = ParsePrincipalToJson(ids[i]); |
||||||
|
if (!principal_json.ok()) { |
||||||
|
error_list.push_back(principal_json.status()); |
||||||
|
} else { |
||||||
|
ids_json.emplace_back(std::move(*principal_json)); |
||||||
|
} |
||||||
|
} |
||||||
|
if (!error_list.empty()) { |
||||||
|
return StatusCreate(absl::StatusCode::kInvalidArgument, |
||||||
|
"Error parsing Set", DEBUG_LOCATION, |
||||||
|
std::move(error_list)); |
||||||
|
} |
||||||
|
return Json::Object({{"ids", std::move(ids_json)}}); |
||||||
|
}; |
||||||
|
if (envoy_config_rbac_v3_Principal_has_and_ids(principal)) { |
||||||
|
const auto* and_rules = envoy_config_rbac_v3_Principal_and_ids(principal); |
||||||
|
auto principal_set_json = parse_principal_set_to_json(and_rules); |
||||||
|
if (!principal_set_json.ok()) { |
||||||
|
return principal_set_json; |
||||||
|
} |
||||||
|
principal_json.emplace("andIds", std::move(*principal_set_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_or_ids(principal)) { |
||||||
|
const auto* or_rules = envoy_config_rbac_v3_Principal_or_ids(principal); |
||||||
|
auto principal_set_json = parse_principal_set_to_json(or_rules); |
||||||
|
if (!principal_set_json.ok()) { |
||||||
|
return principal_set_json; |
||||||
|
} |
||||||
|
principal_json.emplace("orIds", std::move(*principal_set_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_any(principal)) { |
||||||
|
principal_json.emplace("any", |
||||||
|
envoy_config_rbac_v3_Principal_any(principal)); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_authenticated(principal)) { |
||||||
|
auto* authenticated_json = |
||||||
|
principal_json.emplace("authenticated", Json::Object()) |
||||||
|
.first->second.mutable_object(); |
||||||
|
const auto* principal_name = |
||||||
|
envoy_config_rbac_v3_Principal_Authenticated_principal_name( |
||||||
|
envoy_config_rbac_v3_Principal_authenticated(principal)); |
||||||
|
if (principal_name != nullptr) { |
||||||
|
auto principal_name_json = ParseStringMatcherToJson(principal_name); |
||||||
|
if (!principal_name_json.ok()) { |
||||||
|
return principal_name_json; |
||||||
|
} |
||||||
|
authenticated_json->emplace("principalName", |
||||||
|
std::move(*principal_name_json)); |
||||||
|
} |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_source_ip(principal)) { |
||||||
|
principal_json.emplace( |
||||||
|
"sourceIp", ParseCidrRangeToJson( |
||||||
|
envoy_config_rbac_v3_Principal_source_ip(principal))); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_direct_remote_ip(principal)) { |
||||||
|
principal_json.emplace( |
||||||
|
"directRemoteIp", |
||||||
|
ParseCidrRangeToJson( |
||||||
|
envoy_config_rbac_v3_Principal_direct_remote_ip(principal))); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_remote_ip(principal)) { |
||||||
|
principal_json.emplace( |
||||||
|
"remoteIp", ParseCidrRangeToJson( |
||||||
|
envoy_config_rbac_v3_Principal_remote_ip(principal))); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_header(principal)) { |
||||||
|
auto header_json = ParseHeaderMatcherToJson( |
||||||
|
envoy_config_rbac_v3_Principal_header(principal)); |
||||||
|
if (!header_json.ok()) { |
||||||
|
return header_json; |
||||||
|
} |
||||||
|
principal_json.emplace("header", std::move(*header_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_url_path(principal)) { |
||||||
|
auto url_path_json = ParsePathMatcherToJson( |
||||||
|
envoy_config_rbac_v3_Principal_url_path(principal)); |
||||||
|
if (!url_path_json.ok()) { |
||||||
|
return url_path_json; |
||||||
|
} |
||||||
|
principal_json.emplace("urlPath", std::move(*url_path_json)); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_metadata(principal)) { |
||||||
|
// Not parsing metadata even if its present since it is not relevant to
|
||||||
|
// gRPC.
|
||||||
|
principal_json.emplace("metadata", Json::Object()); |
||||||
|
} else if (envoy_config_rbac_v3_Principal_has_not_id(principal)) { |
||||||
|
auto not_id_json = |
||||||
|
ParsePrincipalToJson(envoy_config_rbac_v3_Principal_not_id(principal)); |
||||||
|
if (!not_id_json.ok()) { |
||||||
|
return not_id_json; |
||||||
|
} |
||||||
|
principal_json.emplace("notId", std::move(*not_id_json)); |
||||||
|
} else { |
||||||
|
return absl::InvalidArgumentError("Principal: Invalid rule"); |
||||||
|
} |
||||||
|
return principal_json; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<Json> ParsePolicyToJson( |
||||||
|
const envoy_config_rbac_v3_Policy* policy) { |
||||||
|
Json::Object policy_json; |
||||||
|
std::vector<absl::Status> error_list; |
||||||
|
size_t size; |
||||||
|
Json::Array permissions_json; |
||||||
|
const envoy_config_rbac_v3_Permission* const* permissions = |
||||||
|
envoy_config_rbac_v3_Policy_permissions(policy, &size); |
||||||
|
for (size_t i = 0; i < size; ++i) { |
||||||
|
auto permission_json = ParsePermissionToJson(permissions[i]); |
||||||
|
if (!permission_json.ok()) { |
||||||
|
error_list.push_back(permission_json.status()); |
||||||
|
} else { |
||||||
|
permissions_json.emplace_back(std::move(*permission_json)); |
||||||
|
} |
||||||
|
} |
||||||
|
policy_json.emplace("permissions", std::move(permissions_json)); |
||||||
|
Json::Array principals_json; |
||||||
|
const envoy_config_rbac_v3_Principal* const* principals = |
||||||
|
envoy_config_rbac_v3_Policy_principals(policy, &size); |
||||||
|
for (size_t i = 0; i < size; ++i) { |
||||||
|
auto principal_json = ParsePrincipalToJson(principals[i]); |
||||||
|
if (!principal_json.ok()) { |
||||||
|
error_list.push_back(principal_json.status()); |
||||||
|
} else { |
||||||
|
principals_json.emplace_back(std::move(*principal_json)); |
||||||
|
} |
||||||
|
} |
||||||
|
policy_json.emplace("principals", std::move(principals_json)); |
||||||
|
if (envoy_config_rbac_v3_Policy_has_condition(policy)) { |
||||||
|
error_list.push_back( |
||||||
|
absl::InvalidArgumentError("Policy: condition not supported")); |
||||||
|
} |
||||||
|
if (envoy_config_rbac_v3_Policy_has_checked_condition(policy)) { |
||||||
|
error_list.push_back( |
||||||
|
absl::InvalidArgumentError("Policy: checked condition not supported")); |
||||||
|
} |
||||||
|
if (!error_list.empty()) { |
||||||
|
return StatusCreate(absl::StatusCode::kInvalidArgument, |
||||||
|
"Error parsing Policy", DEBUG_LOCATION, |
||||||
|
std::move(error_list)); |
||||||
|
} |
||||||
|
return policy_json; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<Json> ParseHttpRbacToJson( |
||||||
|
const envoy_extensions_filters_http_rbac_v3_RBAC* rbac) { |
||||||
|
Json::Object rbac_json; |
||||||
|
std::vector<absl::Status> error_list; |
||||||
|
const auto* rules = envoy_extensions_filters_http_rbac_v3_RBAC_rules(rbac); |
||||||
|
if (rules != nullptr) { |
||||||
|
int action = envoy_config_rbac_v3_RBAC_action(rules); |
||||||
|
// Treat Log action as RBAC being absent
|
||||||
|
if (action == envoy_config_rbac_v3_RBAC_LOG) { |
||||||
|
return rbac_json; |
||||||
|
} |
||||||
|
Json::Object inner_rbac_json; |
||||||
|
inner_rbac_json.emplace("action", envoy_config_rbac_v3_RBAC_action(rules)); |
||||||
|
if (envoy_config_rbac_v3_RBAC_has_policies(rules)) { |
||||||
|
Json::Object policies_object; |
||||||
|
size_t iter = UPB_MAP_BEGIN; |
||||||
|
while (true) { |
||||||
|
auto* entry = envoy_config_rbac_v3_RBAC_policies_next(rules, &iter); |
||||||
|
if (entry == nullptr) { |
||||||
|
break; |
||||||
|
} |
||||||
|
auto policy = ParsePolicyToJson( |
||||||
|
envoy_config_rbac_v3_RBAC_PoliciesEntry_value(entry)); |
||||||
|
if (!policy.ok()) { |
||||||
|
error_list.push_back(StatusCreate( |
||||||
|
absl::StatusCode::kInvalidArgument, |
||||||
|
absl::StrFormat( |
||||||
|
"RBAC PoliciesEntry key:%s", |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry))), |
||||||
|
DEBUG_LOCATION, {policy.status()})); |
||||||
|
} else { |
||||||
|
policies_object.emplace( |
||||||
|
UpbStringToStdString( |
||||||
|
envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry)), |
||||||
|
std::move(*policy)); |
||||||
|
} |
||||||
|
} |
||||||
|
inner_rbac_json.emplace("policies", std::move(policies_object)); |
||||||
|
} |
||||||
|
rbac_json.emplace("rules", std::move(inner_rbac_json)); |
||||||
|
} |
||||||
|
if (!error_list.empty()) { |
||||||
|
return StatusCreate(absl::StatusCode::kInvalidArgument, |
||||||
|
"Error parsing RBAC", DEBUG_LOCATION, |
||||||
|
std::move(error_list)); |
||||||
|
} |
||||||
|
return rbac_json; |
||||||
|
} |
||||||
|
|
||||||
|
} // namespace
|
||||||
|
|
||||||
|
void XdsHttpRbacFilter::PopulateSymtab(upb_symtab* symtab) const { |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBAC_getmsgdef(symtab); |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<XdsHttpFilterImpl::FilterConfig> |
||||||
|
XdsHttpRbacFilter::GenerateFilterConfig(upb_strview serialized_filter_config, |
||||||
|
upb_arena* arena) const { |
||||||
|
absl::StatusOr<Json> rbac_json; |
||||||
|
auto* rbac = envoy_extensions_filters_http_rbac_v3_RBAC_parse( |
||||||
|
serialized_filter_config.data, serialized_filter_config.size, arena); |
||||||
|
if (rbac == nullptr) { |
||||||
|
return absl::InvalidArgumentError( |
||||||
|
"could not parse HTTP RBAC filter config"); |
||||||
|
} |
||||||
|
rbac_json = ParseHttpRbacToJson(rbac); |
||||||
|
if (!rbac_json.ok()) { |
||||||
|
return rbac_json.status(); |
||||||
|
} |
||||||
|
return FilterConfig{kXdsHttpRbacFilterConfigName, std::move(*rbac_json)}; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<XdsHttpFilterImpl::FilterConfig> |
||||||
|
XdsHttpRbacFilter::GenerateFilterConfigOverride( |
||||||
|
upb_strview serialized_filter_config, upb_arena* arena) const { |
||||||
|
auto* rbac_per_route = |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse( |
||||||
|
serialized_filter_config.data, serialized_filter_config.size, arena); |
||||||
|
if (rbac_per_route == nullptr) { |
||||||
|
return absl::InvalidArgumentError("could not parse RBACPerRoute"); |
||||||
|
} |
||||||
|
absl::StatusOr<Json> rbac_json; |
||||||
|
const auto* rbac = |
||||||
|
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(rbac_per_route); |
||||||
|
if (rbac == nullptr) { |
||||||
|
rbac_json = Json::Object(); |
||||||
|
} else { |
||||||
|
rbac_json = ParseHttpRbacToJson(rbac); |
||||||
|
if (!rbac_json.ok()) { |
||||||
|
return rbac_json.status(); |
||||||
|
} |
||||||
|
} |
||||||
|
return FilterConfig{kXdsHttpRbacFilterConfigOverrideName, |
||||||
|
std::move(*rbac_json)}; |
||||||
|
} |
||||||
|
|
||||||
|
const grpc_channel_filter* XdsHttpRbacFilter::channel_filter() const { |
||||||
|
return &RbacFilter::kFilterVtable; |
||||||
|
} |
||||||
|
|
||||||
|
grpc_channel_args* XdsHttpRbacFilter::ModifyChannelArgs( |
||||||
|
grpc_channel_args* args) const { |
||||||
|
grpc_arg arg_to_add = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args* new_args = |
||||||
|
grpc_channel_args_copy_and_add(args, &arg_to_add, 1); |
||||||
|
grpc_channel_args_destroy(args); |
||||||
|
return new_args; |
||||||
|
} |
||||||
|
|
||||||
|
absl::StatusOr<XdsHttpFilterImpl::ServiceConfigJsonEntry> |
||||||
|
XdsHttpRbacFilter::GenerateServiceConfig( |
||||||
|
const FilterConfig& hcm_filter_config, |
||||||
|
const FilterConfig* filter_config_override) const { |
||||||
|
Json policy_json = filter_config_override != nullptr |
||||||
|
? filter_config_override->config |
||||||
|
: hcm_filter_config.config; |
||||||
|
// The policy JSON may be empty, that's allowed.
|
||||||
|
return ServiceConfigJsonEntry{"rbacPolicy", policy_json.Dump()}; |
||||||
|
} |
||||||
|
|
||||||
|
} // namespace grpc_core
|
@ -0,0 +1,54 @@ |
|||||||
|
//
|
||||||
|
// Copyright 2021 gRPC authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
//
|
||||||
|
|
||||||
|
#ifndef GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H |
||||||
|
#define GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H |
||||||
|
|
||||||
|
#include <grpc/support/port_platform.h> |
||||||
|
|
||||||
|
#include "src/core/ext/xds/xds_http_filters.h" |
||||||
|
|
||||||
|
namespace grpc_core { |
||||||
|
|
||||||
|
extern const char* kXdsHttpRbacFilterConfigName; |
||||||
|
extern const char* kXdsHttpRbacFilterConfigOverrideName; |
||||||
|
|
||||||
|
class XdsHttpRbacFilter : public XdsHttpFilterImpl { |
||||||
|
public: |
||||||
|
void PopulateSymtab(upb_symtab* symtab) const override; |
||||||
|
|
||||||
|
absl::StatusOr<FilterConfig> GenerateFilterConfig( |
||||||
|
upb_strview serialized_filter_config, upb_arena* arena) const override; |
||||||
|
|
||||||
|
absl::StatusOr<FilterConfig> GenerateFilterConfigOverride( |
||||||
|
upb_strview serialized_filter_config, upb_arena* arena) const override; |
||||||
|
|
||||||
|
const grpc_channel_filter* channel_filter() const override; |
||||||
|
|
||||||
|
grpc_channel_args* ModifyChannelArgs(grpc_channel_args* args) const override; |
||||||
|
|
||||||
|
absl::StatusOr<ServiceConfigJsonEntry> GenerateServiceConfig( |
||||||
|
const FilterConfig& hcm_filter_config, |
||||||
|
const FilterConfig* filter_config_override) const override; |
||||||
|
|
||||||
|
bool IsSupportedOnClients() const override { return false; } |
||||||
|
|
||||||
|
bool IsSupportedOnServers() const override { return true; } |
||||||
|
}; |
||||||
|
|
||||||
|
} // namespace grpc_core
|
||||||
|
|
||||||
|
#endif // GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H
|
@ -0,0 +1,23 @@ |
|||||||
|
// Copyright 2021 The gRPC Authors |
||||||
|
// |
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
// you may not use this file except in compliance with the License. |
||||||
|
// You may obtain a copy of the License at |
||||||
|
// |
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
// |
||||||
|
// Unless required by applicable law or agreed to in writing, software |
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
// See the License for the specific language governing permissions and |
||||||
|
// limitations under the License. |
||||||
|
|
||||||
|
// TODO(yashykt) : Figure out how to not need this |
||||||
|
|
||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package google.api.expr.v1alpha1; |
||||||
|
|
||||||
|
message Expr {} |
||||||
|
|
||||||
|
message CheckedExpr {} |
@ -0,0 +1,41 @@ |
|||||||
|
// |
||||||
|
// Copyright 2021 gRPC authors. |
||||||
|
// |
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
// you may not use this file except in compliance with the License. |
||||||
|
// You may obtain a copy of the License at |
||||||
|
// |
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
// |
||||||
|
// Unless required by applicable law or agreed to in writing, software |
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
// See the License for the specific language governing permissions and |
||||||
|
// limitations under the License. |
||||||
|
// |
||||||
|
|
||||||
|
// Local copy of Envoy xDS proto file, used for testing only. |
||||||
|
|
||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.extensions.filters.http.rbac.v3; |
||||||
|
|
||||||
|
import "src/proto/grpc/testing/xds/v3/rbac.proto"; |
||||||
|
|
||||||
|
// [#protodoc-title: RBAC] |
||||||
|
// Role-Based Access Control :ref:`configuration overview <config_http_filters_rbac>`. |
||||||
|
// [#extension: envoy.filters.http.rbac] |
||||||
|
|
||||||
|
// RBAC filter config. |
||||||
|
message RBAC { |
||||||
|
// Specify the RBAC rules to be applied globally. |
||||||
|
// If absent, no enforcing RBAC policy will be applied. |
||||||
|
// If present and empty, DENY. |
||||||
|
config.rbac.v3.RBAC rules = 1; |
||||||
|
} |
||||||
|
|
||||||
|
message RBACPerRoute { |
||||||
|
// Override the global configuration of the filter with this new config. |
||||||
|
// If absent, the global RBAC policy will be disabled for this route. |
||||||
|
RBAC rbac = 2; |
||||||
|
} |
@ -0,0 +1,84 @@ |
|||||||
|
// Copyright 2021 The gRPC Authors |
||||||
|
// |
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
// you may not use this file except in compliance with the License. |
||||||
|
// You may obtain a copy of the License at |
||||||
|
// |
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
// |
||||||
|
// Unless required by applicable law or agreed to in writing, software |
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
// See the License for the specific language governing permissions and |
||||||
|
// limitations under the License. |
||||||
|
|
||||||
|
// Local copy of Envoy xDS proto file, used for testing only. |
||||||
|
|
||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.type.matcher.v3; |
||||||
|
|
||||||
|
// [#protodoc-title: Metadata matcher] |
||||||
|
|
||||||
|
// MetadataMatcher provides a general interface to check if a given value is matched in |
||||||
|
// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses `filter` and `path` to retrieve the value |
||||||
|
// from the Metadata and then check if it's matched to the specified value. |
||||||
|
// |
||||||
|
// For example, for the following Metadata: |
||||||
|
// |
||||||
|
// .. code-block:: yaml |
||||||
|
// |
||||||
|
// filter_metadata: |
||||||
|
// envoy.filters.http.rbac: |
||||||
|
// fields: |
||||||
|
// a: |
||||||
|
// struct_value: |
||||||
|
// fields: |
||||||
|
// b: |
||||||
|
// struct_value: |
||||||
|
// fields: |
||||||
|
// c: |
||||||
|
// string_value: pro |
||||||
|
// t: |
||||||
|
// list_value: |
||||||
|
// values: |
||||||
|
// - string_value: m |
||||||
|
// - string_value: n |
||||||
|
// |
||||||
|
// The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro" |
||||||
|
// from the Metadata which is matched to the specified prefix match. |
||||||
|
// |
||||||
|
// .. code-block:: yaml |
||||||
|
// |
||||||
|
// filter: envoy.filters.http.rbac |
||||||
|
// path: |
||||||
|
// - key: a |
||||||
|
// - key: b |
||||||
|
// - key: c |
||||||
|
// value: |
||||||
|
// string_match: |
||||||
|
// prefix: pr |
||||||
|
// |
||||||
|
// The following MetadataMatcher is matched as the code will match one of the string values in the |
||||||
|
// list at the path [a, t]. |
||||||
|
// |
||||||
|
// .. code-block:: yaml |
||||||
|
// |
||||||
|
// filter: envoy.filters.http.rbac |
||||||
|
// path: |
||||||
|
// - key: a |
||||||
|
// - key: t |
||||||
|
// value: |
||||||
|
// list_match: |
||||||
|
// one_of: |
||||||
|
// string_match: |
||||||
|
// exact: m |
||||||
|
// |
||||||
|
// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to |
||||||
|
// enforce access control based on dynamic metadata in a request. See :ref:`Permission |
||||||
|
// <envoy_v3_api_msg_config.rbac.v3.Permission>` and :ref:`Principal |
||||||
|
// <envoy_v3_api_msg_config.rbac.v3.Principal>`. |
||||||
|
|
||||||
|
// [#next-major-version: MetadataMatcher should use StructMatcher] |
||||||
|
message MetadataMatcher { |
||||||
|
} |
@ -0,0 +1,35 @@ |
|||||||
|
// |
||||||
|
// Copyright 2021 gRPC authors. |
||||||
|
// |
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
// you may not use this file except in compliance with the License. |
||||||
|
// You may obtain a copy of the License at |
||||||
|
// |
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
// |
||||||
|
// Unless required by applicable law or agreed to in writing, software |
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
// See the License for the specific language governing permissions and |
||||||
|
// limitations under the License. |
||||||
|
// |
||||||
|
|
||||||
|
// Local copy of Envoy xDS proto file, used for testing only. |
||||||
|
|
||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.type.matcher.v3; |
||||||
|
|
||||||
|
import "src/proto/grpc/testing/xds/v3/string.proto"; |
||||||
|
|
||||||
|
// [#protodoc-title: Path matcher] |
||||||
|
|
||||||
|
// Specifies the way to match a path on HTTP request. |
||||||
|
message PathMatcher { |
||||||
|
oneof rule { |
||||||
|
// The `path` must match the URL path portion of the :path header. The query and fragment |
||||||
|
// string (if present) are removed in the URL path portion. |
||||||
|
// For example, the path */data* will match the *:path* header */data#fragment?param=value*. |
||||||
|
StringMatcher path = 1; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,293 @@ |
|||||||
|
// |
||||||
|
// Copyright 2021 gRPC authors. |
||||||
|
// |
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
// you may not use this file except in compliance with the License. |
||||||
|
// You may obtain a copy of the License at |
||||||
|
// |
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
// |
||||||
|
// Unless required by applicable law or agreed to in writing, software |
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
// See the License for the specific language governing permissions and |
||||||
|
// limitations under the License. |
||||||
|
// |
||||||
|
|
||||||
|
// Local copy of Envoy xDS proto file, used for testing only. |
||||||
|
|
||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.config.rbac.v3; |
||||||
|
|
||||||
|
import "src/proto/grpc/testing/xds/v3/address.proto"; |
||||||
|
import "src/proto/grpc/testing/xds/v3/extension.proto"; |
||||||
|
import "src/proto/grpc/testing/xds/v3/route.proto"; |
||||||
|
import "src/proto/grpc/testing/xds/v3/metadata.proto"; |
||||||
|
import "src/proto/grpc/testing/xds/v3/path.proto"; |
||||||
|
import "src/proto/grpc/testing/xds/v3/string.proto"; |
||||||
|
import "src/proto/grpc/testing/xds/v3/range.proto"; |
||||||
|
|
||||||
|
import "src/proto/grpc/testing/xds/v3/expr.proto"; |
||||||
|
|
||||||
|
// [#protodoc-title: Role Based Access Control (RBAC)] |
||||||
|
|
||||||
|
// Role Based Access Control (RBAC) provides service-level and method-level access control for a |
||||||
|
// service. Requests are allowed or denied based on the `action` and whether a matching policy is |
||||||
|
// found. For instance, if the action is ALLOW and a matching policy is found the request should be |
||||||
|
// allowed. |
||||||
|
// |
||||||
|
// RBAC can also be used to make access logging decisions by communicating with access loggers |
||||||
|
// through dynamic metadata. When the action is LOG and at least one policy matches, the |
||||||
|
// `access_log_hint` value in the shared key namespace 'envoy.common' is set to `true` indicating |
||||||
|
// the request should be logged. |
||||||
|
// |
||||||
|
// Here is an example of RBAC configuration. It has two policies: |
||||||
|
// |
||||||
|
// * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so |
||||||
|
// does "cluster.local/ns/default/sa/superuser". |
||||||
|
// |
||||||
|
// * Any user can read ("GET") the service at paths with prefix "/products", so long as the |
||||||
|
// destination port is either 80 or 443. |
||||||
|
// |
||||||
|
// .. code-block:: yaml |
||||||
|
// |
||||||
|
// action: ALLOW |
||||||
|
// policies: |
||||||
|
// "service-admin": |
||||||
|
// permissions: |
||||||
|
// - any: true |
||||||
|
// principals: |
||||||
|
// - authenticated: |
||||||
|
// principal_name: |
||||||
|
// exact: "cluster.local/ns/default/sa/admin" |
||||||
|
// - authenticated: |
||||||
|
// principal_name: |
||||||
|
// exact: "cluster.local/ns/default/sa/superuser" |
||||||
|
// "product-viewer": |
||||||
|
// permissions: |
||||||
|
// - and_rules: |
||||||
|
// rules: |
||||||
|
// - header: |
||||||
|
// name: ":method" |
||||||
|
// string_match: |
||||||
|
// exact: "GET" |
||||||
|
// - url_path: |
||||||
|
// path: { prefix: "/products" } |
||||||
|
// - or_rules: |
||||||
|
// rules: |
||||||
|
// - destination_port: 80 |
||||||
|
// - destination_port: 443 |
||||||
|
// principals: |
||||||
|
// - any: true |
||||||
|
// |
||||||
|
message RBAC { |
||||||
|
// Should we do safe-list or block-list style access control? |
||||||
|
enum Action { |
||||||
|
// The policies grant access to principals. The rest are denied. This is safe-list style |
||||||
|
// access control. This is the default type. |
||||||
|
ALLOW = 0; |
||||||
|
|
||||||
|
// The policies deny access to principals. The rest are allowed. This is block-list style |
||||||
|
// access control. |
||||||
|
DENY = 1; |
||||||
|
|
||||||
|
// The policies set the `access_log_hint` dynamic metadata key based on if requests match. |
||||||
|
// All requests are allowed. |
||||||
|
LOG = 2; |
||||||
|
} |
||||||
|
|
||||||
|
// The action to take if a policy matches. Every action either allows or denies a request, |
||||||
|
// and can also carry out action-specific operations. |
||||||
|
// |
||||||
|
// Actions: |
||||||
|
// |
||||||
|
// * ALLOW: Allows the request if and only if there is a policy that matches |
||||||
|
// the request. |
||||||
|
// * DENY: Allows the request if and only if there are no policies that |
||||||
|
// match the request. |
||||||
|
// * LOG: Allows all requests. If at least one policy matches, the dynamic |
||||||
|
// metadata key `access_log_hint` is set to the value `true` under the shared |
||||||
|
// key namespace 'envoy.common'. If no policies match, it is set to `false`. |
||||||
|
// Other actions do not modify this key. |
||||||
|
// |
||||||
|
Action action = 1; |
||||||
|
|
||||||
|
// Maps from policy name to policy. A match occurs when at least one policy matches the request. |
||||||
|
// The policies are evaluated in lexicographic order of the policy name. |
||||||
|
map<string, Policy> policies = 2; |
||||||
|
} |
||||||
|
|
||||||
|
// Policy specifies a role and the principals that are assigned/denied the role. |
||||||
|
// A policy matches if and only if at least one of its permissions match the |
||||||
|
// action taking place AND at least one of its principals match the downstream |
||||||
|
// AND the condition is true if specified. |
||||||
|
message Policy { |
||||||
|
// Required. The set of permissions that define a role. Each permission is |
||||||
|
// matched with OR semantics. To match all actions for this policy, a single |
||||||
|
// Permission with the `any` field set to true should be used. |
||||||
|
repeated Permission permissions = 1; |
||||||
|
|
||||||
|
// Required. The set of principals that are assigned/denied the role based on |
||||||
|
// “action”. Each principal is matched with OR semantics. To match all |
||||||
|
// downstreams for this policy, a single Principal with the `any` field set to |
||||||
|
// true should be used. |
||||||
|
repeated Principal principals = 2; |
||||||
|
|
||||||
|
// An optional symbolic expression specifying an access control |
||||||
|
// :ref:`condition <arch_overview_condition>`. The condition is combined |
||||||
|
// with the permissions and the principals as a clause with AND semantics. |
||||||
|
// Only be used when checked_condition is not used. |
||||||
|
google.api.expr.v1alpha1.Expr condition = 3; |
||||||
|
|
||||||
|
// [#not-implemented-hide:] |
||||||
|
// An optional symbolic expression that has been successfully type checked. |
||||||
|
// Only be used when condition is not used. |
||||||
|
google.api.expr.v1alpha1.CheckedExpr checked_condition = 4; |
||||||
|
} |
||||||
|
|
||||||
|
// Permission defines an action (or actions) that a principal can take. |
||||||
|
// [#next-free-field: 13] |
||||||
|
message Permission { |
||||||
|
// Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context, |
||||||
|
// each are applied with the associated behavior. |
||||||
|
message Set { |
||||||
|
repeated Permission rules = 1; |
||||||
|
} |
||||||
|
|
||||||
|
oneof rule { |
||||||
|
// A set of rules that all must match in order to define the action. |
||||||
|
Set and_rules = 1; |
||||||
|
|
||||||
|
// A set of rules where at least one must match in order to define the action. |
||||||
|
Set or_rules = 2; |
||||||
|
|
||||||
|
// When any is set, it matches any action. |
||||||
|
bool any = 3; |
||||||
|
|
||||||
|
// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only |
||||||
|
// available for HTTP request. |
||||||
|
// Note: the pseudo-header :path includes the query and fragment string. Use the `url_path` |
||||||
|
// field if you want to match the URL path without the query and fragment string. |
||||||
|
route.v3.HeaderMatcher header = 4; |
||||||
|
|
||||||
|
// A URL path on the incoming HTTP request. Only available for HTTP. |
||||||
|
type.matcher.v3.PathMatcher url_path = 10; |
||||||
|
|
||||||
|
// A CIDR block that describes the destination IP. |
||||||
|
core.v3.CidrRange destination_ip = 5; |
||||||
|
|
||||||
|
// A port number that describes the destination port connecting to. |
||||||
|
uint32 destination_port = 6; |
||||||
|
|
||||||
|
// A port number range that describes a range of destination ports connecting to. |
||||||
|
type.v3.Int32Range destination_port_range = 11; |
||||||
|
|
||||||
|
// Metadata that describes additional information about the action. |
||||||
|
type.matcher.v3.MetadataMatcher metadata = 7; |
||||||
|
|
||||||
|
// Negates matching the provided permission. For instance, if the value of |
||||||
|
// `not_rule` would match, this permission would not match. Conversely, if |
||||||
|
// the value of `not_rule` would not match, this permission would match. |
||||||
|
Permission not_rule = 8; |
||||||
|
|
||||||
|
// The request server from the client's connection request. This is |
||||||
|
// typically TLS SNI. |
||||||
|
// |
||||||
|
// .. attention:: |
||||||
|
// |
||||||
|
// The behavior of this field may be affected by how Envoy is configured |
||||||
|
// as explained below. |
||||||
|
// |
||||||
|
// * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>` |
||||||
|
// filter is not added, and if a `FilterChainMatch` is not defined for |
||||||
|
// the :ref:`server name |
||||||
|
// <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`, |
||||||
|
// a TLS connection's requested SNI server name will be treated as if it |
||||||
|
// wasn't present. |
||||||
|
// |
||||||
|
// * A :ref:`listener filter <arch_overview_listener_filters>` may |
||||||
|
// overwrite a connection's requested server name within Envoy. |
||||||
|
// |
||||||
|
// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to |
||||||
|
// setup SNI. |
||||||
|
type.matcher.v3.StringMatcher requested_server_name = 9; |
||||||
|
|
||||||
|
// Extension for configuring custom matchers for RBAC. |
||||||
|
// [#extension-category: envoy.rbac.matchers] |
||||||
|
core.v3.TypedExtensionConfig matcher = 12; |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
// Principal defines an identity or a group of identities for a downstream |
||||||
|
// subject. |
||||||
|
// [#next-free-field: 12] |
||||||
|
message Principal { |
||||||
|
// Used in the `and_ids` and `or_ids` fields in the `identifier` oneof. |
||||||
|
// Depending on the context, each are applied with the associated behavior. |
||||||
|
message Set { |
||||||
|
repeated Principal ids = 1; |
||||||
|
} |
||||||
|
|
||||||
|
// Authentication attributes for a downstream. |
||||||
|
message Authenticated { |
||||||
|
reserved 1; |
||||||
|
|
||||||
|
// The name of the principal. If set, The URI SAN or DNS SAN in that order |
||||||
|
// is used from the certificate, otherwise the subject field is used. If |
||||||
|
// unset, it applies to any user that is authenticated. |
||||||
|
type.matcher.v3.StringMatcher principal_name = 2; |
||||||
|
} |
||||||
|
|
||||||
|
oneof identifier { |
||||||
|
// A set of identifiers that all must match in order to define the |
||||||
|
// downstream. |
||||||
|
Set and_ids = 1; |
||||||
|
|
||||||
|
// A set of identifiers at least one must match in order to define the |
||||||
|
// downstream. |
||||||
|
Set or_ids = 2; |
||||||
|
|
||||||
|
// When any is set, it matches any downstream. |
||||||
|
bool any = 3; |
||||||
|
|
||||||
|
// Authenticated attributes that identify the downstream. |
||||||
|
Authenticated authenticated = 4; |
||||||
|
|
||||||
|
// A CIDR block that describes the downstream IP. |
||||||
|
// This address will honor proxy protocol, but will not honor XFF. |
||||||
|
core.v3.CidrRange source_ip = 5; |
||||||
|
|
||||||
|
// A CIDR block that describes the downstream remote/origin address. |
||||||
|
// Note: This is always the physical peer even if the |
||||||
|
// :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is |
||||||
|
// inferred from for example the x-forwarder-for header, proxy protocol, |
||||||
|
// etc. |
||||||
|
core.v3.CidrRange direct_remote_ip = 10; |
||||||
|
|
||||||
|
// A CIDR block that describes the downstream remote/origin address. |
||||||
|
// Note: This may not be the physical peer and could be different from the |
||||||
|
// :ref:`direct_remote_ip |
||||||
|
// <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the |
||||||
|
// remote ip is inferred from for example the x-forwarder-for header, proxy |
||||||
|
// protocol, etc. |
||||||
|
core.v3.CidrRange remote_ip = 11; |
||||||
|
|
||||||
|
// A header (or pseudo-header such as :path or :method) on the incoming HTTP |
||||||
|
// request. Only available for HTTP request. Note: the pseudo-header :path |
||||||
|
// includes the query and fragment string. Use the `url_path` field if you |
||||||
|
// want to match the URL path without the query and fragment string. |
||||||
|
route.v3.HeaderMatcher header = 6; |
||||||
|
|
||||||
|
// A URL path on the incoming HTTP request. Only available for HTTP. |
||||||
|
type.matcher.v3.PathMatcher url_path = 9; |
||||||
|
|
||||||
|
// Metadata that describes additional information about the principal. |
||||||
|
type.matcher.v3.MetadataMatcher metadata = 7; |
||||||
|
|
||||||
|
// Negates matching the provided principal. For instance, if the value of |
||||||
|
// `not_id` would match, this principal would not match. Conversely, if the |
||||||
|
// value of `not_id` would not match, this principal would match. |
||||||
|
Principal not_id = 8; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,33 @@ |
|||||||
|
# Copyright 2021 gRPC authors. |
||||||
|
# |
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
# you may not use this file except in compliance with the License. |
||||||
|
# You may obtain a copy of the License at |
||||||
|
# |
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
# |
||||||
|
# Unless required by applicable law or agreed to in writing, software |
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
# See the License for the specific language governing permissions and |
||||||
|
# limitations under the License. |
||||||
|
|
||||||
|
load("//bazel:grpc_build_system.bzl", "grpc_cc_test", "grpc_package") |
||||||
|
|
||||||
|
licenses(["notice"]) |
||||||
|
|
||||||
|
grpc_package(name = "test/core/ext/filters/rbac") |
||||||
|
|
||||||
|
grpc_cc_test( |
||||||
|
name = "rbac_service_config_parser_test", |
||||||
|
srcs = ["rbac_service_config_parser_test.cc"], |
||||||
|
external_deps = [ |
||||||
|
"gtest", |
||||||
|
], |
||||||
|
language = "c++", |
||||||
|
uses_polling = False, |
||||||
|
deps = [ |
||||||
|
"//:grpc_rbac_filter", |
||||||
|
"//test/core/util:grpc_test_util", |
||||||
|
], |
||||||
|
) |
@ -0,0 +1,652 @@ |
|||||||
|
// Copyright 2021 gRPC authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h" |
||||||
|
|
||||||
|
#include <gmock/gmock-matchers.h> |
||||||
|
#include <gmock/gmock.h> |
||||||
|
#include <gtest/gtest.h> |
||||||
|
|
||||||
|
#include "src/core/ext/service_config/service_config.h" |
||||||
|
#include "test/core/util/test_config.h" |
||||||
|
|
||||||
|
// A regular expression to enter referenced or child errors.
|
||||||
|
#ifdef GRPC_ERROR_IS_ABSEIL_STATUS |
||||||
|
#define CHILD_ERROR_TAG ".*children.*" |
||||||
|
#else |
||||||
|
#define CHILD_ERROR_TAG ".*referenced_errors.*" |
||||||
|
#endif |
||||||
|
|
||||||
|
namespace grpc_core { |
||||||
|
namespace testing { |
||||||
|
namespace { |
||||||
|
|
||||||
|
// Test basic parsing of RBAC policy
|
||||||
|
TEST(RbacServiceConfigParsingTest, EmptyRbacPolicy) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [ {\n" |
||||||
|
" } ]" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error); |
||||||
|
const auto* vector_ptr = |
||||||
|
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice()); |
||||||
|
ASSERT_NE(vector_ptr, nullptr); |
||||||
|
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>( |
||||||
|
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get()); |
||||||
|
ASSERT_NE(parsed_rbac_config, nullptr); |
||||||
|
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr); |
||||||
|
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->action(), |
||||||
|
Rbac::Action::kDeny); |
||||||
|
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 0); |
||||||
|
} |
||||||
|
|
||||||
|
// Test that RBAC policies are not parsed if the channel arg
|
||||||
|
// GRPC_ARG_PARSE_RBAC_METHOD_CONFIG is not present
|
||||||
|
TEST(RbacServiceConfigParsingTest, MissingChannelArg) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [ {\n" |
||||||
|
" } ]" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
auto svc_cfg = ServiceConfig::Create(nullptr, test_json, &error); |
||||||
|
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error); |
||||||
|
const auto* vector_ptr = |
||||||
|
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice()); |
||||||
|
ASSERT_NE(vector_ptr, nullptr); |
||||||
|
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>( |
||||||
|
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get()); |
||||||
|
ASSERT_EQ(parsed_rbac_config, nullptr); |
||||||
|
} |
||||||
|
|
||||||
|
// Test an empty rbacPolicy array
|
||||||
|
TEST(RbacServiceConfigParsingTest, EmptyRbacPolicyArray) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": []" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error); |
||||||
|
const auto* vector_ptr = |
||||||
|
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice()); |
||||||
|
ASSERT_NE(vector_ptr, nullptr); |
||||||
|
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>( |
||||||
|
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get()); |
||||||
|
ASSERT_EQ(parsed_rbac_config, nullptr); |
||||||
|
} |
||||||
|
|
||||||
|
// Test presence of multiple RBAC policies in the array
|
||||||
|
TEST(RbacServiceConfigParsingTest, MultipleRbacPolicies) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [ {}, {}, {} ]" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error); |
||||||
|
const auto* vector_ptr = |
||||||
|
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice()); |
||||||
|
ASSERT_NE(vector_ptr, nullptr); |
||||||
|
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>( |
||||||
|
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get()); |
||||||
|
ASSERT_NE(parsed_rbac_config, nullptr); |
||||||
|
for (auto i = 0; i < 3; ++i) { |
||||||
|
ASSERT_NE(parsed_rbac_config->authorization_engine(i), nullptr); |
||||||
|
EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->action(), |
||||||
|
Rbac::Action::kDeny); |
||||||
|
EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->num_policies(), 0); |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, BadRbacPolicyType) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": 1234" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG |
||||||
|
"field:rbacPolicy error:type should be ARRAY")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, BadRulesType) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\"rules\":1}]" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG |
||||||
|
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"field:rules error:type should be OBJECT")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, BadActionAndPolicyType) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":{},\n" |
||||||
|
" \"policies\":123\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG |
||||||
|
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"field:action error:type should be NUMBER.*" |
||||||
|
"field:policies error:type should be OBJECT")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, MissingPermissionAndPrincipals) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG |
||||||
|
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"policies key:'policy'" CHILD_ERROR_TAG |
||||||
|
"field:permissions error:does not exist.*" |
||||||
|
"field:principals error:does not exist")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, EmptyPrincipalAndPermission) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" \"permissions\":[{}],\n" |
||||||
|
" \"principals\":[{}]\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex( |
||||||
|
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"policies key:'policy'" CHILD_ERROR_TAG |
||||||
|
"permissions\\[0\\]" CHILD_ERROR_TAG "No valid rule found.*" |
||||||
|
"principals\\[0\\]" CHILD_ERROR_TAG "No valid id found")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsTypes) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" \"permissions\":[\n" |
||||||
|
" {\"andRules\":{\"rules\":[{\"any\":true}]}},\n" |
||||||
|
" {\"orRules\":{\"rules\":[{\"any\":true}]}},\n" |
||||||
|
" {\"any\":true},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n" |
||||||
|
" {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n" |
||||||
|
" {\"destinationIp\":{\"addressPrefix\":\"::1\"}},\n" |
||||||
|
" {\"destinationPort\":1234},\n" |
||||||
|
" {\"notRule\":{\"any\":true}},\n" |
||||||
|
" {\"requestedServerName\":{\"exact\":\"\"}}\n" |
||||||
|
" ],\n" |
||||||
|
" \"principals\":[\n" |
||||||
|
" {\"andIds\":{\"ids\":[{\"any\":true}]}},\n" |
||||||
|
" {\"orIds\":{\"ids\":[{\"any\":true}]}},\n" |
||||||
|
" {\"any\":true},\n" |
||||||
|
" {\"authenticated\":{\n" |
||||||
|
" \"principalName\":{\"exact\":\"\"}}},\n" |
||||||
|
" {\"sourceIp\":{\"addressPrefix\":\"::1\"}},\n" |
||||||
|
" {\"directRemoteIp\":{\"addressPrefix\":\"::1\"}},\n" |
||||||
|
" {\"remoteIp\":{\"addressPrefix\":\"::1\"}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n" |
||||||
|
" {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n" |
||||||
|
" {\"notId\":{\"any\":true}}\n" |
||||||
|
" ]\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error); |
||||||
|
const auto* vector_ptr = |
||||||
|
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice()); |
||||||
|
ASSERT_NE(vector_ptr, nullptr); |
||||||
|
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>( |
||||||
|
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get()); |
||||||
|
ASSERT_NE(parsed_rbac_config, nullptr); |
||||||
|
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr); |
||||||
|
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsBadTypes) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" \"permissions\":[\n" |
||||||
|
" {\"andRules\":1234},\n" |
||||||
|
" {\"orRules\":1234},\n" |
||||||
|
" {\"any\":1234},\n" |
||||||
|
" {\"header\":1234},\n" |
||||||
|
" {\"urlPath\":1234},\n" |
||||||
|
" {\"destinationIp\":1234},\n" |
||||||
|
" {\"destinationPort\":\"port\"},\n" |
||||||
|
" {\"notRule\":1234},\n" |
||||||
|
" {\"requestedServerName\":1234}\n" |
||||||
|
" ],\n" |
||||||
|
" \"principals\":[\n" |
||||||
|
" {\"andIds\":1234},\n" |
||||||
|
" {\"orIds\":1234},\n" |
||||||
|
" {\"any\":1234},\n" |
||||||
|
" {\"authenticated\":1234},\n" |
||||||
|
" {\"sourceIp\":1234},\n" |
||||||
|
" {\"directRemoteIp\":1234},\n" |
||||||
|
" {\"remoteIp\":1234},\n" |
||||||
|
" {\"header\":1234},\n" |
||||||
|
" {\"urlPath\":1234},\n" |
||||||
|
" {\"notId\":1234}\n" |
||||||
|
" ]\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex( |
||||||
|
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"policies key:'policy'" CHILD_ERROR_TAG |
||||||
|
"permissions\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"field:andRules error:type should be OBJECT.*" |
||||||
|
"permissions\\[1\\]" CHILD_ERROR_TAG |
||||||
|
"field:orRules error:type should be OBJECT.*" |
||||||
|
"permissions\\[2\\]" CHILD_ERROR_TAG |
||||||
|
"field:any error:type should be BOOLEAN.*" |
||||||
|
"permissions\\[3\\]" CHILD_ERROR_TAG |
||||||
|
"field:header error:type should be OBJECT.*" |
||||||
|
"permissions\\[4\\]" CHILD_ERROR_TAG |
||||||
|
"field:urlPath error:type should be OBJECT.*" |
||||||
|
"permissions\\[5\\]" CHILD_ERROR_TAG |
||||||
|
"field:destinationIp error:type should be OBJECT.*" |
||||||
|
"permissions\\[6\\]" CHILD_ERROR_TAG |
||||||
|
"field:destinationPort error:type should be NUMBER.*" |
||||||
|
"permissions\\[7\\]" CHILD_ERROR_TAG |
||||||
|
"field:notRule error:type should be OBJECT.*" |
||||||
|
"permissions\\[8\\]" CHILD_ERROR_TAG |
||||||
|
"field:requestedServerName error:type should be OBJECT.*" |
||||||
|
"principals\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"field:andIds error:type should be OBJECT.*" |
||||||
|
"principals\\[1\\]" CHILD_ERROR_TAG |
||||||
|
"field:orIds error:type should be OBJECT.*" |
||||||
|
"principals\\[2\\]" CHILD_ERROR_TAG |
||||||
|
"field:any error:type should be BOOLEAN.*" |
||||||
|
"principals\\[3\\]" CHILD_ERROR_TAG |
||||||
|
"field:authenticated error:type should be OBJECT.*" |
||||||
|
"principals\\[4\\]" CHILD_ERROR_TAG |
||||||
|
"field:sourceIp error:type should be OBJECT.*" |
||||||
|
"principals\\[5\\]" CHILD_ERROR_TAG |
||||||
|
"field:directRemoteIp error:type should be OBJECT.*" |
||||||
|
"principals\\[6\\]" CHILD_ERROR_TAG |
||||||
|
"field:remoteIp error:type should be OBJECT.*" |
||||||
|
"principals\\[7\\]" CHILD_ERROR_TAG |
||||||
|
"field:header error:type should be OBJECT.*" |
||||||
|
"principals\\[8\\]" CHILD_ERROR_TAG |
||||||
|
"field:urlPath error:type should be OBJECT.*" |
||||||
|
"principals\\[9\\]" CHILD_ERROR_TAG |
||||||
|
"field:notId error:type should be OBJECT.*")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, HeaderMatcherVariousTypes) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" \"permissions\":[\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\", \n" |
||||||
|
" \"invertMatch\":true}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"safeRegexMatch\":{\n" |
||||||
|
" \"regex\":\"\"}}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"rangeMatch\":{\n" |
||||||
|
" \"start\":0, \"end\":1}}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"presentMatch\":true}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"prefixMatch\":\"\"}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"suffixMatch\":\"\"}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"containsMatch\":\"\"}}\n" |
||||||
|
" ],\n" |
||||||
|
" \"principals\":[]\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error); |
||||||
|
const auto* vector_ptr = |
||||||
|
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice()); |
||||||
|
ASSERT_NE(vector_ptr, nullptr); |
||||||
|
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>( |
||||||
|
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get()); |
||||||
|
ASSERT_NE(parsed_rbac_config, nullptr); |
||||||
|
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr); |
||||||
|
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, HeaderMatcherBadTypes) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" \"permissions\":[\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"exactMatch\":1, \n" |
||||||
|
" \"invertMatch\":1}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"safeRegexMatch\":1}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"rangeMatch\":1}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"presentMatch\":1}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"prefixMatch\":1}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"suffixMatch\":1}},\n" |
||||||
|
" {\"header\":{\"name\":\"name\", \"containsMatch\":1}}\n" |
||||||
|
" ],\n" |
||||||
|
" \"principals\":[]\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex( |
||||||
|
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"policies key:'policy'" CHILD_ERROR_TAG |
||||||
|
"permissions\\[0\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG |
||||||
|
"field:invertMatch error:type should be BOOLEAN.*" |
||||||
|
"field:exactMatch error:type should be STRING.*" |
||||||
|
"permissions\\[1\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG |
||||||
|
"field:safeRegexMatch error:type should be OBJECT.*" |
||||||
|
"permissions\\[2\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG |
||||||
|
"field:rangeMatch error:type should be OBJECT.*" |
||||||
|
"permissions\\[3\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG |
||||||
|
"field:presentMatch error:type should be BOOLEAN.*" |
||||||
|
"permissions\\[4\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG |
||||||
|
"field:prefixMatch error:type should be STRING.*" |
||||||
|
"permissions\\[5\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG |
||||||
|
"field:suffixMatch error:type should be STRING.*" |
||||||
|
"permissions\\[6\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG |
||||||
|
"field:containsMatch error:type should be STRING.*")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, StringMatcherVariousTypes) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" \"permissions\":[\n" |
||||||
|
" {\"requestedServerName\":{\"exact\":\"\", \n" |
||||||
|
" \"ignoreCase\":true}},\n" |
||||||
|
" {\"requestedServerName\":{\"prefix\":\"\"}},\n" |
||||||
|
" {\"requestedServerName\":{\"suffix\":\"\"}},\n" |
||||||
|
" {\"requestedServerName\":{\"safeRegex\":{\n" |
||||||
|
" \"regex\":\"\"}}},\n" |
||||||
|
" {\"requestedServerName\":{\"contains\":\"\"}}\n" |
||||||
|
" ],\n" |
||||||
|
" \"principals\":[]\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error); |
||||||
|
const auto* vector_ptr = |
||||||
|
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice()); |
||||||
|
ASSERT_NE(vector_ptr, nullptr); |
||||||
|
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>( |
||||||
|
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get()); |
||||||
|
ASSERT_NE(parsed_rbac_config, nullptr); |
||||||
|
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr); |
||||||
|
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1); |
||||||
|
} |
||||||
|
|
||||||
|
TEST(RbacServiceConfigParsingTest, StringMatcherBadTypes) { |
||||||
|
const char* test_json = |
||||||
|
"{\n" |
||||||
|
" \"methodConfig\": [ {\n" |
||||||
|
" \"name\": [\n" |
||||||
|
" {}\n" |
||||||
|
" ],\n" |
||||||
|
" \"rbacPolicy\": [{\n" |
||||||
|
" \"rules\":{\n" |
||||||
|
" \"action\":1,\n" |
||||||
|
" \"policies\":{\n" |
||||||
|
" \"policy\":{\n" |
||||||
|
" \"permissions\":[\n" |
||||||
|
" {\"requestedServerName\":{\"exact\":1, \n" |
||||||
|
" \"ignoreCase\":1}},\n" |
||||||
|
" {\"requestedServerName\":{\"prefix\":1}},\n" |
||||||
|
" {\"requestedServerName\":{\"suffix\":1}},\n" |
||||||
|
" {\"requestedServerName\":{\"safeRegex\":1}},\n" |
||||||
|
" {\"requestedServerName\":{\"contains\":1}}\n" |
||||||
|
" ],\n" |
||||||
|
" \"principals\":[]\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" }\n" |
||||||
|
" } ]\n" |
||||||
|
" } ]\n" |
||||||
|
"}"; |
||||||
|
grpc_error_handle error = GRPC_ERROR_NONE; |
||||||
|
grpc_arg arg = grpc_channel_arg_integer_create( |
||||||
|
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1); |
||||||
|
grpc_channel_args args = {1, &arg}; |
||||||
|
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error); |
||||||
|
EXPECT_THAT( |
||||||
|
grpc_error_std_string(error), |
||||||
|
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG |
||||||
|
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"policies key:'policy'" CHILD_ERROR_TAG |
||||||
|
"permissions\\[0\\]" CHILD_ERROR_TAG |
||||||
|
"requestedServerName" CHILD_ERROR_TAG |
||||||
|
"field:ignoreCase error:type should be BOOLEAN.*" |
||||||
|
"field:exact error:type should be STRING.*" |
||||||
|
"permissions\\[1\\]" CHILD_ERROR_TAG |
||||||
|
"requestedServerName" CHILD_ERROR_TAG |
||||||
|
"field:prefix error:type should be STRING.*" |
||||||
|
"permissions\\[2\\]" CHILD_ERROR_TAG |
||||||
|
"requestedServerName" CHILD_ERROR_TAG |
||||||
|
"field:suffix error:type should be STRING.*" |
||||||
|
"permissions\\[3\\]" CHILD_ERROR_TAG |
||||||
|
"requestedServerName" CHILD_ERROR_TAG |
||||||
|
"field:safeRegex error:type should be OBJECT.*" |
||||||
|
"permissions\\[4\\]" CHILD_ERROR_TAG |
||||||
|
"requestedServerName" CHILD_ERROR_TAG |
||||||
|
"field:contains error:type should be STRING.*")); |
||||||
|
GRPC_ERROR_UNREF(error); |
||||||
|
} |
||||||
|
|
||||||
|
} // namespace
|
||||||
|
} // namespace testing
|
||||||
|
} // namespace grpc_core
|
||||||
|
|
||||||
|
int main(int argc, char** argv) { |
||||||
|
grpc::testing::TestEnvironment env(argc, argv); |
||||||
|
::testing::InitGoogleTest(&argc, argv); |
||||||
|
grpc_init(); |
||||||
|
int ret = RUN_ALL_TESTS(); |
||||||
|
grpc_shutdown(); |
||||||
|
return ret; |
||||||
|
} |
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue